Clark Keeler, Director of Forensic Investigations, Corporate Governance, and Risk Management Practices, is a financial executive with broad experience in leading both finance and operations teams. He has proven his leadership capabilities in directing complex projects in diverse industries and organizational environments. His expertise is focused on identifying, mitigating and managing organizational and fraud risk, while improving existing infrastructure, systems and internal controls. He is a skilled strategist with a long track record of successfully helping clients assess risk, identify and implement cost and process improvements, and create new business opportunities.



Mr. Keeler’s practice emphasizes risk management through the integration of fraud prevention, strong internal controls with process improvements or design, and the optimization of internal financial systems.































Pages

Monday, June 14, 2010

Deconstructing Sarbanes Oxley

After eight years, we have come full circle. As so often happens in the market, we are back where we began.

By the time you read this, the Wall Street Reform Act will be on the verge of providing small public companies with a permanent exemption from Section 404(b) of the Sarbanes-Oxley Act of 2002. That subsection of the law simply required management’s internal control environment to be audited. By providing this exemption, Congress will have sent the market back to the pre-Sarbanes Oxley era. Once again, officers of public companies will be providing their investors the assurance that their companies have an effective internal control environment, without proof or verification.

What this recent change will create is, effectively, what the Foreign Corrupt Practices Act enacted, in 1977. That law required public companies to:

“Devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that: 1) transactions are executed in accordance with management’s general or specific authorization; 2)transactions are recorded as necessary, 3) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and 4)to maintain accountability for assets”

However, that law also stated that:

“No criminal liability shall be imposed for failing to comply with the requirements “ (of the Act) so long as “No person shall knowingly circumvent or knowingly fail to implement a system of internal accounting controls or knowingly falsify any book, record, or account”.

In effect, the law stated that public companies had to have, by law, a “system of internal controls” but had no criminal liability for “failing to comply”. Even then, if you look back, the market complained bitterly that the cost of these controls was too high and was damaging the competitiveness of American businesses. The Act was amended in 1988, in response to the numerous criticisms, and softened some of its ‘harsh’ requirements

Of course, a little less than 20 years later, Enron, Worldcom and Adelphia became household buzzwords as billions of dollars of investor wealth disappeared due to the financial failures (and fraudulent reporting) of those entities. Congress concluded that these (and other) firms might not, in actuality, have been complying with the Foreign Corrupt Practices Act, as we had been assured. So, in 2002, the Sarbanes-Oxley Act was passed into law. This law did impose criminal liability if a company failed to comply, and built in a mechanism to insure that companies actually did comply….the requirement that the internal controls be audited (subsection 404(b)).

Under Sarbanes-Oxley the principal executive officer and the principal financial officer are required to publicly certify that they have:

· “Designed such internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made known”
· “Have evaluated the effectiveness of the (issuer’s) internal controls as of a date within 90 days prior to the report”;
· And, “have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date.”

This time, the law attached serious personal liability for a failure to comply, including: personal fines (millions), jail time (years) , disbarment from serving as a public company officers or directors, and claw-back of profits and bonuses. It also enacted a clause (404(b)) that mandated:

· “Each registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer.”

The amendments proposed in the Wall Street Reform Act changes one thing, and one thing only: it removes the requirement for the audit attestation. All the other requirements, and penalties, are still in force! A few audit dollars have been saved, and we have been returned to the past: where the word of business management must be trusted on faith. Caveat Emptor!

But we live in a capitalist economy where profits are the goal. History tells us that profits, or the appearance of profits, trump regulation….because, as we all know, regulation creates inefficiencies, costs more than it saves, and restricts entrepreneurial growth. So, there should be no surprise in the passage of this most recent exemption.

But, before we bury Sarbanes-Oxley as the epitome of bad and oppressive regulation, I’d like to give that heavily maligned piece of legislation its due. The market complained vehemently that the cost of auditing what management was already doing (supposedly) was simply not cost-effective or value driven. That is where all the focus went. Cost. However, the Act also provided some of these other pearls that are too often forgotten.

· It established a requirement that each member of the audit committee be a member of the board of directors, but otherwise independent. It also required that at least one member of that audit committee be a financial expert (or disclose that no one was!). It appears odd today that we had to legislate something like that.
· It required that audit committees to establish procedures for the handling of complaints, and the ability to maintain anonymity (whistleblower hotlines).
· It required that the officers of a company actually take responsibility to read and sign the financial statements, and certify that they are materially correct. Apparently, reading the public financial statements was optional prior to this.
· Made it illegal to ‘fraudulently influence, coerce, manipulate, or mislead any independent public or certified accountant”, and required companies to establish a Code of Ethics for senior financial officers, (or disclose that they didn’t have a Code of Ethics). Apparently, prior to Sarbanes-Oxley lying to your auditors wasn’t illegal!
· Created personal liability (civil and criminal) for corporation officers who misrepresented, intentionally or not, the financial condition of their company’s to the investing public. No longer was the corporation solely responsible for the misbehavior of its officers. These liabilities included personal fines (millions), jail time (years) , disbarment from serving as a public company officer or director, and claw-back of profits and bonuses.
· Made it illegal for insiders to trade during ‘blackout periods’.
· Created the Public Company Accounting Oversight Board (PCAOB) so that the accounting profession was no longer self-regulated, thereby fostering greater auditor independence and improved audit quality. We should remember, although management got an audit exemption, the auditors’ work is still audited by the PCAOB.
· Created rules governing auditor independence to avoid conflicts of interest, or the appearance of such, by prohibiting certain activities, and requiring greater disclosures and pre-approvals of non-services provided.
· …and more…(there were, after all, sixty-nine separate sections under the Act).

We have all heard the argument: “Sarbanes-Oxley didn’t solve the problems it tried to address. It was another example of failed regulation.”

Maybe.

Most of what it set out to do was logical, and important, and is now just part of the way we do business. Sadly, we had to create laws to make these things happen. Management didn’t do any of these things just because they were good business practices. Lie to the auditors? Read the financial statements you issue? Have someone who understands accounting on the audit committee? Those require laws?

Apparently they did.

I believe that anyone blaming a law for the failures of people is simply looking for a scapegoat. Laws define acceptable (or non acceptable) behavior by citizens and corporations based on what the current society deems proper. Enforcement is the punishment of those who don’t follow those instructions. The law never fails (though there may be good and bad laws based on your views). People and enforcement fail.

Think about that the next time you hear someone denigrate Sarbanes-Oxley. It wasn’t a law about internal control audits. It was a law about better corporate governance and disclosure. Only the audit section has gone back to the past.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)