Vol 2 (2005) - Issue 3

Article preview

The Sarbanes-Oxley Act

The UK has a long tradition of corporate governance, based on a legal requirement for listed companies to ‘comply or explain’ against the Combined Code of Corporate Governance rather than prescriptive legislation. Companies’ experience of the Combined Code is of generally easily understandable content which is focussed on high level principles rather than overly detailed rules, which is capable of being kept under review and up-to-date in line with best practice.

Before Enron and WorldCom, US corporate governance lagged behind that of the UK. However, since the Sarbanes-Oxley Act was passed, US corporate governance has the reputation of a very prescriptive and rules based approach to corporate governance. This impacts on UK and other foreign companies with listings in the US. The CBI opened an office in Washington at the time Sarbanes-Oxley was being adopted, and this has proved very timely and convenient in facilitating CBI lobbying, as the only major British trade association with a presence there. I have been over to Washington to meet with Commissioners from the Securities and Exchange Commission try to mitigate the impact of Sarbanes-Oxley in the detailed application requirements on UK listed companies who are also listed in the US and have had some success in getting the SEC to listen and consider change.

Section 404 Sarbanes-Oxley - internal control reporting

Whilst initial media attention was focussed on the requirement for the CEO and CFO to certify the accounts, CBI members’ main concern with Sarbanes-Oxley is regarding the section 404 requirement for a report by the directors on the effectiveness of the company’s internal controls and the detailed implementation requirements for testing of the internal controls (with apparently no weaknesses in tests being tolerated, however immaterial to the enterprise overall). This is in contrast to the system for internal control reporting in the UK, where companies are required to have systems in place that have to be reported on, but which are proportionate to the company and the risks which it faces. The board has the responsibility of making sure that the procedures are in place to allow for proper risk management but is not expected to micromanage.

What is more important than detailed rules is to ensure the appropriate exercise of power. However, the fundamentals of US corporate governance are still perceived by the outside world to consist of weak shareholder rights, with a lack of investor leverage to prevent corporate greed. The CBI does not believe that detailed rules under Sarbanes-Oxley would prevent another Enron. Other factors such as the tone from the top are equally important. However, the current rules are diverting management time away from value adding projects and thus are not in shareholders’ best interests.

The rules on section 404 reporting introduced by the US Public Company Accounting Oversight Board (PCAOB) have defined a material weakness in internal controls as ‘anything other than a remote likelihood’ of a restatement of any information in the accounts occurring as a result of a failure, and this is felt to be particularly unhelpful (not to mention tautologous!). Dealing with risks based on the basis of a remote likelihood not only imposes huge costs but also makes this a ‘nitpicking’ process, the very nature of which seems to get in the way of any potential success for internal control reporting as a useful management and shareholder tool.

The company’s advisers are naturally reluctant to state that most risks are only a remote likelihood. This means that companies are concerned that they may have to disclose all manner of ‘weaknesses’ which are in reality not perceived as being closely related to the real risks facing the business. The experience of US companies now making their first filings will be important in reviewing this.
Companies feel that the PCAOB audit standards and guidance implementing the Sarbanes-Oxley Act are contradictory and inconsistent. There is very little commercial perspective or feel for balance as would come from a more principles-based approach similar to the UK Turnbull Guidance. The PCAOB’s rules based approach is exacerbated by the current lack of guidance with respect to these standards, which has caused external auditors to take a very conservative interpretation when applying the standards in practice.