News Stay informed about the latest enterprise technology news and product updates.

Former SEC chair is SOX fan -- with exceptions

On the third anniversary of the 2002 Sarbanes-Oxley Act, former SEC chairman Arthur Levitt praises SOX but admits it needs some fixing.

WASHINGTON -- Former U.S. Securities and Exchange Commission chairman Arthur Levitt said he believes the financial reforms imposed on companies by the Sarbanes-Oxley Act have been "well worth the cost," providing important protections for businesses and the investment community.

"If you have any doubts about this, ask those thoughtful shareholders in any of those 586 companies that disclosed material weaknesses in internal controls during the first four months of the year. I'm sure they will tell you that expenditures made in complying with Rule 404 is money well spent," said Levitt, addressing reporters this week.

Levitt's comments, made this week at a conference in Washington, D.C., sponsored by BindView, a Houston compliance software provider, come amid a growing chorus of complaints from companies and legislators alike about the cost of complying with the 2002 corporate reform act.

Latest Sarbanes-Oxley news

New rules for year two

SEC changes that matter?

The numbers have been well publicized. AMR Research Inc. estimates spending on compliance regulations will exceed $15.5 billion in 2005 and $80 billion over the next five years. Companies will spend $5.8 billion in 2005 on SOX requirements alone. A much-cited study by University of Rochester professor Ivy Xiying Zhang estimates the indirect total market value costs of SOX at an astounding $1.4 trillion.

A champion of investor rights, Levitt served as chairman of the SEC under the Clinton administration at a time when Congress had little appetite for financial regulations. He said SOX could be improved upon. Rule makers need to pay close attention to its impact on small business. But those who are calling for a rollback of the law are "shortsighted," he said, reminding the audience that the current regulatory environment grew out of "the most deregulatory Congress in the history of America," and as a direct consequence of the massive corporate fraud at WorldCom.

"These very same lawmakers sounded like latter day evangelists as they called for regulatory fixes following WorldCom that were more Draconian than any commission had every dreamed up," he said, not concealing his disdain.

Does the legislation mean the country is not going to see another corporate fraud? "Of course not," Levitt said, but companies that continue to push for reforms, "will not only strive individually" but reap the benefits of a "strong market built on transparency, accountability and trust."

In addition to Levitt, the BindView panel included Everett Johnson, international president of the Information Systems Audit and Control Association (ISACA); Dave Richards, president of the Institute of Internal Auditors (IIA); John Parmigiani, former chairman of the Health Insurance Portability and Accountability Act (HIPAA) security standards team and health care compliance consultant; James Foster, deputy director of security for technology services provider Computer Sciences Corp.; and BindView founder Eric Pulaski.

To the question posed -- Do the costs of compliance outweigh the benefits? -- the regulatory experts on BindView's panel, perhaps not surprisingly, were mostly in agreement with Levitt that business is better off for compliance.

"I think Sarbanes-Oxley gets a bad rap, but in reality as a person who deals with controls every day, we find much more benefit than cost," said the IIA's Dave Richards.

Citing the IIA's recent survey of 171 practicing internal auditors, the IIA's Richards predicted the cost of SOX compliance should continue to go down. "Looking below the surface, we found that 10% to 15% was learning time; 20% was spent on doing the documentation, and 15% to 20% was spent on remediation. "Is this likely to recur every year? I don't think so," Richards said.

In addition to providing good employment for some of his organization's 107,000 worldwide members, Richards joked, SOX gave focus to a problem that "should have been on the agenda many years ago." Onerous as they are, the requirements of Section 404 provide consistency, methods of compliance and a written record that can be referred back to measure progress, he said. Most importantly, the financial controls will become embedded in the company, with a "broader understanding by operations people and management of their responsibility for the controls."

Richards, like Levitt, was also clear about the limitation of SOX.

"The Sarbanes-Oxley Act is not going to stop corporate fraud. That has to start with management, with the processes of the organization, with its values, with people stepping forward and saying, this isn't right, this is not what we believe. The culture has to start at the top and go down to the janitor. That cannot be legislated, I don't believe," Richards said.

Signing off on financial controls that are factually correct is not the same thing as running the business right, he said. If management is serious about running an ethical company, Richards added, they will sign off on the company's operating controls.

Dig Deeper on Risk and compliance strategies and best practices

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.