Since SOX was passed and the many high-profile corporate fraud cases that inspired it have splashed across the headlines, more corporate officers have come under scrutiny by state and federal prosecutors than at any time in recent memory.
And, even though the CEO and CFO are the only corporate officers required to actually sign SOX-related documents stating all is well with the company's financials, direct reports are all too often being required by the CEO and CFO to sign "roll-up" documents that effectively state that the financials (and the systems generating those financials) the CEO/CFO are signing off on are indeed accurate, said Kathleen Wilhide, a research director with IDC.
And this means, that you, the CIO, are now more likely than ever to find yourself in front of a jury, said Dave Anderson, a partner at Pillsbury Winthrop Shaw Pittman.
"What SOX has done is toughen (existing) statutes," he said. "The whole environment now has created much more of an impetus for people bringing these type of cases."
Since its passage in 2002 and the subsequent establishment that summer of the President's Corporate Fraud Taskforce (which handles all cases of corporate fraud), more than 693 fraud convictions or guilty pleas have been secured in 577 separate cases involving 1299 individuals.
What happened prior to establishment of the CFTF is hard to determine since the DOJ was unable to make those numbers available.
But, according to the Securities and Exchange Commission, in the three years prior to the passage of SOX, the SEC (which does not bring criminal charges against corporations or individuals but civil actions) reported only 292 "Issuer Financial Disclosure Actions" (or, in layman's terms, "creative accounting" actions).
Since 2002, and the passage of SOX, that number jumped significantly to 490, a 40% increase.
Now, while this increase cannot be directly linked to SOX, it is a safe bet that the two are related, said Anderson. "Prosecutors take on cases they know the public is interested in and, right now, the public is interested in white-collar crime."
As the CIO, this increases your legal risk even though, ultimately, what transpires at the hands of the SEC or district attorney may have nothing to do with SOX and everything to do with being high-profile, said Brian Socolow, a partner at Loeb & Loeb.
"Because of the much greater degree of scrutiny, the CIO or anyone involved in that (financial) process could potentially be liable to some type of fraud charge by the SEC or others," he said. "So, to that extent, yes (the CIO's) liability is increased but that is separate from any additional liability under SOX."
In other words, the anti-fraud statutes already on the books are more than enough to bring charges against wayward corporate executives.
So the question of the day for CIOs, since they are ultimately responsible for the systems and infrastructure that generate the financial reports the CFO and CEO sign off on, is how culpable are they for another's mistake or worse, subterfuge?
While no CIO has been implicated to date under SOX, ignorance, as the expression goes, is no excuse for breaking the law. With that being the case, it's a safe bet that a trip down the hall to legal might be in order.
"More prosecutors are bringing more white collar cases then ever before," concludes Anderson. "And although it's primarily CEOs and CFOs, CIOs should expect that all c-level officers are within the scope of this renewed effort."