I have a pretty good understanding so fire away, but here’s my take:
Sarbanes-Oxley, also known as SARBOX or simple SOX, is a law made in hindsight on the Enror disaster. The purpose of Sarbanes-Oxley is to reduce the risk of fraud inside a company. What it means is that every company must have all it’s internal checks and controls documented in detail, and then an audit firm, like PwC, KPMG or Deloitte, will come and review their Sarbanes-Oxley documentation and check that they are performing the controls and checks the way they said.
Another way of looking at it is that Sarbanes-Oxley has resulted in their being much more work for auditors in recent years, effectively giving audit firms a license to print money. From the client company side, it is an awful lot of red tape which is proving to be restrictive and costly, and it has been suggested that SARBOX has gone too far and the requirement may be reduced in years to come.
Does this help?
Feel free to ask any more questions!