The ERM Current™

What has happened to the promise of transparency and accountability?  According to a recent article in the New York Times, it has become a real-world example of “doublethink” – a term coined by George Orwell, the author of the famous novel 1984.  On the heels of one of the most serious financial crises of the past 100 years, the U.S. Congress is working against providing greater transparency and accountability.  Here is what the Times reported.

It took just five weeks after the WorldCom accounting scandal erupted in 2002 for Congress to pass, and President George W. Bush to sign, the Sarbanes-Oxley Act. That law required public companies to make sure their internal controls against fraud were not full of holes. It took three more years for Bernard Ebbers, the man who built WorldCom into a giant, to be sentenced to 25 years in prison for his role in the fraud.

Mr. Ebbers will be 85 years old before he is eligible for release from prison. He may be freed, however, before the law is ever enforced on the vast majority of American companies. A Congressional committee voted this week to repeal a crucial part of the law. Other parts are also under attack. Sarbanes-Oxley was passed, almost unanimously, by a Republican-controlled House and a Democratic-controlled Senate. Now a Democratic Congress is gutting it with the apparent approval of the Obama administration.

The House Financial Services Committee this week approved an amendment to the Investor Protection Act of 2009 — a name George Orwell would appreciate — to allow most companies to never comply with the law, and mandating a study to see whether it would be a good idea to exempt additional ones as well. Some veterans of past reform efforts were left sputtering with rage. “That the Democratic Party is the vehicle for overturning the most pro-investor legislation in the past 25 years is deeply disturbing,” said Arthur Levitt, a Democrat who was chairman of the Securities and Exchange Commission under President Bill Clinton. “Anyone who votes for this will bear the investors’ mark of Cain.”

Restoring investor confidence in the financial system is the most effective path towards long-term economic recovery. These actions may remove a short-term burden from some companies, but the long-term impact to investor confidence will be severe – just ask the former stockholders of WorldCom.

The U.S. Securities and Exchange Commission (“SEC”) announced last week that the deadline for full compliance with Section 404 of Sarbanes-Oxley Act for small companies has been extended for an additional and final nine months.  The primary reason for this final extension is the delayed publication of the formal study on the impact of changes to the compliance requirements made in 2007.  Here is the formal release from the SEC.

This extension of time will expire beginning with the annual reports of companies with fiscal years ending on or after June 15, 2010. This expiration date previously had been for fiscal years ending on or after Dec. 15, 2009. The extension was granted so that the SEC’s Office of Economic Analysis could complete a study of whether additional guidance provided to company managers and auditors in 2007 was effective in reducing the costs of compliance. Because the study was published less than three months before the December 15 deadline, the Commission determined that additional time is appropriate and reasonable so that small public companies and their auditors can better plan for the required auditor attestation.

“Since there will be no further Commission extensions, it is important for all public companies and their auditors to act with deliberate speed to move toward full Section 404 compliance,” said SEC Chairman Mary L. Schapiro.

So, the final clock is ticking.  Does your company need help implementing a cost-effective compliance program?  If so, Wheelhouse Advisors can help.  Visit www.WheelhouseAdvisors.com to learn more.

A recent study by the Financial Executives Research Foundation highlights the opportunities for many companies to improve the effectiveness and efficiency of their Sarbanes-Oxley (“SOX”) Compliance programs. In this week’s edition of Compliance Week, the study was examined and those interviewed in the article all agreed that room for improvement still exists.  The four main areas of improvement for most programs are:

• Transforming controls to focus less on manual controls and more on automated and entity-level controls;
• Consolidating processes into a reduced number of systems or a reduced number of locations, through a shared-services or business process outsourcing approach;
• Adopting more sophisticated testing strategies, including remote testing; and
• Conducting SOX testing work more deliberately and selectively.

Wheelhouse Advisors is uniquely qualified to provide cost-effective solutions in each of these areas.  Visit our website at www.WheelhouseAdvisors.com to learn more.

Last week, former US House Speaker Newt Gingrich wrote an opinion in the San Francisco Chronicle renewing the call for a repeal of the Sarbanes-Oxley Act of 2002 (“SOX”).  Mr. Gingrich’s basic premise is that SOX went too far in regulating corporate governance and at the same time did nothing to prevent the collapse in financial markets.  As many others have complained in the past, Mr. Gingrich says that SOX is too costly and is preventing companies from going public.  Mr. Gingrich cites a $4.36 million cost per company from a recent Financial Executives International (“FEI”) survey.  However, he fails to mention this figure is for the largest of companies (those with a market value greater than $700 million) and is out of date.  The most recent FEI survey figure for the largest companies is actually lower ($3.8 million) and for smaller companies that he is referencing in his IPO argument, the average cost is just over $600,000.  

Now, let’s compare that to the updated “rescue” package for AIG.  Just this week, the package was increased to $150 billion.  That’s right – billion with a “B”.  And, as for the claim that SOX did nothing to prevent AIG’s woes, it actually helped bring the woes to light.  It was the external auditor’s disclosure of a material weakness in AIG controls (a SOX requirement) over credit default swap valuations that first held AIG management accountable and led to the departure of the CEO.  

Lastly, Mr. Gingrich says that SOX is driving companies overseas.  Well, if that is the case, then the “rescue” packages are certainly serving as a great incentive for companies to come back to the US.  Now, companies are lining up to receive US taxpayer money.  Those companies that do not want to be held accountable when accessing capital through public markets are probably better off in other markets.  SOX is not the problem – it is the “rescue” packages that need to be repealed.

A study was released this week that examines worldwide regulatory compliance efforts and implementations in large organizations.  The results of this study are surprising, if not alarming, given the current state of the worldwide economy.  Sponsored by CA and conducted by GMG Insights, the study found that many organizations in Europe and the Asia/Pacific Region are not fully compliant with many regulations even though they are required to be.  For example, 46% of European companies and 50% of Asia/Pacific companies anonymously reported that they are not fully compliant with the Sarbanes-Oxley Act.  To be sure, these companies do not have very mature risk and control programs.  The researchers conducting the study concluded the following.

“The conclusion we come to, is that in-spite of the rising costs associated with compliance and the severe penalties that can come from non-compliance, organizations are still managing down to a “just enough to get by” strategy. In our opinion this strategy cannot be sustained. Organizations face exponential growth of regulations and systems affected by those regulations must be monitored. Managing compliance with an ad hoc approach subjects organizations to significant risks. Recognition of the organizational risk and the growing costs will ultimately drive the adoption of broader, enterprisewide compliance management solutions.”

These companies and many others may believe they are saving money by addressing compliance in this fashion.  However, most will ultimately find that this short-term, ad hoc approach will not only lead to greater risk of potential non-compliance, but also to greater cost due to fragmented and duplicate activities.  As the mechanic says to his customer in the oil filter commercial, “you can pay me now….. or pay me later”.