SOX: No one-size-fits-all solution to dishonest accounting

June 07, 2006

Congress passed the Sarbanes-Oxley Act in 2002 in the wake of notorious corporate failures, but its auditing and reporting requirements -- effective since 2004 for larger and midsize corporations and yet to take hold for the smallest companies -- have triggered complaints about its costs and questions about its effectiveness.


Exaggerated earnings reports, enabled by sloppy or dishonest accounting by overly friendly contractors, artificially inflated stock prices and led to collapses at Enron, WorldCom and other publicly traded corporations. Sarbanes-Oxley's stated goal was "to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws." But its requirements for accounting oversight and independence, and its checks on conflicts of interest and fraud, have resulted in a mixed verdict on its effectiveness so far, according to experts at the W. P. Carey School of Business.


Accommodating Sarbanes-Oxley, which has come to be known as SOX, has involved millions in costs for corporations, as thousands of executives and employees undergo special training in how to comply with provisions aimed at effecting accounting reform and investor protection. The task of interpreting and enforcing the 66-page SOX law falls to the Securities and Exchange Commission (SEC), which has been delaying small-firm compliance while the bigger companies blaze the compliance trail.



Small companies shoulder heavy burden


"A significant focus to date has been on the cost of implementing Section 404 of SOX," says Perseus B. Munshi, who teaches accounting at the W. P. Carey School. "For example, in a survey conducted by CRA International [formerly Charles River Associates] in spring 2006, the average cost of compliance, internal and external costs combined, for fiscal year 2005, the second year of Section 404, was $4.8 million for large companies and $860,000 for smaller companies."


Large companies (a.k.a. large accelerated filers) are those with market capitalization over $700 million; smaller companies (a.k.a accelerated filers) already required to comply are those with market capitalization between $75 million and $700 million. The smallest companies, those capitalized at less than $75 million, are not yet required to comply with SOX.


"Executives have largely felt that while there are benefits to the requirements of 404, the costs far outweigh them," Munshi says.


"It is burdensome for smaller companies, it is costly for all companies large or small, and many question the cost-benefit relationship," says Robert Mittelstaedt, dean of the W. P. Carey School of Business. "Auditors and accountants have been likened more to policeman than in the past. There are many fuzzy areas in complex accounting situations and even the most strait-laced, do-it-by-the-rules managers find themselves in situations where there are legitimate choices and advice is needed. Public accountants are more reluctant to offer advice than they used to be."


"The common theme is that it is extremely burdensome in terms of direct costs and managerial time," says James Linck, who earned his doctorate at the W. P. Carey School and is now an associate professor at the University of Georgia's Terry College of Business. "Section 404, internal controls documentation, seems to be getting the most flak as an extremely costly provision."



The upside: investors gain confidence


Munshi points out, however, that it is much easier to quantify costs than benefits.


"Benefits tend to be more esoteric and subjective, such as increased market confidence, fraud deterrence, increased auditor vigilance, greater overall accountability, etc.," Munshi says. "Costs, on the other hand, are more straightforward and are represented by such items as external auditor fees, internal staff time logged on 404 activities, 404 outsourced costs, etc. ... Perhaps it is better to say that the cost outweighing the benefits is more of a perception than an irrefutable fact."


Although executives decry Section 404 costs, there is another side to the story.


"Investors, on the other hand, have mostly welcomed Section 404 as a confidence-boosting measure, and some studies show that the markets seem to reflect that," Munshi says, pointing to a May 2006 Lord & Benoit study of the larger companies reporting on their internal controls. The study found that those reporting no problems in 2004 or 2005 enjoyed an average share-price gain of 27.7 percent between March 31, 2004 and March 31, 2006. The Russell 3000 share index, a broad market measure, saw a 17.7 percent gain during the same time.


Does the fact that criticism has arisen mean the downsides of SOX outweigh the benefits?


"Not necessarily," Linck says. "Of course, businesses are not going to relish the idea of Congress mandating how they allocate their resources across their various activities. However, there is certainly an increasing amount of evidence that the costs are high, particularly for small firms, and some evidence that suggests the costs do outweigh the benefits, particularly for certain types of firms."


"Most companies have seen some benefits from detailed review of their control procedures, but in well-run companies this has been small and we still see new scandals," Mittelstaedt says. "The hassle and cost of compliance is making more small companies want to be private again, and that will reduce access to capital markets for them. It has been a boon for private equity groups. All in all, most would say the costs outweigh the benefits."



Taming the learning-curve beast


There has been a learning curve and an attendant decline in compliance costs from 2004 to 2005, according to CRA International's April 17, 2006, report. That survey showed that corporations' Section 404 implementation costs declined as companies learned the ropes, saw second-year documentation efforts become easier and, most importantly, reduced their "use of outside parties in readiness activities."


SEC Chairman Christopher Cox has stated that the commission will continue periodically to issue guidance, providing hope that most bugs will be worked out of the system by the time the smallest category of corporations (less than $75 million in capital) come into compliance, which currently is scheduled for 2007.


Also, the Public Company Accounting Oversight Board, the private-sector, nonprofit corporation created by Sarbanes-Oxley, is working with the SEC on revisions to  internal control auditing standards, based on analysis and comments from investors, companies and auditors.


The SEC also offers hope that technological improvements for corporate reporting to the SEC will ease SOX compliance in the coming months. The SEC's ongoing Interactive Data initiative (a.k.a. XBRL, or eXtensible Business Reporting Language) could reduce the number of SEC forms from 800 to as few as 12 and bring about real-time disclosure of corporate information, Cox said in his May 30 appearance at the American Enterprise Institute. Cox linked XBRL and SOX.


"For accelerated filers [corporations with more than $700 million in capital], go ahead with SOX implementation," Cox told the AEI. "Interactive data will make financial reporting easier and less expensive for reporting companies and consumers of financial information ... It will therefore improve the ability of companies to deal with their regulatory responsibilities."



'Crooks will be crooks'


But in the meantime, what has Sarbanes-Oxley done do to make accounting scandals less likely?


"Not much, in my opinion," Mittelstaedt says. "Crooks will be crooks, it's just that the penalties are tougher if you can get a conviction."


"SOX has also provided for serious civil and criminal penalties for falsifying the certifications and reports," Munshi says. "It is hoped that such measures would deter fraudulent activity and compel companies to focus on internal controls.


"Furthermore, SOX aims at tightening the independence rules for external auditors and severely limits the additional work that external auditors can do for their audit clients," Munshi says. "It is a commonly held belief that in the past, the lure of lucrative consulting contracts detracted accounting firms from being more vigilant during their audits and less accommodating of unacceptable and misleading accounting treatments by clients. It is hoped that with the primary focus of the client-auditor relationship being on the audit, the external auditors will be more effective in identifying and reporting on irregular activities and ineffective internal controls."


SOX is trying to make corporate performance more transparent and executives more accountable, Linck says.


"The aim is to protect investors, a goal of the SEC," Linck says. "I suppose the idea would be to head off disasters before they become disasters. Has it made accounting scandals less likely? The jury is still out on that one. For example, it's not clear that the mandates of SOX would have prevented the high-profile scandals such as Enron and WorldCom. And, of course, the guilty are going to prison in those cases despite the fact that the wrongdoing occurred before SOX."


Bottom line:

  • The Sarbanes-Oxley Act, passed in 2002, took effect for large and midsize corporations in 2004 and will affect smaller corporations in 2007.
  • SOX includes reporting requirements aimed at making fraud less likely, and it stiffens criminal and civil penalties.
  • It remains unclear whether SOX has prevented corporate fraud of the sort that caused the collapse of Enron and WorldComm.
  • SOX has cost corporations millions in compliance costs, but there is evidence that it has boosted investor confidence and share prices.
  • The cost of compliance has eased as corporations become familiar with the law and put first-time costs behind them.
  • The Securities and Exchange Commission promises to accommodate corporations with responsive, updated compliance procedures for SOX and with high-tech upgrades for the entire SEC operation.