Since it’s enactment on July 30, 2002 the Sarbanes-Oxley Act has proven to be more widespread and influential than originally intended. After corporate accounting scandals revealed questionable financial reporting, it has reined in corporate behavior under the premise of restoring global confidence and the integrity of the US economic market. The depth of the new requirements calls for a collaboration of all the ranks within a company. It calls for a microcosmic analysis of a company's practices, and strict documentation of accounting and corporate governance practices. Its impact is felt across the corporate world as a baseline for effective governance, accounting practices and policies. Although compliance with the Act is mandatory only for public companies, the standards it has set are spilling onto private companies, and encouraging them to start early and follow suit.

The SOX Basics

The Sarbanes-Oxley Act requires the approximately 12,000 public companies registered with the Securities and Exchange Commission to comply with an improved and superior standard with regards to accounting practices. They must provide documented accountability for its financial statements and internal operations with auditor verification. With the deadline of year-end 2004 quickly approaching, many public companies are moving full force to complete this process. Sections 302 and 404 have provided a long list of mandatory changes. Below are some of the key points of the Act.

• Written Code of Ethics. This must be provided to all personnel with guidance for recognizing and handling ethical issues. It includes confidentiality, protection of company assets, compliance with laws, and reporting of illegal or unethical behavior.
• Documentation of Policy and Procedures.
• Certification of Financial Statements. CEO and CFO are required to sign off.
• Whistleblower Policy and Procedure for Investigation. This is a means for an employee to submit concerns about the company's accounting practices. Employees must be given the means to anonymously notify federal regulators or corporate audit committees of potential wrongdoing.
• Increased Transparency and Disclosure. Examples include critical accounting policies, off balance sheet transactions and contingent liabilities.
• Written Corporate Governance. This includes items such as director qualifications, compensation, and responsibilities, meeting frequency and preparation.
• Independent Directors.
• Compensation Committee. Recommended to meet at least twice a year to review and analyze executive compensation.
• Audit Committee. Recommended to meet once a quarter. This committee acts as a check on the financial reporting system including review of processes, internal controls and independent auditors. It is recommended to have one financial expert and an audit committee charter with rights. A member can not own more than 20% of company, work or previously have worked for the company
• Increased Internal Audit Functions.
• Restrictions on Loans to Executives and Directors.
• Retention of Separate Audit and Non-Audit Firms. Historically auditors have provided variety of non-audit services. The Act now prohibits nine non-audit services from being performed by a company's auditors including bookkeeping. In addition, accounting professionals are now regulated by the SEC and PCAOB, and public companies must have auditors who are registered with PCAOB.

Impact on Public Companies

By raising the bar for a higher level of internal control, the Act creates a more symbiotic flow within the company as a whole. With all ranks of employees working to produce, understand and maintain a set of rules by which to abide, it unites a company solidly at every level to act under the same rules and guidelines. With this unity comes more streamlined and efficient processes enabling management to make better strategic decisions. By creating this strong check and balance system, the company operates with ease, saving workload overlap, and also comes with built-in fraud deterrent. The increase in documentation and process driven compliance also results in the reduction of litigation exposure, and the production of more reliable financial information.

While such symbiosis is rewarding in the end, the cost of compliance is hefty. Since all levels of the company are needed to successfully implement the requirements of the Act, the loss of productivity due to time spent dealing with these requirements may be significant. Section 404, which requires extensive new internal controls and financial reporting, is the most burdensome. The man-hours needed for the discovery, creation, education and maintenance of compliance documents and policies is extensive. Board members are reporting on the wariness of their executives, and compliance has been used as an explanation of slowing of revenue. Due to the high costs, some public companies have even considered becoming private again, in part, to avoid the heavy burden that the Act imposes.

Increasing vendor rates have also contributed to the cost of compliance. With the Act being a complicated legal document, companies cannot risk the exposure on non-compliance and must seek the assistance of counsel in order to translate the Act into practical applications. Directors’ and officers’ insurance rates have nearly doubled since 2002. Some companies have hired Sarbanes consultants to assist in their compliance. Others have turned to expensive automated record keeping management systems or ERP software solutions, which help integrate the back office applications onto a single platform, allowing the documentation needed for compliance. The Act also created the Public Company Accounting Oversight Board (PCAOB) to make revisions to GAAP and oversee accounting standards. The SEC and PCAOB now regulate accounting professionals. The cost of diligence required from the audit and accounting community to comply with PCAOB will be passed along to clients.

Effects on Private Companies

A few provisions within the Act do apply directly to private companies. For example, Section 802 makes it unlawful to destroy documents with intent to obstruct federal investigation or bankruptcy. Section 904 imposes a severe penalty for violation of reporting and disclosure provisions of ERISA. Section 1107 increases liability for retaliation against whistleblowers. However, while only a few provisions of the Act affect private companies directly, such companies are feeling the impact in a more circuitous fashion.

Certain companies are insisting on compliance from their vendors as a precondition to do business. Lenders and insurers are beginning to require a certification of financial statements from executives similar to the requirements of public companies. Public partners and customers are expecting their business partners, public or private, to follow the same practices to which they adhere. Some organizations are requiring some level of compliance such as the International Organization for Standardization (ISO) in order to obtain a certificate.

At the state level, legislation has been introduced in more than a dozen states to extend certain Sarbanes provisions to private companies, nicknamed “little Sarbanes Oxley” legislation. Eliot Spitzer, New York state attorney general, has proposed a bill that would require the CFO of nonprofits to verify annual reports. In New Jersey, a bill was proposed but withdrawn earlier this year that would have barred auditors from providing non-audit services to all companies, not just public ones. Indiana amended its Request for Proposal policies requiring vendors to provide information consistent with the Act such as certification of financial information.

More directly, board members who also reside on both public and private company boards are “singing the Sarbanes song,” and speaking up about starting early with internal controls. They are witnessing first hand the double-edged sword that complying with the Act has had on their public companies, and strategizing with their private companies about how the pains can be avoided.

Strategic planning in preparation of a liquidity event is beginning to include Sarbanes compliance for the company’s success. All companies applying for an IPO must be compliant when filing the registration statement, significantly raising the bar for IPO registration. It is essential to address compliance early, as preparation of an IPO is, in itself, a challenging time, without the added burden of coming compliant with the Act. Underwriters expect that private companies have considered the Act and comply with it well in advance, ensuring that auditors and bankers can complete the due diligence and issue positive opinions. Failure to make an executive team aware of the requirements of the Act well in advance of the IPO date may severely jeopardize a private company’s timing and ability to go public. Sarbanes compliance is a plus for market perception as well.

In the event of an acquisition by a public company, a private company compliant with the Act has added value over its competition. Per the Act, the CEO and CFO of public companies must certify quarterly to an evaluation and the effectiveness of controls and procedures. This includes any newly acquired financial assets and liabilities. The potential liability of not protecting themselves could result in hefty non-compliance fines, shareholder litigation, hidden fraud or other abuses. The due diligence that the acquiring company must do is either minimized or maximized significantly depending on the compliance level of the private company. Additionally, compliance affects the purchase price. Either the acquirer will reduce its offering by the added expenses of compliance or it will pay a premium rate if already compliant.

Both liquidity events lead private equity investors to also consider discounting the valuation of a company that is not compliant to some degree while negotiating a financing. Also of concern when negotiating a term sheet should be the contractual rights of board seats. The Act requires that the majority of a public board be independent directors in order to create an unbiased board with integrity to serve its shareholders, and provide fresh perspectives on problems and strategies. NASDAQ has defined “independent” as holding no more than 10% stock; however, this definition has become more vague after industry feedback. Board membership now requires advance planning either by a gradual addition of outside directors as the company grows, or through a transition for swapping new directors with founders, VCs and other investors. Finding willing and able outsiders as board members is proving harder due to the increase in accountability and liability. Some potential candidates for private companies board have been requiring a higher level of governance prior to their accepting a position.

Within the private equity industry, the increase in accountability has also heightened the controversial topic of transparency and disclosure to investors. Compounded by The Freedom of Information Act, which provides public access to documents held by state agencies, existing shareholders, large and small, are interested in gaining more insight on their investment. This release of information could in turn be harmful to private companies within their industry. The old practices of limited disclosure conflict with disclosure and investor confidence. The Act has made such disclosure a requirement.

Closing

With its widespread effect on both public and private business in the United States, some say Sarbanes has been the most influential Act on securities in 80 years. It has thrown a new set of tools into the framework of administration within a company with the intention of restoring faith in the US market. The many struggles public companies have endured to comply with the Act have taught an important lesson to smaller private companies with large dreams: start early. By implementing the Act’s requirements into the basic infrastructure of the company, a company can grow and scale while maintaining its compliance. It can educate new employees and directors of the internal policies and code of ethics gradually as they join. The company can strategically plan for later stage compliance issues well in advance, such as board membership and accounting partners. Private companies would benefit from a slow gradual assimilation of the Act’s requirements rather than try to arm wrestle it down the road.

-Kate Henriksen