VideoA few weeks before every quarterly close, John Adamovich receives 225 representation letters from 75 reporting locations in 30 countries. The letters come to Adamovich, the CFO of Pall Corp., from three sources: in-country general managers and controllers, operations committee members that have oversight responsibilities, and group controllers. In some cases, the letters are three or four pages long.
J.D. Edwards & Co. CFO Rick Allen collects about 75 rep letters from his managers every quarter, while John Hendrix, the finance chief at the smaller Cornell Companies Inc., reviews the same kind of upstream certifications from eight managers on a quarterly basis.
The flood of letters vouches for the validity of material financial and non-financial information bubbling up from each company's far-flung operations. Getting such testimonials became imperative after July 30, 2002. On that day, Pres. Bush signed into law the sweeping Sarbanes-Oxley Act, which was intended to restore public confidence in corporate accounting. Toward that, Sarbox requires executives, among other things, to certify financial statements (Sections 302 and 906) and verify that internal control systems are adequate (Section 404).
Whether the wide-ranging provisions of Sarbanes-Oxley actually keep corporate corruption in check remains to be seen. In a recent poll of finance executives conducted by Parson Consulting, only 6 percent of the respondents said they thought the law would curb accounting abuses.
The burdensome requirements spelled out in the law may curb CFOs' enthusiasm for their jobs, however. One headhunter recounts a job-hunting finance chief who told him, "[Since Sarbox], being a CFO just isn't as much fun anymore."
Adamovich, Allen, and Hendrix, for instance, all say they've started requesting upstream certification of data to satisfy sections of the new legislation -- an onerous task. And all are looking hard to see if their internal controls pass regulatory muster. "There are no if, ands, or buts," notes Adamovich. "We have to comply with Sec. 404, and in the short term, that's our main focus."
Anything less would be short-sighted. A slew of experts, including lawyers, risk managers, auditors, and finance chiefs all say CFOs are clearly charged with managing the law's daunting mandates -- and the attendant risks that come with it. "[Sarbanes-Oxley] increases some risks for CFOs, at least for those who take their job seriously," notes Allen of J.D. Edwards. "But risks have always been there."
Maybe so. But these days, all roads seem to lead to CFOs. Indeed, in the Parson survey, 58 percent of the executives polled said they expect the company finance chief to bear the primary responsibility for overseeing the entire compliance effort. And with that responsibility comes liability -- a lot of it. "CFO are in a more precarious position [since Sarbox was passed]," insists John Challenger, of outplacement firm Challenger, Gray & Christmas Inc. "They are in the direct line of fire, and can wind up as a scapegoat."
The scope of Sarbanes-Oxley alone should worry CFOs. As John Tonsick, managing director at risk consultancy Citigate Global Intelligence and Security, points out: "What CFOs are now being asked to certify is very broad."
The Hours
Then again, some of the provisions of Sarbanes-Oxley are quite well-defined. A CFO convicted of signing off on misleading or inaccurate financial statements, for instance, will be subject to a fine of up to $5 million and a prison sentence not to exceed 20 years.
But Congress's draconian punishment for rogue CFOs is more PR than IR -- the legislators way of looking like they're getting tough on corporate crime. In short, a headline grabber.
What doesn't generate headlines is that Sec. 404 requires a company's CFO and CEO (and external auditors) to vouchsafe for the effectiveness of internal control procedures for financial reporting. Says Richard Rubin, an attorney with Jenkens & Gilchrist: "The real issue regarding certification resides in Sec. 404 requirements that call for attestation of internal controls by executives and auditors."
Indeed, Sec. 404 mandates continuous monitoring, testing, and appropriate improvements to internal controls processes -- a much more onerous and complicated task than keeping tabs on disclosure controls.
Moreover, that trio of internal control controls is interrelated. In fact, Deloitte & Touche Partner Steven Wagner says he wouldn't be surprised if the Securities and Exchange Commission turns the triad into a single certification by the end of the year.
Such a move would likely heap more work on already-overworked finance executives. In the Parson survey, 66 percent of the respondents said they're spending more time on risk assessment than in the past.
To handle this extra work wrought by Sarbox, some finance chiefs are adding staff. John Cox, CFO of BMC Software, Inc. says the Houston-based software vendor added two new full-time positions to the 400-strong global accounting staff to help with the increased disclosure. BMC has also added another staff member to the company's 12-person internal audit team.
With the recession still on, however, not all CFOs will be eager -- or able -- to staff up their finance departments. Rick Fumo, executive vice president at Parson, predicts that over the next few months, the workload for corporate finance departments at mid-size and large companies will increase by two hours per week for each staffer, thanks to Sarbox compliance requirements. He expects senior financial executives to put in three more hours per week because of the legislation.
Reader Comments» Post a comment