Sarbanes-Oxley Costs Exceed Benefits 371
coondoggie writes "Two years of compliance with the Sarbanes-Oxley Act (SOX) have shored up corporate accounting practices - but with lopsided costs compared to benefits gained.
Bill Gradison, acting chairman of the Public Company Accounting Oversight Board (PCAOB), said that guidance the SEC issued last year and PCAOB's latest auditing standard may not be enough to clarify the rules that govern the reporting and auditing of internal controls. 'Based on the information we already have, it would seem that some further changes may be in order,' Gradison said."
Sarbanes is No good (Score:1, Interesting)
I can go and on about the work, but clients are kinda screwed with lame ass testing done with auditors. All companies need to do is have their own checklist, match up polices and procedures and let auditors review them that is all...
UNIX Audit Tools (Score:5, Interesting)
Very unpopular sentiment (Score:5, Interesting)
Crooks don't comply, because they're crooks.
Customers, that's us, end up with higher prices for the things we buy, and higher taxes to pay for all the new auditors.
Martha Stewart goes to jail while the real criminals get away with what they've always gotten away with.
Politicians get reelected for having "done something".
To quote from the movie Spartacus, "I'll take a little republican [style of government, not party] corruption, along with republican freedom!"
Want to really put the screws to "corporate executive" crime? Then eliminate the government granted limited liability that a "corporation" represents. Allow thereby the officers of a company to be directly liable for their decisions, their accounting practices, their performance.
It's easy to follow the Big Lies handed down by the sensationalist press that don't want you looking at their own corporations and unions. S-O doesn't solve anything. It merely adds another layer of bureaucracy to the effort of getting anything accomplished.
Bob-
It also costs *us* (Score:4, Interesting)
Previously, if I had a program I wanted to release for profit, I would do the core features well, and add modules on around the side later, at extra cost. I might release interim patches for any bugs found in the field, and as a sweetener, upgrade some small functionality to get users affected by the bug back on "my side".
Now, I can't do that. The only time I can have a free interim release is to fix bugs - no new features are allowed. I'm no lawyer, but this is (expensive) legal opinion. So the dynamic changes - in order for me to have the most flexible release policy, I'm *far* better off releasing bug-ridden software that does *everything* - even if it only does it badly. Following this path, I get a choice of how to proceed later (I can add functionality *by* fixing "bugs" (ahem) by actually making a serious attempt to provide the functionality I promised in the first place). I can gauge the market and give it away free if that suits my needs at the time.
Now there's a downside to releasing bug-ridden software (and we're all aware of the arguments). The problem with this (responsible) attitude is that the collective consciousness of consumers today seems to not have a problem with buggy software - software crashes all the time, they're used to it, and it's a self-propogating meme of "what is normal". Responsibility don't pay.
So, when I release software (under the usual constraints of "good,cheap,fast - pick any two") I'm being pushed in the direction of "cheap and fast" because there's no real downside to me, and I get a lot more flexibility with dealing with the resulting debacle. I can balance my budget better ("cheap") and I get to market faster ("fast"). The fact that it doesn't work so well isn't really an issue.
That's what Sarbanes-Oxley has done for us.
For the record, I don't release software - please direct hate-mail to
Simon
Re:Misleading summary (Score:5, Interesting)
I spend the rest of the time (15 to 20 hours per project) filling out several forms that I didn't used to have to fill out, doing self-audits to confirm I filled out the forms, waiting for approval of my forms before I can go to the next step, etc.
Meanwhile- the execs in my company can write a $20,000 check without even a counter-signature from another exec and much larger checks with a counter-sig from *one* other exec with NO required paperwork of any kind and they get paid literally millions of dollars while our stock has declined constantly in price for years.
Why the heck sox means the "Massive Paperwork for Programmers" is beyond me.
And then when we have a high priority project that a big executive wants fast-- we toss all the paper work out the window and backfill it afterwards (even putting links to empty documents that will be filled in later).
Yea right- sox is a very good thing-- NOT. We already had laws against fraud. All we have to do is start ENFORCING them.
Main problem... (Score:4, Interesting)
I've had a lot of managers say we have to do such and such for SOX compliance. When I inquire as to more detail... Like what exactly, so I can make sure the solution fits within the requirements. I get blank stares.
That's a large part of the cost. The law itself is not a bad idea. It's just nobody knows how to comply.
Re:Misleading summary (Score:2, Interesting)
SOX Never Ends (Score:2, Interesting)
Re:Misleading summary (Score:3, Interesting)
I believe that Sarbanes-Oxley addresses a problem that needs to be addressed, but does so without consideration for the needs of the companies expected to stay in compliance with it. Low-income citizens are given disproportionately large tax breaks to account for their disproportionately greater needs, so why shouldn't something similar apply to small businesses when it comes to Sarbanes-Oxley?
Re:Misleading summary (Score:3, Interesting)
The big oil companies have more excuses than a hound dog has fleas. Last year it was 'oh no teh hurricanes!?', this year it's 'oh snap what about Iran?!' and 'hey we have to switch over to a summer blend, it's teh expensiveness!'. It's all bullshit. If the oil companies were really having such a difficult time making money (i.e. their supply is low and costs are up therefore we're paying extra), why would Chevron and Exxon post their highest earnings IN HISTORY over the last few quarters? Exxon's profit equalled Bill Gates' total value a few quarters ago. 41 billion dollars. If the market is controlling prices, then big oil wouldn't be raking in ungodly earnings, they'd have a steady cash influx just like every other year. The truth is that with the GOP at the reigns, and two oilmen running the White House, it's open season on consumers when it comes to gas prices.
Sorry to get political at the end there, but it's not hard to make the connection between the Bush family, Saudi nationals, a VP (Cheney) that sits on the board at Halliburton and our current situation.
Re:Misleading summary (Score:3, Interesting)
While I think that the argument that Sarbanes-Oxley is deficient in solving the issue is false, I will listen to arguments to the contrary. Any attempt to claim that a public company should not be doing everything in their power to ensure that their books are correct and that they are following GAAP (along with other compliance) is ludicrous. It doesn't benefit the public, and in the long term, it rarely benefits the shareholders. Is any company going to be perfect? Of course not. But for GE to complain that spending a tenth of a percent of their pre-tax income on one of the most important fundamental shifts in regulation is not merely laughable, it would give me long pause if I were a major shareholder or potentially one.
They're certainly allowed to bitch about the cost (and they always will, no matter what it is), but when it's as generally as low as it is, especially for corporations the size of GE, it makes one wonder about their dedication to proper reporting. And that's not a good thing to be wondering about.
Having dealt with SOX compliance... (Score:3, Interesting)
As a developer, certain procedures and responsibilities have always rested on my shoulders. I'm used to it, and I rely on them to help me do a better job. However, with the advent of SOX compliance, so many layers of crap are added to my workflow that I end up spending 4 hours documenting a 20-second fix to correct a spelling error in a piece of code.
If these new procedures were to give me any sort of confidence that my fix not only addressed the problem, but didn't cause any new ones, then I would be more open to accept them as part of my job. As it stands, though, it only extends the amount of time that potentially Bad Stuff(TM) takes to make it into production.
Even with supposedly airtight SOX-compliant controls in place, any developer at my company can easily mangle production environments at any time. Here's why: one of the big things they started off with when implementing SOX controls was that if you were a developer, you shouldn't have direct access to production systems. So, they add a few layers in there. You, the developer, can't touch production, but you can write a script and give it to someone in a "responsible position", who can then run it in production. Problem is, the person who's supposedly responsible for the system often times has no clue what the script does -- even if they actually bothered to look at the script in the first place. They may ask you what it does, simply because they need to appear to be doing their job, but does it really matter what the answer is? They blindly run the script and send you the output. They don't know what the script does, so they don't know whether the output is valid. You tell them everything looks good. Everyone's happy.
Doesn't matter whether you update a single row, or drop a table with 70 million rows -- no one involved in the process is going to actually take the time to look at what you're doing in order to determine that it does what you say it does. As long as you've convinced people you know what you're doing, you have free reign. The addition of SOX hasn't changed this. The only benefit (if you wanna call it that) I can see is that now, you've got a pile of documentation showing that 4 people assisted you in wiping out data that will take days to retrieve from tape. The only way that controls are worthwhile is if they truly prevent this sort of thing.
*sigh* (Score:4, Interesting)
1) For those who are claiming that the implementation/specific requirements are too strict, could you give an example? I have had to do things required for SOX compliance (and I know of plenty of other things that my company, and others, have done), and I have to say, I have yet to see anything that I consider overly burdensome. And certainly not so overly burdensome that they outweigh the benefits of the intended effect of SOX: ensuring more accurate and honest reporting in filings by public companies, and ensuring that management is held responsible for what is in those filings.
2) For those who are claiming that the original intent of SOX is wrong, could you please explain why you think so in those parameters? There are certainly downsides to SOX, but a million posts saying "SOX sucks" or "I have to do a whole bunch of extra things so that my company is SOX compliant" doesn't mean anything. First, obviously it doesn't provide any kind of example. Second, there's no reasoned logic as to why these downsides are worse than the upsides. Which leads me to...
3) For those who are claiming that the original intent was good, but the implementation is faulty, again, could you provide examples? Personally, I feel that extra work for you (or your accounting department, or whoever) is worth it if it helps to ensure that 10-Ks and the like are as accurate as possible. There is certainly a point at which the expense to make them more accurate outweighs the benefit of that improved accuracy. But remember, as I pointed out upthread, these filings are not FOR the company, or even really FOR the government (nearly every company has two sets of books, one for tax purposes and one for annual reports); they're for you, me, and every other person (and institutional investors) trying to decide whether investing in that company, be it through stocks, bonds, or any other avenue, is a good investment. The purpose of these filings and the role of the government in ensuring the accuracy of those filings is to make sure that investors have as much (and as accurate) information as possible. This is a good thing. If you'd like to argue that it's not, I (and probably others) will be happy to do so. If you're simply trying to point out that SOX doesn't fulfill its intent, then please, please say WHY you think that, and please give some thought to how much more work you would be willing to put up with, and how much expense you think is acceptable for a company to incur, to help the markets get better information.
4) Finally, there is a very interesting argument against SOX that is getting ignored upthread. SOX is definitely a regressive expense. Small businesses are paying a higher percentage of their revenue (or pre-tax income, if you want to be pedantic) than larger companies. Is this fair? What, if anything, can be done to alleviate that problem? What slope of regression (I'm probably butchering this terminology-wise, but I think you know what I mean) is acceptable to you, assuming you believe that SOX is otherwise a net benefit?
On the whole, obviously I am in favor of SOX. I wholeheartedly agree with the thought process behind it, and in my experiences dealing with it, I haven't found anything to change my mind. If you disagree, let's talk about it. This is a very, very important issue. But let's talk about it rationally and logically. Throwing out "it sucks", "I hate SOX", and "It doesn't work" don't do anything to further the discussion.
And yes, I am a longtime Slashdot reader, and I know that it's sometimes hard to find real, thought-out discussion. But we can certainly try for it.
Re:Misleading summary (Score:3, Interesting)
The enormous amount of regulations coming with Sox are chilling, and it simply is out of proportion for the damage small and midcap companies can do. This particular company is now running break-even. It would be profitable if not for Sox.
Re:Misleading summary (Score:2, Interesting)
Let me illustrate. When Clinton was president the US had a surplus. Over the next handful of years the govt not only squandered that surplus but got itself into massive debt. On top of all that there were terrorist attacks, two wars, and a long and painful occupation of a another country costing 300 billion dollars (which is surely under accounted).
Now you might think that something like would have had some effect on the economy. Maybe it would effect unemployment, maybe the stock market, maybe the strength of the dollar, maybe the interest rates, maybe the rate of savings, maybe consumer spending, maybe business spending. Some effect, any effect at all.
Nope. Nothing. Nada. Zilch. Zip. You can spend money like a drunken sailor, grow the size of the govt, wage war, squander your savings and dig yourself into debt, spend hundreds of billions of dollars one non productive warfare and there is no effect whatsoever.
You see. Economics is junk science. It's no different then a hippie who places crystals on a computer to prevent it from crashing.