THE IMPACT OF THE SARBANES–OXLEY ACT ON CORPORATE GOVERNANCE (STUDY OBJECTIVE 6)
As you consider the many instances of change in the corporate governance process that have resulted from the Sarbanes–Oxley Act, bear in mind the functional context that was introduced earlier in this chapter. As a reminder, the four functional areas of corporate governance include management oversight, internal controls and compliance, financial stewardship, and ethical conduct. Each of these is revisited next.
Management oversight. The Act changes management's focus from one of strategic decision making and risk management to overall accountability. With the requirement for signed certifications of financial information, members of upper management must now be knowledgeable about many details of the organization. In the past, managers were rarely well versed on operating statistics and financial details of the company, as these types of responsibilities were often delegated to subordinates.
With the introduction of the PCAOB into the realm of management oversight, the board of directors and audit committee are also more accountable. The changes brought about by the PCAOB are significant in comparison with the public accounting profession's history of self-regulation. The Act put an end to the times when members of the board of directors could be mere figureheads, as they are now held accountable to a variety of stakeholders. In particular, the audit committee's new role places it in a unique position within the domain of management oversight. As the point of contact on financial matters, the audit committee serves as the supervisor of the board of directors. Similarly, the board of directors serves as the supervisor of corporate management. Exhibit 5-3 illustrates the management oversight relationships established as a result of the enactment of Sarbanes–Oxley.
Overall, business leaders at all levels have increased responsibilities as a result of Sarbanes–Oxley. They must be more knowledgeable about accounting principles and the company's financial systems. In addition, the requirements for management certification of financial information and the rigid penalties for noncompliance have had a tremendous impact on the attitudes of corporate managers. Their jobs carry significant risk. The days of being able to plead ignorance are gone, as today's financial reporting era demands more responsibility and accountability.
Internal controls and compliance. The Act has forced companies to comply with a wide range of management and financial reporting requirements. This creates a lot of extra work for accountants, IT departments, and executives. More paperwork must be prepared, retained, and filed with the SEC and more timely information is required. In order to comply with this provision, it is essential that every public company have in place financial reporting systems which can provide current information, in real time, concerning its operations and financial condition.
Section 404 requires companies to monitor their systems to determine whether weaknesses exist in internal controls. The company's response must be to establish tighter controls, especially where temptation for fraud is greatest. Many companies are making changes in their IT systems and in their workforce in order to improve their controls. Testing is required to make sure that company objectives are being met and that a transparent way of preparing and disclosing financial information is in place. Strict internal control procedures and consistency in reporting have never been more important.
Exhibit 5-3 The Chain of Management Oversight for Corporate Financial Matters
Strong internal controls allow top managers to be in a better position to handle their responsibilities regarding executive certification. Tight controls enable them to answer questions about operating details with which they may not have previously been familiar, including questions such as “Can you monitor supplier performance?” “Do you know precisely where the company's money is being spent?” and “Who is notified when a contract is violated?”
A substantial side effect of compliance with these sections of the Act is the huge increase in the amount of accounting information required of public companies in order to support the reporting requirements. Some companies are compiling enough paperwork to fill bookcases with binders containing the documentation that describes and tests the company's financial systems. In addition, there are strict requirements for retaining these documents. Accordingly, the corporate associates who are responsible for the development and maintenance of the underlying accounting information systems have become increasingly important.
Financial stewardship. The Act has caused many companies to take a deeper look at their policies and procedures that govern corporate conduct, including the attitudes of management toward fulfilling their fiduciary duties to the shareholders. The introduction of the PCAOB and increased responsibility of the audit committee have put greater pressure on managers to demonstrate their accountability to shareholders. Training programs are on the rise in an effort to reinforce these responsibilities. In addition, in order to enhance accountability, some companies have adjusted their management incentive compensation packages so that the temptation for managing earnings is reduced.
Ethical conduct. The overall goal of the Sarbanes–Oxley Act is to improve ethical conduct. Nearly every title and section within the Act ties to the company's foundation of ethical behavior. Some specific changes that have not been previously mentioned with respect to the other corporate governance functions include increases and improvements in the following areas:
- Codes of conduct
- Performance evaluation models
- Communications
The costs of complying with the Act are high. Many companies have been faced with the challenging task of changing operations in order to comply with the provisions of the Act. Even those companies who had some of the “best practices” in place prior to the enactment of Sarbanes–Oxley have found it time-consuming and expensive to comply with the Act's documentation and reporting requirements. In addition, audit costs have increased as audit firms have had to hire more auditors to keep up with the Act's demands. Although many of the costs tend to decline over time, the higher costs of the annual audit persist.
THE REAL WORLD
Guidant Corporation, part of Boston Scientific and Abbott Laboratories, is a multi-billion-dollar manufacturer of pacemakers, defibrillators, and therapeutic devices used in the cardiovascular health care industry. With dozens of worldwide locations and thousands of employees, Guidant expended a significant amount of resources in order to meet the requirements of the Sarbanes–Oxley Act. Most of the effort and expense was related to preparation for the internal control certifications required by Section 404.
Guidant used a process-owner strategy to address the demands of Section 404. This means that employees and managers who are responsible for the various business processes were also held accountable for the documentation and testing of those processes. This approach involves many people throughout the company. In addition, consultants were hired to coordinate the project and assist with training and technical inquiries.
Even though Guidant used its own employees to prepare the internal control documentation and perform the testing, and even though no new computers were purchased, the costs of the project were still significant. Guidant's first-year costs of complying with the Act included approximately $200,000 in consulting fees, an 80 percent increase in audit fees, and over 28,000 employee hours (including the hiring of two full-time professionals).5
Whether the increases in cost are worthwhile and whether the Act will be effective at deterring fraud are yet to be seen. Many accountants and corporate leaders have criticized the extreme requirements and minimal benefits of the Sarbanes–Oxley Act. Opponents claim that it was enacted hastily in response to a few bad cases of corruption that are not necessarily representative of America's corporate control environment as a whole. They warn of the negative consequences that may result when management shifts attention from the company's big, strategic issues in an effort to fulfill the Act's detailed requirements.
On the other hand, many supporters of the Act argue that it provides a necessary opportunity to enhance performance by improving controls and visibility and reducing risk. Although costly, it can provide value in terms of increased efficiency, decision making, public confidence, and ultimately, overall business performance. Indeed, many of these companies report increased confidence in the value of the Act. These proponents tend to believe that the benefits have been realized gradually as the company increased its awareness of internal controls and streamlined its business processes accordingly.