Friday, May 18, 2007

Getting to grips with Sarbanes-Oxley

A new survey has shown US public companies are finally getting to grips with Sarbanes-Oxley. Public companies spent a quarter less in compliance in 2006 than they did the year before. The Sarbanes-Oxley Act (commonly called SOX) is a controversial federal law passed in 2002 in response to the Enron, WorldCom and other financial scandals. Compliance with the law in 2006 cost companies $2.92 million on average compared with $3.8 million in 2005.

The drop is 35 percent compared to 2004, the first year companies were required to adhere to the law's strict accounting requirements. The survey was carried out by Financial Executives International who surveyed 200 companies, most of which had a market value of more than $75 million. While business groups such as the US Chamber of Commerce have criticized SOX for stifling innovation by subjecting companies to burdensome regulations, the act has done much to restore confidence in the integrity of the American business community.

The act was named after its sponsors Senator Paul Sarbanes (D-Md.) and Representative Michael G. Oxley (R-Oh.). The legislation establishes standards for all U.S. public company boards, management, and public accounting firms. It contains 11 titles which range from additional Corporate Board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements to comply with the new law.

SOX established a new agency called the Public Company Accounting Oversight Board (PCAOB) which was charged with regulating accounting firms in their roles as auditors of public companies. The PCAOB is a private sector non-profit corporation based in New York which oversees the auditors of public companies to protect investors’ interests and ensure that audit reports are informative, fair and independent.

George W Bush signed the Sarbanes-Oxley bill into law in July 2002. In his signing speech Bush linked terrorism and fraud as undermining the US economy. Bush described SOX as “the most far-reaching reforms of American business practices since the time of Franklin Delano Roosevelt”. Bush said that under the new law CEOs and chief financial officers would have to personally vouch for the truth and fairness of their companies' disclosures. The act gave the SEC the administrative authority to bar directors and stiffened penalties for obstructing justice and shredding documents. It also increased the maximum prison term for fraud from five to 20 years. However Bush wasn’t always so eager to pass this legislation.

The aim of the law was to improve accountability of managers in the wake of the Enron scandal in 2001. But initially Congress was slow to react. Enron were big contributors to both sides of politics, but its largesse was mostly to the Republicans including a donation of $114,000 to the president. There were several committee hearings and a number of bills were introduced to address corporate misconduct. But with the Senate under Democratic control and the House of Representatives and White House under Republican control there was little agreement on how to address the problems.

In the Summer of 2002 came a second wave of corporate scandals, led by WorldCom and Adelphia. The stock market plummeted in advance of the midterm elections. Congress and the White House could no longer ignore the stench. Congress rushed to pass the complicated Sarbanes-Oxley Act before the August recess. The previously controversial proposal suddenly became very popular, passing 99-0 in the Senate and 423-3 in the House.

It was to be the broadest-sweeping legislation to affect corporations and public accounting since the 1933 and 1934 securities acts. SOX developed the Public Company Accounting Oversight Board, a private, non-profit corporation, to ensure that financial statements are audited according to independent standards. Top company officers are held directly responsible for financial accuracy with penalties for non-compliance up to $5 million in fines, a 20-year jail term or both. The law seeks to ensure securities analysts are objective and gives board audit committees (not the CEOs or chief financial officer) full control of auditors.

But critics of the law complain that the cost of compliance is too high; especially for smaller companies. Early studies showed companies were paying bills far in excess of what regulators had predicted. In response the SEC initially delayed implementation of a key section of SOX for companies with less than $75 million in market capitalization until this year; the internal-controls assessment requirements (called Rule 404). That deadline has now been extended further to 2009. Much remains to be done. Today’s survey result is showing that the SOX process is maturing but another 78 percent still believe the cost of compliance exceeds the benefits.

2 comments:

Anonymous said...

Something I want to share over here is that companies complying with Sarbanes Oxley regulation can comply with many other regulations and standards also. A crosswalk poster between different regulations is a very useful tool, especially when it is available at no cost. This poster is crosswalk between: ISO 17799, COBIT 4.0, HIPAA, HIPAA, Payment Card Industry (PCI), GLBA, NERC standards CIP and PIPEDA (Canada) http://www.compliancehome.com/symantec/ . This site has many other resources for Sarbanes Oxley.

Anonymous said...

Contingency plan templates created by training-hipaa.net can jump start HIPAA, Sarbanes Oxley (SOX), FISMA, ISO 17799 and many other regulations/standards contingency plan project which includes risk assessment, business impact analysis (BIA), business continuity plan (BCP), disaster recovery program (DRP), emergency mode operation plan (EMOP), data backup plan, testing and revision procedures and many other projects. These templates can also be used by IT departments of different companies, security consulting companies, manufacturing company, servicing companies, financial institutions, educational organizations, law firms, pharmaceuticals & biotechnology companies, telecommunication companies and others. Any organization large or small can be use these templates

http://www.training-hipaa.net/template_suite/enterprise_contingency_plan_template_suite.htm