A friend asked me to jot down some thoughts on The Sarbanes-Oxley Act of 2002.
The Public Company Accounting Reform and Investor Protection Act of 2002, commonly called SOX was enacted in 2002 in response to a number of major corporate and accounting scandals including Enron, Tyco, Adelphia and WorldCom.
The legislation establishes new or enhanced standards for all U.S. public company boards, management, and public accounting firms. It does not apply to privately held companies.
You’re hearing a lot about SOX right now because it was enacted very quickly after the accounting scandals and many people think that, as a result, it wasn’t very well designed and implemented. Opponents of extensive regulatory regimes are using it as an example of what might happen if the government moves too quickly to enact regulations in connection with the housing bailout.
There is little doubt that SOX has improved accounting standards and, to whatever extent, restored investor confidence in publicly listed companies. There are two major criticisms of the law however: (a) the cost of annual audits and compliance, especially with respect to small public companies and (b) assertions that excess regulation has caused foreign companies to list themselves in Europe, especially London, thereby reducing American competitiveness.
Section 404 Compliance and Small Companies
The most burdensome aspect of SOX is commonly referred to as Section 404 compliance. Section 404 requires management and the company’s external auditor to report on the adequacy of the company’s internal control over financial reporting. Management is required to produce an annual internal control report which affirms “the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting.” The report must also contain an assessment “effectiveness of the internal control structure and procedures of the issuer for financial reporting.”
Critics of SOX point to Section 404 and its effects on small public companies. For large financial conglomerates the cost of instituting higher internal controls and paying outside auditors amounts to a percentage of revenues that is probably not disproportionate to its benefit to the investing public.
Section 404 compliance is much more expensive relative to revenues for small companies however. During 2004 U.S. companies with revenues exceeding $5 billion spent .06% of revenue on SOX compliance, while companies with less than $100 million in revenue spent 2.55%.
Section 404 costs have continued to decline relative to revenues since 2004 however. A 2007 study indicated that, for 168 companies with average revenues of $4.7 billion, the average compliance costs were $1.7 million (.036% of revenue). The 2006 study indicated that, for 200 companies with average revenues of $6.8 billion, the average compliance costs were $2.9 million (.043% of revenue), down 23% from 2005.
Even still, polls of CFO’s have generally found that they do not believe that the benefits of compliance with Section 404 have exceeded costs. There is significant support for the proposition that public companies with revenues under $250 million should be exempt from SOX Section 404.
Not everyone agrees however.
The data reveal that for non-accelerated filers, the total average first-year cost for management assessment and additional audit fees is $78,474, which is 13.8% less than the $91,000 cost the SEC initially predicted.
SOX and Non-US companies
The other major criticism of SOX is the assertion that the now overly complex and costly regulatory environment in U.S. financial markets has resulted in foreign companies doing business in London instead of New York. The assertion is that England’s Financial Services Authority regulates the financial sector with a lighter touch.
There may be something to this assertion. Foreign companies in developing nations see significant benefits to being listed on stock exchanges in the developed world. The benefits are similar whether that listing is in London or New York. If it is less costly and complex to list in London they may well choose to do that.
Moreover, the regulatory regime makes it less likely that a company from another developed country will dual list in New York and London. The costs are even more likely to outweigh the benefits in that case.
Conclusion
In the end I think that the combination of SOX, time and technology have probably made the accounting scandals of the last decade less likely to re-occur. In my past life as bankruptcy attorney I dealt with the worst of the worst run public companies. I can absolutely tell you that some of these companies had very significant weaknesses in their accounting systems and controls.
I never represented TWA but I know that as late as their second bankruptcy, which would have been in the late 1990’s/early 2000, TWA, a multi-billion dollar company, was still using index cards and catalog drawers to run its accounts receivable and payable systems.
That’s obviously a bad case. But during the 1990’s and early 2000’s I don’t think that it was all that unusual. Even as companies started to run their accounting systems on computers they had significant problems with overlapping and incompatible programs, especially if the company resulted from the combination of several mergers. I think that the Worldcom fraud was significantly enabled by the opaqueness of their multiple accounting systems, even to their own auditors.
I suspect that SOX, time and technological advances have resulted in these examples no longer being the norm. I’m not sure about that of course. I no longer deal with those types of companies.
I guess I’ll simply conclude with a link to someone that has strong anti-regulatory view in light of SOX.
SOX was sold as the way to prevent future market bubbles and crashes. Obviously, in addition to imposing huge costs, it utterly failed to deal, not only with some indefinite future, but with problems that were already brewing at the time SOX was enacted. Indeed, SOX may well have hurt by helping to make investors complacent. Enough is enough. Let’s try to think before we leap again off the regulatory cliff.