Well that makes two of us!
In a recent article on CFO.com, retired Congressman Michael Oxley expresses his displeasure with the Sarbanes-Oxley legislation, and blames it on the Public Company Accounting Oversight Board (PCAOB).
Section 404 of the Sarbanes-Oxley Act of 2002 is the part that causes the most heartburn for executives, stockholders, and the public at-large. This section requires companies and auditors to examine internal controls over financial reporting, and to report on these controls in their annual reports. (Note, however, that companies don’t necessarily have to improve bad internal controls.)
Many say that Section 404 of Sarbox was poorly implemented and is far to expensive to companies. Oxley says the following about why companbies are unhappy with it:
The main thing is the enormous cost that was driven by the outside audit. But, the auditors are under tremendous pressure too. Audits should be risk-based so companies can better assess the risks involved and move forward.
I highly recommend reading the whole story and all of Oxley’s comments.
The Securities and Exchange Commission voted in favor of four staff recommendations to work with the Public Company Accounting Oversight Board (PCAOB) to help change Sarbanes-Oxley.
Currently, Sarbanes-Oxley requires companies to monitor and test internal controls over financial reporting. (Notice I didn’t say the company actually has to have good internal controls. As long as they check on whatever they have.) Companies have said this provision is expensive and doesn’t make sense.
The SEC is trying to make Sarbanes-Oxley compliance more cost-effective for companies nad investors. Congress suggested exempting smaller companies from SarbOx all together, but that was rejected by the SEC.
One current suggestion is changing the law to make the process more of a risk-based review of internal controls over financial statements. It’s thought that this would be more cost effective because the implementation (and therefore the cost) is scalable for companies of different sizes.
PCAOB has proposed a new auditing standard, AS-5. Some in the SEC think AS-5 doesn’t go far enough, and since the SEC has the final say over auditing standards for public companies, it remains to be seen what the final form will be.
Say it fast five times: Sarbanes-Oxley, Sarbanes-Oxley, Sarbanes-Oxley, Sarbanes-Oxley, Sarbanes-Oxley… If you’re like me, you’re sick of hearing these words.
Lots of people, however, don’t have the first idea what the Sarbanes-Oxley Act of 2002 is really about. I think the public-at-large thinks it’s legislation that stops fraud. That couldn’t be further from the truth.
It is true that Sarbanes-Oxley (also fondly referred to as SOX or SarbOx) was meant to protect investors in public companies. It set forth some standards and certain procedures that public companies are required to abide by.
But the legislation itself requires far less than many people believe it does. At the end of the day, the regulations require companies to document their processes and disclose whether or not their internal controls are working. It doesn’t actually force them to materially improve the internal controls. (See my article What Has Sarbanes-Oxley Done For You Lately? for more of my opinions on this.)
So what does Sarbanes-Oxley require? Continue reading
The New Yorker recently printed a commentary on Sarbanes-Oxley. While the legislation was viewed by politicians as an important step toward protecting investors from fraud, corporate executives aren’t so impressed.
Corporate executives believe that the high cost of implementing the Sarbanes-Oxley regulations is not justified by the small benefits. The cost of implementation is particularly high for smaller companies, which may discourage them from going public. Continue reading