Last Friday’s evening edition of the American Public Media radio program
"Marketplace" had a short piece about Sarbanes Oxley. (Here is a
to the program — I am not sure how long the link will be good ..).
The gist of the story was that Sarbanes Oxley sure seemed like a good idea right
after Enron, but–now that companies are facing the effort and costs of
implementation–there is backlash leading to an effort to get Congress to change
the law. According to this story, there is a significant lobbying effort
underway, led by the US Chamber of Commerce and others, to make
"technical corrections" to SOX.
There is a related story in today’s online edition of Business Week Online,
Dream of Simpler Accounting," bylined by Amey Stone. Stone’s
article covers a speech given by Don Nicolaisen, the Securities & Exchange Commission’s accounting chief,
at the New York State Society of Public Accountant’s conference yesterday.
Nicolaisen’s speech focused on his desire to simplify accounting rules by
moving away from detailed prescriptions to an approach based more on adherence
to principles. (One of the problems with very detailed rules is that they
can encourage companies to "game" the system … finding ways to skirt
the edge of ethics and of sound accounting principles while still technically
staying within the bounds of the rules. Another problem, of course, is
that detailed rules, universally imposed, can be onerous for many companies,
particularly mid-sized companies.) But, as Amey Stone reported in her BW
article, Nicolaisen’s speech on principles soon devolved into a defense of the
very detailed rules associated with Sarbanes Oxley. Nicolaisen reported
that he hears a lot of "noise" about Section 404 compliance.
I’d love to get a discussion going with some readers here as to whether SOX
is onerous and too detailed, or whether it is a necessary step in the direction
of guaranteeing standards of internal control over financial reporting.
But, apart from that discussion, it seems that, for many companies, Sarbanes
Oxley is JUST about compliance, rather than about making an investment that will
pay off in improved performance.
"Compliance" just means that you have followed the rules and can be
(relatively) free from fear of sanctions and penalties. But internal
control can be so much more than that. It can be about improved processes,
increased efficiency, and more effective governance. When companies talk about
"compliance" initiatives, does that imply that they are more focused
on avoiding the negatives than on seeking return from the positives?