Executive Summary: Sarbanes-Oxley: Worse than No Solution at All?

Larry Loeb Avatar

Updated on:

What is SarbOx anyway?

The Sarbanes-Oxley Act of 2002 is a set of rules passed by Congress in order to force American public corporations to document every sale and financial exchange that could have a material effect on the business.

SarbOx also requires top executives to review and sign off on financial results so CEOs hauled up on charges related to creative bookkeeping can’t claim to have been unaware of number-shuffling that may have misled investors and regulators.

The implementation of SarbOx, however, is more than just a change in some accounting and accountability rules. It amounts to an overhaul in the way America will do business in the future.

Compliance with SarbOx is a big deal to senior management, because a violation of the act—in this case, failure to comply—can bring them up to 20 years of jail time and fines up to $5 million. That sort of penalty tends to concentrate a CEO’s focus beautifully.

The Cost of SarbOx

While many executives agree that some law was necessary, many have also become disillusioned with the drain on time and resources that it requires.

These requirements can fall disproportionately hard on smaller public companies, many of which have less formal financial-reporting processes than larger older companies, and fewer staffers to create or execute any newly required processes.

USA Today reported in October 2003 that one such publicly traded company—hardware wholesaler Moore-Handley, which had 2002 sales of $151 million—was going so far to avoid falling under SarbOx rules that it was delisting itself from the Nasdaq exchange.

Company executives estimated compliance would cost the company $250,000, but Moore-Handley had only made a net profit of $300,000 in the last fiscal year. So it made economic sense for Moore-Handley to react the way it did.

This kind of cost consequence may spread to other companies as well.

It may be that in the future only companies worth $100 million or more may be able to afford being publicly traded, and thus fall under SarbOx regulations.

A Foley & Lardner survey of 32 midsize public companies found that they predicted an average of 105 percent increase in accounting costs, a 90 percent increase in legal costs, an increase in costs due to lost productivity of 102 percent, and an increase of 266 percent in compliance personnel cost.

Overall, the companies surveyed expected an increase of 90 percent over their 2002 accounting costs just to comply with SarbOx.

While a cost increase is to be expected when first complying with any regulatory change, the total cost over time may not be as high as an initial cost outlay might indicate.

Once a coping mechanism is in place, the business only has to maintain a new process instead of developing and installing it.

Maintenance is usually cheaper than development, so it would be reasonable to expect compliance costs (aside from the direct labor costs necessary) to decrease over the long term.

So, there will undoubtedly be increased costs of doing business due to SarbOx, but they should settle down somewhat once an appropriate solution has been devised.

Section 404

One of the most critical sections of SarbOx carries the identifier of section 404.

It requires the management of a public company to assess the effectiveness of the company’s internal control over financial reporting (as of the end of the company’s most recent fiscal year).

Section 404(a) of the Act also requires management to include in the company’s annual report to shareholders management’s conclusion (made as a direct result of the assessment previously mentioned) about whether the company’s internal control is effective.

SarbOx forces individual managers to legally commit to the veracity of the internal controls in use, something that had never before occurred in the United States.

Section 404 of the Act (as well as Section 103), directs the Public Company Accounting Oversight Board (PCAOB, which is the private-sector, nonprofit corporation set up by SarbOx to oversee implementation that answers to the Securities and Exchange Commission which, in turn, has the ultimate responsibility to see that SARBOX is carried out) to establish professional accounting standards governing the independent auditor’s attestation, as well as reporting on management’s assessment of the effectiveness of internal control.

That means whatever internal control system is in place for the audit is graded on criteria set down by the PCAOB.

The PCAOB has considered the possible effects of the proposed standard on small and medium-sized companies, noting that internal control is not “one-size-fits-all.”

So, the board has defined examples of what not to do.

It has identified circumstances that would be a very strong indicator that there exists a material weakness in the internal controls.

Next page: Control of multiple locations.