Sarbanes-Oxley: Bane or Boon?

workspan, March 2004, Volume 47, Number 3

Front Page

Sarbanes-Oxley: Bane or Boon?

By Rodney K. Platt, WorldatWork

Though this law was intended to help stop the fiscal abuses of the past few years, Sarbanes-Oxley does not take into account the potential financial hardships placed on companies to ensure they are compliant.

Quick

Look

The Sarbanes-Oxley Act of 2002 calls for major changes in corporate governance, internal financial controls and records management rules for publicly traded companies and public accounting firms.
Many executives are exasperated by the act's nuances and complexities as they try to ensure their organization's compliance.
Some companies are facing financial hardships as compliance efforts have resulted in increased employment, consulting and IT costs.

Called by some the most sweeping legislation affecting corporate governance, disclosure and financial accounting in over a generation, the Sarbanes-Oxley Act of 2002 imposes new safeguards on public accounting firms that want to audit publicly traded companies, and firms with securities analysis and investment banking functions.

Once fully implemented by 2005, the Sarbanes-Oxley Act (SOX) will mandate major changes in corporate governance, internal financial controls and records management rules for publicly traded companies and public accounting firms. (See Figure 1.)

Figure 1: Sarbanes-Oxley Impact

As enacted, Sarbanes-Oxley will directly affect the following groups:

CPAs and CPA firms auditing public companies.
Publicly traded companies, their employees officers and owners -- including holders of more than 10 percent of the outstanding common shares.
Attorneys who work for or have as clients publicly traded companies.
Brokers, dealers, investment bankers and financial analysts who work for these companies.

While this law hopes to stop the fiscal abuses exposed in the past few years, it doesn't take into account the potential financial hardships placed on organizations to ensure they are compliant. New positions are being created (see "Wearing the SOX at Kodak"), consulting firms and lawyers are being hired, large investments in new IT solutions are being made and thousands of hours are being spent.

Thus far, most of the attention has been on Sections 302 and 404 regarding compliance (see Figure 2) and, as the initial compliance stages draw nearer, company officials are still trying to get a handle on this slippery slope.

Figure 2: Sections 302, 404 Highlights

Section 302: Corporate Responsibility for Financial Reports

The CEO and CFO of each issuer shall prepare a statement to accompany the audit report to certify the "appropriateness of the financial statements and disclosures contained in the periodic report, and that those financial statements and disclosures fairly present, in all material respects, the operations and financial condition of the issuer." A violation of this section must be knowing and intentional to give rise to liability.

Section 404: Management Assessment of Internal Controls

Requires each annual report of an issuer to contain an "internal control report," which shall:

State the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting
Contain an assessment, as of the end of the issuer's fiscal year, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.

Each issuer's auditor shall attest to, and report on, the assessment made by the issuer's management. An attestation made under this section shall be in accordance with standards for attestation engagements issued or adopted by the board. An attestation engagement shall not be the subject of a separate engagement.

A Reporting Conundrum
More than one-third of CFOs are still vexed by the SOX compliance, according to a survey of 300 executives by Protiviti Inc., an independent risk-consulting firm. Among other things, compliance requires CFOs and CEOs to personally certify the accuracy of financial results. Released in September 2003, the study found that CFOs are highly engaged with respect to implementing processes and procedures that are aligned with SOX requirements. However, 34 percent cite financial results certification and internal controls as the act's most challenging provisions. Other findings include:

Less than half of all public companies had yet to form a disclosure committee, as suggested by the Securities and Exchange Commission (SEC).
Just one-third of CFOs at large companies reported that there had been or likely would be changes in the makeup or chart of their boards.
More than half of companies made changes in the type of information they provided to the board and its committees.

Portions of SOX go into effect this summer, but many companies are taking action, the survey said, with 27 percent of respondents already changing policies regarding retention of digital and paper documents.

Uncertainty Abounds
Most companies simply are unsure about how to comply with the various sections of SOX. For example, as the June 2004 deadline for Section 404 compliance (for U.S. companies that have equity market capitalization over $75 million and have filed an annual report with the commission) marches ever closer, companies must establish an internal control system for tracking and auditing financial processes. Then executives and the external auditor must testify to its effectiveness. These requirements, combined with shorter reporting deadlines and the civil and criminal burden on executives to be absolutely certain of the information presented in financial statements, present a substantial challenge for many large companies.

And don't think the government isn't taking SOX seriously. In August 2003, a poultry company and its two top executives settled federal civil charges that they unlawfully certified the accuracy of the company's annual financial statement in the first such case under SOX. In another case, the SEC and the Office of the Comptroller of the Currency arrested a former Ernst & Young audit partner in September 2003 for criminal violation of SOX and obstructing an investigation of NextBank.

Imposing Deadlines
Part of the problem facing public companies is the severe reporting deadlines placed on them by the act. SOX requires companies to notify the SEC of material events, such as a late payment from a large customer, within two business days. Some corporations, however, don't appear to become aware of such events until the end of the quarter.

Increasingly, executives are turning to technology for help, buying packages that allow them to consistently collect data across their organizations. They're also buying software that helps them conduct better data analysis and planning, and they're trying new forecasting software.

IT consultancy AMR Research in Boston predicts that publicly traded Fortune 1000 companies will spend as much as $2.5 billion this year in compliance-related projects, and that 85 percent of America's largest 100 companies will overhaul many components of their financial-reporting systems. AMR also indicated that many companies are likely to go beyond what the act requires, both to prepare for further tightening of financial reporting rules and to trim costs from their financial operations.

All About the Money
Financials lie at the heart of SOX. From an IT perspective, the reporting of financial results presents a challenge because financial data can come from multiple sources and the final consolidation may actually have to be done on one PC.

Complicating matters is the fact that SOX changes the very nature of what is considered financial information; now every aspect of a company's business operations that might impact its financial outcome must be reported upon as well.

Total Rewards Picture
What impact has this had on total rewards practitioners? A group of WorldatWork members, representing a cross-section of industries, were interviewed for this story. Individual company policy prohibited those questioned from using their name or company affiliation, but all were willing to share their SOX experiences.

They reinforced the notion that their organizations have been compliant with all governance rules and had strong systems in place to ensure they were compliant before SOX became law. That being said, they also agreed that the act has impacted how they operate their businesses.

A compensation executive at a leading pharmaceutical company said SOX is a strong proponent for greater due diligence in a compensation program's design, impact on the general employee population and the company's finances. The official said companies still need to strive toward providing total compensation programs, inclusive of benefits, that are based upon what the competitive market dictates.

Another compensation executive at a Canadian-based financial services company said there's definitely been an increase in workload for HR and the company's accountability responsibility, even though the company has headquarters in Canada.

"There is more disclosure, more specific requirements on compensation and more transparency so the shareholders know the compensation strategy. We're making sure that anything we do is in the realm of good governance, that any vehicles, such as LTI, are fair to both shareholders and employees."

Changes Are Coming
One HR official at a major financial institution said that, in light of SOX, the company made several changes, including:

Implementing quarterly reporting on its compensation and benefits processes
Taking steps to ensure that directors and senior officers cannot initiate cashless option exercises through the company's broker arrangements
Implementing changes to the company's split-dollar life insurance program
Restructuring its board to include a governance and nominating committee separate and distinct from the compensation committee
Rewriting board and committee charters.

As the Canadian executive noted, SOX has forced companies to review many of their programs: "SOX is the first step in reviewing executive compensation. We'll begin to peel the layers of the onion. We've focused on executive loans and options, and then we'll look at other executive perks."

The pharmaceutical official said the effects of SOX have trickled down into other total rewards areas, affecting the company's communication strategy and its overall philosophy for delivering pay. This executive said the "optics are so much more transparent that you need to revise the old school of thinking (hierarchically speaking) when defending your total rewards program."

The pharmaceutical company now has a dedicated external consultant to guide and advise its compensation and benefits committee of the board, an added expense chalked up to SOX.

Increased Focus
An executive vice president of a California-based high-tech firm said company officials are more focused on compliance and record keeping than before. The executive noted that the board's audit committee is looking for more rigor on documenting total rewards decisions and processes.

The high-tech executive also said SOX has affected the total rewards function by requiring more resources to handle the compliance framework. An increase in data demands by the board or top management, however, has not been noticed.

At a California-based diversified financial services company, SOX has impacted all phases of the business. An executive vice president there said that on the executive compensation and compensation side, "the company's processes are airtight, but there is an increased focus, attention and review on its control processes."

While no one person or new department is responsible for ensuring that this company is SOX compliant, the vice president said the company has expanded various people's responsibilities. "The organization is assessing its internal controls and engaging its outside auditors to do the assessment, noting that unquestionably, compliance with Sarbanes-Oxley is an expensive venture."

The executive said that company officials also are rethinking various executive pay and perk issues due to SOX and indicated that "there's been a greater scrutiny of pay; the board was expanded and they're paying closer attention to all compensation, with a focus on executive compensation. The board has requested more pay analysis for executives. Any organization that is properly conducting pay analyses should not have to worry. We've just intensified our efforts to do what we do."

At the time of the interview, the executive said the company was conducting an audit and assessment of Section 404 by its outside consultants.

"Making sure you're compliant is not an inexpensive proposition; there is a considerable amount of effort that goes into it. Bringing in our outside consultant as well as internal resources is both time consuming and expensive."

There are several Web sites, such as www.sarbanes-oxley.com, that provide more information about SOX.

Wearing the SOX at Kodak

Last July, Larry Hickey was appointed as Eastman Kodak Co.'s first-ever chief governance officer (SOX), a newly created position that was a primary result of the Sarbanes-Oxley Act. He's responsible for keeping Kodak's board and management abreast of any changes in the governance field, tracking best practices and monitoring Kodak's compliance in corporate governance.

His background is ideally suited for the far-reaching position. Holding an M.B.A. and legal and tax degrees, Hickey previously was an assistant corporate secretary and a benefits attorney, and has 10 years' experience in the executive compensation arena. He reports directly to Kodak's Corporate Secretary James Quinn and to the Corporate Governance and Responsibility Committee of the Board of Directors.

Last October, Hickey shared his SOX experience thus far. He said that even though SOX doesn't have much direct impact on executive compensation, "exec comp has become a lightning rod for governance. There is increased focus on corporate governance.

"Shareholders look at executive compensation and use that as a yardstick to see if a company has good corporate governance. Corporate governance deals with the relationship between the board, the shareholders and management. Focusing solely on CEO pay is not getting the full picture (of SOX)," he said.

Since SOX became law, Hickey said Kodak, like other organizations, is focusing more on compliance and record keeping than it had in the past. "However, it's excessively burdensome, time consuming and administratively expensive."

Kodak created a steering committee to monitor SOX, as well as a disclosure control committee to assist with the Section 302 certification processes.

"These governance initiatives are one factor that influenced our decision to reengineer our LTI programs," Hickey said. "For most executives, Kodak will now be awarding performance-based restricted stock units, rather than stock options. Unlike many companies, we stayed clear of replacing our stock option program with time-based restricted stock because we don't believe providing this equity vehicle in this setting is in the best interests of our shareholders."

About the Author
Rodney K. Platt is the communications manager for WorldatWork. He can be reached at rplatt@worldatwork.org or 480/922-2046.

Foot

Notes

For more information related to this article:

Go to the "Info Finder" section of the home page, click on the blue "Power Search" button and then click on "Advanced Search."
Leave the "Rewards Category" and "Optional Filter" blank.
Type in this key word string on the search line: "Sarbanes-Oxley and compliance" OR "Sarbanes-Oxley."