Answer:
The boss is correct.
Step-by-step explanation:
Under Sarbanes-Oxley Act, a rules-based approach to corporate governance and reporting is used. It is based on the view that companies must be
required by law (or by some other form of compulsory regulation) to comply with established principles of good corporate governance.
Except in the instances of exceptions provided in the act, company has no choice than to comply regardless of the cost implication because non-compliance is punishable under the act. Sometimes, it is called tick box approach
This is contrary to what is obtainable in a principled-based approach where allowance is given for explanation in the event of possible con-compliance.