Is Sarbanes-Oxley Improving Corporate Governance?

We are experiencing an avalanche in our financial system. Major financial institutions are failing to the shock of investors and depositors, and there is such a high level of uncertainty in the financial system that availability of credit has been shut off even to the most highly rated borrowers. This uncertainty has also led to the stock market plunging 30% in the past few weeks, and the already weak home sales market has slowed to a crawl. Now there are predications of plummeting consumer spending and high levels of unemployment.

Transparency and Due Diligence

The root cause of this, one could argue, is the lack of transparency and due diligence. Financial institutions did not collect the proper information from people they were lending money to. Those buying packaged securities containing bad loans apparently didn’t really know what they were buying. Those engaged in credit default swaps didn’t really know the viability of the institutions they were insuring and didn’t have the capital to pay the defaults should an institution fail. Without the necessary transparency and due diligence then lies and deception go unchallenged, particularly when people are being dishonest with themselves.

But wait a minute! Wasn’t Sarbanes-Oxley (SOX) supposed to put an end to all that? Aren’t public companies, financial or otherwise, supposed to have internal control systems in place as well as checks and balances to prevent unrealistic, overly optimistic projections and reporting? Obviously, though well-intentioned, SOX has not been as effective as it should be in preventing fraud, abuse, and intentional ignorance. It apparently also has not been successful at encouraging organizations to implement effective financial internal control systems and improve corporate governance.

Proper Internal Controls

Transparency and due diligence are two positive results of a proper internal control system, which is required by SOX. While most SOX requirements are simple and straightforward (i.e., an independent auditor), the internal system mentioned in sections 302 and 404 seems to be little understood, and the cause of most of the confusion surrounding SOX. Yet, it is this provision of SOX which could have done the most to prevent our current crises.

A proper internal control system would have required that information provided by loan applicants be verified as accurate, and established that applicants had the means to repay the loan. An internal control system would have ensured the due diligence and transparency by investment banks and institutions buying these mortgages bundled into investment securities, which obviously didn’t happen. It would have required that those selling default swaps understand what they were insuring and that they have the means to back them up.

Not only are meaningful financial control systems apparently being ignored or misunderstood by those running many publicly traded companies, they are apparently ignored or misunderstood by auditors as well. Many of these companies, especially banks, had to have undergone several audits since SOX took effect. Can regulations like SOX be effective if auditing systems to ensure compliance aren’t effective?

What Lessons Can We Learn?

How well are internal control systems functioning in your business? We frequently point out that having an internal control system, whether for finance and accounting or for production, is not just about doing the minimum in order to comply with regulations like SOX or standards like ISO 9001. The goal of an internal control system is to improve an organization’s overall effectiveness and efficiency in order to achieve objectives across the organization; in finance, sales, design, manufacturing, and elsewhere in the organization.

When the only goal of a control system is compliance, then you are doing the absolute minimum. As we can see in this current example, basic compliance at the lowest level does not really protect your investors, your employees, your customers, and other stakeholders. Those banks and financial institutions, however, using an internal control system to continually improve and strengthen the organization, are much more to likely to be left standing when the financial world stops spinning. That is lesson we should all take to heart, no matter what kind of business we are in.

Is SOX working? Obviously not very well for many publicly traded companies who just did the minimum in order to comply. For organizations that took the initiative to put effective, meaningful internal control systems in place and created a culture of transparency and due diligence - it is probably working much better.

If you want to improve your internal control system, Bizmanualz is currently offering a $300 savings when you purchase our Accounting and Finance Policies, Procedures & Forms manuals together.  Our products will give you a head start by providing procedures based on industry best practices, and they come in an easy to edit Microsoft Word format.

    Email     Print    RSS

Posted on Monday, October 13th, 2008 under Sarbanes Oxley Compliance