In the summer of 2002, Congress answered the wreckage of Enron and WorldCom with a sweeping fix: the Sarbanes-Oxley Act. It created a new audit watchdog, forced executives to sign their names to the numbers, and demanded that public companies prove—not merely promise—that their financial controls actually work. The statute was born in crisis and hardened into routine. Today, the question is less whether Sarbanes-Oxley changed corporate America—it did—than whether the benefits justify the bill that arrives each year with audit invoices and testing checklists. The answer is nuanced, but it tilts toward yes, especially if you believe that trust is a public good worth paying for.

Start with what Sarbanes-Oxley indisputably delivered. The law ended the profession’s era of self-policing by creating the Public Company Accounting Oversight Board, a regulator empowered to inspect audit firms, write standards and discipline bad actors. That shift alone altered incentives up and down the reporting chain. Auditors who once looked to please clients now work with a regulator looking over their shoulder. Boards fortified audit committees, executives signed quarterly and annual certifications, and the mechanics of financial reporting became more disciplined, if also more lawyered. In other words, the statute made fudging harder and accountability more personal. That was the point.

Then came the most controversial provision: Section 404. It requires management to assess the effectiveness of internal control over financial reporting, and—crucially for most larger issuers—requires an outside auditor to attest to that assessment. Implemented in a rush, the first wave was clumsy and costly. Audits swelled with box-checking. Companies tested everything that moved. By 2007, regulators acknowledged the excess and pushed a reset: the SEC issued streamlined management guidance while the PCAOB replaced its original internal-control standard with Auditing Standard No. 5, telling auditors to focus on what really mattered to investors. Costs duly came down from their initial spike, though they didn’t vanish.

The cost ledger remains real, and for smaller public companies it still stings. The latest comprehensive government review, published in 2025, examined firms that “graduated” into Section 404(b) by growing past exemption thresholds. The median audit-fee increase in the first year of non-exempt status: about $219,000, or 13%. That is not pocket change for a company with modest revenue and margins, and it helps explain why successive Congresses and the SEC carved out relief—first via the 2012 JOBS Act for “emerging growth companies,” and later via revised filer definitions that kept more small issuers outside the auditor-attestation net. The pattern is familiar: preserve the core for big companies; ease the edges for the small.

Do investors get their money’s worth? The best evidence is indirect but compelling. Restatements—the market’s report cards on how well companies got the numbers right the first time—surged in the early SOX years as firms cleaned up old problems, then trended lower for much of the next decade. Recent reviews of restatement trends through 2022–2023 show long-run declines in both frequency and severity, notwithstanding one-off spikes such as the SPAC wave. Correlation isn’t causation, but it is hard to argue Sarbanes-Oxley made financial reporting sloppier. If anything, it appears to have raised the floor.

Academic work adds texture. Studies of Section 404’s early years found that the requirement induced more conservative reporting and, at least initially, imposed valuation-relevant costs—investors appeared to capitalize the burden of compliance. Others documented how the 2007 reforms and learning effects trimmed costs over time without obvious damage to audit quality. In plain English: the first lap was expensive; later laps became cheaper and smarter. That trajectory mirrors many safety regulations. Seatbelts were cumbersome before they were automatic. Fire codes felt onerous until sprinkler systems became standard. The governance equivalent is a testing regime that is better scoped, better targeted and less intrusive than it was in 2004.

It is also fashionable to blame Sarbanes-Oxley for sapping America’s competitiveness as a listing venue. The data are more ambiguous. The cross-listing boom faded for many reasons, including shifts in firm types and global capital-market development. When researchers controlled for those factors, they found little evidence that SOX alone drove companies away from U.S. exchanges. Meanwhile, the U.S. retained the deep liquidity, analyst coverage and legal protections that issuers ultimately crave. New York’s problem was never the existence of rules; it was ensuring they were calibrated to risk. The post-2012 exemptions for smaller issuers were an acknowledgement of that calibration challenge, and on the evidence, they helped.

Still, there are honest trade-offs. Compliance can divert scarce managerial attention. Annual control testing may caution a growth company into caution bordering on paralysis. And Sarbanes-Oxley did not prevent every scandal, because many blow-ups live outside the narrow perimeter of financial-statement controls—think exotic funding structures, aggressive non-GAAP storytelling or risks that are economic rather than accounting. The 2008 financial crisis, the meme-stock era and crypto implosions all remind us that markets invent new ways to court trouble. Even the most muscular audit regime will miss hazards that aren’t in its mandate.

Yet the law’s less appreciated benefit is cultural. By putting names on certifications and audits under inspection, Sarbanes-Oxley shifted the conversation in boardrooms from “Can we get away with it?” to “Can we defend it?” That mind-set won’t excite founders, but it is precisely what long-horizon investors, pension funds and insurers want. Trust lowers the cost of capital, if not on day one then over cycles. The U.S. continues to attract global savings not because its companies are more virtuous, but because its rules make mischief harder and redress easier. That is worth something even if you can’t book it as a current-period gain.

What, then, is the honest verdict? Sarbanes-Oxley was expensive at the outset and remains meaningfully costly for firms on the cusp of 404(b) attestation. Regulators have spent two decades sanding down rough edges—rewriting audit standards to emphasize risk, offering relief to smaller issuers, and clarifying expectations so that control testing aligns with materiality rather than ritual. In exchange, investors got sturdier reporting, more accountable executives and an audit profession supervised by a regulator with bite. If the goal of 2002 was to restore confidence in the numbers, the arc of the data suggests progress. On balance, the act has functioned less as a bureaucratic burden than as plumbing: unseen when it works, missed only when it fails. That may not be a rousing defense. It is, however, a durable one.