When crises of corporate conduct reveal widespread shortcomings in public company disclosure, lawmakers and regulators turn to questions of internal controls.
Dissatisfied with the output of corporate reporting, they tinker with its inputs and the processes that connect the one to the other. With the new certification and attestation requirements of the Sarbanes-Oxley Act, this tinkering will likely create a significant growth area in SEC enforcement activity.
