Sarbanes-Oxley is going to process my company out of business

The BBQ Pit
21

I went there. It’s like saying, “Want to understand the conservative Christian opposition to abortion? Here’s a Bible; it must be in there somewhere.”

So what we have so far is a bunch of people whose corporate masters have put all sorts of BS requirements on them, and they’re blaming it all on Sarbanes-Oxley. Nobody can explain how S-O is the source of their problems; it just is. So I’ve got to believe paperbackwriter (who at least gets a good tune stuck in my head :)) when he says the hoops the OP and others here are jumping through aren’t required by the law at all, but are simply the vaunted efficiency of the free market at work, as personified by a gaggle of pointy-headed bosses.

22

OK, so a more accurate title would be “My company’s interpretation of Sarbanes-Oxley is going to process my company out of business.”

The rant still stands that I’m being processed to death.

23

One of the nicest things anyone here has said about me, and in the Pit yet! :slight_smile:

24

SOX will probably put the remaining Big 5 accounting firms out of business. It requires that they not only sign off on management’s numbers, but that they also attest that adequate accounting controls are in place to prevent financial misstatements.

That’s great for them right now, because they can charge beaucoup bucks for the additional audit work required. But accounting security is like computer security: no system is perfect. The next time someone figures out a way to evade whatever controls are in place to pull funny stuff with the numbers, the firms are going to find themselves on the receiving end of some big, fat lawsuits. Sayonara Big 5.

And SOX is a compliance nightmare. Congress requires that businesses certify to X, Y and Z without realizing how much effort is required to make that certification. Ironically, it punishes smaller companies more than larger companies, since larger companies are more likely to already have extensive information coordination systems in place due to their size.

RT can attribute the pain in the ass to pointy-headed bosses all he wants, the fact remains that no manager wants to find himself in the position of being out of compliance and thus they err on the side of caution and do more than is probably strictly necessary. The fact is, businesses right now don’t know what is “strictly necessary” and won’t know until the SEC starts enforcing failures to comply. In the meantime, it’s all educated guesses. And any sensible legislator should know that this is the likely (and sensible) response to this kind of legislation.

SOX has a noble goal at its core, but I do wonder if the costs it imposes will outweigh the benefits it actually provides. Time will tell, I suppose.

25

SOX is hitting our company big time. I just transferred out of the Finance department into our Regulatory Affairs group. But I keep in touch with my accounting compatriots, and they’ve been working weekends and nights for the past several weeks, and they are still far behind. We’ve got outside consultants in to help us document procedures, and plug any holes in our internal controls. We’ll probably spend a million dollars on them by the time this thing is through.

I know our IS department is having some major pains as well. I was lucky in that the budget process was mostly spared, and whatever heartburn they have to endure is happening now that I’m no longer in the department.

Funny enough, I also work part time for Weight Watchers, and they are getting on us to lock up our paperwork that has monetary value, and they are harrassing us to more accurately report our time (even though we get paid a flat fee, we’re required to time in and time out). I’m smelling SOX at the source of that one, too.

What a clusterfuck.

26

A friend of mine, a former CFO for a bank, maintains that S-OX will be more costly in the long run than all of the scandels it is designed in response to. I dunno if this is true, but I can say that our company is spending huge amounts of money to comply

27

Can I borrow his crystal ball? I want to know the Powerball numbers.
No, seriously any estimates of how much compliance with this is going to cost are very gross estimates. We went public at the same time that SOA was passed, so we should have had a double whammy from that combination. Yet we haven’t had major disruptions. It greatly depends on how good or bad your controls were and how fearful your CFO is. We simply have no idea, as Dwewey says, how much this is going to cost overall.

Although the liability aspect this imposes on not only accounting firms, but the execs themselves, is potentially frightening. That was sort of an intended side effect, though, wasn’t it? Am I just imagining remembering legislators talking about putting the fear of SEC into Corporate America?

28

The OP is singing my tune.

We’re in the middle of radically reworking every goddamn thing we do because of “SOX compliance.” We have no idea whether this is legitimate, but the Ernst & Young auditors are telling us we won’t pass at the end of the year if we don’t make these ninety-four zillion changes. (Because of this, I was going to argue with Dewey about the first sentence of his post, until he clarified. I agree, SOX is great for these guys right now. They get to spend hours and hours polishing their buttholes while we explain why we sent this email to this guy before we sent it to that guy. Whether Dewey’s right about the rest of it is an open question, but it’s certainly a massive clusterfuck of one sort or another just waiting to happen.)

Case in point: My IT group has to set up user accounts for the finance & accounting system. The finance group used to do it themselves, but that’s not SOX compliant. So now we get the request and we have to go scampering hither and yon first gathering all of the necessary information so the request is complete and then securing all the necessary approvals to complete the request. Some people have been waiting fucking WEEKS to get their signons so they can do their fucking JOBS. The biggest problem? When we go to the various stakeholders to secure their approvals, we are almost invariably met with the question: “What am I signing off on this for? Why am I involved? What is this again?” GAAAAAAAAAAAAAAAAAAAAAAAAAA

(By the way, I generally hate “stakeholders” as a bullshit buzzword, but it’s occasionally useful in context, such as describing the people who are helping to further fuck up an already fucked-up process. Heh.)

We’re going crazy jumping through these hoops… Actually, let me rephrase that. The auditors are holding up their hands and saying, “Jump! There’s a hoop there, trust me. We know you can’t see it, but you have to jump through it. There’s a good monkey!”

This is, no exaggeration, 50% of why I hate my job right now. (The other 50% is how my desk drawer keeps mysteriously filling up with taint beetles, but I wager that’s a subject for another thread.)

29

Our company had pretty good compliance procedures in place pre-SOX. Of course, that doesn’t mean that those procedures met the letter of the post-SOX requirements. Pretty much, SOX has turned my work place into *Office Space. * There are big annoyances, but I don’t want to list them here. Plus, the little ones are much more fund to gripe about! Herein are my petty annoyances:

**Irritation Number One: ** The New Job Start Form Signature Requirement.
We have to fill out a form before starting any job. The form is used to assign PO numbers and allocate spending to the proper budget line. In the past, we required one person with signature authority to sign the form. Once a month, managers would get a list of all POs for their various areas and the vendors listed. If anything looked amiss, they’d catch it quicky.

Now we need to get two signatures. Supposedly that’s to keep us from setting up a bogus payment to a brother in law or something. We aren’t allowed now to start even the smallest amount of work on any job without a correctly signed form (we used to be able to do everything up until the point we’d actually spend money). All fine and good, except the monthly reporting kept that in check before. Plus, there are some areas in my budget where my boss and I are the only ones with signature authority. If she’s out for a week, I have to wait till she returns to start a job. So for a week, a job we know will have to get done sits there waiting on a signature before we can even have a meeting about it.

Irritation Number Two: The Invoice Cover Sheet
This is where we really get into *Office Space * territory. We used to sign and date every invoice, write the PO number on said invoice, and send to accounts payable. Now we need to fill out a cover sheet and get two signatures (again an issue if one of the signatories is out of the office). The cover sheet itself isn’t required by SOX, but there are now multiple areas that need documentation of all payments. So, rather than having AP making copies, we need to fill out the sheet so the invoice can go to one area (it still needs to be signed–even with a signed cover sheet) and the cover sheet to another area.

It’s not a big deal except when you get in a hurry and forget the new cover sheet requirement and send an invoice for processing in the old manner. Red flags go up everywhere! The invoice is returned to you stamped “improperly submitted.” A memo goes to your boss with a cc to their boss stating that you have submitted an invoice without the proper documentation. And then, you need to respond to the memo stating why you were a doofus and didn’t comply with the cover sheet requirement.

Irritation Number Three: Project Justification.
Some areas require a written rationale before you can get money in the budget or assigned a PO number (supposedly fraud is easier in these areas or something). Market research is one such area. I can see needing to justify a $50,000 research project. However, the requirement is for all research–not just costly stuff.

Last week I wanted to order a white paper from an outside source. That type of activity falls under the heading “market research.” So it requires a justification memo. The darn white paper cost all of $28. I had to create a one page memo to justify spending $28. I had to get my boss to sign off on it. For a $28 purchase.

I was tempted just to buy the darn thing myself. Except that would probably cause even more problems.

And yes, in addition to the justification memo, I needed to fill out the Job Start Form (and get two signatures) before I could order the white paper. When I get billed, I’ll need to complete an invoice cover sheet.

I do know why some of these requirement were put in place, and I understand that for large ticket items, we need controls. It’s mostly a matter of my company (and probably others out there) having to quickly get into compliance. So we haven’t worked out all the bugs yet. We’ll probably evolve into a more workable situation over time. But for now, I’m writing memos, filling out Job Start Forms and completing invoice cover sheets (and getting two signatures on every damn one) for $28 purchases of white papers.

30

IANAL. You claim to be one. Put up or shut up.

31

I have no idea what you’re asking me to do here, and your mildly insulting tone is really unwarranted. I gather you want me to give you “the answer” as to what compliance is necessary. Which I cannot do.

The simple fact is, this is a new law. It has not been interpreted by any court, nor has it been interpreted by SEC in a case-specific way (i.e., they’ve only set out general guidelines). I can (and do) give advice on what the SEC and the courts are likely to do, but that is simply an educated guess on my part. I am a lawyer, and a pretty darned good one, IMO, but I’m not psychic.

A statute is meaningless until it’s been interpreted by a court or regulatory body. That’s just a fact of life. Proponents of the 1964 Civil Rights act swore up and down that it could never, ever be used to mandate the busing of students, and indeed there is nothing in its text to suggest that. Yet less than a decade later, busing is exactly what America got.

Given that fact of life, caution is in order. No-one wants to be the defendant in the test case determining the parameters of SOX.

32

Although it’s been implied in this thread (but I don’t think it’s been specifically stated), another “target” of this law is to have those who are fiscally responsible for the assets of a company also be legally responsible. This is the cause of all the signing going on. The signatories are attesting to the validity of “things” like costs, assets, cash transactions etc. If an audit reveals discrepancies, they are legally liable.

33

Wow. Thank you so much for this, because now when people at my company bitch about how tight we are with expenses (and believe me, we have very low spending authorities) I can bust out this example in a “See? Could be worse!” fashion.

Ay caramba.

34

Proposed Changes: I’m going to make modifications, both hither and yon. Recode queries and the like.

Affected Systems & Personnel: Just the folks who use this sucker, which would be the personnel who constitute this company.

Implementation, Specific Steps: Open database. Modify database. Close database.

Project Plan: Make changes. Suggest making changes. Indicate that I’m going to make changes. State that I have made changes.

Rollout Schedule: About 10 minutes ago

Backout Procedures: Open database. Change it back to how it was before. Close database.

Anticipated Negative Effects: Database was unavailable for end users during lunch break.

Strategy for Addressing Anticipated Negative Effects: Emailed end users informing them that database would be unavailable between 1:30 and 2:00 PM. Quote from “Bastard SYSOP from hell” prepared to read to any end users calling to complain during lunch break as consequence of not reading their email (not necessary this time).

Scope of Project: Wrote script in database to autogenerate this piece of shit you’re reading now, w/variations, and print out formatted as Sarbanes-Oxley compliance documentation every time I answer “yes” to prompt “Did you change anything?” when I close the damn database using author permissions.

35

And this is bad…how? Isn’t the whole POINT of an audit is to make sure adequate accounting controls are in place and to FIND any financial misstatements? It certainly IS NOT to sign off on whatever crap the company’s management hands them. If they can’t do their jobs then good riddance.

36

As fewer and fewer US companies see any longterm value in ISO compliance (though it would be nice to have them sign onto the spirit of ISO so there is a little consistency) I look forward to the day when ISO strangles the European Union’s economy. :smiley:

37

Did you read the rest of my post? In the VERY NEXT PARAGRAPH I explained why this is a bad thing.

38

This reminds me of ISO9000 about a decade ago…

39

I just got a request for SOX infomation. I know there are some questions that the answers will be,“We don’t know.” and the reason that is is that they did not follow my advice.

I know that my department has been using SOX as an excuse to tighten security, which is good. It is hard to say no at times to those who outrank you. Suddenly, people are more understanding as to why they don’t have access to everything.

In my last company the CFO mistyped an address and got an autoreply that he was not allowed access to that area. He sent a blistering email telling us to drop everything and grant full access to all the senior management to everything he could think of. We had to drop everything and do it. Bad idea. Access should be granted to those who need it and they should use it only as they need to to do their jobs. He only knew he was locked out because he made a mistake. That should make the SOX audits interesting. Why does the CFO have access to alter the accounting databases outside the normal interfaces? Because he asked for it!

40

No, you only said that it was a good thing for the accounting firms in the short term because they get to bill more hours. You did not get into how it’s their bloody job to keep up with the ways companies play with numbers, that if they had been doing their jobs Endrun et al would not have gotten away with it as long as they did, and that if they are caught up not doing what they were hired for (verifying numbers), what the accounting profession was created for (tracking numbers), and why they are allowed a large bit of self-regulation (investors are supposed to be able to trust the auditors) they deserve whatever bad may befall them.