The Sarbanes-Oxley Act of 2002 (SOX) aimed to improve financial reporting by enhancing corporate disclosure and governance. We find statistically significant increases, from before to after the passage of SOX, in total return variance, market risk and idiosyncratic risk. The risk increases are consistent with predictions that the legislation would cause firms to disclose more negative information, resulting in increased investment risk. However, in cross-sectional tests, post-SOX improvements in information certainty, board independence and monitoring are associated with smaller increases or greater decreases in risk. If SOX is responsible for these improvements, its effects are consistent with its purpose.