It makes senior management and CFOs directly accountable for the accuracy and integrity of financial reporting. It will also impact virtually all employees that will have to be involved in developing and deploying compliance programs. Because it affects the integrity of financial reporting, the CIO and information technology personnel are indirectly impacted as well since data capturing, storage, retention and recording will be affected. In addition, Sarbanes-Oxley will impact a host of other personnel in virtually every functional area of the enterprise.

The Public Company Accounting Oversight Board (PCAOB), a private entity subject to SEC regulation and oversight, is responsible for overseeing the auditing of public companies and establishing standards relating to the preparation of audit reports. Every firm that audits a public company must be registered with the PCAOB. Within 270 days of enactment, SEC must direct the stock exchanges and NASDAQ to prohibit listing any company not in compliance with standards regarding composition and function of the audit committee, which include requirements that the audit committee be directly responsible for the appointment, compensation and oversight of the work of the independent auditor and that the members of the audit committee be independent (with specified limitations upon receipt of fees and other payments from the company and upon affiliations with the company and its subsidiaries). Within 180 days of enactment, SEC must issue final rules requiring all reporting companies to disclose whether or not (and if not, why not) the audit committee includes at least one member who is a "financial expert." The SEC rule must consider whether the person has an understanding of GAAP, experience in the preparation or auditing of financial statements and the application of certain accounting principles. Requires the audit committee to pre-approve all auditing services and all permitted non-auditing services.

Effective upon enactment, the Act creates several new crimes and new penalties for securities violations, including: If CEO or CFO of any public company knowingly certifies any periodic financial report that is not in compliance with the Securities & Exchange Act of 1934, maximum penalties include a fine of up to $5 million and/or up to 20 years' imprisonment. Destroying, altering or falsifying records with the intent to impede or influence any federal investigation or bankruptcy proceeding is punishable by a fine and a prison sentence of up to 20 years. In addition, knowing and willful failure by an accountant to maintain all audit or workpapers for five years after the end of the fiscal period in which the audit or review was conducted is punishable by a fine and a prison sentence of up to 10 years. Knowingly executing a scheme to defraud investors will now be punishable by a fine and a prison sentence of up to 25 years. Increases the maximum fines and prison sentences for other existing securities-related crimes. In addition, directs the U.S. Sentencing Commission to adopt Federal Sentencing Guidelines.

Effective upon enactment, the Act makes the following changes to civil liabilities: Amends the bankruptcy code to prevent the use of bankruptcy to avoid liability incurred due to federal or state securities law violations. Extends the statute of limitations for investors to file a civil action for securities fraud from 1 year to 2 years after discovery of the facts and from 3 years to 5 years after occurrence of the fraud. Provides protection to whistle-blowing employees.