Rethinking Sarbanes-Oxley
Taking Stock of Its Pluses and Minuses

By Louis Grumet

E-mail Story
Print Story
NOVEMBER 2007 - In 2002, scandals at companies like Enron, Adelphia, Tyco, and WorldCom cast a cloud over the accounting profession. Every day seemed to bring new details of malfeasance. Investor confidence in U.S. financial markets was severely shaken. It was easy to wonder: Can any company be trusted?

What emerged from the scandals was a bill named after its two chief sponsors, Senator Paul Sarbanes (D-Md.) and Representative Michael G. Oxley (R-Ohio). The Sarbanes-Oxley Act (SOX) was signed into law by President Bush on July 30, 2002, and created a new private-sector, nonprofit corporation—the Public Company Accounting Oversight Board (PCAOB)—to oversee the financial reporting of public companies. Among other changes, SOX’s sweeping reforms required that a company strengthen auditor independence; have its chief executives sign off on the financial statements; obtain an opinion about its internal control systems; and have an internal audit function that is examined by external auditors.

These changes have been controversial. Opinions vary widely on the efficacy and exigency of SOX. Some say SOX makes companies risk-averse. Others complain that it undermines the global competitiveness of U.S. markets. The cost of compliance has been far higher than initially predicted. In particular, costs to comply with SOX section 404—the internal control system certification provision—have been decried by many as unfair, especially for smaller organizations. Make no mistake, SOX is not perfect, nor are its prescribed controls necessary for all kinds of enterprises.

But today, more than five years after its passage, there can be little doubt that SOX has strengthened corporate accountability and vastly improved public confidence in big business and the U.S. securities markets. While SOX may have negatively affected the earnings of certain corporations, the best argument in favor of the law comes from simply looking at the performance of our financial markets. Between July 30, 2002, and June 30, 2007, the Standard & Poor’s 500 has increased 67%, representing about $4.2 trillion in market value.

Fears about SOX’s effect on American business’s risk-taking and competitiveness are overblown. The United States currently controls 45% of global mutual-fund assets and 70% of global hedge funds. A record 22 foreign companies executed IPOs on the New York Stock Exchange and Nasdaq during the first six months of 2007. Only 17 foreign companies did so in the first half of 2000, before SOX was enacted. SOX was also designed for large, publicly held businesses; it does not apply to small, private companies, which are the proving ground for so many leading-edge ideas.

Standardization and efficiency gains have significantly reduced the costs of SOX compliance. Financial Executives International (FEI) recently studied section 404’s financial impact on 200 large companies (average annual revenues of $6.8 billion). The study found that in 2006, these companies spent an average of $2.9 million to comply with SOX section 404. This figure is 23% lower than in 2005 and on average less than 1% of revenues.

SOX is also flexible. Small public companies have been given a temporary exemption from some of section 404’s more onerous requirements, and new guidelines for auditors should reduce the cost of compliance for other companies.

SOX compliance is not only getting less expensive, it also appears to be achieving its goals. Requiring audit committee independence and making audit committees, not CEOs, responsible for hiring outside auditors may be SOX’s most enduring legacy. Three leading economists—Luigi Zingales, Alexander Dyck, and Adair Morse—recently examined 230 alleged corporate frauds in America from 1996 to 2004. Guess who they found was most likely to report corporate wrongdoing in the pre-SOX environment? It wasn’t the auditors, it wasn’t industry regulators, and it wasn’t the SEC. It was employees. During that time, only one-third of corporate frauds were discovered by auditors, industry regulators, or the SEC—the very people and organizations responsible for uncovering fraud. After SOX, however, 50% of serious frauds were exposed by those with a professional responsibility to do so.

CPAs should not judge SOX solely by its immediate fiscal impact. The law was drafted and implemented hastily, but our government needed a symbol—an immediate display of strength—that showed the world we would not tolerate any more Enrons or WorldComs. SOX became that symbol, and has become a beacon for the kind of controls needed for large corporations in the 21st century.

Louis Grumet
Publisher, The CPA Journal
Executive Director, NYSSCPA
lgrumet@nysscpa.org


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 



The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.

©2009 The New York State Society of CPAs. Legal Notices