Wall Street enforcer
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
The Sarbanes-Oxley Act (SOX) was a gut reaction to Enron, WorldCom and Arthur Andersen. Paul Sarbanes and Michael Oxley formualted the most far-reaching US securities legislation in several decades.
The Sarbanes-Oxley Act (SOX) was a gut reaction to Enron, WorldCom and Arthur Andersen. Following the financial scandals that brought these companies to their knees, US Senator Paul Sarbanes and US Representative Michael Oxley drafted a bill whose intention was to protect investors by improving the accuracy of corporate disclosures. They formualted the most far-reaching US securities legislation in several decades.
Although its primary focus is on American companies, SOX has as one of its stated purposes the extension of US law and the regulatory authority of the US Securities and Exchange Commission (SEC) to cover the activities of foreign corporations registered on US stock exchanges. The SEC is already demonstrating renewed vigour as the recent sharp increase in foreign enforcement cases started by its staff shows: Allied Irish Bank (Ireland); Lernout & Hauspie (Belgium); Livent (Canada); Montedison (Italy); Paracelsus (Germany); Tyco (Bermuda); UBS PaineWebber (Switzerland).
| ||
IT plays a big part in enforcement and the Act specifically demands affected companies document the IT controls they have in place to ensure compliance. Affected European companies have until July 2005 to comply or find themselves excluded from US stock markets. Digby Jones, director of the Confederation of British Industry, has suggested as many as 20 British companies may de-list as a result of SOX.
Section 404 of SOX particularly focuses on IT. It is primarily concerned with the integrity of the information on which auditors' reports are based, with implications for the systems underlying this information. That has been underscored by the fact that any failing in the integrity of this information can mean hefty sanctions or even jail for the corporate officers signing off on the accounts. The fact that the EU's Eighth Directive - which seeks similar audit and reporting standards - excludes the SOX-style knock-on provisions that could see company directors jailed or fined, is giving rise to speculation that Europe's own SOX-like act is just around the corner.
The response to SOX has been mixed. Many companies complain that the costs of implementation are too onerous. The rule of thumb that has evolved is that companies spend on average $500,000 - and as much as $1 million - on compliance efforts for every $1 billion in revenue.
A survey by PwC found that 20% of directors believed SOX has created an environment where management is so distracted by compliance issues that company performance is being affected. Many do not deem such a sacrifice worthwhile: only half think Section 404 internal control reporting requirements will improve the quality of their company's financial statements and 44% think Section 302 (which entails certification of financial statements by the CEO and CFO) will make a difference.
A lobbying group of Forbes 100 company directors says the Act is great for the accounting industry but bad for everyone else. Nevertheless, comply they must - with massive ongoing implications for the IT department.
