In 2002, Congress enacted the Sarbanes-Oxley Act, often referred to as SOX. The purpose of SOX was to restore investor confidence in the U.S. capital markets after several well-publicized corporate scandals rocked the investing world and left shareholders billions of dollars short.
The implementation of SOX yielded mixed reviews and strong reactions. It was almost universally agreed that SOX had improved corporate governance and the behavior of boards of directors regarding their fiduciary responsibilities. Management also acknowledged that it made them more vigilant about their internal control systems and ultimately a better company.
The negative reviews predominantly related to the cost of compliance with Section 404 of SOX, which directs management to assess the effectiveness of their internal control system. For small public issuers, the cost of compliance was simply out of whack with their market capitalization and/or revenues. An example of this was a biotechnology firm that had raised a mere $4 million in the capital markets in a particular year and had to spend 1 million of those dollars, or 25 percent, to comply with Section 404 of SOX. This is a perfect example of Congress’ famous “unintended consequences.”
In 2006, I joined with some of my colleagues to engage in what we termed a “Sarbanes-Oxley tour,” which included meetings with public companies and business associations in Washington, D.C., and around the country. This tour included meeting with organizations such as the U.S. Chamber of Commerce, the Biotechnology Industry Organization, member companies of Nasdaq, the New York Stock Exchange and the Chicago exchanges, the Institute of Management Accountants and technology firms, among others. Those meetings confirmed two issues: 1) The cost of compliance for small public companies was prohibitive; and 2) The regulations regarding implementation for both management and public auditors were too vague.
The result of the latter was that public auditors, in an effort to protect themselves from major liability (as high as the market capitalization of the company audited), were being overly thorough in their audits, which contributed to driving up the price. Even large public companies that could easily absorb the cost of Section 404 compliance were concerned about the lack of clarity in regulatory directives. Before the end of the 109th Congress, Rep. Tom Feeney (R-Fla.) and I authored the Competitive and Open Markets that Protect and Enhance the Treatment of Entrepreneurs Act of 2006, which we have reintroduced in the 110th Congress.
The COMPETE Act was written to reform three elements of the existing SOX law: 1) To provide clarity and relief to the current implementation of Section 404 by making it a risk-based and top-down audit. I want to avoid more stories like the company official who came into my office and discussed how her external auditors spent as much time reviewing her coffee fund as they did her money wire transfers. 2) Provide external auditors with greater leeway to rely on the work of others who have already reviewed the internal controls including management’s attestation and — for regulated companies like banks — the work of federal and state regulators. 3) Create more opportunities for tier-2 and tier-3 companies to form coalitions or partner with tier-1 companies to increase the number of auditing firms available to serve the Fortune 1000.
When introduced in the 109th Congress, I was under no foolish illusions that then-Sen. Paul Sarbanes (D-Md.) or then-Rep. Mike Oxley (R-Ohio) were prepared to amend the legislation that would be their legacy. However, both were retiring at the end of the 109th, giving the new Democratic leadership of the 110th Congress an opportunity to take its own look. Although the legislation is not moving at this time, there is plenty of progress on the reformation of SOX implementation.
On May 23, 2007, after numerous meetings and round-table discussions with stakeholders such as businesses and policymakers, the Securities and Exchange Commission approved interpretive guidance that would allow management to comply with Section 404 by focusing its assessment on those internal controls that best protect against material errors on the financial statements. This guidance is critical if management is going to avoid the need to assess systems that count paper clips and pencils.
This announcement was followed on May 24 when the Public Company Accounting Oversight Board, a government agency created by SOX to oversee the public auditing industry, voted to adopt Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That is Integrated with An Audit of Financial Statements, to replace its previous internal control standard, Auditing Standard No. 2.
I have no idea what auditing standards 3 or 4 are or what happened to them. I only hope that 5 becomes the lucky number in auditing standards.
The new standard directs auditors to focus on areas where a weakness in internal control will fail to prevent or detect a material misstatement in the financial statements. It directs auditors to eliminate procedures that are unnecessary to achieve the aforementioned goal, and perhaps most importantly, it is scalable for smaller companies and even less complex units of larger companies.
A significant element of the guidance offered by the SEC and PCAOB is that it was done with the understanding that the guidance given to both management and the auditors had to be in sync with each other. An oft-repeated complaint by public companies was that the guidance given to management by the SEC, and to auditors by the PCAOB, was incongruous, leading to conflicting objectives in assessing the internal controls. Hopefully, this new guidance will have them rowing in the same direction.
Why have I made this regulatory issue a cornerstone of my legislative efforts? For the same reason that I sponsored the Small Cap Competitive Markets Act and the Business Traveler Facilitation Act: to make sure that American business and American capital markets maintain their global pre-eminence. As stated in the report titled “Sustaining New York’s and the US’ Global Financial Services Leadership” by Sen. Charles Schumer (D-N.Y.) and New York Mayor Michael Bloomberg, “The U.S. generates more revenues from financial services than any other region, but once again, the rest of the world is challenging that leadership in the hotly contested investment banking and sales and trading markets.”
In its assessment of the trend of the regulatory framework in the United States, the report states, “Regulations to implement the legislative requirements of the Sarbanes-Oxley Act of 2002 (SOX) are a good example. They are universally viewed by CEOs and other executives surveyed as being too expensive for the benefits of good governance they confer. Consequently, SOX is viewed both domestically and internationally as stifling innovation.” As a policymaker, it is part of my responsibility not only to make law, but to alter or even restrict laws that negatively affect the best interest of America.
We won’t know if the guidance offered by the SEC and the PCAOB will have the desired effect until next year when companies begin their internal control assessments and undergo their audits. It is my sincere hope that the regulatory changes will make my legislation superfluous. However, if they don’t, the COMPETE Act will be waiting in the wings.
Rep. Gregory Meeks (D-N.Y.) serves on the Financial Services Committee.