Twelve thousand accountants are already working on Sarbanes-Oxley projects in the UK, according to recent estimates. These professionals will be working on the 200 or so British companies that have US listings, or any US-listed company with UK operations.
With that number guaranteed to rise further, and with the average Sarbox compliance project estimated to cost an average $1m for every $1bn of revenue, the new compliance regime is certainly big and definitely expensive.
Over the past few months, the first batch of accounts, for which the controversial and much-feared regulation applies, have started to be published. Any company with a direct or indirect listing with the SEC is affected.
UK companies that also have a listing in the US will now have until the financial year ending on or after 15 July 2006 to comply with the controversial section 404 on internal controls. The previously stated deadline of 15 July this year had already focused minds intently on the task ahead, prompting many UK public companies to observe the US experience with such intense interest.
Despite the year’s grace, many companies are planning to comply earlier, saying they cannot afford to let the momentum drop. At the same time, competition with US businesses means the onus is on them to be compliant by the end of the financial year.
Sarbox emerged immediately post-Enron in an attempt to end corrupt US accounting practices, amid cries of ‘knee-jerk reaction’, of ‘corporate governance gone mad’ and concerns that regulators were taking the proverbial hammer to crack a nut. Its critics warned that it would threaten public companies’ ability to compete, especially against competitors from economies in the ‘much less regulated Far East’.
The general, more measured view is that Sarbox compliance is an onerous, expensive and painful exercise that benefits very few, given that fraudulent corporate activity is, let’s be fair, pretty rare. And this is what makes the pain particularly unbearable: the belief that compliance is simply something that UK plc has to put up with, and pay for, but that brings nothing particularly positive.
But organisations could be missing a trick. Blinded by the cost of Sarbox, they are in danger of missing opportunities to create value, or at least minimise the cost of compliance. For many businesses, a Sarbox compliance project will be the first time that they have gone through such an in-depth and holistic analysis of their internal financial processes.
Sarbox is not limited to the ins-and-outs of your accounts. It touches on procurement and logistics processes, IT systems and also HR processes and how they impact on financial processes. Never before will the organisation have had such a clear snapshot of the internal workings of the business. This enables management to identify areas for improvement in a way they simply would not have been able to previously.
Given the amount that UK plc invests each year in programmes designed to achieve improvements in service/product quality, performance and cost – ‘lean manufacturing’ and six sigma are just two aimed at sharpening the business’s competitive edge – surely there is a role for the process and culture change driven by Sarbox compliance?
What compounds this view of all pain and no gain is that those who ‘pay’ most for the change, gain least. From senior management and the finance team right through to the frontline staff, these are the people paying in increased workload, in-depth reviews of core activities and enforced changes to their working lives.
Those that benefit most are the executive and (particularly non-executive) directors, internal audit departments, regulators and politicians, investors and, let’s not forget, third-party consultants. It’s only really the investors from this group that bear the financial costs.
As any change management expert will tell you, it is the mismatch between the winners and losers that builds barriers to change. Only when the costs and benefits are aligned will businesses embrace Sarbox, rather then view it as an uninvited guest that refuses to go home.
The original intention driving Sarbox might have been to drive a change in attitude to internal control and probity. The opportunity, however, is to combine this with driving culture change around lean processes, for the direct benefit of the business. It’s an opportunity to drive a ‘lean culture’ ethos deep into all corners of the organisation.
If companies choose to do the bare minimum necessary for compliance, little can be realised in the way of added benefits. Those that grasp the opportunity will be much fitter to fight against those competitors that do not.
For UK companies looking ahead to their first year of Sarbox compliance, let us hope they are encouraged to approach the mammoth task focusing on the gain, more than the pain.
For those facing their second year of Sarbox compliance, with a year’s experience of the process under their belts, there could be scope for a more structured, cost-effective approach to be considered next time around. Sarbox compliance is not a one-off event; it is an ongoing process and its aim is to entrench a new attitude within corporate life
Chris Beer is managing director of Resources Global
Simon Wright of CareersinAudit.com discusses how an effective cyber defence force is critical to businesses worldwide and how internal auditors can make the transition to a new career in cyber security
The FRC has said that the investigation will 'consider, but not be restricted to, issues regarding misstated accounting balances'
Craig Maxwell joins the audit and assurance team in Scotland
Stephen Grayson to join the audit department in Manchester