Scoring Sarbanes-Oxley

As we pointed out in this morning's roundup, the New York Times' Room for Debate is discussing the success/failure of Sarbanes-Oxley. Sunday marks SarbOx's 10th birthday so naturally people in the accounting and compliance world are getting all nostalgic about it and yeah, okay, nostalgia can be fun sometimes. The Times had four contributors in this debate and we've highlighted some notable text here for you.

First, Michael W. Peregrine of McDermott Will & Emery sees SarbOx as a huge governance success:
The need for fundamental change in boardroom behavior was a message that transcended the text of the Sarbanes law. The old ways weren’t working. That idea lit the corporate responsibility movement, igniting a more robust respect for corporate compliance, fiduciary duty to shareholders and ethical behavior. When you zoom out to that level, the law has been spectacularly successful. Sarbanes-Oxley has forever changed the landscape of corporate governance. It has increased the accountability expectations we have of directors and officers, and their legal and accounting advisers as well.

Broc Romanek, the editor of TheCorporateCounsel.net said some things that might make you mad:

For my money, I continue to believe that the Public Company Accounting Oversight Board’s birth was the most significant part of Sarbanes-Oxley even though its reporting structure, controlled by the S.E.C., prevents it from being as effective perhaps as it could. 

Kayla Gillan of PwC (and former deputy chief of staff for SEC Chair Mary Schapiro) explains how life if better after SarbOx:

Those who would seek to provide the market with misleading numbers are less likely to be able to do so because the public company internal controls are now much more effective; independent auditors comply with stronger standards and also have an independent regulator to oversee their efforts on behalf of investors and other stakeholders; audit committees must now be more competent and engaged in overseeing the audit and financial reporting; and the Securities and Exchange Commission must now spend more of its resources in reviewing the quality of information that companies provide to the market.

And naturally, PCAOB Chairman James Doty points out that, thanks to SarbOx, some auditing skeletons started coming out:

In 25 years of operation, the profession's self-regulatory system never issued an adverse or qualified report on a major accounting firm. Yet board inspections have identified scores of problems in audits by firms in each of the large accounting firm networks and other firms that audit public company financial statements. […] Through rigorous and skillful inspections and enforcement, the board aims to maintain auditing as the attest function it is intended to be. Many things went wrong in the recent financial crisis, but the investing public would have been worse off without independent audit oversight. We are again at a point where new reforms are needed to strengthen investor protection. In a nutshell, the global audit firm is not too big to fail, and it is too important to leave unregulated.

All the columns are worth a full read and while everyone seems to think SarbOx is pretty great, they also admit that regulation in this space has a long, long way to go. And to a large extent, I agree. SarbOx was a game-changing law. The number 404 had no identity before SarbOx (I'm not sure how far back "Not Found" goes) and it strikes fear into the hearts of young auditors everywhere. Audit partners have had countless awkward encounters with audit committee members who can barely operate a calculator, let alone understand complex financial reporting. And sure, reporting on internal controls, certification of financial statements by management, and making lying to auditors a crime were pretty good ideas. 

But people are antsy again. I mean, Lehman Brothers! Not a success. Plus, the processes in place are far too secretive and regulation behind closed doors doesn't do much to reassure the public. No one can see or hear anything until a firm gets so lazy that the PCAOB has no choice but to say, "Um, guys. We asked you nicely, but now we have to tell everyone how bad you are," then the response is, "Yeah, yeah. We know. We know. We're working on it [eye roll]," and we're all, like, "Wait, this was related to stuff from two years ago?" Even more annoying is that the identities of the companies whose audits are inspected are also kept secret (unless Jon Weil digs it up). How are the investors in those companies served when they have no idea that the audit opinion of that company isn't worth the paper it's printed on?

Enron gave us SarbOx and you should be grateful for that for all kinds of reasons I won't repeat here, but as far as the legislation is concerned, it seems to have run out of gas. Regardless of the firms' talking points, they are largely complacent and don't seem to take the regulations seriously. Sure they play ball because they have to, but the results from the PCAOB inspections indicate that they regard the rules as a nuisance; they focus on complaining about how onerous it all is and how awful their lives are rather than propose solutions, even when there are no real consequences. We need more. More. MORE! (Well, maybe the third one was a bit much.) Hell, even the guy who took the PCAOB all the way to the Supreme Court believes there needs to be more regulatory oversight of auditors. 

[Breath] So if I were to grade the legislation on a scale from 1 to 10, where 1 is "a notch below Scotts toilet paper" and 10 is "The Ten Commandments," I'd give SarbOx a 5.5. It ranks high (let's call it 8) on ideas and low (3) on execution. I'm sure there's more…room for debate so if you've got a different number in mind, put one up. 

Have something to add to this story? Give us a shout by email, Twitter, or text/call the tipline at 202-505-8885. As always, all tips are anonymous.

Related articles

Critical Audit Matters: Does Anybody Care?

As if the standard auditor’s opinion weren’t already sleep-inducing enough. Standards in the United States now require auditors to identify critical audit matters (CAMs) in their reports on the financial statements of large public companies—things that, in the language of Auditing Standard 3101.11 of the Public Company Accounting Oversight Board, involved “especially challenging, subjective, or […]