The entire genesis of Sarbanes Oxley is to provide stakeholders of the company a reasonable level of assurance about the reliability of financial reporting. Internal controls over financial reporting which consists of policies and procedures that are designed and operate effectively provide such reasonable assurance but not absolute assurance. What exactly constitutes reasonable assurance. In one of the whitepaper's issued by a consulting firm, reasonable assurance is defined as

"Reasonable assurance includes an understanding that there is a relatively low level of risk that material mis-statements will not be prevented or detected on a timely basis"

Thus from the definition above it is clear that reasonable assurance is not absolute assurance but it is a high level of assurance. I would also like to quote what William J. McDonough Chairman of the PCAOB said at a
meeting of Women in Housing and Finance. He said

“To ensure financial stability, a company must support the execution of its objectives with rigorous internal controls and effective risk management. An effective internal control apparatus is critical to provide reasonable assurance that the information produced by the organization is timely and reliable and that errors and irregularities are discovered and corrected promptly….

“Effective risk management is based on a foundation of good corporate governance and rigorous internal controls. Taking calculated risks is part of any business enterprise. That is well understood. At the same
time, each company needs to have in place the technical systems and management processes necessary not only to identify the risks associated with its activities but also to effectively meas ure, monitor, and control them.

“An effective risk management and control structure is not sufficient, however, if it is not accompanied by an institutional culture that ensures that written policies and procedures are actually translated into practice. Ultimately, a company’s culture is determined by the board of directors and the senior management it installs. In particular, the actions of senior management and the consistency of their decisions and behavior with the values and principles they articulate are critical to shaping company culture."