Monday, January 31, 2005
Sarbanes-Oxley's costs more than anticipated
The recent rash of corporate scandals has created both attitudinal changes among skeptical consumers and stockholders, and legislative changes that have forced public companies to radically alter the way they keep tabs on their accounting practices.
The 2-year-old Public Company Acc-ounting Reform and Investor Protection Act (more commonly known as Sarbanes-Oxley) requires companies to have more independent oversight of their accounting functions. These requirements have some companies spending more or altering schedules to abide federal regulators.
Michael Dollins of Birmingham-based accounting firm Dent Baker & Co. LLP says well-publicized scandals such as Enron Corp. and WorldCom Corp. "shook the confidence of investors."
Sarbanes-Oxley "is supposed to create corporate accountability and restore the investor confidence," he says.
Richard Turpen, associate professor and director of the University of Alabama at Birmingham's Accounting Graduate Pro-gram, says that the scandals created a need for dramatic changes.
"While accounting abuse is nothing new, the sheer number and magnitude of these deceptions outraged the public, and Congress felt compelled to do something about them," Turpen says.
The law requires public companies to follow a number of steps to ensure honesty in its accounting practices. The four primary steps, according to Dollins, are:
(1) The establishment of the Public Company Accounting Oversight Board that will oversee the audits of all public companies;
(2) Certification of each annual or quarterly report by the principal executive officer or officers and the principal financial officer or officers;
(3) Protection for employees (otherwise known as whistleblowers) who provide evidence of fraud against the publicly traded company that employs them; and
(4) Repayment by the executive officers of companies of any incentive pay they receive if the company has to restate financial statements due to fraud.
"The most significant steps are those requiring senior management to certify reports filed with the Securities and Exchange Commission," Turpen says.
"Corporate CEOs and (chief financial officers) must now provide certifications covering a wide range of reporting aspects such as the accuracy of report contents, the fair presentation of financial statements, disclosure controls and procedures, and controls over financial reporting."
The most eyebrow-raising part of the act has been Section 404, which requires written documentation of the internal controls.
According to Anthony Joseph, a partner at the law firm Johnston Barton Proctor and Powell LLP, it requires public companies to "establish and maintain internal controls over financial reporting, assess the effectiveness of such controls and then be able to show this effectiveness on paper."
Turpen says the documentation, which is to be included in a company's annual report to the SEC, must be attested to by the corporation's external auditing firm.
Added costs, duties
These new requirements are quite substantial for corporations because they create the need for additional manpower and financial investment.
"To develop support for these certifications, companies have had to hire additional staff, especially in accounting and information systems since much of the work involves studying and documenting internal controls and reporting processes," Turpen says. "Compliance also means greater involvement of the corporate attorneys and, of course, the external auditors."
The financial investment required of Sarbanes-Oxley is perhaps the biggest change for public companies under its umbrella - and the investment is more than most anticipated.
"The SEC predicted that the cost would average around $91,000 per company. Costs have far exceeded that estimate," Dollins says.
"Company estimates are into the millions of dollars. In addition to cost, employees are being taken off their normal duties to assist with the documentation, which is causing reduced productivity," he adds.
Impossible to stop
Opinions are mixed on the success of Sarbanes-Oxley.
Some say the law has reasserted many controls that have been in place for years but have not been practiced. "Most of the basic conceptual points were expected already," Joseph says of Sarbanes-Oxley.
Turpen says Sarbanes-Oxley has forced companies to take a critical look at key accounting processes and controls, and to implement improvements. In that sense, he says, the act can be seen as a success.
Dollins says some companies are reaping secondary benefits from Sarbanes-Oxley. One example of this, he says, would be a company finding more efficient ways of processing invoices after documenting how shipping invoices are entered into accounts payable systems.
There are other sides to the story, however, and many experts question the fairness and effectiveness of the new law.
The reality, many say, is that fraud is not always easily detectable and no law can completely rid public companies of some level of dishonesty.
"Section 404 does not guarantee or protect the company from fraud at every level. No one will ever be able to guarantee that fraud will not happen," he says.
"The major criticisms focus on the costs to comply - which are clearly huge - and the time that compliance efforts take away from core operations," Turpen adds.
"Some critics would also argue that the act has resulted in too much attention being devoted to detailed procedures and very little directed toward the more serious threat of fraud perpetrated at high levels of management."
The Scrushy trial
In Birmingham, special attention will be paid to the law because of the Richard Scrushy trial. Some say that the trial also will be a test of the new law.
"No matter the outcome (of the trial), I believe that Sarbanes-Oxley will survive because holding executives accountable for the financial information is long overdue," Dollins says.
Turpen agrees, adding that the law is a step in the right direction. Its merits will continue to be debated, he says, because there will be no way in the future to tell how many frauds or questionable financial reporting practices it prevented.
"It was designed to restore investor confidence in investor corporations," Joseph says. "If it does that, then it's a success."
posted by Brian Moran @ 1:31 PM
Thursday, January 27, 2005
DiPiazza: Firms Unlikely to Meet Deadline
About 10 percent of U.S. companies are likely to report that they either couldn't meet a key corporate-reform deadline in time for their 2004 annual report or discovered weaknesses in internal accounting controls, PricewaterhouseCoopers Chief Executive Samuel DiPiazza said Wednesday.
DiPiazza heads one of the world's largest accounting firms and anticipates such disclosures as most U.S. companies prepare to file annual reports with the U.S. Securities and Exchange Commission in the next six weeks.
The reports are supposed to include results of a review of internal controls required by the Sarbanes-Oxley legislation, passed in 2002 in response to corporate scandals.
"We expect 10 percent, give or take, of public companies in the U.S. to have to report to their shareholders that they either couldn't get this done in 18 months, or they had a material weakness of a scale that could cause a misstatement," DiPiazza said at the World Economic Forum.
The Sarbanes-Oxley law includes a requirement that most publicly traded companies undertake an extensive review of internal accounting controls to test whether they have adequate procedures in place to record sales and accurately calculate asset values, among other items.
But despite pain for some companies, DiPiazza said the internal control requirement has been a largely positive development. Some companies have gained insights into their controls they didn't previously have, he said.
DiPiazza also said it's likely that regulators will look for ways to improve the law's provision by making it "less focused on paperwork and more focused on substance."
Earlier this week, SEC Chairman William Donaldson said the agency was considering postponing the deadline for foreign companies to file their internal control reports.
PwC itself has felt the impact of Sarbanes-Oxley, particularly through the creation of the Public Company Accounting Oversight Board, which oversees the U.S. accounting industry. The board recently proposed a rule to limit an accounting firm's ability to offer certain tax services.
Under the proposal, firms that audit a company's financial statements may not offer certain tax-shelter strategies to the same company and may not offer tax services to senior executives of the company. The rule is designed to preserve the independence of auditors.
posted by Brian Moran @ 8:40 AM
Wednesday, January 26, 2005
AICPA Addresses Fraud in Audit Committee Guidance
AccountingWEB.com - Jan-26-2005 - As part of its ongoing fraud-prevention program, the American Institute of Certified Public Accountants today issued guidance to help U.S. audit committees understand one of the most significant of fraud risks: management override of internal controls.
The guidance, Management Override of Internal Controls: The Achilles’ Heel of Fraud Prevention – The Audit Committee and Oversight of Financial Reporting, is available free of charge and may be found on the Audit Committee Effectiveness Center page of the AICPA website.
“Our guidance outlines specific steps audit committees can take to address the risk of management overriding established internal safeguards,” said John Morrow, AICPA Vice President – The New Finance. “Had audit committees taken these steps, many financial frauds may have been prevented.
“Proper guidance for audit committees is particularly important in the wake of such widely reported financial-reporting frauds as WorldCom and Enron,” Morrow added.
One of the most common examples of management override is the posting of fictitious journal entries to overstate revenues or understate expenses. In this scenario, the Chief Financial Officer and Controller generally are the architects of the fraud, with lower-level accounting employees serving – usually through fear of losing their jobs or naiveté – as accomplices.
In most instances, the fraud is intended to be a temporary solution to a missed earnings target. One false financial report, however, invariably leads to another, resulting in a domino effect that culminates in the collapse of the company. According to the Association of Certified Fraud Examiners’ 2002 Report to the Nation on Occupational Fraud and Abuse, the average length of time from inception of a financial-statement fraud to its detection is 25 months.
Management Override of Internal Controls identifies six key actions the audit committee should consider:
Maintaining skepticism. With an appropriate attitude about the ever-present risk of management override, audit committee members can use their knowledge of the business and related financial statement risks to oversee that risk. In addition, an open display of skepticism, in itself, can be a deterrent to management override of controls.
Strengthening committee understanding of the business. The identification of fraud-related incentives or pressures begins with each audit committee member obtaining a solid understanding of the business. This working knowledge can be used to assess fraud risk as the audit committee evaluates press releases, analysts’ forecasts and reports, and financial reports to shareholders.
Brainstorming to identify fraud risks. Members of the audit committee can improve their effectiveness by discussing among themselves the potential for fraud. Possible brainstorming agenda items may include the results of whistleblower hotline calls, fraud risk assessments performed by the company’s independent auditor, and fraud risk factors or concerns identified by audit committee members.
Using the code of conduct to assess financial reporting culture. The audit committee can use the code of conduct as a benchmark to assess whether the “tone at the top” and management’s actions will preserve the highest levels of integrity even when there is the pressure and opportunity to commit fraud.
Ensuring the entity cultivates a vigorous whistleblower program. The audit committee can help create strong antifraud controls by encouraging a culture in which employees view whistleblowing as valuable contribution to both the workplace and their own futures. Successful whistleblowing procedures require strong leadership not only from the audit committee, but also the board of directors and management.
Developing a broad information and feedback network. The audit committee should cultivate a network that extends beyond senior management. Such a network may include internal auditors, independent auditors, the compensation committee and key employees. The audit committee may consider meeting periodically with representatives from each of these groups to discuss matters affecting the financial reporting process. Inconsistencies in information obtained from these sources may indicate management override of internal controls.
“All audit committees, even those not covered by the Sarbanes-Oxley Act of 2002, should seriously consider establishing a whistleblower hotline,” said Morrow. “It’s the number one method for catching fraud at the management level.”
The AICPA has produced separate whistleblower guidance, titled Anonymous Submission of Suspected Wrongdoing (Whistleblowers) – Issues for Audit Committees to Consider. It is also available from www.aicpa.org/audcommctr
posted by Brian Moran @ 9:03 AM
Tuesday, January 25, 2005
Trial to start for ex-HealthSouth CEO
BIRMINGHAM, Ala. (Reuters) - The trial of former HealthSouth Corp. Chief Executive Richard Scrushy starts Tuesday, with the flamboyant Birmingham mogul accused of orchestrating a $2.64 billion accounting scandal at the healthcare company he founded.
Scrushy faces 58 criminal counts, including conspiracy to commit fraud, filing false financial statements, securities and wire fraud and money laundering at the rehabilitation and surgical clinics company.
He will be the first major U.S. executive to be tried for violating the Sarbanes-Oxley Act, which was passed in 2002 and imposes severe criminal penalties on top-level officials who certify false financial statements filed with the Securities and Exchange Commission.
If convicted of all charges, he faces up to 650 years in prison and more than $36 million in fines, plus forfeiture of any so-called ill-gotten gains, possibly including several homes, boats, planes and luxury automobiles.
The 52-year-old entrepreneur and local celebrity, who once hobnobbed with the rich and famous and had his name adorning public buildings all over Alabama, is accused of ordering the overstatement of HealthSouth earnings and assets for several years in order to prop up the company's share price.
The long-awaited trial will be the climax of a scandal that has been playing out in the Alabama courts and media for nearly two years with Scrushy at the center.
A former gas station attendant, Scrushy in 1984 co-founded HealthSouth. In what should have been a great American success story, the company became the nation's largest operator of rehabilitation hospitals. HealthSouth now has about 1,400 health clinics, down from about 2,000 at its height.
But the flamboyant Scrushy, who once had a local radio show, played in his own country band and promoted other musicians while running his Birmingham-based empire, saw his rags-to-riches story take a dramatic turn in March 2003, when federal agents raided the company's corporate headquarters.
Soon after, more than a dozen former HealthSouth executives agreed to plead guilty to fraud. Several of them said Scrushy knew about or oversaw the fraudulent accounting. Many of them, including former chief financial officers, are expected to testify for the government.
After the raid, the company said none of its past financial statements could be trusted. HealthSouth's stock plummeted, the company went into default on its loans, and it was delisted from the New York Stock Exchange.
It has since revamped its board and management team with the new management saying the actual fraud and inappropriate accounting could be in excess of $4 billion.
Scrushy has consistently maintained his innocence, claiming that the fraud was carried out by subordinates without his knowledge.
A key piece of evidence, which Scrushy's legal team has been trying to keep from being heard by the jury, will be secretly taped conversations between Scrushy and one of his former CFOs.
posted by Brian Moran @ 9:14 AM
SEC poised to ease rules for foreign listings
The Securities and Exchange Commission is on Tuesday expected to signal a relaxation of registration requirements for foreign companies which want to escape US corporate governance rules.
William Donaldson, chairman of the US regulator, is due to give a speech at the London School of Economics indicating a "change of tone" on the question, according to an insider.
This follows lobbying by British and German business leaders concerned that foreign companies with shares traded in the US cannot avoid costs associated with the Sarbanes-Oxley reforms - even if they are willing to give up their US listing.
The main focus of their anger has been the act's Section 404, which requires managements to state, in year-end filings, the adequacy and effectiveness of internal controls.
International companies with US listings will have to meet these expensive requirements from from July 15 2005 onwards.
Several European companies said the high cost outweighed the benefits of maintaining a dual listing in New York, but delisting was pointless because the SEC still required compliance by any company with more than 300 US shareholders - a difficult threshold for any large company to avoid.
Though stressing the continued importance of Section 404 as a gold standard for investors, Mr Donaldson is now thought willing to compromise by providing an easier exit for foreign companies.
One insider said the SEC was anxious to address criticism that the New York Stock Exchange had become like a "roach motel" - a reference to a famous US advertisement for cockroach traps promising pests "can check in, but cannot check out".
The question has become increasingly sensitive for the NYSE because potential overseas clients claim Sarbanes-Oxley is deterring them from coming to the US.
posted by Brian Moran @ 8:51 AM
Monday, January 24, 2005
Fitch: How Sarbanes-Oxley 404 May Affect Companies' Ratings
NEW YORK--(BUSINESS WIRE)--Jan. 20, 2005--Implementation of section 404 of Sarbanes-Oxley (SOX 404) will likely cause internal control problems to surface more frequently than in the past, according to a report issued by Fitch Ratings. Accordingly, Fitch expects that material weaknesses will be reported for a number of companies during the next year or two. The method and level of disclosure by a company reporting material weaknesses in their internal controls under SOX 404 may factor into credit actions by Fitch.
SOX 404, effective for fiscal years ended after Nov. 15, 2004, requires management and its auditors to express an opinion on the adequacy of controls over financial reporting and disclosure. Should a weakness be disclosed or new weakness identified, negative rating actions may occur if the disclosure and/or further discussion with management reveals it to have a significant effect on a company's future financial standing, or calls into question the data on which analysis has been based. Though significant deficiencies are not required to be reported on a Form 10-K, such control weaknesses may have analytical implications.
Negative rating actions, if any, will be case-specific and may be in the form of a Rating Outlook revision, a Rating Watch Negative placement, or a downgrade, depending on the situation. Fitch's action will depend on whether the weaknesses in the company resulting in the statement have already been identified by Fitch, whether or not such weaknesses are already reflected in the ratings, and management's plans to remedy the situation.
Evaluating the reliability of financial data and assessing the internal controls over such data has always been an implicit part of Fitch's rating process. For example, serial restatements call into question financial reporting integrity. That said, Fitch places substantial reliance on a company's internal control framework and external auditors and regulators in determining that financial statements and disclosures accurately reflect a company's financial condition.
Fitch does not expect implementation of SOX 404 to be straightforward. The costs and time involved in establishing easily accessible evidence that controls over all elements of financial reporting that exist can be immense. To expect that all but a few companies will meet these challenges immediately is unrealistic, and as such, Fitch anticipates material weaknesses to be reported by management and its auditors for a number of the companies it rates during the next year or two.
posted by Brian Moran @ 11:06 AM
Midsize companies now struggle with Sarbanes-Oxley compliance
Complying with new federal laws designed to boost investors' confidence in public companies is costing millions of dollars and countless work hours at local midsize corporations -- and frustrating finance and accounting teams.
"The intention of all this was to catch the next Enron or WorldCom. That didn't happen. So in that sense this is a tremendous waste of time and money," said Stephen Hall, chief financial officer of TriPath Imaging Inc. in Burlington.
Hall, who admits his nickname is "cheap financial officer," echoes the opinions of many executives and managers working inside public companies.
Like the CFOs at other midsize public companies, Hall and his staff are in the midst of their toughest assignment: reorganizing the tracking of money through their corporation and creating new oversight for managers in every department to comply with the so-called Sarbanes/Oxley regulations.
It's an arduous task.
While major public firms with market capitalizations of more than $700 million have already been through the process, Hooker Furniture Corp. is the first of 21 Triad mid-sized public companies to finish adding the many new layers of oversight and auditing necessary to comply with the new laws.
"We've been working quite a bit, so much so that it borders on ridiculous," said Gary Armbrister, chief accounting officer at Hooker in Martinsville, Va. "I've got spouses of staff members complaining and I've even got my own spouse complaining about all the nights and weekends of work."
Armbrister has hired two accountants, hired a second auditing firm and hired computer consultants to help with new tracking. The result is Hooker's administrative expenses rose 14 percent in 2004 to $62.7 million. And the main item driving up those costs was complying with the new regulations.
"We've now got to add another layer of cost that a private company doesn't have. We are safer moving forward, but it's been rough," said Armbrister, who this week finished the 15-month task.
Enron, WorldCom fallout
Sarbanes/Oxley was enacted by Congress in 2002 in response to internal accounting discrepancies found at Enron and WorldCom that led to the downfall of those once high-flying corporate giants and the loss of billions in investors' money.
In the past, a company hired an external accounting firm to audit some transactions and check the final financial records.
Now management has to come up with a plan to track money, audit its tracking process and make improvements. Then the auditors come in to review management's plan, tests those tracking processes and then review the financial statements.
So instead of one report, management now creates two reports and the auditors create three additional reports.
For now, the immediate result is more costs for public companies.
At Tanger Factory Outlet Centers Inc. in Greensboro, administrative expenses were up 32 percent in the first three quarters of 2004. Much of that was due to higher accounting expenses, as CFO Frank Marchisello Jr. added one person while seeing his auditing fees soar and the company's profits fall.
"On the margins, around the fringes, it helps. But for the most part, it's a lot of extra expense," Marchisello said of the new regulations. "I hope that auditing fees will now go down now -- I hope."
TriPath started a year ago on this process. CFO Hall hired an additional accountant for internal audits, needed more auditing from Ernst & Young, and worked a lot of extra hours.
While the final numbers aren't in, TriPath's recent third quarter administrative expenses rose 16 percent to $3.3 million on revenues of $18 million. Hall attributes most of that expense to meeting the new regulations.
"How you document your process doesn't change anything. It's an example of government overkill," Hall said.
He points out that he has gotten additional feedback on operations inside TriPath, which may lead to improvement in the future, but no glaring problems were uncovered and no immediate changes are coming.
"Is there increased shareholder value?" Hall asked. "I would argue 'no.' "
That's a key issue.
Punishing the majority?
"Sarbanes-Oxley is only there because of Enron and WorldCom, two massive frauds and massive bankruptcies," said Mark Beasley, accounting professor at N.C. State University. "We're penalizing the entire world of public companies because of two examples that may be outliers."
He hears the complaints.
"It's a major manpower issue," Beasley said. "For every hour the auditor works, the managers are working 10."
Yet these regulations are necessary for the good all of us, said Edward Arrington, accounting professor at UNC-Greensboro.
"Clearly, accountants, auditors, CFO's and others are complaining loudly about the cost of (Sarbanes-Oxley) compliance," Arrington said. "They are, rightly or wrongly, bearing the brunt of what is a very complex social problem in which many -- politicians and professors among them -- are responsible for turning their heads in the presence of reporting abuses by corporate cons and friends.
"However, we must remember above all else that thousands and perhaps millions of innocent parties have suffered even more because of a regulatory regime that failed miserably in the past."
To meet intense client demand, Jeff Burgess, Triad managing partner for Grant Thornton in Greensboro, increased his staff by 20 percent in 2004 and is continuing to recruit accountants for jobs starting at $40,000 a year.
"Nobody had a good handle on what this was going to cost, including the (U.S. Securities and Exchange Commission) and the regulators who wrote the law," Burgess said. "Anytime you do something for the first time you have to put in more effort to get up the learning curve."
Professor Beasley asks for patience for 2005.
"I think it is improving processes," Beasley said. "There is value in this. Will it enhance shareholder value? I don't know if we can say at this point."
posted by Brian Moran @ 8:57 AM
Friday, January 21, 2005
Study: Sarbanes-Oxley May Be Improving Earnings Projections
Chicago (Jan. 21, 2005) - The Sarbanes-Oxley Act, along with the Securities and Exchange Commission's accelerated reporting guidelines, appear to be improving the accuracy of companies' earnings forecasts, according to a report by management consultancy firm Parson Consulting.
The percentage of companies among the Standard & Poors 500 stock index that missed analysts' earnings-per-share projections by at least 10 percent fell to 29.7 percent in the 2004 third quarter -- the lowest level since Parson began the quarterly study in the first quarter of 2003.
According to Parsons, the SEC accelerated reporting deadlines and federal Sarbanes-Oxley Act -- which shortened the timeframe in which companies must report their quarterly and annual earnings to the SEC, while demanding transparency and accuracy of financial information -- are having a beneficial effect. This need to report more quickly to the SEC is leading companies to streamline their processes and employ more sophisticated financial systems that improve the accuracy of forecasts, Parson experts say.
"One reason a sizable number of earnings 'misses' occur is because companies' finance functions are saddled with outdated or non-comprehensive financial management infrastructures, and cannot provide accurate information in a timely manner," notes Toni Hicks, senior vice president of practices at Parson Consulting. "With more streamlined processes and integrated systems, Wall Street will get better data and that should contribute to more 'hits' and fewer 'misses' during earnings season."
However, Parsons noted that the percentage of companies that fell short of their EPS projections hit an 18-month high, rising to 22.5 percent in the latest period from 16.4 percent in this year's second quarter -- the highest percentage of negative misses since the survey began. The percentage of wide-margin underperformers rose to 9.1 percent in the third quarter, the highest percentage since 9.2 percent in the first quarter of 2003. Parson cited higher-than-expected energy and raw material costs as a principal cause for missed earnings estimates during the first quarter. The study examined public data for all of the available quarterly results of S&P 500 companies as of Nov. 10, 2004.
posted by Brian Moran @ 2:58 PM
Thursday, January 20, 2005
Restatements Up 28 Percent in 2004
The number of restatements to companies' financial reports spiked by 28 percent last year, according to a study to be released today by Huron Consulting Group Inc.
Researchers attributed the record 414 restatements, up from 323 in 2003, to problems uncovered in reviews of financial systems mandated by the 2002 Sarbanes-Oxley Act and to tighter oversight from regulators after recent accounting scandals cost investors billions of dollars.
"An unprecedented period of scrutiny is bringing these problems to light," Joseph J. Floyd, the leader of the disputes and investigations unit at the Chicago consulting firm, said in an interview.
"It's almost a cleansing of the system."
Within the overall totals, which include revisions to quarterly results, restatements of corporate annual financial statements also increased. Restatements of those annual reports, which are audited by independent accountants and thus are supposed to be less vulnerable to error, rose to 253 from 206 in 2003, Huron officials said.
The Huron study comes as companies and the accountants who review their books are operating under heightened pressure. The Securities and Exchange Commission and the Public Company Accounting Oversight Board have hired scores of accountants and lawyers to examine corporate financial reports and auditors' work papers since Congress passed the 2002 legislation.
Meanwhile, trade groups are mounting fierce appeals to regulators, seeking to loosen costly new Sarbanes-Oxley rules which require them to assess the strength of their financial controls.
Following the rules, known as internal control reviews, has cost some companies an average of $5.1 million apiece, according to a study last year by executive recruiting firm Korn/Ferry International Inc. General Electric Co. said the review cost it $30 million in 2003 alone.
But industry experts said the Huron study of restatements highlights the importance of internal control checks. More than 580 companies announced that they uncovered weaknesses or deficiencies in their internal controls last year, according to the newsletter Compliance Week.
"It goes hand in hand," said former SEC chief accountant Lynn E. Turner in an e-mail. "If you don't have good internal controls, it is not surprising you get a lousy outcome in the form of lousy numbers. That is why Congress passed [the law]."
Companies frequently uncovered problems in training for finance and accounting workers, and many more disclosed trouble with such basic steps as closing accounts.
Large companies are required to file the internal controls reports on rolling deadlines that began Nov. 15. The SEC granted about 2,000 of those firms a 45-day delay last year. Smaller firms and foreign companies trading on U.S. exchanges must begin complying in July.
The Huron study found that a significant portion of the companies restating results last year had encountered financial trouble in the past. About 15 percent of the restatements in 2004 were made by "repeat" filers -- companies that had previously reported incorrect financial information at least once since 1997.
The leading reasons for restatements did not change, Floyd said, citing problems with applying accounting rules, human errors and ethical faults in corporate managers. Companies were most likely to run afoul of the rules that explain when to record revenue and how to handle cash reserve accounts.
Accounting experts pointed out that restatement data lag behind trends in the market, since studies track when companies actually file financial information with regulators, not when they initially announce bookkeeping problems. Many of the restatements filed last year involved earlier periods dating back as many as three years.
"On one hand, one might think that things are getting worse because we're seeing an increase and not a reduction in restatements," Charles W. Mulford, an accounting professor at the Georgia Institute of Technology, said in an e-mail. "I think that it's only a matter of time before what might be viewed as a backlog of restatements gets worked off and the . . . regulatory environment leads to a decline in restatements."
posted by Brian Moran @ 8:56 AM
Tuesday, January 18, 2005
Consolidating with Compliance
Driving compliance efficiency in the Sarbanes-Oxley environment.
By Robert Kugel
Section 404 of the Sarbanes-Oxley Act will force companies to make fundamental changes in their financial processes to regain efficiency lost in a more formal control environment. Legal and financial consolidation is one area ripe for change. Ventana Research asserts that companies can and should shift from a traditional bottom-up, sequential consolidation method to a more centralized approach. In doing so, they can cut costs, shorten reporting intervals, enhance the accuracy and reliability of the process, and achieve greater control. Some companies already have the IT assets in place to accomplish this, while others will need to make changes to their consolidation and reporting systems.
So far the focus of the work done by corporations to achieve Sarbanes-Oxley Section 404 compliance has been on ensuring that existing financial systems and processes have adequate controls to prevent financial fraud. Few recognize the longer-term implications of the auditing community's decision to adopt the "COSO Framework" as a cornerstone for enhancing financial controls. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) envisioned shifting the emphasis of fraud control away from heavy reliance on personal integrity, common sense and after-the-fact audits, to a method emphasizing preventative measures and ongoing monitoring.
Manufacturing organizations have realized substantial value from adopting a total quality management approach that designs quality into processes and continuously monitors performance, instead of relying on final inspection to weed out mistakes. Finance organizations in US reporting companies can and should do the same, because most will find that what might have been cost effective before is likely to be expensive and inefficient in today's formal control environment. To this end, consolidation is a financial process ripe for change.
Today, companies consolidate their financials in a sequential, bottom-up process: lower-level entities perform their closing process (accruals, adjustments, etc.) and then pass the results up to the next level of the company. When books were kept by hand, this was usually the only feasible method. Even after the introduction of consolidation software applications, this was still the preferred method. However, the best practice now is to perform consolidations in a more centralized, synchronous fashion.
The bottom-up approach is still adequate, but it suffers from defects. First, it is inherently less controllable from a financial fraud standpoint. Lower-level managers can create misleading financial statements. Certainly, audits can pick up fraudulent entries and auditors pay a great deal of attention to this area because of its vulnerability. For now, senior executives can rely on 'deniability' to distance themselves from lower-level fraud. In their periodic attestations, these managers will have signed off on the accuracy of the financial information they provide. We expect that soon this will no longer be enough as auditors continue to raise the bar on acceptable levels of financial controls maturity. This is an area on which they are sure to focus.
Beyond the issue of compliance, a more centralized, synchronous consolidation can save money and time. Because it is less controllable, the bottom-up method is more laborious. It requires more controls, more tests, inspections, and more auditing time. From a process execution standpoint, it requires more people to perform the consolidating and closing transactions. It is more time-consuming than a synchronous approach, requiring a longer interval between the end of an accounting period and completion of the close.
Moreover, since it takes that much longer, companies are not able to get management accounting data to interested parties as soon as they could. In this respect, it also is not consistent with the requirement for increasing the speed with which public companies report. On the management accounting front, the bottom-up approach encourages business units to futz with the numbers to meet their objectives, slowing the process of getting actionable information to the field. Often we find larger companies will issue "flash" results to overcome this problem, consuming even more resources.
Certainly centralization has its limits, both legal and practical. For fiscal reasons, it still will make sense to consolidate at a country level (both in local GAAP and in parent GAAP). From an operational standpoint, unless they have harmonized their charts of accounts, companies with multiple business segments (e.g., plastics, jet engines, medical systems and financial services) will find it most useful to centralize around like businesses (i.e., ones with similar charts of accounts).
Ventana Research recommends that finance departments briefly catch their breath after their initial Section 404 audit and then get back to work redesigning processes to improve their control efficiency. We expect there will be substantial changes to "best practices" in corporations as they adapt to new regulatory environments. Centralizing consolidation is one area where technology can enable a more efficient, more controllable finance environment. Organizations must determine if their consolidation and reporting systems are adequate for this purpose, and make improvements where necessary to make a more centralized, synchronous approach feasible.
Robert Kugel is CFA, VP & Research Director - Financial Performance Management at Ventana Research.
posted by Brian Moran @ 3:22 PM
Support for Limiting Auditor Liability
A liability cap might encourage smaller firms to compete with the Big Four, enhance competition and choice, and help prevent another Arthur Andersen.
Stephen Taub, CFO.com
January 18, 2005
The president of the Business Roundtable is urging regulators to limit the liability accounting firms face from potential negligence claims.
In an interview with the Financial Times, John Castellani said he is concerned that litigation could put another major accounting firm out of business and further shrink the ranks of auditors. "There are other accounting firms that could develop a global capability, similar to the Big Four, but shy away from it because of the increased liability and exposure to lawsuits," he told the paper. "To the extent we can do things that enhance competition and choice in this we are very supportive."
Castellani and the accounting firms are mindful, of course, of the demise of Arthur Andersen — which in effect put out of business by government officials after its Houston office was linked with wrongdoing at Enron Corp.
Under the Sarbanes-Oxley Act of 2002, companies are restricted from using their auditors for certain non-auditing work, so it is not unusual for companies to hire two auditing firms to meet many needs. Indeed, as companies gear up to comply with Section 404 of Sarbanes-Oxley, which guides how auditors report on companies' assessments of their internal controls, companies have been enlisting the services of accounting firms other than their auditors to help meet that requirement.
The Business Roundtable includes as members the chief executive officers of many large U.S. public companies; late last year the top executives of the four largest accounting firms became members as well.
The Roundtable's corporate governance taskforce is considering what form a limit on auditors' liability could take, according to the FT.
posted by Brian Moran @ 8:49 AM
Monday, January 17, 2005
The Perils of Systems-based Fraud
By Patrick Taylor Chief Executive Officer, Oversight Systems
While most IT security focuses on defending the network perimeter from outside attacks, many auditors point out that company insiders present the biggest risk of financial loss from computer hacks. In addition to fortifying their networks' perimeters against the external threats from mysterious computer hackers, enterprises need to focus on eliminating the recognized insider threats of systems-based fraud such as billing schemes, payroll schemes, and check tampering.
Every organization faces the possibility that employees and insiders will exercise their knowledge of systems rules and procedures to commit fraud. Even usually ethical employees who violate application policies to work around inefficiencies within a system can unwittingly stumble upon opportunities for damaging errors, misuse, and abuse.
Reliance on automated financial applications and the technologies that link business processes across multiple data systems only increases fraud risk. Fraud and white collar hacks collectively drain 6 percent of an organization's annual revenue, according to the Association of Certified Fraud Examiners (ACFE). ACFE reports that these losses totaled more than US $6 billion in 2003. The 2003 PricewaterhouseCoopers (PwC) Economic Crime Survey pegged the average loss per company due to fraud at greater than US $2 million.
The ACFE study found that the average scheme lasted 18 months before it was detected. More than half of the detected schemes accounted for losses greater than US $100,000; nearly one in six caused losses greater than US $1 million.
Fraudulent schemes typically target the billing and payroll processes because, quite simply, that's where the money is. Billing processes — specifically a financial system's accounts payable module — pose the greatest fraud risk for organizations, despite internal controls such as segregation of duties.
Ghost Vendors. An accounts payable clerk who routinely adds valid vendors into the system can insert a ghost — or false — vendor into the financial system and process checks that are payable to the insider.
Personal Purchases. Employees are often tempted to buy personal items from their employer's standard vendors through the enterprise billing system. Purchase orders from approved vendors that fall under typical enterprise budgets, such as computers, are often approved with little oversight.
Accomplice Vendor. While not as common as insiders who work alone, employees can collaborate with vendors to commit fraud. Internal controls are not likely to catch fraud schemes that include an authorized vendor producing official purchase orders and receiving payments at a normal address.
Quid Pro Quo and Barter Schemes. Businesses are often at risk of insiders trading valuable goods or services for personal gain. These schemes fraudulently deplete inventory with no benefit for the enterprise.
Returns and Voids. Insiders often dupe their employers by returning an approved purchase item for a refund and keeping the cash after they have expensed it.
Corruption and Price Inflation. Insiders can orchestrate schemes where the enterprise purchases inferior goods at higher than market prices, and the vendor pays the employee a kickback. This scheme can also be played out using a shell company as a vendor, which is actually run by the insider.
P-card Abuse. Many enterprises avoid employee expense reimbursements by issuing purchase cards (P-cards). However, P-cards provide insiders with a direct method of draining cash from the enterprise if their purchases appear to be valid business transactions.
After billing, payroll is the most-frequent fraud target, because ghost employees, improper wages, and fake commissions often fall through the cracks for large enterprises with thousands of employees.
Ghost Employees. Similar to ghost vendors, ghost employees can be entered into a payroll system to produce an ongoing scheme that drains cash from the enterprise with monthly checks paid to nonexistent employees.
False Commission. Commission-based employees can boost their compensation by falsifying sales orders for improper commission checks.
Worker's Comp Schemes. Much like ghost employees, false worker's compensation claims can be entered into a payroll system to drain cash from the enterprise through monthly checks mailed to the insider who orchestrates the scheme.
Falsified Wages. With automated payroll systems, insiders can fraudulently boost the amount of their paychecks if they can access the payroll system.
Outside of the schemes targeting false or invalid bills and employees, insiders can commit fraud by directing their schemes toward valid payments.
Altered Payee. Valid, authorized payments are frequent fraud targets where an insider, such as an accounts payable clerk, alters the payee information. For example, just before checks are run, an insider in the accounts payable system changes payee information to write the check so that he will be able to cash it. The insider also changes the vendor's address or bank routing number to deliver the check or route the payment to the insider. The insider then covers his tracks by reverting the delivery or routing information to the original information.
Forged Checks. Procurement systems that process wire-transfer payments often produce paper checks made out for US $0 with each wire transfer. Insiders can then alter these zero-value checks and cash them for the value to which they are changed.
Forged Endorsements. Refund checks to an enterprise may never enter the financial system if they are intercepted and fraudulently endorsed. In one instance, a payroll manager intentionally overpaid its state taxes, which led the state government to send refund checks. The payroll manager then endorsed the checks "pay to the order of" herself and deposited them in her own account before they ever hit the company's books.
IDENTIFYING IT-BASED FRAUD
As demonstrated by the average size and duration of each scheme reported by ACFE and PwC, auditors must find new ways to identify fraud that exploits financial systems. Because each of the schemes outlined above depends on individual transactions within the financial system, auditors need tools that access the transaction-level data and automate the basic analysis. For the last decade, many auditors have used spreadsheet-based tools for this task. However, spreadsheets rely on seasoned auditors to run the same reports routinely and interpret the results. In essence, auditors have to look for a specific scheme in order to find it.
Technology solutions are now available that tie directly into financial systems and continuously monitor each transaction. The main advantages of continuous monitoring solutions are that they automate the same testing and analysis that an auditor or fraud examiner would perform and apply that analysis across every transaction. Although individually, each transaction may not indicate fraud, continuous monitoring takes into account the context of the transaction, such as when the payee information is altered just before a check run.
The evolution of fraud to target enterprise financial systems presents an often overlooked vulnerability. Auditors should factor these risks when developing their audit plan. To assist and automate much of the financial systems testing, auditors should evaluate technology solutions that provide more comprehensive oversight of all financial transactions.
posted by Brian Moran @ 9:23 AM
Nearly 600 Reports of Control Weaknesses
Last month alone, 56 companies disclosed material weaknesses or significant deficiencies in internal controls, compared with just 14 companies a year earlier.
Stephen Taub, CFO.com
January 17, 2005
On the eve of the oft-delayed starting date for compliance with Section 404 of Sarbanes-Oxley, it appears as if Corporate America has a lot of work to do to meet the requirements of this daunting rule.
Last month alone, 56 companies disclosed material weaknesses or significant deficiencies in internal controls, according to the Compliance Week newsletter, compared with just 14 companies that made such disclosures in December 2003. For all of 2004, a total of 582 companies made these kinds of disclosures.
December's 56 disclosures were way down from November's 199, although the newsletter pointed out that for many companies, November 10-Qs were the final periodic filing before Section 404 assessments were due as part of their next annual report.
Roughly half of last year's disclosures were related to financial systems and procedures, according to Compliance Week; typical problems in this category are related to the financial close process, account reconciliation, or inventory processes. About 30 percent of the disclosures concerned personnel issues. Other common types of disclosures included problems with documentation, revenue recognition, and IT systems and controls.
The newsletter also noted that companies frequently disclose multiple types of weaknesses. It cited contract electronics manufacturer Sanmina-SCI Corp., which disclosed a material weakness in its December annual report related to several issues, including financial systems and procedures (inadequate preparation of certain financial statement account reconciliations) and personnel issues (lack of sufficient personnel with appropriate accounting qualifications).
Bankrupt and disgraced cable television operator Adelphia disclosed more than 700 deficiencies, many of which were related to financial systems, governance procedures, and personnel oversight issues, Compliance Week noted.
When companies do disclose material weaknesses, they would do well to give the details, according to a new survey by Stanford Law School and consultancy Cornerstone Research reported by the Financial Times. Among 141 companies that made such disclosures between November 2003 and October 2004, companies that spelled out the details suffered an average decline of 1.5 percent in their share price; companies that failed to give details saw their share prices fall an average of 3 percent.
posted by Brian Moran @ 9:16 AM
Terex Will Restate after 404 Assessment
Compliance with Section 404 of Sarbanes-Oxley may lead to many more restatements.
Stephen Taub, CFO.com
January 17, 2005
We'll probably see many more such announcements in coming months as companies work toward compliance with Section 404 of the Sarbanes-Oxley Act.
Diversified manufacturer Terex Corp. announced that it will restate its financials for 2001 through 2003 to correct certain errors. The company implied in a press release that it discovered these errors while conducting its review of its internal controls over financial reporting to meet the requirements of Section 404.
In October, Terex began to examine its intercompany transactions to reconcile imbalances in certain accounts. Although the company stated that the review is ongoing and that it hasn't determined all adjustments that may be needed or in what periods the correcting entries will be made, Terex added that it believes most adjustments relate to periods in 2002 and earlier. It also does not believe the adjustments will be material.
Terex said that as part of its review, it determined that a material weakness existed in its internal controls over financial reporting as they relate to the recording of certain intercompany transactions.
To comply with Section 404, Terex added, "a new financial reporting system was put in place in the later part of 2003 allowing for a more detailed and thorough review of accounts on a timely basis through analytical report writing functions, as well as automated back office functions." The company also noted that it revised its internal controls to require "monthly activity balancing and the requirement that any reconciling item that is not resolved within a specified period of time be escalated for prompt resolution."
Terex also said it has changed its reporting relationship for operating financial personnel so that they now report directly to the corporate financial group, and it will provide enhanced training for all financial personnel. It also intends to add more people to the financial organization as necessary, simplify its reporting structure, and migrate to a more-common information technology platform.
posted by Brian Moran @ 8:50 AM
Friday, January 14, 2005
SEC charges nine with fraud at US Foodservice
Nine people who worked for suppliers to Ahold, the world's fourth largest supermarket group, have been charged by US authorities with collusion in its massive accounting fraud.
The people were yesterday accused by prosecutors of conspiring with executives at US Foodservice, Ahold's US distribution subsidiary, to create false accounting records that inflated earnings by more than $800m (€603m). The nine who face include Timothy Daly, a former vice-president at Michael Foods; John Nettle, former account manager at General Mills; and Michael Rogers, a former vice-president at Tyson Foods.
Ahold said in February 2003 that significant accounts irregularities meant the Dutch group may have overstated its earnings by $500m. It later revised the amount to more than $1bn.
The Securities and Exchange Commission, the US financial regulator, said in October that Ahold overstated its net income by $829m between 2000 and 2002 due to fraud at US Foodservice.
David Kelley - a member of President George W. Bush's corporate fraud taskforce - who announced the criminal charges, said: "Today's charges should send a strong reminder to companies and executives across the country that it is not only a crime to falsify your own books, it is also a crime to help other companies falsify theirs."
The alleged fraud at US Foodservice centres on so-called promotional allowances, which are paid by food-makers to retailers and distributors in return for meeting sales targets. The allowances reduce the cost of sales, and so can boost profits.
Criminal and civil charges made against four former executives at US Foodservice last July pointed to collusion with the company's suppliers to exaggerate the amounts owed to it under the promotional allowances. The fraud came to light when Deloitte, Ahold's auditor, queried documentation between US Foodservice and its suppliers.
Mr Kelley, US attorney for the southern district of New York, alleged that certain US Foodservice chiefs induced the nine to sign letters that purported to confirm fictitious promotional allowances. The letters were then passed to Deloitte.
The nine people had agreed to plead guilty to the charges. Two of the nine - Mark Bailin, Rymer International Seafood's president and Peter Marion, president of Maritime Seafood Processors - were also charged with insider trading in Ahold shares.
posted by Brian Moran @ 1:17 PM
Nortel heads into Sarbanes-Oxley headwind
What were they thinking?
Former Nortel Networks chief executive Frank Dunn and his financial executives are alleged to have manipulated their company's accounts -- only a few months after the passage in mid-2002 of the Sarbanes-Oxley bill in the U.S. This is the landmark legislation that compels chief executives to certify their company's accounts are accurate or risk substantial penalties.
Nortel was obviously aware of the bill's significance -- in the summer of 2002 it established a management "disclosure" committee of eight or so top executives. The group met on a near-weekly basis for a time to establish appropriate responses to a multitude of new governance rules that have recently come into effect.
Among the legislation's goals was to improve the "tone at the top" of publicly-traded companies. Since Dunn was a key member of the disclosure committee, his alleged behaviour is all the more puzzling.
Nortel reported on Tuesday that Dunn and members of his finance team had used inappropriate accounting manoeuvres to transform money-losing quarters into profitable ones early in 2003. Why would Dunn and his colleagues have left themselves so open to charges of breaching accounting rules at the dawn of the Sarbanes-Oxley era?
So far, all we have to go on are this week's extensive filings by Nortel and the report of the independent review it commissioned from the Washington law firm Wilmer Cutler. It's a detailed account, but it's still only one side of the story. Nevertheless, the report of the review does contain tantalizing clues about how the finance group got snared in such a multi-faceted probe.
Start with the fact, buried deep within Nortel's 10-K filing to the U.S. Securities & Exchange Commission, that the company's accounting reviews were triggered in May 2003 "at the direction of certain members of former management." A quick check with Nortel about who these might have been elicits the response "The document speaks for itself."
Well, no, it doesn't. But the filing does imply that a few ex-managers were concerned enough about certain accounting practices to push formally for a review of Nortel's balance sheet. What we don't know is their motivation for acting.
A possible sequence would have seen the concerned ex-managers take their case directly to the board's audit committee, chaired by John Cleghorn, the former top executive of the Royal Bank.
The subsequent analysis of the balance sheet -- it's not clear who did it, although it appears to have been an internal effort -- uncovered enough question marks to trigger a full-blown review of Nortel's numbers. At this point, Nortel's outside auditors,
Deloitte & Touche got more deeply involved. D&T told Cleghorn late in July 2003 that it had discovered certain "reportable conditions" in Nortel's numbers. In plain English, the auditor had found weaknesses in Nortel's internal reporting controls -- but it seems these were not judged serious enough to be material.
By October 2003 enough information was in to indicate that Nortel's balance sheet indeed required repair. Dunn revealed that the company's liabilities had been over-stated by nearly $1 billion and blamed the "volatile environment" for the errors. He assured investors that he would provide re-statements for the 42-month period ended June 30, 2003, as soon as possible.
From there, it appeared to be business as usual. Dunn was giving press interviews and seemed in very good humour. But the comprehensive review was still under way. And, for good measure, Nortel's board invited Wilmer Cutler to conduct its own, more independent review into the circumstances that led to the need for a re-statement. Dunn's mood suggests he did not expect anything untoward.
Meantime, Nortel's compensation committee of the board would likely have reviewed the multi-stage management bonus scheme that was rescinded, in part, this week. This, too, suggests that no one had yet uncovered anything terribly damaging.
This seems to have included D&T. According to the SEC filing, D&T did not report material deficiencies in Nortel's accounting until Nov. 18, 2003, as part of its interim audit for calendar year 2003. A material weakness, in accounting terms, involves internal controls that allow significant errors that are difficult to detect.
At this point, the red flags should have been flying high. Yet, late in January 2004, Dunn triumphantly told investors that Nortel had scored big profits for the quarter just ended. A few days later, Nortel's top executives received $27.3 million U.S. worth of restricted stock units, part of a bonus program tied to company earnings. (The cash portion, about $8.5 million U.S., is now being returned.) It would take a few more weeks before the board received evidence that led it to fire Dunn and his finance executives.
Should D&T have been quicker to unearth evidence of accounting misdeeds, if these did occur? Not necessarily. Paul Labarge, the founding partner of LaBarge Weinstein in Ottawa, points out that outside auditors are constrained by a couple of realities. First, they do audits by sampling accounting transactions, he says. There's never enough horsepower to cover all transactions. Second, he adds, a common practice at very large corporations is to consolidate numbers (for example, by combining sales across several countries or product lines) before they present them to auditors for analysis. It's designed to make things manageable, but it also makes it more difficult to spot inconsistencies.
Nortel's financial managers would have presented the information in a similar manner to their company's audit committee.
This is why a key reform will see Nortel board members receive financial information in much greater detail -- no consolidation, in other words. Not only that, but Cleghorn's audit committee will from now on conduct separate sessions with the top finance and operations employees of each of Nortel's many business units.
This way, the audit committee should immediately be able to spot any effort aimed at manipulating company-wide results. Under the rich bonus program approved by Nortel's board, there was certainly every incentive for top management to manipulate numbers to produce the desired earnings. Whether that was the intent -- provable in court -- of Dunn and his nine fired finance colleagues is another matter. Certainly it was the result. And, coming as it did at the launch of the Sarbanes-Oxley era, the timing could hardly have been worse.
posted by Brian Moran @ 9:12 AM
Thursday, January 13, 2005
Call for auditors to give verdict
Auditors could be given the right to more quickly reassure investors that companies have fixed weaknesses in systems that ensure accurate financial reporting, regulators said on Wednesday.
Douglas Carmichael, chief auditor at the Public Company Accounting Oversight Board, told a conference that the regulator was considering whether auditors should have the ability to give snap verdicts on remedial action taken by companies on defective internal financial controls.
Companies were warned that investors and credit rating agencies could react badly to poor disclosures by companies about any weaknesses.
Disclosures by companies about the effectiveness of internal controls are mandated by the Sarbanes-Oxley Act, and auditors must give separate opinions.
The first batch of reports are due to be filed with the Securities and Exchange Commission in March and April.
A survey by Stanford Law School and Cornerstone Research, a consulting firm, found that companies suffered smaller falls in their stock prices if they gave details of the weaknesses in their internal controls.
The survey of 141 companies that made disclosures of "material weaknesses" in their internal controls between November 2003 and October 2004 found those that gave details suffered average falls of 1.5 per cent.
But companies that did not give details suffered average falls of more than 3 per cent.
Steve Galbraith, a principal at Maverick Capital, the hedge fund, said: "Make no mistake: most investors will shoot first and ask later if you have a bad Sarbanes-Oxley opinion."
However, he predicted a company's stock price would improve once the problems with internal controls had been resolved.
Greg Jonas, a managing director at Moody's Investors Service, said a company's credit rating could be downgraded if it admitted to "pervasive problems" with internal controls.
The New York conference, organised by Stanford Law School, heard that companies that revealed weaknesses in their internal controls could have positive opinions from auditors about the accuracy of their accounts.
But Mr Jonas said Moody's could raise doubts about such opinions if the companies revealed pervasive problems with internal controls.
Mr Carmichael said the PCAOB was considering whether auditors should be able to review the remedial action promptly and provide some form of public statement about it.
Alan Beller, director of the SEC corporation finance division, said the SEC and the PCAOB would review whether compliance with the act could be simplified, but stressed the regulators would not water down Sarbanes-Oxley.
posted by Brian Moran @ 8:58 AM
Wednesday, January 12, 2005
S-Ox and the Need to Audit IT Processes
The Sarbanes-Oxley Act has dramatically heightened standards for financial reporting for US public companies with a market capitalization over $75 million. For the past 18 years, COSO (The Committee of Sponsoring Organizations of the Treadway Commission) has been the accepted framework for implementing internal controls for financial reporting. IT processes and technology, however, are not addressed by COSO. Since the vast majority of financial data that makes up financial reports is generated by IT and its related processes, it is critical that the effectiveness of these processes can be verified. By having well defined standards and procedures that can be verified, CEO's and CFO's can be confident that the reports they are certifying came from well maintained and error free software applications.
The two sections of the Sarbanes-Oxley Act that should concern IT executives the most are 302 and 404(a) because they deal with the internal controls that a company has in place to ensure the accuracy of their data. This relates directly to the software systems that a company uses to control, transmit and calculate the data that is used in their financial reports.
Section 302Effective August 29, 2002, Section 302 requires CEO's and CFO's to attest to the accuracy of their company's quarterly and annual reports.
CEO's and CFO's will be placing an enormous amount of trust in the people and systems that produce their company's financial data. Given the wide and deep spectrum of internal controls, it is a serious responsibility.
Section 404(a)The deadline for complying with this rule was originally September 15, 2003, but has now been pushed back to November 15th, 2004. A number of experts view the extension as a sign of just how seriously authorities intend to enforce and monitor the new law. The SEC has also recognized the COSO framework as the official framework for establishing internal controls over financial reporting. Many companies are now actively working with internal and external audit firms to set expectations surrounding Section 404, and avoid unwanted surprises when Section 404 comes into full force.
The View From the TopUnderstandably, CEO's and CFO's are taking Sarbanes-Oxley very seriously given the potential penalties for non-compliance. There is a tremendous amount of data that they will have to monitor to make sure the financial statements are accurate. From the point of view of an IT person, it is a given that IT will be relied upon to collect, store and compile this data from all areas of the company and transmit it to the appropriate people.
So, how do CEO's and CFO's view Sarbanes-Oxley from a compliance standpoint? Surprisingly, an informal survey by CIO Magazine of the top 19 companies on the Fortune 100 list revealed that most executives viewed compliance as a finance issue, not a systems issue1 . This is a mistake, as IT is poised to play a major role in the implementation of controls for financial reporting.
What Sarbanes-Oxley Means to IT ExecutivesSarbanes-Oxley paradoxically, has been a motivating factor to connect IT more closely to the business. Compliance can provide the CIO with a seat at the inner table of top executives, as an active partner in regulatory conformance. CIO's must be proactive in getting the attention of their CFO's so that they understand how important IT systems are to data integrity. One way to do this is by demonstrating a detailed understanding of Sarbanes-Oxley and the part you can play in achieving compliance — without claiming that IT holds all the answers. Seats at the inner table, "are usually reserved for CIOs who can explain the business value of technology changes, but who are also able to put on their business hat and review potential IT work in the context of the broader business needs."2
posted by Brian Moran @ 10:58 AM
Tuesday, January 11, 2005
U.S. Boardrooms Add More Women, Independence in 2004
NEW YORK (Reuters) - Corporate boards grew more independent from management last year, while the number of women in boardrooms grew to one-quarter of all new outside directors, up from about 16 percent in 2003.
Executive search firm Spencer Stuart's "Board Index" also found corporate boards earned more cash in 2004.
The index found 24 percent of the 443 new outside directors named last year at companies that make up the Standard & Poor's 500 index were women. That was the largest increase in female independent directors ever in S&P 500 companies in one year, the firm said.
Women now account for 16 percent of total board membership in the S&P 500, an increase from 13 percent in 2003. In 1999 the figure was 12 percent.
But female chief executives declined to seven from nine in 2003, according to the report.
As for all new outside directors, the 443 new independents represent a 13 percent increase from 2003, not surprising given new rules mandated by the New York Stock Exchange, Nasdaq Stock Market and the Sarbanes-Oxley law requiring greater director independence and expertise.
The index found the number of companies with a presiding, or lead, director, grew to 84 percent of S&P 500 companies, up from 36 percent in 2003. The lead director is typically independent and conducts meetings of the other independent directors apart from company executives on the board and other insiders.
The Spencer Stuart report, published annually for the past 19 years, found that for the first time the average number of outside boards that chief executives sit on dropped below 1 to 0.9. In 2003, chief executives on average sat on 1 other board, and five years ago the figure was 1.6 boards.
DIRECTOR PAY UP
The average annual retainer earned by S&P 500 directors rose 14 percent to $50,000 from $43,700 in 2003 and $33,500 in 1999. The retainer excluded committee meeting fees and equity-based pay.
In a separate survey, Aon Consulting said on Tuesday total cash pay for S&P 500 directors grew by 21.6 percent to a median $67,556. Total equity awards rose nearly 35 percent to $69,616.
Peter Lupo, New York compensation leader with Aon Consulting, said in a statement that boardroom pay is headed higher still.
"We already know that the time commitments for many corporate directors will continue to increase. Next year, for example, it is highly likely that compensation committees will need to spend a substantial amount of time discussing, reviewing and revising long-term incentive compensation programs because of the likelihood that stock options will be expensed in 2005."
posted by Brian Moran @ 3:47 PM
SOX SUIT: Holding Feet To The Fire
By Jeanette Burriesci
Let the lawsuits begin! Now that all the deadlines have passed for mid- to large-sized companies to comply with the Sarbanes-Oxley Act (SOX), shareholders are making sure the law is enforced. On December 3, a class action lawsuit was filed against network services firm UTStarcom, alleging that the company misled investors and violated SOX Section 404.
The suit complains that UTStarcom falsely reported record results and projected continuous profitability in publicly disseminated press releases and SEC filings, attributing the positive results and guidance to growing demand for its products and services, particularly in China. However, says the complaint, the company's statements failed to disclose that it had massive supply chain constraints that delayed the recognition of millions of dollars in revenue, that it was experiencing weakening demand for its products and services in China and that it lacked adequate internal controls.
The suit, filed on behalf of shareholders, alleges that UTStarcom concealed from investors that it was in violation of Nasdaq rules requiring an independent majority in the membership of its board of directors, and that it may be in violation of SOX Section 404 requiring the company to inform investors about its internal control structures, which must be tested and verified by independent auditors. The suit alleges these violations resulted in inflated share prices.
SOX: WHAT'S IN IT FOR SHAREHOLDERS?
SOX increases investor confidence in corporate ethics (37%)
Compliance creates cost burden that suppresses stock price (33%)
SOX boosts shareholder value by building market confidence (25%)
Compliance costs decrease ability to pay dividends (14%)
—From an Oversight Systems survey of corporate financial leaders
posted by Brian Moran @ 11:55 AM
Monday, January 10, 2005
Travel Expenses Prompt Yale To Force Out Institute Chief
By JOANN S. LUBLIN Staff Reporter of THE WALL STREET JOURNAL
January 10, 2005; Page B1
In the latest setback for the corporate-governance movement, Yale University's School of Management is quietly forcing out the prize-winning head of its International Institute for Corporate Governance over alleged expense-account abuse.
Florencio López-de-Silanes, 38 years old, allegedly double-billed Yale for about $150,000 in business-travel expenses since mid-2001, according to people familiar with the situation. The tenured finance and economics professor has made full restitution, they say. Under an agreement with Yale, he will remain on unpaid leave until his departure from the university in June. The embarrassing flap has sparked probes by both his employer and the World Bank, where he has been a governance consultant and helped train foreign corporate directors.
Neither Yale nor Mr. López-de-Silanes -- known as a strong advocate of prompt disclosure of corporate misdeeds -- has announced his planned exit. Responding to an inquiry from The Wall Street Journal, Yale spokesman Tom Conroy said, "He has resigned from Yale as a result of financial misconduct and irregularities in his role as director of the International Institute for Corporate Governance." He added: "Appropriate corrective actions have been taken."
Mr. Conroy also said that "Yale's audit department has undertaken a special examination of expense procedures at Yale to ensure best practices." He declined to say whether the pending broader review resulted from the López-de-Silanes affair. Mr. Conroy said Yale has "no plans" to issue a general announcement about Mr. López-de-Silanes's unpaid leave. He declined to comment about why the university isn't doing so.
In a statement prepared for the Journal, Mr. López-de-Silanes acknowledged his mistake. "I deeply regret any unintended harm," said the statement, issued Friday by his attorney Peter E. Fleming III. "I have taken appropriate corrective steps with all affected parties and I can offer no excuse except the intensity of my focus on my work. I am leaving Yale because it is the right thing to do for the Institute and all concerned."
A separate World Bank inquiry into various contracts awarded to Mr. López-de-Silanes "is continuing at this time," said Damian Milverton, a spokesman for the Washington bank, which seeks to alleviate poverty.
The Yale imbroglio comes in the wake of other brouhahas at some of the corporate-governance movement's leading lights. TIAA-CREF, a large institutional investor as well as a prominent governance activist, is the target of a Securities and Exchange Commission inquiry into a business relationship that its auditors entered into with two of the fund's trustees in 2003. The pair resigned their TIAA-CREF positions Nov. 30. SEC rules bar accounting firms from entering business ventures with their audit clients.
Similarly, Sean Harrigan, president of the California Public Employees' Retirement System, the nation's biggest public-pension fund and a veteran crusader for better corporate governance, wasn't reappointed by the state personnel board late last year after the fund came under fire for meddling in labor-union issues with little connection to improving shareholder return. Mr. Harrigan, a top executive of a food-workers' union, blamed his ouster on pressure from Republican politicians and business lobbying groups.
Governance experts fear fallout from the Yale incident. It's another example "of why leadership by example is fundamental" in the corporate and public sector, said Anne Simpson, executive director of the International Corporate Governance Network, a London-based group largely comprised of activist institutional investors. "We all need to make sure we are what we do, not just what we say."
Mr. López-de-Silanes, born in Mexico, was recently honored by the World Economic Forum as one of the 100 Global Leaders for Tomorrow. He has run the International Institute for Corporate Governance since Yale created the academic think tank in July 2001. The idea was to bolster the business school's visibility and promote better governance abroad. One of Mr. López-de-Silanes's working papers, according to a Yale Web site, is entitled, "Theft Technologies."
Ira Millstein, a long-time governance adviser for major companies, and Jeffrey E. Garten, the management school's dean, recruited Mr. López-de-Silanes from Harvard University's John F. Kennedy School of Government, where he was an associate professor. The new institute was a powerful lure for the young academic, a rising star being wooed by several universities.
Mr. López-de-Silanes soon attracted positive attention at Yale by advising stock-market commissions in several countries, among other things. On the other hand, he earned a reputation as a hard-driving boss who often demanded that assistants work 12-hour days seven days a week, one knowledgeable individual remembers. The globe-trotting governance specialist also preferred to amass his business-travel receipts for a year before seeking reimbursement, this individual reported.
Mr. López-de-Silanes "is no tougher on his employees than he is on himself," observed another person familiar with the situation. "The guy is an obsessive workaholic."
Unhappy subordinates began to complain about his difficult management style in late 2002. It's unclear whether those complaints finally prompted Yale to launch its investigation of Mr. López-de-Silanes last September. Officials uncovered alleged evidence that he double billed for hotels, flights and similar travel expenses, according to the second person familiar with the situation.
On Dec. 8, Mr. Garten summoned the senior faculty to divulge the inquiry during a tense, somber meeting. He told them Yale had found a pattern of financial impropriety and was negotiating with Mr. López-de-Silanes' attorney to avoid the messy process of removing his tenure, attendees recall. Through Mr. Conroy, Mr. Garten declined to comment.
Stripping a professor of his tenure, academia's ultimate sanction, rarely occurs. An estimated 50 to 75 tenured professors out of 280,000 in the U.S. lose their positions for cause each year and the number fired over financial improprieties "would be very small," said Jonathan Knight, an expert on tenure at the Washington-based American Association of University Professors.
Some of Mr. López-de-Silanes's colleagues are rallying to his defense. "I consider Florencio to be a great scholar and of great integrity," said Ivo Welch, a Yale finance professor. His purported financial misconduct "was more likely incredible stupidity and carelessness on his part rather than anything deliberate," Mr. Welch suggested.
"I am extremely saddened and distressed by these events," said Mr. Millstein, a Yale visiting professor, chairman emeritus of the institute's advisory board and a senior partner at Weil, Gotshal & Manges in New York.
Mr. Conroy said Yale won't pick a replacement for Mr. López-de-Silanes until it finds someone to succeed Mr. Garten, who previously announced he will relinquish his post this June. The School of Management revealed his decision last April; he currently is completing his second five-year term as dean.
Other faculty members say they are upset that Mr. López-de-Silanes can consult, testify as an expert witness and remain on the School of Management's Web site during his lengthy unpaid leave. Late yesterday afternoon, the biography posted there still identified him as the institute's director.
posted by Brian Moran @ 1:45 PM
Friday, January 07, 2005
A.R.C. Morgan: More than 60 Percent of CFOs Resign or are Pushed when a Material Weakness is Disclosed
A.R.C. Morgan has produced its latest Sarbanes-Oxley research report, "Using Reported Weakness Disclosures to Benchmark Internal Controls." A comprehensive study that provides full disclosed weakness data reported by more than 350 SEC registered companies.
The results and conclusions of this study provide significant insight to all those involved with, or interested in understanding, an audit of internal control over financial reporting. The work effort required to document processes, identify significant risks and mitigating controls, evaluate control design and effectiveness, and report on such effectiveness of internal controls over financial reporting (on an annual basis) has already been extremely time-consuming and, by extension, costly. Yet despite the investments made, weaknesses are still being declared and the expectation is that many more companies will be in a similar position. The research was designed to gauge what weaknesses are being disclosed, remediation action taken, impact on the organization and help give other filers a benchmark tool to asses their own environments and what to look out for. The rigorous research that forms the basis of this report has unearthed some unexpected results:
- Over 60 percent of chief financial officers from companies with weaknesses leave or are pushed either immediately before the disclosure or within three months of the disclosure.
Over 50 percent is fraud related.
- Auditors fees grow considerably when a weakness is found, typically by 150 percent, compared to between 30 and 50 percent for companies with no weaknesses reported.
- Most filers disclosing a weakness have an SEC investigation.
- Over 65 percent of filers with disclosed weaknesses restate earnings causing significant shareholder impact.
- Other costs, people, training, consultants, technology are significant
- Over 390 companies have disclosed weaknesses in 2004 (Section 302 reporting), note A.R.C. Morgan's initial research focused on 350 companies.
- Over 86 percent of material weakness disclosures so far appear to have been discovered by the external auditors and not by management (or consultants) as part of their compliance projects.
posted by Brian Moran @ 9:49 AM
Chief Executive Was Paid Millions, and He Never Noticed the Fraud?
THE dummy defense worked, and the era of the former chief executive who remembers doing virtually nothing to earn his millions is upon us.
As chief executive of CUC International, Walter A. Forbes presided over a company whose books told lies for more than a decade. When the fraud was uncovered in 1998, after CUC had merged into the Cendant Corporation, it was the largest accounting fraud in American history.
This week, after a trial that lasted seven months and deliberations that lasted another month, a federal court jury convicted CUC's No. 2 executive, E. Kirk Shelton. But it was unable to reach a verdict on Mr. Forbes.
That there was a fraud is not in question. For many years, CUC inflated its revenues and hid expenses. "The defense of Walter Forbes is that he didn't know about it," said Brendan Sullivan, his lawyer, in closing arguments. He blamed it all on Cosmo Corigliano, the former chief financial officer and the prosecution's chief witness. Mr. Corigliano testified that he briefed Mr. Forbes using "cheat sheets" that showed how the revenues and profits were being inflated, but Mr. Forbes denied that. Mr. Sullivan branded Mr. Corigliano a "serial liar" and a "con man."
Mr. Forbes said he saw no need to pay attention to what was happening inside the company. He worked on "the strategy vision part, talking to key clients, being the outside voice of the company," he testified. "I think I was much more valuable to shareholders doing that than being in day-to-day operations."
You do not see many active chief executives who admit to being uninvolved in - and even uninterested in - day-to-day operations, but that appears to be the preferred defense for those whose companies turn out to be huge frauds. This trial shows such a defense can work, at least to persuade some jurors that underlings mount frauds while the bosses ponder the big picture and rely on the accountants.
Such a defense is expected at the trial of Richard M. Scrushy, the former chief executive of HealthSouth, where jury selection is under way. Mr. Scrushy's lawyers face the larger hurdle that a succession of chief financial officers, not just one, is expected to testify against him.
Bernard J. Ebbers, the former chief executive of WorldCom, is expected to mount a similar defense, as will Jeffrey K. Skilling and Kenneth L. Lay, the former chief executives of Enron. When Mr. Skilling testified before Congress after Enron failed, his mantra was "I am not an accountant." That testimony so infuriated Congress that it put into the Sarbanes-Oxley law a provision requiring chief executives to certify their company's financial statements.
Officials of the Securities and Exchange Commission used to complain privately that it was difficult to get the Justice Department to bring criminal charges in accounting fraud cases. Many United States attorney offices lacked expertise in accounting and feared that such a case would mean a lengthy trial that would leave jurors baffled.
Enron changed that, but a string of acquittals or hung juries in the pending chief executive cases could make prosecutors reluctant to pursue new cases.
In Enron, WorldCom and HealthSouth, chief financial officers eventually agreed to plead guilty, usually after insisting they had done nothing wrong. Chief executives tend to not leave paper trails of involvement with fraud, so the financial officers' testimony can be critical. But their previous denials make it easy to brand them as liars.
If bosses walk while their subordinates go to jail, it will confirm the wisdom expressed to Max Bialystock, the not-so-honest boss in the "The Producers," the Tony Award-winning Broadway show: "It's good to be the king."
posted by Brian Moran @ 9:00 AM
Thursday, January 06, 2005
Profiting from Their Own Mistakes
Software makers' corporate-governance programs to fix internal accounting problems have become hot sellers in a booming new market
Since Jeffrey Clarke reported for duty at software maker Computer Associates International (CA ) last April, he has spent much of his time fixing a financial system so flawed it allowed former employees to overstate revenues to the tune of more than $1 billion. "This is a company where the checks and balances failed. We're putting them in," says Clarke, CA's chief operating officer and acting chief financial officer.
He not only hired a handful of controllers and internal auditors but also is using CA's own storage and asset-management software to ensure compliance with Sarbanes-Oxley rules and other financial regulations. It's a case of software company, debug thyself.
ODD TWIST. Such regulatory compliance has also added a healthy glow to CA's bottom line. While many companies gripe that complying with Sarbanes-Oxley has meant nothing but expense, for CA and other tech outfits, the rules have helped create a booming new market.
They sell lots of software that helps other organizations comply with Sarbanes-Oxley by tracking assets, storing data, and searching for documents. It's a growth business in a mature industry: Market researcher Gartner expects spending on corporate-governance software to hit $6.9 billion in '06, more than double last year's tally.
Gartner says much of the spending so far on Sarbanes-Oxley compliance has gone to consulting firms doing quick fixes, but it expects companies to eventually use software to manage their oversight processes. Even then, instead of a single software package for handling compliance, there will be a patch-work of individual products.
In an odd twist, several software makers selling compliance-related products ran into accounting problems of their own in the past -- giving them an intimate understanding of how software can help prevent accounting lapses. In addition to CA, these companies include Peregrine Systems (PRGN ), Veritas Software (VRTS ), MicroStrategy (MSTR ), and Legato Software, which is now part of storage giant EMC (EMC ).
CUSTOMER RAVES. "It's ironic that some players providing the technology that manages compliance also had compliance issues themselves," says Gartner analyst Joanne M. Correia. "The important question is, have they learned from their own experiences in ways that help their customers?" Indeed they have, say both software execs and their customers. Peregrine spent nearly nine months gathering records to see if it had paid Microsoft (MSFT ) the proper amount in annual subscription fees. It hadn't.
Incredibly, Peregrine wasn't even using the latest version of its own asset-management software product, which tracks contract obligations with suppliers. Now it does. And Peregrine next month will launch a new version that makes it easier for clients to track their use of computers and software, issue reports, and record the proper sign-offs by executives on a quarterly basis -- as required by Sarbanes-Oxley.
Customers rave about the technology. J. P. Morgan Chase (JPM ) has had to prepare to comply with Sarbanes-Oxley at the same time it's completing its merger with Bank One Corp. It's using Peregrine's asset-management product to smooth the transition and plans on updating to the new version.
FROM NEGATIVE TO POSITIVE. Mark Bradley, the bank's application development analyst in charge of Peregrine products, says key features include graphics that take an exec step by step through the process of tracking contract compliance, which can then be shown to an auditor if necessary. "The biggest part of compliance is showing you have done your work," says Bradley.
For Legato, a Securities & Exchange Commission investigation and shareholder suits in 2000 taught a punishing lesson about the difficulty of searching millions of old e-mails in a hunt for a handful of potentially incriminating ones. It took months and hundreds of thousands of dollars to do the job. That experience prompted Legato in 2002 to purchase OTG Software for its e-mail archiving technology.
Now EMC, which itself bought Legato last year, counts among its offerings software that lets corporate customers create vast storehouses of e-mails, index them, and search them by name, topic, and date. For software companies with troubled pasts, it's sometimes awkward to hawk compliance software.
Customers want to talk through their suppliers' problems and understand what they did wrong. "At first there was embarrassment. You don't feel good about it," says George Symons, chief technology officer for information-management products at EMC and a former Legato executive. "But you can turn a negative into a positive." And potentially into a lot of money.
posted by Brian Moran @ 4:08 PM
No Escaping Sarbanes-Oxley
By David Henry and Amy Borrus
No Escaping Sarbanes-Oxley
Executives are frustrated with the law's financial and organizational burdens, but corporate reform is here to stayNearly three years ago, Congress set out to clean up the way companies do business after accounting and governance scandals rocked investor confidence and damaged the reputation of companies large and small. Now, as the final stages of reform mandated by the Sarbanes-Oxley Act 2002 go into effect, much of Corporate America is in an uproar.
CEOs and CFOs complain they're burdened with huge implementation costs as armies of nitpicky auditors check every corner of their operations. "Common sense is gone," says Wisconsin Energy (WEC ) controller Stephen Dickson, voicing an increasingly common gripe. "You have to document everything."
WORTH THE TROUBLE. True enough, it hasn't been the easiest year for CFOs and their staffs. And there's no denying that the costs of implementing Sarbanes-Oxley are high -- upwards of $35 million on average for large companies this year alone. Complicating matters, the promised benefits of the reform movement are hard to spot and difficult to quantify: frauds that never happened, or the boost to investor confidence that has helped bring life back to U.S. markets.
Fears have thus taken hold that a backlash is under way. Clearly, executive complaints are reaching Washington: The U.S. Chamber of Commerce has targeted Securities & Exchange Commission Chairman William Donaldson and is compiling a dossier of examples of what it calls regulatory or enforcement overreach. And concern that the Administration's appetite for reform -- or support for Donaldson -- could wane in the second term were stoked in mid-December when Treasury Secretary John Snow called for more "balance" in regulation.
Yet despite the grumbling, there is increasing evidence that reform has been well worth the trouble. Already, intense scrutiny of accounting methods and internal controls has unearthed lingering problems in the way companies operate. And fixing weak financial controls has nipped a lot of accounting problems in the bud. "You know the CEOs and CFOs are doing much more due diligence inside their companies," says Neri Bukspan, chief accountant for Standard & Poor's, the credit-rating service.
FANNIE'S FOLLIES. Perhaps most important, the reforms have helped renew investor confidence in companies' reports -- a payoff that will grow in time. Says Donaldson: "The benefit will come in the long haul, with greater credibility in the marketplace and higher stock price multiples."
What's more, there's little chance that the SEC will be reined in. Following Fannie Mae's (FNM ) $9 billion restatement and continued controversy over megamillion-dollar parachutes it handed ousted top execs, corporate scandal is still too fresh to allow politicians to backtrack.
The White House made it clear on Dec. 16 that the President "appreciates" the job Donaldson is doing to crack down on corporate wrongdoers. Snow has affirmed his support for Sarbanes-Oxley and Donaldson -- although he still thinks regulators and prosecutors need to better coordinate their rulemaking and probes. "The system may have become too prosecutorial," Snow told BusinessWeek on Jan. 4 (see BW Online, 1/6/05, "Sarbanes-Oxley: A Sense of 'Siege'").
BEAN COUNTERS' BLITZ. Nevertheless, the complaints, which have been growing through the fall, will probably intensify in coming weeks due to widespread frustration with a single feature of Sarbanes-Oxley, Section 404. It requires that corporate executives and their auditors document, and certify to investors, that their internal financial controls work properly. It is biting hardest now because the first deadlines for completing the work begin taking effect next month for large-cap companies.
The law requires, for example, proof that someone is cross-checking the numbers that make up earnings, such as the value of inventory and receivables. Seems reasonable enough, but execs grouse that auditors are applying the law in mind-numbing detail. "It requires an army of people to do the paperwork," says William Zollars, chairman and CEO of Yellow Roadway (YELL ), the nation's largest trucking firm. Zollars dispatched some 200 Yellow employees to the task last quarter and paid about $9 million to accountants for their work -- or some 3% of annual profits for 2004.
Costs vary across companies, depending mostly on their complexity, auditors say. A survey of board members conducted by RHR International for Directorship magazine found that big companies with $4 billion or more in revenues are spending an average of $35 million to comply with the act. Another survey by Financial Executives International found $3.1 million in added costs for companies with average revenues of $2.5 billion.
SMALL OUTFITS, BIG HURT. Those numbers are grist for lobbyists in Washington. The U.S. Chamber of Commerce is collecting such evidence to take to Congress. The group's top priority this year is a "push back" for changes in Sarbanes-Oxley, says David T. Hirschmann, senior vice-president of the Chamber. He'll probably have plenty of ammunition. Mario Gabelli, CEO of Gabelli Asset Management (GBL ), says he put off hiring 12 security analysts in order to pay for complying with Section 404. "It has been a major drag on the economy," Gabelli says.
But small public companies may have the best argument, since they have fewer revenues to offset basic compliance costs. " This is a regressive tax against small business," says venture capitalist Gary Morgenthaler of Menlo Park (Calif.)-based Morgenthaler Ventures.
While accountants predicted that the internal controls section of Sarbanes-Oxley would be a burden, few people expected this much grief. After all, Section 404 restates what was already required in other federal laws and regulations. Since the late '70s, the Foreign Corrupt Practices Act has required companies to have internal controls, and auditors have long been expected to test them before signing off on financial statements.
UNPLEASANT DISCOVERIES. Sarbanes-Oxley only adds the requirement that execs and auditors certify the controls work. Lawmakers did that to ensure that top managers were held accountable for problems and to make it easier to prosecute cheaters. "The fact that companies are having difficulty complying, after controls have been in federal law for 25 years, doesn't speak well for the quality of their controls," says one high-ranking regulator.
That may be an understatement. In November, 119 companies publicly reported finding weaknesses or deficiencies in their internal controls, up from 11 in the same month a year before, according to industry newsletter Compliance Week. Many problems involved closing books, reconciling accounts, or dealing with inventory. SunTrust Banks (STI ) said in November that it had fired three officers after discovering errors in how it calculates allowances for losses in loan portfolios.
Visteon (VC ), a car-parts supplier, said it found problems recording and managing accounts receivable from its major customer, Ford Motor (F ). It's now fixing those problems. "We are finding that the focus on internal controls is uncovering problems at the best of companies," says Samuel DiPiazza Jr., CEO of auditor PricewaterhouseCoopers International "
TIGHTENED UP." Many businesses are discovering other benefits. General Electric (GE ), which spent about $30 million on the work last year, "had good controls before this, but it has added more rigor," says CFO Keith Sherin. "It certainly gives [CEO Jeffrey Immelt] and me more confidence when we're signing off on the results."
United Technologies (UTX ) used the work to standardize checks on bookkeeping in its disparate businesses around the world. "We had a fair degree of latitude in how people document things. We've tightened that up," says Jay Haberland, UTC's vice-president for business controls.
The biggest advantage of all, though, may be the greater confidence investors have in financial results. "The auditors are doing better audits and charging for that. More questions are being asked by everyone," says Donald Nicolaisen, the SEC's chief accountant. That's why fine-tuning the regs, rather than any kind of rollback, is what's likely this year.
SMALL PRICE? Regulators are encouraging auditors to focus on critical issues that pose the biggest risks rather than sweating the little stuff that wastes time and resources -- and drives managers nuts. And come the spring, they have promised to review the complaints and determine whether the procedures can be improved.
Some officials say it could take three years for companies, auditors, and regulators to apply the law efficiently. That may seem like a long march for many executives. Yet in the long run, it will be a small price to pay for more smoothly running organizations and renewed investor confidence.
posted by Brian Moran @ 11:16 AM