So much for “better luck next year.” A new survey of public companies indicates that a solid majority of them will struggle through Sarbanes-Oxley compliance in 2005 much as they did in 2004: understaffed, overworked, and awash in a sea of manual controls that require expensive testing and remediation.
Hopes that last year’s inaugural efforts at compliance would lead to more automated testing this year have not delivered, according to the poll of 247 auditors at large companies. Instead, nearly 60 percent say they will plod through Section 404 testing this year using the same painstaking methods as last year.
Will
“The results of this survey mirror what we heard last year,” says Harald Will, chief executive officer of ACL Services, a Vancouver maker of data-analytics software that commissioned the survey. “While internal auditors overwhelmingly favor adopting the technology of continuous monitoring and auditing, organizations frequently don’t seem ready or willing to back them up.”
And though readers should be warned that Will's company has a stake in the survey's results—ACL markets continuous controls monitoring solutions—a Compliance Week review of the study and independent conversations confirm that SOX 404 expenses don't appear ready to drop significantly this year, and that controls automation doesn't appear to be a short-term priority.
Hartman
A separate annual survey on SOX compliance costs shows sharp increases in fiscal 2004, especially for small and mid-sized companies. “The increase in audit fees has been continuous… and really took a ramp upward this year,” says Thomas Hartman, a partner at the Milwaukee law firm Foley and Lardner, which conducts the annual survey. “We attribute that to 404.”
Taken together, the two trends underscore how the effort of Sarbanes compliance can still outweigh the goal of good governance at many corporations. Some large businesses have edged towards automating compliance, Hartman notes, but many others “still have a lot of heavy lifting to do in the future as they try to streamline operations.”
Asking Difficult Questions
Whether that heavy lifting will translate into even higher costs in fiscal 2005 and beyond remains unclear. Staffing the internal audit function at many companies remains a challenge, and replacement of financial systems at most has not even begun. Similarly, as companies try new technologies for “continuous auditing” or expand their focus from internal controls to more broad enterprise risk, they might incur more costs.
Harris
On the other hand, with Section 404’s risk assessments and documentation now complete, those expensive tasks generally need not be repeated. “My expectation… is that you should see significant reduction in expense as you forward now,” says James Harris, president of the Seneca Financial Group, a turnaround firm in Connecticut, and a board member of El Paso Electric Co. and Peregrine Systems Inc. “If you don’t, you ought to be asking very difficult questions as to why.”
Harris declined to say precisely how much either $708 million El Paso or Peregrine has spent on Section 404 compliance. He did estimate that any business must spend at least $750,000 to $2 million on Section 404, and said both companies were in step with that range.
To most financial executives, Hartman’s findings will come as little surprise. Among them:
Being Public—In fiscal 2004, the average cost of being public for a company with annual sales of $1 billion or more was $14.3 million, a 45 percent increase from 2003;
Audit Fees—Audit fees increased an average of 84 percent for small-cap companies, 92 percent for mid-cap companies;
Board Costs—Directors fees at small-cap companies rose 17 percent;
Private Talks—The number of companies considering going private to avoid Sarbanes costs edged up to 21 percent, from 20 percent in 2003;
Attitudes—Eighty-two percent of surveyed executives said Sarbanes and other corporate-governance reforms are too strict.
Just last month, Nasdaq vice president Edward King told a Securities and Exchange Commission forum that the demands of Section 404 “are not always commensurate to its benefits, especially with regard to smaller public companies.” Various SEC commissioners have also talked about regulatory relief, although the agency is in flux right now as it waits for its new chairman, Christopher Cox, to take office.
Quantifying Value
Berkowitz
“For the money… it is somewhat hard to see the value day-to-day,” admits Joanne Berkowitz, chief risk officer at PMI Group Inc., a $1.06 billion mortgage insurer in California. “A lot of companies are still struggling to quantify value, and still will be this year.”
Berkowitz, however, insists that PMI will not be among them. After spending $2.04 million on audit fees in 2003 and $2.09 million in 2004, the company has hired four new internal audit employees this year and brought its documentation and most of its controls testing in-house. Berkowitz now aims to cut 2005 compliance costs by 30 percent.
Why bring those functions in house now? Because, Berkowitz says, guidance on Section 404 compliance was unclear and PMI had to take cues from its auditors; today the company knows what is expected. “Now in Year 2, we really have a template,” she says.
Harris at Seneca Financial minces no words for those who complain about compliance burdens: “Some companies should not be public.” He expects more companies to go private or pull their registration statements.
While exact numbers are difficult to find, plenty of small companies are doing just that. Vermont Teddy Bear, with $55.8 million in annual sales, announced in May that it would go private by September. Just last week, California-based Aspect Communications agreed to be acquired by privately held Concerto Software in a cash-for-stock deal valued at $1 billion.
According to Foley & Lardner’s Hartman, more such moves will follow. “This is a real number,” says he. Taking a company private may be difficult, but “I think people really are going to do it.”
The surveys by ACL and Foley & Lardner, as well as related coverage, are available from the box above, right.
No comments yet