Most Popular White Papers
Content provided in partnership with
The limitations of the Sarbanes-Oxley Act
USA Today (Society for the Advancement of Education), March, 2005 by Scott Green
Independence on public boards of directors also is increasing. According to the American Society of Corporate Secretaries, 62% of the corporate boards of its membership now have an independent chairperson, lead director, or presiding outside director. This is up from 26% prior to passage of Sarbanes-Oxley. Directors are more active, and independent audit committees have been strengthened with real oversight authority, including the ability to retain their own independent counsel. Furthermore, PricewaterhouseCoopers reports that 72% of U.S. multinational companies have established a whistleblower complaint process, making identification of managerial fraud more likely.
Most of the early initiatives of Sarbanes-Oxley produced significant structural benefits to shareholders at reasonable costs, which is the hallmark of excellent legislation. The most expensive and far-reaching component appears to be Section 404 requiring public companies to certify their system of internal control over financial reporting. It is not enough that the CEO and CFO must certify their financials; they also must document, test, and certify their system of internal control for processes that produce the company's financial statements. Yet, even a robust control structure will wilt in the presence of widespread executive collusion. There simply are too many vulnerable positions to protect economically when the organization is rotten at the top. Nevertheless, it would seem that Congress did not want to take any chances, so it took a belts and suspenders approach to financial reporting.
I expect that most CEOs and CFOs are honest people. So, when Congress passed legislation requiring the certification of financial statements, no conscientious CEO wanted his or her name associated with statements that did not properly reflect the financial position of the company. Procedures were implemented efficiently and rapidly to ensure that what was filed with the SEC was accurate. These officers certified the statements knowing that there were criminal and financial penalties associated with falsification. Was it really necessary for them to go back and document and test their control structure on top of this? While this may lend even more confidence to the financial reports emanating from public companies, the cost is high. Risks can migrate from deep in an organization to the financial statements. For a multinational company to document the control structure for all of these potential sources at a detailed level is a tremendous undertaking. In many cases, internal SWAT teams are added to outsourced consulting resources to scope, document, and test controls across the company. Since a material deficiency would be reported to the public, smart companies err on the side of caution and include any system or process that could contribute, however remotely, to financial presentation misstatements. In effect, Congress has mandated an environment of corporate risk aversion rather than enabling prudent risk-taking.
