 |
 |
|
|
|
||||||||||
|
||||||||||
|
|
|||||||||
|
||||||||||
What CFOs really think about Sarbox — and how they would fix the *!#& thing. Including the results of our exclusive survey.
David M. Katz, CFO Magazine
March 15, 2006
Hi, They should hammering more the fact. H. Abibou
Posted by Habib Abby Habibou | April 23, 2006 03:57 pm
And I appreciate Mr. Goff's response. As for specific rebuttals…maybe it’s futile to challenge an editor on his home court. Still, Mr. Goff didn’t respond to me personally; he chose a public channel. Perhaps a public dialog is open.
Yes, the article is nominally about CFO’s survey. But even if you assume that every quote is part of the survey response – questionable because many of the sources including Barger, Goudis, de Winter, and Daleo have also been quoted in other CFO stories – only about 60 percent of the paragraphs mention the survey at all. Despite Mr. Goff’s protestations, 40 percent editorialization is significant and not all that straightforward, either, as I’ve pointed out. If Mr. Goff takes offense when a reader notices editorial spin, perhaps he should consider limiting the volume of commentary in future reports.
As for “willful”... “Willful” knowledge of fraud is part of the US Sentencing Guidelines that apply to SOX. Since nobody’s been prosecuted under 302, the benefit of changing “knowledge” to “best of knowledge and belief” in the regulation is unclear. Both fall on the sunny side of willful deceit – as balanced article should have noted.
In good faith, however, Mr. Goff’s is dead right that the PCAOB should mandate, rather than suggest, a risk-based approach. Auditors have financial incentive to excessively test controls. And where there’s money on the table, even auditors will misbehave. The upcoming SEC roundtable will almost certainly confirm this abuse and, hopefully, codify some corrective measure.
Meanwhile, are shareholders really suffering because auditors are uncovering financial reporting weaknesses, as Mr. Goff claims? Share prices dip when negative disclosures are issued, but share prices are different than shareholders, who may invest their money anywhere. Negative disclosures rattle shareholder faith in the company’s ability to properly manage its finances. The worse the rattle (and the longer it lasts), the lower the stock price. And, since shareholders are, in fact, more likely to suffer if they invest in a company with poor financial management, it’s hard to see how providing that insight hurts shareholders. Perhaps Mr. Goff could explain this.
As for Take-Two, the fact remains that the story’s author, David Katz, pointed to a corporate criminal to illustrate corporate suffering under SOX. And neither Mr. Katz nor Mr. Goff, who edited the piece, disclosed the lawsuits against Take-Two. That’s a significant omission. Along similar lines, Mr. Goff claims that market impact of a reported material weakness is more than 4 percent (as of mid-2005). Other studies he could have cited from last year showed less than 3 percent, mostly concentrated in a few companies. These editorial choices look like exaggeration and omission in support of bias.
Finally, Mr. Goff claims that Robert Daleo “just wants [auditors] to use some of [the company’s] paperwork.” How’s that? The article says, “Daleo maintains that the board should say that auditors must rely on the work of others. By taking discretion out of auditors' hands, he argues, the board would also relieve engagement partners of the temptation to test everything.” [Emphasis mine.]
This isn’t just argument for its own sake: it’s a request. CFO owes it to readers to report responsibly, and spinning research with excessive editorialization simply isn’t responsible. There’s lots of anxiety, confusion, and plain misunderstanding about SOX, but overstating the negative impact of the law doesn’t help companies come to a more realistic view of either their responsibilities or rights as corporate citizens. And it doesn’t help compliance managers, who are just trying to get a grip on their jobs. CFO is often a good resource. I use it; so, I think it’s worth taking this time to respond – because the publication is influential and should use its power wisely.
Posted by edda junke | March 23, 2006 06:38 pm
I appreciate the time "edda junke" took reading and responding to David Katz's "A Tough Act to Follow" (a story I edited). Normally, I tend to let criticism of an article slide. After all, you want readers getting involved -- even worked up -- about a story. And everybody has different opinions. But in this case, the comments from "edda junke" questioned the professionalism and integrity of David Katz and CFO. Therefore, I felt compelled to answer his/her attacks.
My first note in response to the criticism is: this article is based on survey results. My second note is: this article is based on survey results. My 442nd note is: this article is based on survey results. As such, we are reporting what finance executives think about Sarbox (not necessarily what we think). I believe the premise of the article was clearly spelled out in the deck of the story.
Indeed, that's the whole point of the piece. We agree with "edda;" there have been many stories already about CFOs not liking Sarbox. SO rather than do another story about corporate executives complaining about Sarbox, we wanted to do a story on how they'd specifically change the law. To us, that's the fresh angle here.
Of course, as "edda" noted, you can argue that it doesn't matter if CFOs like the law. That's a fair point. It's also a different story -- and not the one David Katz was writing. His story was a straightforward look at what CFOs think about the law and how they'd change it. And as such, we relied on interviews with many finance chiefs, as well as a survey of 237 corporate executives (mostly finance managers). We hardly feel that qualifies as "a fairly shoddy work of journalism."
And while "edda" may feel we're reporting last year's news, others don't. To date, the survey has been cited in articles by the Washington Post and The New York Times. Apparently, they thought the idea of asking CFOs how they'd actually change Sarbox was fairly interesting. We're glad they did.
As for the specific points in the post:
1. The PCAOB has specifically and repeatedly discouraged "checkbox" auditing and encouraged risk based-assessment. The SEC has offered similar guidance. Yet this is largely downplayed in CFO's effort to promote anti-regulatory hyperbole.
RESPONSE: This point is hardly downplayed. We discuss this idea clearly in three paragraphs in the section under the subhead "This is Only Attest." And while the PCAOB has issued such guidance, it appears that independent auditors are still taking more of a checklist approach. Certainly, that's what the CFOs in the survey indicated.
2. Risk-based assessment is also old news. Auditor communication and trust in prior work and managerial opinion have also been explicitly supported.
RESPONSE: True. And yet dozens of CFOs will tell you that external auditors are still conducting their own tests -- and not trusting the work of others. While they may be engaging in audit overkill in doing all this work, that doesn't change the fact that still appear to be documenting hundreds -- if not thousands -- of clients' internal controls. As Robert Daleo notes, the PCAOB has stated that auditors "may" rely on the work of others. But they're not.
3. CFO implies that executive-certification is too onerous, but fails to mention that "willful" knowledge of fraud is required for prosecution. It also neglects to note that no one has yet been prosecuted under Section 302.
RESPONSE: While no one has been prosecuted as yet, the stakes for certifying executives have risen considerably (including criminal penalties). And this is obviously a CFO concern, as underscored by the survey results. As for "willful" knowledge of fraud: we were specifically referring to Section 302, which requires certification "based on the officer's knowledge." In the survey, many respondents wanted that threshold lowered to "best of knowledge and belief."
4. The article says executives question the value of monitoring oceans of internal controls. The PCAOB encourages such questioning. It's what risk-based assessment is all about. Commissioner Atkins' quoted statement, however, was also a critique of public companies, many of which are as much to blame as auditors for niggling over compliance requirements.
RESPONSE: Public issuers tested thousands of controls mostly because they received little input from external auditors as to what should be tested -- or because word got out that external auditors were testing every single control over financial reporting. If the PCAOB were to mandate a risk-based approach -- rather than suggest it -- that might change things. But this is still very much an unresolved issue. Our survey indicates that auditors are still not on board with what the PCAOB has suggested. And we're guessing the PCAOB holds a similar concern: the board and SEC's plan on holding a roundtable discussion on internal controls reporting on May 10. As PCAOB acting chairman Bill Gradison commented in February when announcing the roundtable: "I am very much open to suggestions to make the internal control assessment process more efficient, including modification of the PCAOB's auditing standards and other actions the Board could undertake. This is the PCAOB's highest priority policy issue."
5. Another serious omission is fair representation of how SOX reporting impacts share prices. In reality, most companies that delayed filing, restated, or reported material weaknesses have not suffered long-term share devaluation. And where stock prices have dipped permanently, it has generally reflected a genuinely bad financial picture. How is that a bad thing?
RESPONSE: I agree with your second point. Companies with poor internal controls should see their market valuation suffer. But as David Katz stated in his story, it's doubtful legislators wanted to inflict punishment on shareholders with the passage of Sarbox, although shareholders have definitely suffered in the 11 percent of companies that have so far uncovered material weaknesses in their controls of financial reporting. And we weren't placing a value judgment on Take-Two; we were simply noting that in the days following the material weakness announcement, the company's share price plummeted. The point is simple: uncover a significant deficiency and your stock price will take a hit (about a 4 percent drop, according to one study).
6. CFO argues that the PCAOB should give auditors more definitive guidance. But, in fact, this happens continually -- for example in the PCAOB's published responses to last year's audits. Sadly, CFO ignores this reality and instead quotes a Thomson executive, who recommends that the PCAOB "require" auditors to trust managerial judgment -- which would, of course, make audits pointless. Auditors must be free to evaluate managerial opinions. That's why they're called auditors. If they had no discretion, they would be called shills or, at best, apologists.
RESPONSE: Auditors "trust" managerial judgment all the time. Unless a company has contracted for a fraud audit, most external audits involve some degree of trusting managerial judgment. What's more, Thomson wasn't arguing that auditors trust a company's judgment. Rather, he just wants them to use some of their paperwork.
Here again, this is the opinion of a CFO, not necessarily CFO magazine. And that opinion was backed up by sixty percent of the survey respondents. You can argue the merits of the suggestion, but it's hard to argue that this isn't a big issue for CFOs.
Posted by John Goff | March 20, 2006 03:19 pm
Is CFO reprinting last year's news or are its writers just getting lazy? This article is really a fairly shoddy work of journalism.
The PCAOB has specifically and repeatedly discouraged "checkbox" auditing and encouraged risk based-assessment -- particularly in its statement of May 2005. The SEC has offered similar guidance. Yet this is largely downplayed in CFO's effort to promote anti-regulatory hyperbole.
Risk-based assessment is also old news omitted: it's been part of PCAOB and SEC guidance since last May. Auditor communication and trust in prior work and managerial opinion have also been explicitly supported.
CFO implies that executive-attestation is too onerous, but fails to mention that "willful" knowledge of fraud is required for prosecution. It also neglects to note that no one has yet been prosecuted under Section 302.
The article says executives question the value of monitoring oceans of internal controls. The PCAOB encourages such questioning. It's what risk-based assessment is all about. Commissioner Atkins' quoted statement, however, was also a critique of public companies, many of which are as much to blame as auditors for niggling over compliance requirements. Naturally, the article doesn't point that finger.
Another serious omission is fair representation of how SOX reporting impacts share prices. In reality, most companies that delayed filing, restated, or reported material weaknesses have not suffered long-term share devaluation. And where stock prices have dipped permanently, it has generally reflected a genuinely bad financial picture. How is that a bad thing?
CFO argues that the PCAOB should give auditors more definitive guidance. But, in fact, this is happens continually -- for example in the PCAOB's published responses to last year's audits. Sadly, CFO ignores this reality and instead quotes a Thomson executive, who recommends that the PCAOB *require* auditors to trust managerial judgment -- which would, of course, make audits pointless. Auditors must be free to evaluate managerial opinions. That's why they're called auditors. If they had no discretion, they would be called schills or, at best, apologists.
CFO attempts to say corporate leaders support the recommendation, but blurs the line between *must* and *should.* Sixty percent of survey respondents think auditors *should* be "allowed to rely on the work of a client's internal-audit staff when assessing internal controls." So, OK: The PCAOB issued that recommendation too last year. How did that escape CFO's notice?
Ultimately, methinks the corporations doth protest too much -- and CFO panders to that grieving contingent. But why should companies (and magazines) complain about cliche SOX problems without doing their homework? Why try to undermine a law that seeks corporate accountability? Shareholders, employees, and other corporate stakeholders should question corporate motives.
But what about companies that CFO claims have being victimized by SOX? Well, look at CFO's example: Take-Two Interactive Software, manufacturer of Grand Theft Auto. CFO failed to mention that the company has been investigated by both the FTC and SEC and is currently on the ugly end of two class-action shareholder law suits. Far from being an innocent victim of overbearing auditors, Take-Two is mostly likely a corporate criminal that "engaged in fraudulent and illegal conduct…so that insiders could sell more than 661,000 shares for proceeds of more than $18 million," according to the suit.
These are just a few examples. This bottom line is that this article is a cheap shot that uses half truths, false associations, and lies of omission to argue against a law. That doesn't do anyone any good, and SOX opponents and supporters alike should demand better from CFO and Mr. Katz. And, actually, so should we, their readers.
Posted by edda junke | March 20, 2006 05:11 am
© CFO Publishing Corporation 2009. All rights reserved.