The Long and Grueling Road to SOX Compliance

“Every action has an equal and opposite reaction,” said Sir Isaac Newton. While he made that observation centuries before the dot-com boom and bust, his words remain quite relevant today. After large corporation executives took advantage of their positions and wreaked financial havoc, the federal government was called to step in and prevent a recurrence. The result was the Sarbanes-Oxley Act, a law with repercussions that e-commerce enterprises continue to feel.

Tempted by seemingly never-ending stock increases and the potential to get really rich really quick, executives at companies such as Enron and WorldCom bent — many would say broke — basic accounting principles during the dot-com boom. Their transgressions drove their companies’ stock prices up to all-time highs. However, eventually, these corporations ended up bankrupt, investors saw their portfolios shredded and employees’ retirement savings disappeared.

As the implications of these actions became clear, there was an outcry for tighter government regulations. The Sarbanes-Oxley Act was passed in July 2002 with its regulations starting to take effect in January 2004. The act’s stipulations are now mandated at large companies, with smaller enterprises still phasing in some of the requirements.

Comprehending the Law

The road from passage to implementation has been long and arduous for many e-commerce suppliers. The first step was helping companies comprehend what the law involved.

“Today, most corporations — especially large ones — have a good understanding of what they need to do in order to comply with the law,” Chris McLean, an analyst at Forrester Research, told the E-Commerce Times. Next, companies had to revamp their internal business processes, another step that has already been taken in many enterprises, especially large ones.

While companies have made changes, not all of them view it positively. Sarbanes-Oxley gets lambasted as a classic example of government overreaction. Rather than focus on a seeming weak spot with accounting transparency, some think that the problems at Enron and WorldCom stemmed from transgressions by a small number of executives. To address the problem, the government created a new class of professional bureaucrats who are part of an ever-expanding bureaucracy.

Another issue is that the rules were enacted quickly. Companies had existing business processes in place that may not have complied with the new regulations. To ensure compliance, many corporations took a brute force approach, deploying various software solutions to create an auditing trail and adding data verification steps to existing business processes.

“Initially, companies may have done a ‘quick fix,’ but in the past few years, many have used Sarbanes-Oxley to streamline their operations,” French Caldwell, research vice president at market research firm Gartner, told the E-Commerce Times.

Open to Interpretation

The law’s interpretation has also created havoc. The key component of the Sarbanes-Oxley Act is Section 404, which requires that publicly traded companies include in their annual reports a review of their internal controls over financial reporting and a related auditor’s overview of their procedures. Conservative views by auditors lead to checks being put in place that were not necessary while liberal ones may have skirted regulations. The Public Company Accounting Oversight Board stepped in to resolve those issues and outlined what processes were compliant and which were not in May 2007, noted John Hagerty, vice president at AMR Research.

The Sarbanes-Oxley regulations cost e-commerce companies money — a lot of money. AMR Research pegged the annual cost of software and services for compliance with the law at US$6 billion. “Spending on Sarbanes-Oxley compliance has been fairly consistent in the past few years,” Hagerty told the E-Commerce Times. The law is also criticized that it regulation puts domestic companies at a competitive disadvantage, but advocates counter that compliance leads to more efficient enterprises.

Another area of contention is the law’s rigidity. Sarbanes-Oxley provides a strict set of accounting rules that have to be applied to all companies. Initially, the laws were geared to thwart wrongdoing at Fortune 500 firms, but the law applies to small and medium-sized businesses as well. The smaller companies were given more time to institute the appropriate procedures — the deadline has been pushed back a few times, now to the end of 2008. Even with that extension, some feel that the need to comply with the federal regulations creates a barrier of entry for smaller enterprises.

People Problems, Not Legal Limitations

Another criticism is that the dot-com problems stemmed not so much from too few regulations but rather from how inventive some executives were in interpreting them. The Enron and WorldCom executives eventually were sentenced to time in prison, so there were already laws on the books that they violated. With Sarbanes-Oxley now in the effect, the only change is what executives may have to do to find a way around the new rule.

The law does seem to have had an impact on corporations’ reporting procedures. In fact, public companies have been restating their financial results at a higher rate than ever before. In most cases, these restatements are due to companies misapplying basic accounting rules or examining the wrong data.

Overall, despite the problems, most view Sarbanes-Oxley as a positive development. “The law recommends that companies institute good business procedures,” concluded AMR Research’s Hagerty. “If companies were not following them before, they should have been.”