U.S. Sen. Paul Sarbanes, D-Md., and Rep. Michael G. Oxley, R-Ohio, who revolutionized the way public companies record and report on their financial activities, are retiring less than a decade after changing American business practices.

SOX, which forced corporations to place data controls and auditing under increased scrutiny, ranks at the top of legislative accomplishments for both men, says Kris Lovejoy, Consul risk management's CTO.

"I don't think [its impact] is overstated. I think it's had an enormous impact. I think what the SOX Act regulated is a very important thing and an important evolution for us as a country, and it's an important evolution for the security market in the future," she said. "I'm hoping that it's a good first step, and with their retirement and after some reflection, we can maybe tinker with it a bit."

For Sarbanes, 2007 will be his first year away from public life since 1966, when he was first elected to Maryland's House of Delegates. He won a seat in Congress in 1970 and was elected senator six years later.

Oxley, the former chairman of the House Financial Services Committee, was first elected to Congress in 1980 after an eight-year career in the Ohio House of Representatives.

Paul Kurtz, executive director of the Cyber Security Industry Alliance and a former White House aide, compared SOX to landmark defense legislation — the Goldwater-Nichols Act of 1986, which clarified the military chain of command under the secretary of defense.

"[Goldwater-Nichols] is hallmark legislation that everyone looks at as far as how the Department of Defense should run, even up to the secretary of defense and the Joint Chiefs of Staff. People think about how it is a transformative piece of legislation," he says. "Certainly SOX will be seen as a transformative piece of legislation in bringing accountability throughout the world. Certainly, CEOs can no longer be like, ‘Well, I didn't know.' Certainly, this will be out there for the foreseeable future."
— Frank Washkuch