The Knock on From Enron

The effect of compliance with the Sarbanes-Oxley Act has made it essential to carefully consider long-term planning in internal financial reporting and its costs. Speaking exclusively to Business Management, TIFE Chairman Tom Stout, explains how, by embracing compliance, companies can achieve a competitive edge.

The Sarbanes-Oxley Act of 2002 (SOX) represents the biggest change to federal securities laws in recent history. As a result of the large corporate financial scandals involving Enron, WorldCom, Global Crossing and Arthur Andersen, the Act was passed to combat future reprisals. Since 2004, all publicly traded companies are required to submit an annual report of the effectiveness of their internal accounting controls to the Securities and Exchange Commission (SEC).

The first year of the Act has seen accelerated filers acknowledging the permanence of its effects. As Stout says: “They’ve learned that failure to comply with the requirements comes with very expensive penalties.” Such penalties concern not only dollars but bad publicity and even possible de-listing from stock exchanges. Guidance is therefore essential to compliance, especially for smaller businesses. Although they have had their compliance deadline extended, Stout warns they must be vigilant and cautious in their application of conformity: “I’m not convinced all non-accelerated filers know what their up against.” he says. “On the other hand, we have seen some small companies reaching out for SOX compliance assistance this year. Many of these smaller companies want to achieve compliance ahead of the deadline, at a slower, more measured pace. They are spreading the costs out instead of incurring a premium for getting it done right before the deadline.”

As a result, there is an importance on disseminating information and making sure that new information is free moving. New information at TIFE is shared with its clients and friends as quickly as possible, as frustration can arise when clients are no longer able to openly communicate with their external auditors and receive guidance in financial statement reporting. “This has left a large gap in communication that Stout Causey has been able to fill. Companies are looking to firms such as [them] for guidance” as, says Stout: “CFOs and Controllers have so many other priorities on their plates – they don’t always have time to educate themselves with the latest changes related to SOX compliance.” Although at first there appeared to be a lack of information and changes in the requirements, there is at present a wealth of information for companies available on the internet. In addition, organizations such as TIFE sponsor roundtable meetings of company executives who are willing to share their knowledge and experience with peers to aid promulgation of the requirements of the Act and develop methodologies to implement it.

However, the high cost of SOX implementation has been widely documented and, as a result, acknowledged by many as an obvious burden. However, non-compliance can be even more expensive. According to Stout: “we have seen some of the more severe costs incurred by those companies that were unable to put a proper compliance process in place prior to their Year 1 regulatory filings. Some of these companies waited too long to address proper compliance, with almost disastrous results, including almost being de-listed from public stock exchanges.” Small companies are understandably worried about the cost of compliance, but Stout assures the answer lies in developing a plan for compliance that spreads out the cost burden over the next year at a measured, affordable rate. “SOX compliance is an additional expense that companies must absorb. These requirements are not going to magically disappear.” In opposition to the prominent view of compliance as a burden, Stout believes there are long-term benefits that companies are beginning to realize. He suggests that as companies continue to improve internal control over financial reporting they will be able to focus on turning efficient controls into a competitive advantage. “Better documentation of key financial systems and controls supports more efficient training of new personnel and also assists companies in identifying more efficient and effective ways to achieve their financial objectives.”

For the TIFE Chairman, the focus on key financial controls forces companies to better understand their financial systems and constantly strive for ways to make them more efficient. One such measure to encourage efficiency is software. There are a variety of packages available to aid in compliance and at TIFE they see this as very beneficial. “We believe effective SOX compliance software will ultimately benefit all filer’s management and review of internal control over financial reporting. Furthermore, SOX compliance software can provide management with corporate governance oversight of regulatory and legislative compliance requirements.” In fact, Stout has found that companies are viewing some form of SOX software tool as almost a necessity going forward. “This is because every time a change is made in a key financial system or control, the related documentation (narratives, flowcharts, risk and control matrices, etc.), must be updated to reflect these changes,” explains Stout. “Depending on the size and complexity of a company, this can be a monumental effort.” TIFE have seen software tools improve the efficiency and management of documentation, monitoring and testing. However, they have also seen companies become overwhelmed by SOX compliance tools and witnessed external auditors struggle with satisfying their testing due to limitations of the software tool or their inexperience with it.

Stout advises that: “like all IT purchases, management should have clear objectives of what they want the software to achieve [and] should understand access controls, reporting and process/cost for upgrading the systems.” He recommends that management speak with other like organizations that have utilized the software and learn what worked and didn’t work well. This is important in finding a tool that fits the company, instead of the company having to fit the tool. “We have worked with every major [software package] out there. As a result, we have independently evaluated the continuum of tools available and are able to assist our clients in matching their needs with what exists today.” There are many options to aid compliance, but essentially it can all come down to just a handful of people.

The SOX Act places the overall responsibility of compliance on the CEOs and CFOs of all public companies. Despite this, it is questionable as to the preferred implementation process as the CEO and CFO must visibly support the documentation, testing, monitoring, and assuring of effective control over financial reporting, but assigning the fulfillment of the project objectives to a compliance officer and steering committees is a more practical approach. While Stout realizes that hiring a dedicated compliance officer adds an additional expense, he believes a full-time employee gives the company year-round focus on the regulatory requirements, saying that companies must weigh the cost-benefit of each approach themselves.

Despite the obvious burdens, there can be benefits to executives thinking long-term and planning their compliance plans accordingly. Indeed, Stout suggests that it is critical that companies recognize the business advantage of improving the efficiency and effectiveness of internal control over financial reporting. “Companies that embrace this change in management oversight are likely to find themselves having a competitive advantage over those who treat compliance as a burden rather than an opportunity.” According to TIFE, if management is able to consider business risks and opportunities concurrently, it may find synergy in changing processes and controls.