The Sarbanes–Oxley Act of 2002 is a United States federal law that mandates certain practices in financial record keeping and reporting for corporations. It is comprised of 11 sections, or titles, which include requirements for audits, corporate responsibility, auditor independence, public company disclosures, and criminal penalties.

So which of the following provisions is NOT part of Section 302 and 303 of the Sarbanes–Oxley Act?

• Establishing criminal penalties for violations of the Act
• Liability to shareholders for losses due to fraud
• Mandating an annual board of directors’ assessment of the effectiveness of internal control
• Requiring that legal counsel review all public reports

The answer is the last one. Section 302 and 303 of the Sarbanes–Oxley Act do not include a requirement for legal counsel to review all public reports. However, Section 404 of the Act does require the company’s management to assess and report on the effectiveness of its internal control system, and to include this assessment in its annual report.

The criminal penalties for violations of the Act, as well as the shareholders’ liability for losses due to fraud, are part of Section 806 and Section 906 of the Act, respectively. Section 302 and 303 of the Act mandate that an annual board of directors’ assessment of the effectiveness of internal controls must be conducted. This assessment must be reviewed by an independent auditor.

The Sarbanes–Oxley Act of 2002 was passed in response to the corporate scandal of Enron, and its main purpose is to restore confidence in the U.S. financial system. It contains a number of provisions designed to protect investors and ensure the accuracy of financial statements. Knowing the specifics of the Act, and what is not included, is essential to understanding its scope and purpose.