A Price to Pay
A price to pay
By Crista Souza
Technology companies fought long and hard to avoid the onerous burden many felt the Sarbanes-Oxley Act of 2002 would impose upon their operations and competitiveness.
Today, SOX, as the anti-corruption legislation is now known, has even fewer proponents in corporate America, where estimates put the cost of compliance at billions of dollars each year. For many technology executives, SOX has become a well-intentioned but unsolicited and expensive intrusion into business activities that they must live with, no matter the cost.
The fact is, SOX is to corporate management what RoHS, the European Union’s Restriction of Hazardous Substances directive, is to the supply chain. SOX touches not only the boardroom, including executive compensation and responsibility of management and directors, but also extends liability to external financial-service providers. It affects accounting processes and the way they sync up with other business processes, with implications for IT systems. It requires independent auditors and legal counsel to make sure financial activities and relationships are on the up-and-up. And don’t forget the consultants and additional staff needed just to bring the operation into conformity with the law.
Bottom line is, SOX will strain the bottom line. Observers believe the extra costs will hamper the competitiveness of U.S. corporations. SOX is a major burden for midsize companies because the cost of compliance as a percentage of total sales is much higher, proportionately, for them than for large organizations, said Jack Calderon, principal at investment bank Lincoln Partners (Chicago).
“For small companies to stay competitive they have to figure out other ways of reducing costs, because they’re not really going to reduce the cost of compliance,” said Calderon, a former chief executive of midtier EMS provider EFTC.
“One of the easiest offsets is to spend less on research and development or not give talented employees the kind of raises needed to keep them around the company,” he said.
“Those kind of decisions are going on,” Calderon said, “and companies will do what they need to do to survive in the new environment.”
The origin of SOX
The Sarbanes-Oxley Act is a federal securities law that was passed in the wake of now-infamous corporate financial scandals at Enron, Tyco and WorldCom, among others.
SOX imposes a sweeping set of corporate-governance rules meant to prevent such accounting debacles–which resulted in billions of dollars in shareholder losses–from occurring in the future.
SOX doesn’t affect only public corporations, however. Privately held companies also must comply with the legislation.
Still, why should you care if you are not the CEO or the CFO? You’re not a criminal. Heck, maybe you’re not even a finance guy.
The answer is simple. Compliance requires certification of financial results by the top executives of the company. With the CEO and the CFO under the gun, they in turn are closely scrutinizing every number put before them by junior executives, including managers in the supply chain, manufacturing, procurement and engineering.
Most of SOX is already in effect for the largest companies. Public companies with a market capitalization above $75 million were required to comply with Section 404–the part that demands CEO and CFO accountability for financial statements–starting with the first fiscal yearend report after Nov. 15, 2004. Companies below the $75 million market cap mark must comply starting with the first fiscal year-end report after July 15, 2005.
The cost of compliance
The problem is that many midsize and small companies underestimate the true cost of compliance.
“No one really appreciates how complex and how expensive it is to get [Sarbanes-Oxley compliance] done,” said Phil Toomey, managing partner at law firm Carico Johnson Toomey LLP, whose forte is corporate governance and employment issues at private and public companies.
Back in 2003, Symbol Technologies Inc. saw the handwriting on the wall and wrote a sizable allowance into the 2004 business plan for compliance-related expenditures.
The Holtsville, N.Y., maker of bar code scanners and radio-frequency identification readers started the compliance process by taking a complete inventory of accounting actions and reassessing what steps were necessary and what could be improved upon.
Symbol budgeted for new accounting software and additional employees in the finance department, as well as for external consultants and auditing fees.
Despite painstaking planning, at the end of fiscal 2004, the price was higher than anyone had guessed at the outset, said James Langrock, senior vice president of finance and chief accounting officer at Symbol, which posted revenue of $441.5 million for the 2005 third quarter.
The company never had to make any difficult trade-offs to square the budget, but the prospect was always in mind, Langrock said.
“Sarbanes-Oxley compliance is extremely costly for a company our size,” he said. “We knew it was going to be significant, but our cost was much higher than we anticipated.”
Whether a company is public or private, even minimal compliance means more than just having audited financial statements, for example. There are also costs associated with setting up audit committees or having outside legal counsel review certain arrangements between the company and its accountants, between the company and its board members, and between the controlling shareholders and noncontrolling shareholders.
There is also a requirement of independence for professional advisers, something attorney Toomey believes few midsize companies fully appreciate.
“There is often a close relationship between the general counsel for the company and the controlling shareholders [i.e., the president, CEO, chairman of the board],” he said. “You might find that [if] an outside attorney does estate planning or does private things for key members of the company, that work poses a tremendous potential for a conflict-of-interest allegation later in the process.”
What often happens, Toomey finds, is that companies will implement what he called “cafeteria-style compliance.”
For example, they will have CEO and CFO certification of financial statements but will not insist on true independence of outside counsel or outside accountants. They might set up an audit committee, but then the committee may not insist that the auditors refrain from providing other accounting services to the company.
Privately held companies can get away with that approach. And, in fact, such practices are becoming the benchmark for corporate governance and management among private entities. Increasing numbers of private companies, however, are voluntarily bringing their organizations into compliance with the governance reforms, particularly if they are expecting to raise capital through a private equity or public stock offering, or to be acquired by a publicly traded company, Toomey said. It turns out that SOX conformity, even in a privately held company, may increase share price or acquisition value.
Among publicly traded companies, selective compliance officially won’t pass legal muster. Yet companies whose profits are squeezed by the extra cost burden of SOX are sometimes taking a discretionary approach nonetheless, Toomey said.
The benefits of SOX compliance
In Symbol Technologies’ fiscal 2005, or “Year Two,” SOX-related expenses dropped approximately 50 percent compared with 2004 but still amounted to “a big number,” Langrock said.
Part of the savings came simply from a year’s worth of experience. The auditors had gotten better at integrating the Sarbanes-Oxley compliance testing with their financial-statement audits. And internal controls had become easier because of a cleaner, more streamlined accounting operation.
Today, Sarbanes controls are built into the company’s monthly and quarterly close processes, and accounting folks are familiar with what needs to get done.
Thus, ongoing costs are expected to continue to decline–to a point. One expense that won’t evaporate is the additional hours of dedicated labor required to ensure continued compliance.
“Apart from the dedicated resources, there is the internal cost that we don’t measure, which is the folks who are involved in making sure the documentation stays updated and current and the controls are happening,” Langrock said.
The one positive result, Langrock said, is that Sarbanes-Oxley controls and the associated processes are in front of everybody on a monthly or quarterly basis. So as people continually look at what they’re responsible for, there is continued process improvement.
Additionally, he said, IT and finance functions related to controls and operational processes are better aligned. “From where I sit, there’s a lot of value and benefit,” he said. “I just wish it wasn’t so expensive.”
John Hagerty, an analyst with AMR Research (Boston), said companies may take solace in the fact that “SOX is not a permanent tax.” There’s money that has to get spent up front, he said, but once the framework is in place, the cost of compliance should become a part of ongoing business activity.
“Some people look at Sarbanes-Oxley like it’s the Abominable Snowman stomping around the forest and it’s gonna get us,” said Toomey. “And then there are people who think Sarbanes-Oxley is the goldfish in somebody else’s house: ‘It’s nice to know that it’s there, but it doesn’t have much relevance to what I’m doing.’ “
The answer, Toomey said, is somewhere in the middle. “Know what Sarbanes-Oxley requires and doesn’t require, approach everything from a common-sense perspective and err on the side of disclosure,” he said. “I think if you do those three things, you’re going to be OK.”
Posted in: Articles