Bill Teuber prickles a bit at the notion that the landmark Sarbanes-Oxley legislation has forced major reforms within EMC Corp. "I think about internal controls all the time; I didn't need the law to get me to think about them," says the CFO of the $5.4 billion information-storage giant. For the past decade, Hopkinton, Massachusetts-based EMC has carefully tracked its financial results with monthly closes and updated forecasts, says Teuber. In the same spirit, his regional controllers have been attesting to their compliance with EMC's procedures since mid-2001 — before Enron imploded. Teuber has also been thinking about financial transparency since being promoted to CFO in 1998, breaking down revenue streams by product classes rather than broad categories, and disclosing the quarterly earnings impact of stock options as early as July 2002.
Yet by the end of the year, EMC will have spent more than $1 million and thousands of man-hours complying with two of the main statutes in the Sarbanes-Oxley Act of 2002 — Section 404, related to internal controls; and Section 302, mandating CEO and CFO certifications of quarterly financial statements. Teuber won't even speculate on the price tag for full compliance, except to say "it's not insignificant." Moreover, he doesn't expect that burden to lift, thanks to ongoing testing and disclosure requirements. "Even maintenance mode will require a sizable effort," he says.
Like Teuber, CFOs across America say they are spending more time and money trying to shoehorn existing practices into legally acceptable formats. Forty-eight percent of companies will spend at least $500,000 on Sarbanes-Oxley compliance, according to finance executives who participated in a recent CFO magazine survey. Unlike Teuber, however — who sees the increased internal-controls documentation as "a chance to get best-of-breed solutions in our sales offices across 50-plus countries" — other CFOs (nearly 40 percent) see the increased burden as having "very little" or "no effect" on their current processes. Moreover, only 30 percent believe the benefits outweigh the costs.
In fact, many CFOs, such as Borland Software Corp.'s Ken Hahn, who expects to spend $3 million on compliance — including having some 25 percent of Borland's employees sign papers "saying they're not doing anything wrong" — see Sarbanes-Oxley as nothing more than "an efficiency tax." Stephen P. Bishop, CFO of Berkshire Hathawayowned NetJets Inc., speaks for many when he says the "documenting and papering" of internal controls for Section 404 compliance will result in little "value-add." And E. Follin Smith, CFO of $4.7 billion Constellation Energy Group, goes so far as to say the law could eventually make the "fear of personal liability so great that managers are afraid to take risks on innovation."
Indeed, many finance executives believe that in seeking to curb the freewheeling ways of the likes of Enron, Tyco International, and WorldCom, Congress has committed some excesses of its own. Part of the problem, of course, was the haste with which the law was written. "If Congress had given the [Securities and Exchange Commission] more time to promulgate the regulations and the SEC had given companies more time to comply, costs would have been lower," says Goodwin Procter LLP partner Steve Poss. Instead, by rapidly legislating a whole set of processes, the law has become a windfall for auditors and lawyers and a time drain on overburdened finance departments. Moreover, the liability implications have "put people so on edge that they're looking over their shoulders all the time to see whether they're perceived as doing the right thing, not whether they are doing the right thing," says LCC International senior vice president and CFO Graham Perkins. "I don't think the legislators really understood all of the adverse consequences."
Perception Versus Reality
It's hard to know exactly what Congress expected, since it did not assess any costs when it passed the law. That's not unusual, since "there's no formal process for Congress to calculate benefits or costs of legislation," says Thomas McCool, head of financial markets and community investment at the General Accounting Office. "Sometimes they try to get indications from various parties, but when it's something prospective like this, [costs] would be very hard to tell."
The SEC, though, is required to estimate the burdens associated with its information requests under the Paperwork Reduction Act of 1995, and so has offered some guesses at future costs in piecemeal fashion. Such guesstimates have been chronically low. For one thing, they are typically limited to disclosure activities, and don't attempt to quantify costs like software purchases, audit-fee increases, or management and staffing requirements. The agency also tends to lowball the number and costs of hours of external help involved. "Most professionals look at these estimates and laugh," says Poss.
Reg FD compliance, for example, was projected to add a maximum $49.5 million to total annual disclosure costs when the rule was passed in August 2000, but actually cost somewhere between $250 million and $450 million, according to a Securities Industry Association (SIA) study in May 2001. That divergence was in large part based on the SEC's assumption that hourly legal fees were $85 to $175, compared with the $450 to $550 the SIA reported.
Reader Comments» Post a comment