Is the cost of compliance too high?
By David Raths
One hundred and sixty-eight words. That’s all Section 404 of the Sarbanes-Oxley (SOX) Act is. The brief passage was not hotly debated before the act’s passage in 2002. But this section, dealing with the establishment and auditing of internal financial controls for public companies, has since become the bete noire of the business community.
Creating systems and hiring outside auditors to attest to managers’ internal controls assessments has proven very expensive. AMR Research estimates that companies will spend $6 billion on complying with SOX in 2006, on par with the $6.1 billion spent in 2005. Business groups also maintain that the burden of complying with SOX is putting U.S. capital markets at a competitive disadvantage, driving initial public stock offerings away from the New York Stock Exchange to the Tokyo and London exchanges.
Lobbyists are putting pressure on the U.S. Securities and Exchange Commission (SEC) to ease those cost burdens, and several bills have already been introduced in Congress with the same aim. (Under the “Compete Act,” companies with revenue of less than $125 million would be allowed to voluntarily opt out of the internal control requirements of Section 404. Another bill, introduced by Sen. John Kerry, D-Mass, would authorize the U.S. Small Business Administration to award federal grants to small businesses to help lessen the burden of the cost of complying.)
The U.S. Chamber of Commerce has convened a group of business associations, called the Association Work Group on 404, whose representatives meet to talk about developments and establish a set of common principles. Another group, the Free Enterprise Fund, has filed a lawsuit challenging the constitutionality of the creation of the Public Company Accounting Oversight Board (PCAOB), the organization created to regulate accounting firms in their roles as auditors of public companies.
Although SOX has only been in effect for a few years, these groups argue that its costs far outweigh its benefits, and they are gathering momentum for a pushback. In September, former Chairman of the Federal Reserve Board Alan Greenspan told a Boston business group that “the pressure on getting 404 significantly altered is rising and is taking on a critical mass." Groups that represent consumers and large institutional investors are watching these developments with dismay. They see any attempt to water down SOX’s provision as shortsighted. The huge corporate accounting scandals of a few years ago involved lax internal controls, and the cost to investors was enormous. These groups argue that Section 404 is a core element of SOX and critical to restoring and maintaining investor confidence.
“A backlash against 404 has been in full swing for quite a while,” said Amy Borrus, Deputy Director of the Council of Institutional Investors, in Washington, DC. “Smaller businesses don’t like it and others that don’t like it have been using small businesses as their main weapon to try to reopen the law.”
Groups like the Chamber of Commerce and Financial Services Roundtable appear to have an ally in U.S. Treasury Secretary Hank Paulson. CFO.com reported that in a speech last summer, Paulson said that although corrective measures were necessary after the scandals involving Enron, WorldCom and others, “often the pendulum swings too far and we need to go through a period of readjustment.” Paulson also recently applauded the creation of a Committee on Capital Markets Regulation, a group of U.S. business, financial, accounting and academic leaders that plans to assess “the degree to which U.S. public markets are losing ground to foreign and private markets, the causes of this decline, and its impact on the financial industry and the economy.” One of its four main areas of focus is SOX and Section 404.
‘Governmentalization’ of Business
According to business leaders, it’s not the 168 words of Section 404 that are the problem; it’s the 300 pages of regulations called Accounting Standard 2 (AS2) written by the PCAOB to put 404 into effect. “AS2 is a big, vague document that requires a lot of interpretation,” said David Chavern, Vice President of the Capital Markets Program at the U.S. Chamber of Commerce. “Here we are, tens of billions of dollars later, and I have not heard an argument that the benefit even comes close to a small portion of the cost,” Chavern said.
Although the costs have been burdensome and the benefits difficult to measure, some companies have found focusing on controls beneficial. In an April 2006 Harvard Business Review article titled “The Unexpected Benefits of Sarbanes-Oxley,” Lee Dittmar and Stephen Wagner of Deloitte Consulting describe how some of their clients have used SOX implementation to their advantage by focusing on creating efficiencies. They note that a number of companies have begun to standardize and consolidate financial processes, eliminate redundant computer systems, and better integrate far-flung offices and acquisitions. Dittmar and Wagner suggest that CFOs have to become creative in devising ways to comply with SOX that contribute real business value.
Others point to the increase in financial restatements as a signal that SOX is working. There were 1,295 restatements in 2005, nearly double the number for 2004. The Glass Lewis Restatements Trend Alert of March 2006 notes that without the independent testing and reporting by outside auditors, “investors still would be relying today on false financial statements at many of the thousands of companies that have restated their accounts over the past few years.” But the Chamber sees the imposition of process controls as part of a larger effort by labor and environmental groups to control business. “Section 404 is part of the governmentalization of business,” Chavern said. “Now there’s a huge focus on process in boardrooms. We think business is often about people taking risks and doing unusual things, not about what a clear process tells you to do. Many entrepreneurs are single-minded and willing to take risks, and have created a lot of value in this country. If you take away that ability to take risks, what does it mean to the ultimate performance of the company?”
Relief for Small Public Companies?
Even groups that oppose sweeping changes to SOX admit that the burden has fallen too hard on smaller companies. Some have pushed for exemptions or a scaled-down compliance regime for smaller public companies, arguing that many could be forced to go private to avoid compliance costs.
One organization pushing for relief is the Biotechnology Industry Organization (BIO). Approximately 30 percent of its members are small, publicly traded biotech companies feeling the sting of complying. “These companies tell us their burn rate is from $12 million to $15 million a year and $1 million of that is complying with Section 404,” said Alan Eisenberg, BIO’s Executive Vice President for Emerging Companies and Business Development. “That’s excessive.” Eisenberg said BIO’s members see the value of SOX and added that full-scale exemption for smaller companies isn’t likely to happen. But his members would like the SEC to make adjustments so that costs are scaled and proportional to the size and complexity of the companies.
In March 2006, Financial Executives International (FEI), an association of financial executives, surveyed its members and estimated the total cost of compliance with Section 404 since 2003 is $3.7 million for the average company. Companies with market capitalization of less than $128.2 million had costs of $1.19 million. “There’s a recognition that 404 is blind to size. Compliance needs to be right-sized to meet the size of companies,” said Grace Hinchman, Senior Vice President of FEI.
To address these concerns, in 2005 the SEC established an advisory committee on smaller public companies. In its April 2006 final report, the committee recommended exempting companies with less than $125 million in market capitalization from complying with Section 404, which would essentially bifurcate the market into two tiers: one with verified internal controls and one without. One of the few dissenting voices on the committee was Kurt Schacht, Executive Director of the CFA Centre for Financial Market Integrity, who says the committee’s make up “was in tune with having done something drastic to reduce costs. They represented venture capital, small issuers and service firms that work for them.”
Schacht argued that exempting 70 to 80 percent of public companies from compliance with Section 404 would undermine the basic premise of SOX, which was to bolster investor confidence by requiring meaningful corporate governance and financial reporting reforms. “We view this as a responsibility of being a public company—you have to have some level of executive certification and outside review,” he said. “How that takes place is open to additional discussion.” Opponents of exemptions also argue that compliance with Section 404 is more important for smaller companies than larger ones, because they tend to be riskier and have more misstatements and restatements of earnings. The current stock option dating scandal, for instance, involves more than 100 companies, many of them mid-size.
Responding to the committee’s suggestions, the SEC chose not to implement an exemption, but did postpone until July 2007 the date by which smaller companies must comply. The agency plans to offer additional guidance for management on how to complete its assessment of internal controls, and in response to criticism, the PCAOB is revising the AS2. FEI’s Hinchman noted that those two processes must be done hand in hand. “If they’re not done in tandem,” she said, “you’re not going to get the scalability or cost reductions everyone is trying to get to.”
Despite the inflammatory rhetoric about the damage being done to the economy by SOX, most believe reforms will be incremental and done at the SEC, not in Congress.
“It’s premature for legislative change,” Hinchman said. “Besides, you can’t go in and change 404 with legislation surgically,” Hinchman said, “because [there] are too many constituent groups who would want to go in and change it for their purposes.”
Borrus said that although some bills have been introduced, “they’re not going very far.” The business groups use the threat of legislation as a big stick to make sure the PCAOB and SEC provide better guidance, she added. “But that is happening. PCAOB is rewriting AS2 guidelines and the SEC is working on new plain English guidance for management.”
David Raths is a freelance writer in Narberth, PA. He can be reached at firstname.lastname@example.org.