Michael Oxley, the parent of Sarbanes-Oxley Act (SOX), is no longer
with us
SOX certainly had a rough start with frustrations for
governance and compliance officers due to the hype, misguided implementation
and interpretation guidance from the Securities and Exchange Commission
(SEC) and the Public Company Accounting Oversight Board (PCAOB).
History of the corporate mess
The year is early 2002, Corporate America is in a terrible mess; Enron
had collapsed, with an unprecedented accounting fraud that followed. Later
WorldCom, Adelphia Communications, Tyco, HealthSouth and others followed
suit with even more sensational accounting frauds and scandals.
Furthermore, the recession was rampant and on top of the corporate agenda
was shareholder value. Politicians and grass root organisations were appalled
at how quickly retirement savings and financial security could just evaporate
into thin air, leaving thousands of families in utter despair without
a pension.
All over the world, there was an outcry for action and in the midst of
the violent and widespread corporate turbulence, legislators were scrambling
to clean up the corporate air of uncertainty.
Oversight authorities in slumber
Enter into this scenario Michael Oxley, the Republican chairman of the
House Financial Services Committee and his Senate counterpart, Democrat
Paul Sarbanes. They unruffled the usual conflicting constituencies into
a working majority and cooked up a bill based on a series of past acts
that corporate America was not bothered to comply with. The notorious
Sarbanes-Oxley Act was born and passed thru both houses before the end
of 2002, and President Bush victoriously turned the bill into law with
immediate effect.
Expensive 117 words in SOX §404
The primary departure of SOX from the mixture of a series of old and latent
acts (1977; FCPA, 1985; Treadway Commission report on fraudulent reporting,
1991; S&L Failures, 1991; FDICIA Controls, etc.) was that SOX required
the auditor, CEO, and CFO 'to certify' that internal controls over financial
reporting throughout the organisation was in order, as stated in the 117
words in SOX §404. This detail created a gigantic financial and operations
burden to all stock listed companies to comply, and auditors and consultants
who were hired to document and implement SOX laughed all the way to the
bank.
Fourteen years down the road or for better or worse, the Sarbanes-Oxley
Act cannot be divorced from the internal controls processes of any business.
It was one of the first efforts in global business operations that succeeded
in making all stakeholders to take significant details like internal control
over financial reporting seriously.
The million dollar question then is, has SOX served its purpose? The jury
is still out. However, SOX has reduced the number of incorrect financial
statements filed by publicly traded companies and accounting inconsistencies
like operational and financial leasing as well as internal controls over
financial reporting was fixed.
SOX has probably prevented many potential corporate failures after its
implementation in 2002-4 but failed to prevent the financial crisis of
2009. However, much of the credit and trust component of the financial
crisis was due to poor risk management in mortgage lending and subprime
and was outside the SOX scope. To prevent future complex billion dollar
governance, risk management and compliance failures of e.g. Freddie Mac
(2003) AIG (2005) Leman Brothers (2008) Bernie Madoff (2009) Satyam (2010)
needs a different type of SOX2 where irrational and exuberant financiers
cannot banish prudent risk management with an added component of greed.
The general feeling however is that SOX legitimated some of the control
challenges it was supposed to address; accountability, transparency, oversight,
disclosures, shareholder protection, auditor independence are a few of
the success stories. The most positive effect of SOX is that it has finally
strengthened stakeholder activism and proper business oversight.
See also: Our 'tribute' to SOX on the ten year anniversary; http://www.copenhagencompliance.com/news/SOX10Years.php