Sarbanes-Oxley: How It Is Actually Affecting Businesses

With some time to evaluate the real cost of the Sarbanes-Oxley Act, businesses are realizing the direct and indirect cost of this legislation to their businesses. They must comply with the provisions of the law by prescribed deadlines or face fines from the Federal government. Their overhead costs have been increased, not to support the needs of business activities, but to satisfy the requirements of a Federal law. Additionally, an unexpected consequence of the law has been to adversely affect the willingness of highly qualified current and potential members of Boards of Directors to continue their involvement on the Boards.

November 15, 2004 was the deadline for certifying financial controls under the provisions of the Sarbanes-Oxley Act of 2002 (SOA). According to PricewaterhouseCoopers, the third-largest accounting firm in the United States, 80 percent of the 700 client companies which it surveyed were either struggling to meet or would probably miss the November 15th deadline for certifying financial controls. The poll found that 20 percent will probably meet the deadline, 70 percent are behind in work to meet the deadline and 10 percent are at “serious risk” of being unable to certify that their financial controls are effective as required by the Sarbanes-Oxley Act. The law, passed to tighten financial reporting, requires companies to have internal financial controls – systems that monitor and verify functions like payroll, inventory and sales – certified by outside auditors. (1)

The law requires CEO/CFO certification of quarterly and annual reports, as well as placing new regulations on external auditors. SOA also changed the responsibility and liability exposure of the Boards of Directors of publicly traded companies. The external auditor now must report to the Audit Committee of the Board of Directors. The Audit Committee is now required to have a “Financial Expert” and it is subject to the compliance procedures established for the Audit Committee. Additionally, all audit and non-audit services by the external auditor must be pre-approved by the Audit Committee. (2)

The internal audit function is elevated in importance, particularly after passage of the Sarbanes-Oxley Act (SOA). Internal audit officially reports to the board of directors’ audit committee but is a part of the day-to-day management team. They are different and separate from the external auditors but have a role in supporting them. (3) The expansion of the internal audit responsibility has added staff to most corporations and cost to the shareholders EPS, as a result.

The impact on the Boards of Directors has been profound. The results of SOA seem, unintendedly, to be weakening the quantity and quality of willing board members at a time when to do so is extremely counter-productive. Most boards are not equipped to take on the compliance burden imposed. To comply with the new requirements, boards must have resources that were not previously needed to discharge the duties of protecting stockholder interests. Whistle blowers must be afforded protection from retribution, and that burden also falls on the Board of Directors to assure that it actually happens. Under SOA, it is much harder to recruit board members because of the increased scrutiny and accountability. Board members who have the ability to really help a company are, by and large, not motivated by the money involved. They want to contribute to the success of a company, and are not necessarily willing to get involved in the new personal liability and federal oversight issues now associated with board membership. (4)

As foreign-held, publicly traded businesses, operating in the United States, become subject to the provisions of SOA, the further financial impact can be assessed. A year ago, senior executives at U.S. multinational companies were divided about the cost of complying with the Sarbanes-Oxley Act of 2002. At that time, 56 percent of surveyed executives said initial compliance with Sarbanes-Oxley was not very costly for their company, while 44 percent said compliance was at least somewhat costly. According to the survey, 76 percent of the expected cost of Sarbanes-Oxley compliance was for added internal resources, and 24 percent for external assistance. A majority of executives listed several aspects of compliance as being at least “somewhat costly,” including: documentation (mentioned by 74 percent); legal requirements (72 percent); detailed policy development (65 percent); self-assessment (62 percent); attest requirements and certifications (59 percent); and staff training (56 percent). Only 41 percent cited the cost of new tools and technology. (5)

Over the next several years, the true costs of SOA compliance, both direct and indirect, will become more apparent. It will be of interest to see if the shareholders, who were supposed to be the primary beneficiaries of this added oversight, believe that their interests are being well served by the provisions of SOA, and the burdens which it imposes on corporations with no demonstrated history of deficiencies in corporate governance.


NY, November 12, 2004

(2) Sarbanes-Oxley presentation to NC State COM students by Sue Hardison, Progress Energy , October 19, 2004

(3) “Managing Internal Auditing in a Post-SOA World,” The Journal of Corporate Accounting and Finance, 15 (4): 41-45 (June 2004)

(4) Dennis Jones, former FedEx CIO, speaking to a Graduate Strategic Management class at NC State University, November 11, 2004

(5) PricewaterhouseCoopers Management Barometer, July 1, 2003