The essay examines the wisdom of exempting small public companies from Section 404 of the Sarbanes-Oxley Act of 2002 (SOX), which requires companies to provide management assessment and external auditing of a company's internal control systems over financial data. In particular, the essay questions whether a fiduciary duty of care might require officers and directors to adopt internal control systems, perhaps substantially similar to those envisioned by SOX, even if small public companies were exempt from the ambit of the statute.
Michael R. Siebecker,
The Duty of Care and the Data Control Systems in the Wake of Sarbanes-Oxley,
Chi.-Kent L. Rev.
Available at: https://scholarship.kentlaw.iit.edu/cklawreview/vol84/iss3/9