The vast majority of my CEO colleagues know that the Sarbanes-Oxley Act of 2002 was enacted as a reaction to the Enron and WorldCom scandals. It is a strong remedy to ensure the day-to-day accountability of the Board of Directors, the CEO, the CFO, the CIO in their role of compliance and oversight vis-a-vis the financial market and public stock owners.
There is however a sense that lawmakers went too far and that companies simply cannot afford the cost of implementing the Sarbanes-Oxley Act (SOX). It is prohibitively expensive: it can cost 1-3% of a public company’s revenue and a significant share of the profit, at least in the initial implementation phase. Did Congress and the President go too far? I don’t think so.
Let’s examine some of the issues that SOX is designed to address.
At the beginning of the month, a controller in a South American subsidiary moves the company’s cash to her cousin in her bank account in New York. She repatriates the cash two days before the end of the accounting close. She and her cousin pocket the interest and the local currency devaluation. The damage amounts to millions of dollars over 18 months. The perpetrator tries to justify herself by stating that she was just doing a better job at optimizing the corporate cash at her own benefit.
A general manager in Europe files identical expense reports in five different countries for several years.
An Asian country manager sets up dummy legal entities, creates artificial revenue and gets paid undue performance bonus. Furthermore, he falsifies payroll records and gets that cash transferred to his own bank account.
A US manager knows that one of his international distributors marks up the products bought from his company by a factor of ten and that the distributor bribes the end customer to reduce competition. When confronted, he thought that, as long as “management did not know”, it was OK as he was “not breaking US law”. [I wonder if he ever heard about the Foreign Corrupt Practice Act…]
These real cases are criminal in nature. SOX focuses on tensuring an internal control and ethical environment where such criminal acts cannot take place. It also addresses when management learned about it, what did it do, what was disclosed and when. Willing to “not know” is not an option anymore and subject to stiff penalties such as 10 to 20 years in prison plus multi-millions in fines.
Let’s now examine situations that were more “borderline” and relatively common before SOX. These cases have been clearly moved to the unacceptable side.
A sales manager “stuffs the channels” (translation: he ships products to his company’s distributors that they have no demand for) to increase his company’s revenue and improve his sales bonus.
A controller “fudges” an inventory report by reclassifying a product as “new” to minimize the impact on the inventory obsolescence reserve of her division.
A company hires its external audit partner to be chief financial officer or corporate controller.
An external audit firm performs non-audit consulting assignments, in addition to audit services, for one of its clients.
The CEO recruits some of her customers and business partners to join the board of her public company.
The CEO makes statements indicating that what he cares about is for his executives to beat the performance objectives he set arbitrarily. He does not care how his managers have to cut corners to do so.
A company fires a whistleblower who reported an unethical situation.
Information systems are not in synch but the difference between their balances is “not material” in aggregate.
These situations are now clearly not acceptable anymore. They should have never been.
SOX forces management to “grow up”. It provides companies with less room for control surprises. It forces to document and gain a much more “granular” understanding of financial processes (and hence connected operational and system processes). It removes internal control weaknesses. These adjustments, some minuscule some big, compound into an opportunity to gain substantial operational efficiencies that are likely to more than pay for the cost of complying with SOX. It builds a strong foundation for more accurate forecasting. It sends “a loud and clear message from the top” on transparency and ethics issues.
Hopefully, trust and confidence in management in public financial markets will be reestablished. The core benefit of SOX will take place in the companies themselves. It’s about time.