The Sarbanes-Oxley Act of 2002 (SOX) was enacted in response to major corporate and accounting scandals. A primary and direct effect of the Act was to fundamentally enhance the roles and responsibilities of senior management and external auditors concerning financial reporting. Specifically, Section 302 requires the CEO and CFO to personally certify the accuracy of financial statements and the effectiveness of disclosure controls. Section 404 mandates that management assess and report on the effectiveness of internal controls over financial reporting, a report which the external auditor must then independently attest to. These provisions place direct, legally-binding responsibility on management and auditors, significantly strengthening their roles in ensuring corporate accountability and the integrity of financial statements.

A. Reducing risks when detecting violations at the appropriate time.

This is a general goal or a secondary outcome of the Act's provisions, not a direct, primary effect. The enhanced roles (Option C) are the mechanism that leads to better risk reduction and detection.

B. Protecting shareholders from the transgressions of the board of directors.

While protecting shareholders is the ultimate objective of SOX, Option C describes the specific mechanism and procedural change implemented by the Act to achieve this protection, making it a more direct answer.

1. Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, 116 Stat. 745 (2002).

Section 302, "Corporate Responsibility for Financial Reports," explicitly requires that the principal executive officer(s) and the principal financial officer(s) certify in each annual or quarterly report the accuracy of the report and the state of disclosure controls.

Section 404, "Management Assessment of Internal Controls," mandates an annual internal control report by management and an attestation report by the external auditor on the effectiveness of those controls.

2. U.S. Securities and Exchange Commission (SEC). (2003). Final Rule: Management's Report on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports (Release No. 33-8238).

Section II.B.1, "The Management Assessment of Internal Control," states, "The purpose of the internal control report is to present management's assessment of the effectiveness of the company's internal control structure... Section 404... places the responsibility for the assessment on management." This confirms the enhanced role of management.

3. Coates, J. C. (2007). The Goals and Promise of the Sarbanes-Oxley Act. Journal of Economic Perspectives, 21(1), 91–116.

Page 92, Paragraph 2: The article states that SOX "significantly increased the duties and potential liability of CEOs, CFOs, audit committees, and auditors, and it funded a new body to regulate auditors." This directly supports the concept of enhancing the roles of management and auditors. (https://doi.org/10.1257/jep.21.1.91)