ESR Check Logo
The Background Check Authority ®
ESR Support: 888.999.4474

Industry Specific Screening

The Sarbanes-Oxley Act of 2002 and Background Checks for Public Companies

November 13, 2012

When the Sarbanes-Oxley Act – also known as SOX – was signed into law on July 30, 2002, over 15,000 publicly held companies were given a new set of rules regarding corporate ethics. This far-reaching law radically changed the landscape of corporate governance, controls, audits, and financial disclosures as follows:

  • Chief executive officers and chief financial officers must personally attest to the accuracy of earnings reports and other financial statements.
  • Curtailment of non-auditing consulting services must be provided by outside auditors.
  • Whistle-blowers should receive protections.
  • Criminal penalties are increased, including fines and jail terms for misdeeds by executives.
  • Investment firms must take steps to improve the objectivity of reports performed by securities analysts.
  • A Public Company Accounting Oversight Board was established to oversee the audits of companies that are subject to securities laws.
  • The relationship between executives and directors to outside auditors was regulated.

Among the many critical provisions is SOX Section 404 which requires public firms establish and maintain financial controls and processes. Public corporations are also required to conduct periodic evaluations of their current controls. Also under Section 404, merely having financial controls is inadequate — one of the most important provisions of Section 404 is that external auditors must also attest to the effectiveness and adequacy of the controls in the annual report.

Sec. 404. Management Assessment of Internal Controls  
SEC. 404. MANAGEMENT ASSESSMENT OF INTERNAL CONTROLS. (a) RULES REQUIRED.—The Commission shall prescribe rules requiring each annual report required by section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m or 78o(d)) to contain an internal control report, which shall—(1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and (2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting. (b) INTERNAL CONTROL EVALUATION AND REPORTING.—With respect to the internal control assessment required by subsection (a), each registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this subsection shall be made in accordance with standards for attestation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement.

Under Sarbanes-Oxley, the Securities and Exchange Commission (SEC) issued rules on how Section 404 must be implemented. To ensure honesty and ethical dealings, public companies must have an ongoing effort aimed at instituting and documenting corporate controls.

There are a number of important tasks a public firm must do to be in compliance. Appearing on any list of SOX 404 compliance tasks is the use of background checks. Experts agree that part of insuring that a firm engages in honest and ethical dealings is to hire honest and ethical people. Hence background screening has become a part of Sarbanes-Oxley compliance.  The need for background checks was confirmed with the November 2003 publication of a white paper by PricewaterhouseCoopers titled Key Elements of Antifraud Programs and Controls. The PricewaterhouseCoopers white paper outlined very specific steps a public firm should take when creating the critical control environment needed within the overall framework of internal oversight roles for individuals with direct access to company assets or information systems. The paper was published in conjunction with the Committee of Sponsoring Organizations of the Treadway Commission (COSO) that authored Internal Control – Integrated Framework, widely accepted as a framework by which management and auditors evaluate internal controls.

The standards being compiled by the Open Standards and Ethics Group (OCEG) also support employment background screening as a key business practice. OCEG was formed by a multi-industry, multi-disciplinary coalition that saw the need to integrate the principles of effective governance, compliance, risk management, and integrity into the practice of everyday business. To learn more, visit

The need for background checks as part of Section 404 requirements is not limited to new employees. According to an August 2003 article published in The Wall Street Journal: “To meet new corporate governance requirements mandated by last year’s Sarbanes-Oxley Act, legions of companies are also more rigorously investigating current employees via detailed background checks.”

The Association of Certified Fraud Examiners (ACFE) also suggests steps for the prevention of corporate fraud and for compliance with Sarbanes-Oxley. According to an article by ACFE, part of a program of establishing a fraud detection process should include conducting background checks on all potential employees. For more SOX information on the ACFE website, click here.

A Guide to the Sarbanes-Oxley Act is available at


Certified with the National Association of Professional Background Screeners ESR's SOC 2 Audit Report confirms it meets high standards set by the American Institute of Certified Public Accountants (AICPA) for protecting customer information PCI-DDS Compliance Privacy Shield Framework Services Perfromed in the USA Safe Hiring Manual Founding Member of the National Association of Professional Background Screeners