A Section 302 certification and Section 404 compliance both fall under the Sarbanes-Oxley Act of 2002 (SOX). The purpose of SOX is to regulate publicly traded companies and accounting firms, improve the accuracy and transparency of corporate financial statements, and provide protection against fraud to investors. Section 302 and Section 404 differ in frequency of requirements, effort, activities, and liability. Under Section 302 requirements, companies are required to conduct quarterly audits of their internal controls and include signed certifications to the United States Securities and Exchange Commission (SEC). Under Section 404 requirements, companies are required to undergo an annual audit. The results of these audits must be included with the companies' financial reports. Any deficiencies cited during the annual audit is reported to the Audit Committee of the Board of Directors Section 404 risk management activities are ongoing, even though audits only occur annually. However, Section 302 risk management activities only occur during the quarterly audits. Liability is also much higher in relation to Section 302 because each officer that signs the certification at the conclusion of the quarterly audits is personally liable. This personal liability includes extensive fines and imprisonment. Section 404 liabilities only apply to the companies instead of the companies' officers.