The Sarbanes-Oxley Act of 2002 is the most significant federal law impacting public companies since the Securities Acts of 1933 and 1934. This legislation establishes new standards or enhanced for all U.S. public company boards of directors, top management, and public accounting firms that oversee public companies. The Sarbanes-Oxley Act of 2002 (“SOX”) was introduced in response to a series of accounting scandals around the turn of the millennium, including Enron, Tyco, and WorldCom. Since 2002, SOX has had a significant impact on internal controls, financial reporting, and the accounting profession. For most public companies, SOX has required increased controls at the process and entity levels to comply. This has resulted in both direct costs, in terms of direct and indirect compliance costs, and benefits, such as a better understanding of control design and operational effectiveness of the control. Additionally, the type or category of internal controls has changed since the introduction of SOX. Before SOX, many companies and their internal audit departments focused primarily on internal controls such as segregation of duties, cash and inventory controls, and cut-offs. This type of internal controls focuses on process controls and tends to look at transactions in isolation. Furthermore, these are fairly common transaction controls. However, many of the internal control deficiencies that contributed to the above-mentioned accounting scandals involved revenue recognition and “less routine” company- or industry-specific accounting transactions and thus both internal and external auditors were familiar with the controls internals involving these transactions and how to test them. These controls were also more process-driven and less likely to be performed at the entity level. Therefore, since SOX, at the request of their external auditors in order to comply with new regulations, companies have focused their internal control design efforts towards revenue recognition and entity-level controls. The purpose of the SOX legislation was to improve the reliability of financial reporting. He did this by requiring that every public company have an audit committee that is independent of management and that the committee have at least one financial expert. The external auditor's report itself has changed and now contains a paragraph in which the external auditor expresses his or her opinion on the effectiveness of internal controls over financial reporting. Additionally, the company's CEO and CFO must certify financial reports, and there are severe penalties if those reports are later found to be fraudulent.