The rules and enforcement policies outlined by the SOX Act amend or supplement existing legislation dealing with security regulations. The two key provisions of the Sarbanes-Oxley Act are:
1. Section 302: A mandate that requires senior management to certify the accuracy of the reported financial statement
2. Section 404: A requirement that management and auditors establish internal controls and reporting methods on the adequacy of those controls. Section 404 had very costly implications for publicly traded companies as it is expensive to establish and maintain the required internal controls.