Join 3,559 readers in helping fund MetaFilter (Hide)


Is Sarbanes-Oxley Working?
August 27, 2005 1:30 PM   Subscribe

Focus and anger already shifting away from 'Big Business' again... Thanks to scandals such as Enron, new laws such as the Sarbanes-Oxley Act were passed to improve 'corporate responsibility' and 'accuracy'. Is it working? Most businesses are calling foul saying that the law is actually an expensive and worthless record keeping exercise. IT departments seem to agree . And then there is that whole password issue. The news isn't all bad . And, a cottage industry has popped up to fill the void of non-compliance. But, as the cost keeps rising and the return on investment isn't clearly defined, can this law survive?
posted by UseyurBrain (29 comments total)

 
I agree that it's a huge timewaster. I work at a company that has only 30 employees, and therefore only one financial controller and an assistant. For the last 5 months, he has been audited by external Pre-Sarbanes-Oxley checkers, internal Sarbanes-Oxley checkers, and then the real Sarbanes-Oxley (SOX) checkers. Consequently, employees at the company haven;t been given any kind of service - my health insurance and pension have not been set up, and any financial queries we have simply don't get answered. On top of that, the SOX checkers come to all the employees and for the best part of three days in total we've had to check where pieces of paper come from and answer irrelevant questions. And it starts again in 6 months time!
posted by wibbler at 1:53 PM on August 27, 2005


Change will come, yet like most regulatory schemes the change will likely come slowly and piecemeal. Some of the more onerous record keeping provisions will likely be trimmed soon but core tenets such as requiring reporting of suspected malfeasance up to the board will likely not go away.
posted by caddis at 2:01 PM on August 27, 2005


The most interesting point I found among these articles is that many companies are considering the return to being private.
posted by mischief at 2:03 PM on August 27, 2005


I work at a company with a little over a hundred employees. Most of SOX is a complete waste of time for us, but a bit of it will actually improve our procedures.

I say we scrap SOX and pass some laws that address the cost-benefit disparity in corporate crime. Let's start by making the minimum fines on corporate crimes double the income made from the crimes.
posted by scottreynen at 2:30 PM on August 27, 2005


I favor a more pragmatic approach. You can make the entire thing self enforcing pretty easily. The executives of corporations are paid millions of dollars becuase they are supposed to be these supreme uber-beings who's skillsets are so rare that they merit more than 600 times the amount paid to the lowest paid workers. If they're that impressive then *any* corporate crime must have taken place with their full knowledge and agreement. Thus if we catch a company doing something illegal we simply calculate the amount stolen, sieze & sell the property of the board of directors to repay the amount stolen, then ban the entire board from a) ever holding a management position with any company ever again, and b) from owning stocks, bonds, futures, etc. They've proven that they can't be trusted with that power, so we prevent them from holding that power.

Since they're so incredibly skilled that they deserve more than 600 times what a janitor earns it shouldn't be too much to expect them to keep the company from comiting crimes, or their own fellows from stealing. And, if they aren't that skilled, then obviously they've been overpaid all this time and the stockholders will be greatful that these overpaid incompetents have been prohibited from running companies. They'll police their own companies far more ruthlessly than the government ever could because otherwise they'll loose their bloated salaries.
posted by sotonohito at 2:46 PM on August 27, 2005


Consequently, employees at the company haven;t been given any kind of service - my health insurance and pension have not been set up, and any financial queries we have simply don't get answered.

Why donsn't your company just outsource this stuff? My company (15-20 people) has an outside contracter to deal with all of that. Why would you want an in-house person to deal with health insurance?

Also, my company makes network security products, and crap like SOX and especialy the monster HIPPA are cash cows for us.

Via mandated beurocracy!
posted by delmoi at 2:59 PM on August 27, 2005


sotonohito: I agree. Due process is for fags.
posted by delmoi at 3:01 PM on August 27, 2005


SARBOX has its indirect impact on private companies too. Mid size private companies or companies returning to private from public ownership often have syndicated their debt accross multiple lenders. CYI Bankers faced with thier own regulatory concerns now require the larger accounting firms be used for audits. Since big accounting firms all short of people the service is terrible and the cost more than it should be.

It's a boon for accounting industry though. Much interest at biz schools these days moving towards degrees in accounting.
posted by WoodChuck at 3:18 PM on August 27, 2005


Thus if we catch a company doing something illegal we simply calculate the amount stolen, sieze & sell the property of the board of directors to repay the amount stolen,

Board members are not necessarily paid very much.

A director on the board of Walt Disney Company gets $65,000 a year plus $15,000 in stock (of which they can only sell half while still on the board) plus $15,000 in reimbursements for using company products, entertainment, or properties. Members of the board who are also executives in the company (several) receive no additional compensation.

Admittedly good pay for the amount of time spent, but hardly millions of dollars. More like 5 times the amount of a janitor.
posted by obfusciatrist at 3:23 PM on August 27, 2005


"obfusciatrist" - that would be a person who obfuscates, that is, who confuses the issue in order to hide the truth?

Obviously, not all CEOs are paid hundreds of times the hourly rate that an ordinary worker receives. You claim Walt Disney's execs are not, and I don't know if that's true or not. But clearly, the fact remains that many, probably most, so-called "senior executives" are grossly overpaid, while the workers are grossly underpaid, due to the basically corrupt, nepotic system called 'capitalism'. And it stinks.

And it's getting steadily worse, due to the 'race to the bottom" which is, again, the predictable result of capitalism itself.

delmoi: sotonohito's (perfectly reasonable) point is that we could pass a law to mandate the penalties he suggests for the crimes (or criminal incompetence) he mentions. There's no reason why it should be incompatible with due process of law.
posted by cleardawn at 4:25 PM on August 27, 2005


I almost forgot to mention, in the interests of intelligent debate:
"delmoi is a fag".

posted by cleardawn at 4:27 PM on August 27, 2005


The intended "return on investment" from Sarbanes-Oxley is pretty clear.

As long as a significant number of people continue to be fooled into the idea that US capitalism is a fair, reasonable, secure, intelligent way to invest time and money, then the rich will continue to make huge profits, and everyone else will continue to get poorer, working longer and harder hours, with fewer benefits and less security every year. That's ROI right there.

That's why so many companies don't mind spending so much time on S-O compliance that they hardly seem able to find time to do anything else.

Because if the public trust in US capitalism - what little remains - continues to fall, then the rich are going to be asked to change the system. They might even be asked to share some of the wealth they've ripped off over the years.

And that must be avoided, at all costs.

That's the whole purpose of Sarbanes-Oxley, and, indeed, of the Republican Party, and much else besides.
posted by cleardawn at 4:46 PM on August 27, 2005


You claim Walt Disney's execs are not, and I don't know if that's true or not.

I claimed no such thing. The post I was quoting equated executives with the Board of Directors. They're different things (though there is frequently some overlap).

Executives are very much over compensated. Directors may or may not be overcompensated, but not on the scale of CEOs. Also, the responsibilites of Directors are different from Executives.

Disney executives are way overcompenstated and if fraud or other illegal activity happened I have no problem with assuming some culpability on their part, regardless of what they actually knew. The BOD, not being responsible for the day-to-day running of the company I give a bit more benefit of the doubt to in terms of them being unknowing victims of internal fraud.

"obfusciatrist" - that would be a person who obfuscates, that is, who confuses the issue in order to hide the truth?

No that wasn't the way it was meant when I made up the word a decade ago. The "iatr" part is key.
posted by obfusciatrist at 5:21 PM on August 27, 2005


As long as a significant number of people continue to be fooled into the idea that US capitalism is a fair, reasonable, secure, intelligent way to invest time and money

But SOX compliance requires changes that effect nearly everyone employed by a publicly owned company, mostly in ways that are just silly. Everyone I know has become more jaded about how fair, reasonable, and intelligent our economy is as a result of SOX, which is exactly the opposite of the effect you've described as the goal.
posted by scottreynen at 5:25 PM on August 27, 2005


Cringely presents a very disturbing scenario based on SOX.
Imagine your bank is a medium-sized publicly traded bank headquartered in the U.S. midwest with a national charter (that is, regulated by federal, rather than state, banking authorities). Now imagine your bank is not in compliance with Section 404 of Sarbanes Oxley. Section 404 requires as part of the regular audit process that the bank's accounting firm (generally one of the Big 4) certify whether or not the bank is Section 404 compliant. Accounting firms, having paid billions in penalties recently for overlooking accounting errors at companies like Enron and Tyco, aren't going to be lax about this provision. If the bank isn't Section 404 compliant, which means they haven't applied sufficient internal controls to data, the auditors will report that.

Now what?

Well, if your bank isn't in compliance (many won't be), they'll have to very quickly get in compliance. They'll also have to pay a fine and perhaps one or more officers of the bank will do some time in prison. Really.

But there is a funny thing about banks, and that's the way they are regulated and controlled, which makes possible a very different outcome in the case of a Section 404 violation. Technically, the bank can't even continue to operate, because the legal definition of a bank is as a compliant organization. So a very real possibility is that your bank will be forced to merge with another bank that IS in compliance.

That's the new scam. Big banks with sophisticated IT operations are going to appear at the doors of smaller, less sophisticated, banks literally demanding the keys. They'll take over the building, the tellers, and of course the deposits for a price tag that may well be zero.
posted by Aknaton at 6:21 PM on August 27, 2005


The SOX department in my company reports directly to the board of directors. That makes them VERY powerful and impervious to any normal channel of reasonable debate. Example:

We switched to a data warehousing system that was SOX compliant, but no longer allowed the type of querying that was needed. When the people outside the SOX group asked to have the access to do those types of queries they were told it was not SOX compliant and therefore not allowed. So then, doing business isn't the top priority anymore and if you have a problem with that go to the board of directors and complain.

Wow, a whole new department of untouchable people. Where do I sign up for that?

Of course during the latest in a long series of SOX audits the auditor asked for a laundry list of information that I had to tell him was no long allowed to be queried due to...you guess it...SOX. It was VERY satisfying to say that to the smug bastard.

And I keep asking myself, would harassing some schmuck like me about passwords and query rights have kept Enron from happening? Hell no!
posted by UseyurBrain at 7:25 PM on August 27, 2005


And damn, so many 'security experts' are fucking clueless about what makes passwords secure. If you want a secure, easy to remember password, make it a sentence. A famous movie quote works well too.

This password: stupidnonalphapasswordrequirements

Is infinetly more secure than this one: QpR4#p1Z

Plus, you can actually type it, much less remember it, not being unintelligible gibberish and all. Besides, each additional charachter in a password effectively doubles the amount of time to crack it (not including dictionary attacks, which don't work on words stuck together). All the random capitalization, numbers, and goofy characters don't make a password more secure if it's short, much less written down.
posted by blasdelf at 8:51 PM on August 27, 2005


I read that Cringely article too, and I hope to god that it's as likely to happen as most of his proposed scenarios.
posted by blasdelf at 8:52 PM on August 27, 2005


My company (15-20 people) has an outside contracter to deal with all of that...

If your company has 15-20 people, I'd guess that it's not public.

And, of course, for those who loathe the corporatization of America, SOX ought to seem wretched. It imposes a tax that falls almost exclusively on the small firm, and represents an enormous barrier to entry and deadweight drag throughout the economy.
posted by Kwantsar at 9:09 PM on August 27, 2005


Sorry, I should have said "executives" instead of "board of directors". Whoever is really in charge of the company.

delmoi: how is this incompatiable with due process? I'm only proposing penalties for companies found, by a court of law using due process, guilty of crimes. I simply wish to eleminate the totally bogus "I run the company, and my mad 133t corporate 5ki11z are worth so much I get paid millions, but somehow I was *totally*unaware* of X". Screw 'em, if they're supposed to be so badass they're worth millions, they should be awere of what's happening. Take their assets to repay the people they robbed, and ban them for life from being involved with business.

Let's do it even better: add 10% to the value of what they stole and use it to establish a whistleblower fund. Anyone, executive or lower ranked employee, who provides information leading to a conviction of a corporation gets 10% of what the corporation stole as a reward for his honesty. That way no executive can try to get others to go along with a plan to steal from the company, how can he know his "comrades" won't turn him in and pocket the reward? For that matter, how many secretaries at Enron knew what was going down, but didn't dare speak out because they were afraid of not only losing their jobs, but being blackballed for doing the right thing? 10% of what Ken Lay and the rest of the slime at Enron stole is enough to keep Joe Average set for life.

I'd also be in favor of establishing a group of elite government accountants who are empowered to randomly inspect the books of any corporation at any time they choose. Keep it fair by having a computer randomly select corporations for them to audit. Corporations are not people, they don't have rights. Obviously you'd need a warrant to inspect the books of a person, the Fourth Amendment guarantees that, but corporations aren't people.
posted by sotonohito at 6:03 AM on August 28, 2005


Speaking as someone who is going to spend a Sunday afternoon looking at SOX documentation (I work for one of the Big Four) I would like to see it swiftly despatched. Not sure how the partners would feel about that though...

People dont like external auditors at the best of times but you should see their faces when you question them regarding SOX.
posted by ClanvidHorse at 7:37 AM on August 28, 2005


sotonohito-- I'm glad to see you're a pre-law student. I'd like to introduce you to corporate personhood. Also, it's too bad that you have no idea whatsoever what corporate managers do.
posted by Kwantsar at 9:11 AM on August 28, 2005


I'm familiar with the concept. I just think its total BS. If corporations are people, then why don't they get to vote? Why can a corporation younger than 21 purchase alcohol?

Allowing corporations to sue, and be sued, makes sense, but declaring that they are somehow people is just plain idiotic. I'm getting into law for political purposes; that is I seek to chagne the law where it is foolish, and it is foolish here.
posted by sotonohito at 9:46 AM on August 28, 2005


I'm familiar with the concept. I just think its total BS.

Riiight.

I'm getting into law for political purposes; that is I seek to chagne the law where it is foolish, and it is foolish here.

Fantastic. Another mountebank (with no idea how the world works) with a hard-on for power.
posted by Kwantsar at 10:06 AM on August 28, 2005


I'd also be in favor of establishing a group of elite government accountants who are empowered to randomly inspect the books of any corporation at any time they choose.

I'm pretty sure this already exists in the form of the SEC (for publicly related companies) and the IRS. Though I have no real idea how l33t their accountants are.
posted by obfusciatrist at 11:22 AM on August 28, 2005


Cringely is an idiot.
posted by delmoi at 11:58 AM on August 28, 2005


Kwantsar: That's right, because we all know that its absolutely essential that the Ken Lays of the world be allowed to steal from their employees with no significant penalties. You've convinced me. Corporations are people, money is speech, and its extremely important that the elite of society are not subject to the same rules that everyone else is, after all that'd be punishing them for their success.
posted by sotonohito at 4:23 PM on August 28, 2005


we all know that its absolutely essential that the Ken Lays of the world be allowed to steal from their employees with no significant penalties.

Straw man much? He will be prosecuted under pre-SOX Fraud statutes. The longest prison terms facing Lay come from the four banking charges carrying 30-year penalties each. These four charges allege he lied to banks about how he intended to use $75 million in personal loans.

And corporations are certainly collections of people, no?

Of course, there is no convincing you, because you're an ideologue and a less-than-skillful sophist.
posted by Kwantsar at 4:40 PM on August 28, 2005


I should know better than to try to argue with someone who chose a username so similar to quansar's. Bye now.
posted by sotonohito at 5:28 PM on August 28, 2005


« Older Did the Devil bury dinosaur bones to trick people?...  |  In the First Person... Newer »


This thread has been archived and is closed to new comments