Corporate Executives And Auditors Try On SOX

The passage of the groundbreaking Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley or SOX) is bringing about a sea change in corporate governance in the United States. As the first deadline for filing SOX Section 404, certifications and compliance have come about for some of the largest public corporations.

After much publicized corporate accounting scandals such as Enron, Adelphia Communications, HealthSouth and Worldcom, the U.S. Congress responded with SOX as a way to help ensure accountability in the corporate boardroom, investor confidence that the reporting of earnings are based upon valid numbers and that the board is upholding the best interests of the shareholders. Ever since 2002, a number of other corporate scandals have become exposed that continue to motivate regulators and many in the corporate community to put an end to an unfortunate trend of corporate laxity and dishonesty among corporate officials.

As with other Securities and Exchange Commission (SEC) regulations, violations of SOX provisions carry civil as well as criminal penalties. No longer can CEOs or CFOs contend that they were ill-informed or "out of the loop" about financial information presented in SEC filings. SOX, sections 404, 302 and 906 require that CEOs and CFOs sign off on the validity of the internal controls used to determine the financial information in the filings, as well as the validity of the testing designed to determine how well the internal controls work. Section 404 also requires publicly-held companies to have an internal code of ethics, whistleblower protection and preventive, document-destruction measures.

The recent conviction of WorldCom CEO Bernard Ebbers surely sends a message to corporate executives that they will be prosecuted for SOX or other SEC violations. Ebbers, although not convicted under SOX, was convicted March 15, 2005 of conspiracy, securities fraud and several counts of lying to the Securities and Exchange Commission. He faces up to 85 years in prison. Former WorldCom CFO Scott Sullivan-who had already pleaded guilty to his part in the fraud and was the star prosecution witness-said Ebbers was obsessed with hitting the numbers, and drove the fraud. Ebbers' testimony that he was not kept "in the loop" on the accounting manipulation was apparently not very convincing to the jury. Jacob Frenkel, a private attorney with extensive federal and state criminal trial, securities, corporate governance, investigative and regulatory compliance experience, said, "One of the purposes of the certification process was to render that defense obsolete. It makes it effectively less credible to say they were not paying attention when they had affirmative obligations to sign-off."

Frenkel, a former SEC staffer and federal prosecutor with appearances on numerous national television news programs and quotations in major news publications on issues before the SEC, contends that eventually corporate executives will have nothing to fear as they adjust to SOX requirements. "The Department of Justice would have no problem turning its attention to other prosecution priorities, but should only do so after it is satisfied the deterrent message has reached boards of directors of all sized companies."

Some observers of the corporate world contend that the cost of compliance with SOX has been onerous, and the certification requirements are thinning the ranks of those aspiring to become CEOs and CFOs. Perhaps recent news footage of corporate officials taking "perp walks" in handcuffs to criminal court appearances has also helped diminish the desire among some corporate executives to take on the responsibility of a CEO or CFO. So far, however, the experience with SOX, as well as an expansion of corporate director liability in general, has not been long enough to document whether either of these assertions are true. There is, however, some evidence that indicates SOX is causing some negative repercussions in the corporate world. The first SOX section 404 deadline, which is a year-end report that applied only to larger corporations with revenues of over $700 million, was extended by 45 days for those companies needing it, noted John Heine, a Public Affairs Officer for the SEC. That filing deadline was March 16, 2005. Heine also pointed out that companies with revenues under $70 million were given another year to file their reports. There has been so much concern in the corporate community over problems and questions about how to comply with SOX Section 404, that the sec scheduled a roundtable meeting on the matter with corporate officers and their advisors on April 13.

Some companies missed the SOX deadline. In a March 16, 2005, Internet news article from Business Wire, it was reported that global supercomputer company Cray Inc. missed the March 16 deadline for its year-end, or 10-K, SOX 404 certification filing. The article reported that the delay was created "in large part by the concurrent review and assessment of internal controls required by section 404...". The article noted that Cray intended to utilize the 45-day filing extension period granted by the sec. The article also stated that although Cray, "has not completed its formal assessment process under Section 404... it expects that it will identify one or more material weaknesses, including inadequate review of third-party contracts and lack of software application controls and documentation, and it will conclude that its system of internal controls was not effective." The article went on to report serious reservations by the company's outside auditor. SOX require such an outside audit of company internal controls and the effectiveness of the company's testing of its own controls. Attempts to contact Cray officials were unsuccessful. A Washington Post article on March 24, 2005, stated, "nearly 300 publicly traded firms have said they will miss deadlines for filing their annual reports, up from 70 during mid-March to January of last year...", according to the SEC.

That same Washington Post article also reported on the issue of the cost of complying with SOX, noting that, "a trade group for corporate-finance executives released a study earlier (in March) suggesting that the average cost of complying (with SOX) rose to $4.3 million per company, a 39 percent increase from when it surveyed companies last year." That survey involved 217 companies with average revenue of $5 billion. That same survey, as reported in a March 28, 2005 article in InformationWeek, concluded that complying with section 404 requirements "has come at a steep cost for many businesses, with greater-than-anticipated personnel, consulting, auditing and software expenses...".

The increase in business for big accounting firms as a result of SOX has led some to refer to it as the "Accountants Full Employment Act." An article on the CFO.com website cited a report in the Financial Times that the big accounting firm, "PricewaterhouseCoopers saw an increase in audit fees averaging 134 percent," as a result of section 404. The article also noted that KPMG's audit fees increased an average of 109 percent, as well as some substantial audit fee increases of several other well-known auditing firms. In a March 23, 2005 article in the Son Francisco Chronicle, Gregory Lichtwardt, Executive Vice President and Chief Financial Officer of Conceptus Inc., a San Carlos, CA maker of surgical devices, with fiscal 2004 sales of $11.6 million, was quoted as saying, "It's intense and it's costly and it's never enough. We will spend $1.5 million (to comply with section 404), between the cost of outside consulting and outside auditors." The article also reported that, "San Jose medical-laser firm Laserscope, Inc., which posted 2004 revenue of $94 million, filed for an extension of its 10-K as it struggled to meet the demands of section 404-a frustrating move for a company that has prided itself on timely filings, said Eric Reuter, President and Chief Executive."

Although the effects of SOX are being experienced mostly by publicly traded firms, Frenkel contends that non-public firms also would benefit from getting into the mindset of strict corporate governance demanded by it. He pointed out that two provisions of SOX still apply to non-public companies. They are the whistleblower protection and document prevention, or antidestruction provisions. "Private companies are taking SOX to heart-even where most of it doesn't apply to them," Frenkel said. "What you have happening, though, is lenders and significant investors expecting that companies will adhere to much stricter governance standards regardless of whether they are public or not. The culture and the mindset of the auditors and bankers have been oriented around SOX." For now, as the corporate world adjusts to the new compliance standards of SOX, there is some confusion among corporate officials and their auditors. "Now there is a world of certification as tangled as a spider's web," Frenkel said. "Everybody is being asked in the corporate hierarchy and in the financial sector to sign certifications."

Kent Wesley, CCE, an executive with 25 years of finance and credit experience and user of Emagia's Cash Inflow Manager, a software-based solution for credit and collections that provides automated software solutions for SOX compliance, pointed out the effects SOX will have on credit departments. "It may provide an extra level of protection for the investor, but it presents an additional cost and inefficiency in the book-to-credit process." Wesley contends that SOX will inhibit some of the subjective decision making that credit professionals have been used to making as a result of their experience. "The credit manager would be tempted to add another layer of documentation," Wesley said. "It's going to take some wheeling and dealing and shoot-from-the-hip decision making and transform it into documented decision making."

In addition to the financial and personnel burdens SOX places on corporations and their executives, it also presents the more personal threat of civil fines and even jail time for those executives who knowingly certify false information. Frenkel noted the first criminal prosecution under SOX recently occurred, involving HealthSouth and its CEO Richard Scrushy. In a related civil enforcement action, a March 19, 2005 press release of the sec stated that it, "charged HealthSouth Corp., the nation's largest provider of outpatient surgery, diagnostic and rehabilitative healthcare services, and its Chief Executive Officer and Chairman Richard M. Scrushy with a massive accounting fraud. The Commission's complaint, fiLed in federal, district court in Birmingham, AL alleges that since 1999, at the insistence of Scrushy, HealthSouth systematically overstated its earnings by at least $1.4 billion in order to meet or exceed Wall Street earnings expectations. The false increases in earnings were matched by false increases in HealthSouth's assets. By the third quarter of 2002, HealthSouth's assets were overstated by at least $800 million, or approximately 10 percent." The press release further stated, "The complaint further alleges that, following the Commission's order last year requiring executive officers of major public companies to certify the accuracy and completeness of their companies' financial statements, Scrushy certified HealthSouth's financial statements when he knew-or was reckless in not knowing-they were materially false and misleading."

A January 25, 2005 article in Bloomberg News reported that, "Penthouse founder Robert C. Guccione settled SEC allegations that he violated the Sarbanes-Oxley Act-which requires executives to certify the accuracy of financial statements-without admitting or denying wrongdoing." The article also reported that, "Penthouse International Inc., the former publisher of the men's magazine, was sued by the Securities and Exchange Commission (January 24) for improperly booking $1 million in revenue in the first quarter of 2003. The publisher, now known as PHSL Worldwide Inc., improperly recognized a $1 million licensing fee in order to show $828,000 in net income, instead of a $167,000 net loss, for the quarter ended March 31, 2003, according to the SEC's lawsuit." The article quoted Mark K. Schonfield, the SEC's Northeast Regional Director as saying, "The certification requirements of Sarbanes-Oxley are a critical element of the laws to deter financial fraud. This case demonstrates our commitment to enforcing those certification requirements."

Although it is too early to determine to what extent, if any, SOX and other SEC enforcements, prosecutions and convictions are deterring some executives from aspiring to the CEO or CFO levels, Frenkel said, "The effect of SOX has clearly been to chill the desirability of becoming an officer or director of a public company." The issue of whether some boards of public companies have decided to go private or deregister their stock with the SEC to avoid the SOX requirements and heightened regulatory scrutiny is still too early to determine. Scott Blakeley, Esq., of the California-based law firm of Blakeley & Blakeley LLP, which is involved in issues affecting commercial credit and the financial community, said he was unaware of any studies that documented that companies are going private to avoid SOX compliance. However, he acknowledged that, "If you go private, you avoid the scrutiny and expense of SarbanesOxley." Frenkel said, "The cost of compliance with SOX is such that a lot of mid- and small-cap companies are adopting an attitude of 'why be public at this cost?'."

There is at least one study that attempted to answer that question. It was conducted by several researchers at the University of Maryland, published in June 2004, and revised in November 2004, entitled "Why Do Firms Go Dark? Causes and Economic Consequences of Voluntary SEC Deregistrations." Going dark refers to companies that deregister their stock with the SEC, which relieves them of most of the requirements of SOX, including Section 404. Such companies can stilt continue to trade their securities in the over-the-counter-market. The report concluded that, "Approximately 200 companies went dark in 2003 alone, raising concerns that recent U.S. securities regulation is behind the trend."

"Since the passage of Sarbanes-Oxley, there has been a dramatic surge of U.S. companies that went dark," said Tracy Vue Wang, a PhD candidate and one of the researchers involved with the study. The study, however, stopped short of suggesting a cause and effect relationship between the trend of companies going private and the looming specter of SOX compliance. Wang also said that in addition to the costs of designing and testing internal controls and hiring outside auditors, companies spent more money on certain types of insurance protecting directors and other officers from financial liability. "SOX substantially increases the liability for corporate executives." Blakeley added that in order to protect themselves from liability, CEOs and CFOs, "are now looking to push some of that liability further down the chain of command", by requiring lower-level officers to sign-off on documents. Frenkel said, "Let's not kid ourselves. In the '80s and '90s execs wanted to go public. But if it weren't for the liquidity offered by the U.S. exchanges, they would now run from the U.S. public markets if they could."

There are various companies that offer automated, softwarebased solutions to help make the SOX compliance process less expensive and easier in terms of documentation and document retention and retrieval. Companies such as Emagia and Aceva produce such software solutions that tie in all the documentation, such as credit extension approvals, who authorized them, and all other decisions and documents needed to support the various steps and processes that went into the financial decision making and reports of a company. Documents that are needed for the process are stored electronically so they can be matched with the person and the steps in which they were produced, and be retrieved in an easy and convenient manner. Wesley pointed out that every step in the credit decisionmaking process needs to be documented. "It's important to be able to document the credit decision-even if it was an automated credit decision," Wesley said. He noted that outside auditors, who review a select sample of credit decisions, will need to see such documentation, which would include information about who made the decision, how it complied with credit policy or what basis was used to deviate from established policy.

David Gondorf, worldwide Credit and Collections Manager for Network Appliance, who utilizes Aceva's software, noted how SOX is changing the emphasis among credit and financial professionals. "The focus was on auditing and process documentation," Gondorf said. "I think the trend this year... is on getting an automation of control points." He noted that with an automated process, personnel time devoted to SOX compliance is reduced. "They don't have to get up from their desks and look for a document. The time to final resolution is speeded up. You can go out and obtain answers in real time, around the world, with the data you need to supply your auditors with the evidence." Sanjay Srivastava, COO of Aceva, pointed out that significant costs savings could be achieved through automated solutions for SOX compliance. He said one customer performed a time-motion study and determined his company had a 340-350 percent improvement from a cost-savings perspective.

It is unlikely in this time of continued news of corporate accounting fraud that Congress or the SEC will retreat from SOX compliance requirements in the near future. During this period of transition to an increased level of documentation and accounting control, company officers, credit managers, auditors and others will be adjusting to SOX. Frenkel said, "Any company that thinks corporate governance is a stagnant function-i.e., put the system in and ignore it-is missing a fundamental principle underlying best practices. Compliance and controls are an ever-changing dynamic, and demand constant monitoring and expert oversight."

To those critics who view SOX as an unnecessary regulatory burden and intrusion into corporate financial affairs, it may be enlightening to Look back at the past, which is what Stephen M. Cutler, Director of Division of Enforcement of the SEC, did in his remarks at Duke University's Annual Directors Education Institute in Durham, NC on March 18, 2005. In his address, entitled "Staying the Course," he said, "Much has been said and written over the last several months about the rising tide of opposition to recent corporate reform efforts, including, most notably and notoriously, the Sarbanes-Oxley Act of 2002. In that spirit, I was recently directed to an article in Fortune magazine railing against newly-enacted securities legislation that, in the author's view, would increase the cost of capital, make independent directors reluctant to sit on corporate boards, push companies offshore and away from U.S. regulatory requirements, and increase the number of shareholder strike suits brought as a form of legal blackmail. I should like to respond to the critic who made these charges. Unfortunately, I can't. And that's not just because I can't speak for the Commission or other members of the staff, which I can't and won't do today. It's because the man who wrote them is long deceased. These criticisms, you see, were leveled against the Securities Act of 1933-the key law governing our securities offering process-just a few short months after its passage."