WASHINGTON, July 30 (UPI) -- For U.S. public companies, complying with the new corporate governance rules of the Sarbanes-Oxley Act has been about as unpleasant as doing one's taxes -- it's hard, it's a pain, it takes a lot of time, and sometimes help is needed. Oh, and there's also a due date, which needs to be met -- or else. For many companies, that date is November 15: less than 4 months away.
So, just like tax experts seem to spring up everywhere at tax time to capitalize on frustrated tax filers, vendors have gone into a feeding frenzy as they try to capitalize on Sarbanes-Oxley (SOX). But an armload of products isn't the only thing businesses need to comply -- they also need to make sure their companies' compliance systems are really working by being aware of and following up on complaints or problems before they get out of hand, an industry expert told United Press International.
July 30 marks the second anniversary of the SOX act's passage. In light of the Enron and WorldCom corporate scandals, it is meant to better inform stockholders about the financial condition and transactions of publicly traded companies. The law imposes stringent new compliance and disclosure rules upon companies.
Punching in 'Sarbanes-Oxley compliance' on one search engine, generated 241,000 hits for this reporter -- many of them for firms advertising various SOX-related talents for sale.
There are companies offering products and services such as financial software, guidebooks, seminars, management presentations, ethics training courses, whistleblower complaint-reporting systems, and outsourcing services for SOX-related work. Links and sites often contain forbidding phrases meant to catch the eye of frightened CFOs.
"Get 'IT' Wrong and Go to Jail," warns research and analysis company Gartner.
"The Sarbanes-Oxley Act of 2002 requires management to make a written assertion stating their responsibility for establishing and maintaining an adequate control structure and procedures for financial reporting. Are your processes ready?" warns staffware.com.
But all this software, etc. may not be the solution. Some companies simply aren't doing enough to make sure they're actually in compliance, lawyer Bryan House, a partner with the Foley and Lardner law office in Washington, D.C., told United Press International.
Sarbanes-Oxley specifically says that boards and audit committees can retain legal counsel and other experts as needed -- something, House said, that's more important now that courts have raised the bar for companies who defend their actions in court with the "business judgement" or acting in good faith, rule.
"Years ago it was thought by boards and directors that it was enough to have compliance procedures in place -- that was all that was expected at that time, but that's not good enough any more", House said.
In one well-publicized example of this, Walt Disney chief executive Michael Eisner had Walt Disney's board approve a $140 million dollar severance package to get rid of Michael Ovitz, who was president for a very brief time. "Shareholders stood up and said, 'Why are we paying this guy $140 million dollars just to leave?'" House said.
"The court looked at the allegations (against Disney) and determined the board hadn't done anything (such as retaining legal counsel). In recent years you can't just say we made a reasonable decision under these circumstances," House said. "You have to show what you did as board members, what information you looked at, and whether you had experts assist you in your review. Then you have a much better chance of defending the case under the business judgment rule."
Other problems are that some companies are still not responding properly to complaints from whistle-blowing employees, and some are not giving enough information to audit committees about how to monitor the company's compliance. "It's more of a 'we'll deal with it when it happens,'" attitude, House said.
The right way for companies to deal with SOX is to set up calendars or checklists with compliance goals for the year, he said -- "when the audit committee's going to meet, who's going to speak, what compliance issues are going to be dealt with and by whom -- that way things aren't falling through the cracks and you're not being so reactive you're being proactive," he said.
