Perspective: Sarbanes-Oxley: Tech's big complaint of 2005

Silicon Valley is never short on opinions, especially when it comes to explaining why the government should butt out of its affairs.

But few are bold enough to go on the record when the subject turns to Uncle Sam's fumbling--real or imagined.

Not so, when the issue is the Sarbanes-Oxley Act.

SOX became law nearly two-and-a-half years ago, in the wake of a string of corporate financial scandals that nearly wrecked public confidence. The idea was to force companies to eliminate "creative accounting" and accurately report what was going on. SOX also carried the threat of penalties if the folks at the top of the company--the chief executive, the chief financial officer and the board of directors--failed to certify that the numbers were accurate and that they had reviewed internal controls, identifying any concerns they might have come across.

Straight shooting, honesty and full disclosure--that's right up there with motherhood and apple pie. Who could argue against? For all the good intentions, however, you don't find many CEOs giving glowing testimonials about the wonders of SOX.

The reason: The law is making them miserable.

SOX is costing technology companies time and money in ways the bill's authors could have never imagined.

I know--who has sympathy after all the shenanigans uncovered the last few years? But it's not as if these guys pine for the days when corporate crooks looted their own companies with impunity. Nobody of sane mind is itching to spend quality time with Bernie Ebbers in Cellblock 27. They simply worry that the law has everyone looking over their shoulders.

Typical corporate whining? Some surely is. But this groundswell is more than the predictable backlash against heavier government regulation.

In the tech industry, SOX is viewed as something on the order of the Curse of the Cat People. CEOs can't imagine the bill's supporters ever thought SOX compliance would cost this much time and expense. If they did, then it would be right to storm the halls of Congress.

"We spent $1.6 million on Sarbanes-Oxley and got, maybe, $1.60 in value," recalled a frustrated Harold Hughes, the chief executive of Rambus.

I feel the guy's pain, but he got off easy. Another CEO at a much larger tech company told me his quarterly spending on SOX amounted to several times that amount.

"It's costing us a fortune," said the executive, who asked to remain unidentified. "I'm spending a lot of time on things where my attention would usually be focusing what the shareholders want me to do--which is running the business."

Spreading pain
The resentment extends to the venture capitalist community, though that was to be expected. After all, this is a red-meat constituency that still pines for the go-go days of the late 1990s. (Hey, greed dies hard.)

SOX also has reached beyond the confines of the VC world. For instance, it's not now unusual to see IPOs get delayed by a quarter--or longer--because of the scramble to meet SOX compliance rules. What's more, money that might otherwise get invested in infrastructure or sales instead gets earmarked for meeting regulatory requirements.

"This is a heavy ongoing burden," said Christopher Lochhead, chief marketing officer at business technology optimization company Mercury Interactive. "It's not like Y2K. There's no finish line. It's kind of like the gift that keeps on giving."

This groundswell is more than the predictable backlash against heavier government regulation.

Some gift. Lochhead offers the example of what might happen when there's a new government stipulation. To comply with the change, companies will need to modify their own business processes--and that's guaranteed to become an expensive headache. Most sophisticated compliance systems are already automated, so this inevitably becomes a major IT project. Leave the aspirin bottle close by.

Get used to it, because SOX is not going away. So what about the future? Most companies got through SOX 1.0 with chicken wire, tape, lawyers, money and lots of prayers. That won't cut it next time around. They'll need to find ways to build systems that are scalable and auditable.

The silver lining here is that practice makes perfect. In time, companies should be able to get their systems into shape without needing to turn the place upside down. They really don't have much choice. More than ever, they understand that the acceptable risk of getting things wrong is zero.

Face it: It's a new world.

Biography
Charles Cooper is CNET News.com's executive editor of commentary.

More Perspectives

SOX being applied to IT project methodology?

Has anyone else's company gone off the deep end on on QA documentation supposedly to be in compliance with SOX?

We're to the point that it takes about a day to produce the various change documentation for a one line code change. And the "QA" department says that we are being told by third party auditors that we have to be this inneficient in order to be in compliance with SOX.

And it's not like these rules are only being applied on systems that maintain the companies financial data, it's being applied accross the company. Why does SOX care if I widen the description field on the product table allowing them to have a 5 character longer style name for a pair of shoes?

[furl12]

QA doc instead of real change?

>Has anyone else's company gone off the deep end on on QA

Funny you should mention that. I?ve also noticed that QA personnel are one of the primary beneficiaries of SOX.

Most of the promotions into executive and managerial ranks recently has come from people with a QA background. That?s pretty unusual historically ? and it?s not good. These people tend to see detail *rather* than substance and they work with a very short horizon. But they do love documentation.

On the other hand, our CEO is still living his playboy lifestyle at employee and stockholder expense. So SOX hasn?t really changed anything, has it?

[TomMariner]

Big enough cost to be fatal.

Not only are we in the US abandoning tech in favor of "management" but we are scuttling any chance of catching up! Much of the rest of the world is socially emphasising technology and streamlining while we let our "lawmakers" make those who protect us from our own government the most important people in the company.

Talk about throwing out the baby with the bathwater. But it does get great headlines and get attorneys general elected to even more powerful posts. Bernie Ebber's "fraud" also included putting together the majority of Internet pathways in the nation -- but the stock tanked and the dude's going to be rooming with Bubba! And Verizon is laughing all the way to the bank.

[JLBer]

New world != Deal with it

Just because this ridiculous law, which was enacted only to make lawmakers justify their position to their constituents, is the way things are does not mean that we should just bend over and grab our ankles. Either this law is too far-reaching or it's interpretation is too far-reaching. In either case, this law needs to be changed. All laws can be repealed or modified.

It's absolutely ridiculous that I need to wait two weeks for a change control to go through a commitee just to make a single change in /etc/system or /etc/services for no reason other than that system contains financial data. Commenting out TELNET or adding POP or increasing shared memory space has zero to do with any financial shenanigans of the higher-ups.

Once again, another feel good, "hey, let's look like we're doing something" law is making life hell for everyone -- except the lawmakers. It must be good to be the king, or kings in this case.

The CEO's should direct their anger at their peers

Maybe if they weren't so greedy they would not be in this position... I'm all for making momney, but there is a point where you just can't squueze out any more profit unless you reduce something, like accountability, services, or quality.

[Michael Grogan]

This law is the result of years of ...

...Corporate greed and dishonesty. Don't expect the rest of us to shed a bitter tear because the jerks refused to police themselves and adopt a few ethics. (Remember that word, used to mean something)

Also a boon to the industry

Just like HIPPA, SOX is helping to keep tech jobs here in the US. Watch the government legislation, and follow the money to see who benefits the most and you'll get a better sense of why these bills are coming along now. The new Supercomputing Bill is probably going to be another example of a government initiative designed to stabilize a segment of the economy.

1.6 Billion for Rambus? Oh Please

---------------------
"We spent $1.6 billion on Sarbanes-Oxley and got, maybe, $1.60 in value," recalled a frustrated Harold Hughes, the chief executive of Rambus.

I feel the guy's pain, but he got off easy. Another CEO at a much larger tech company told me his quarterly spending on SOX amounted to several times that amount.
--------------------

Yet you link to another cnet article about how total SOX spending was estimated to be 5.5 Billion in 2004. Those CEO's are plainly lying to you Charles.

[charlie cooper]

CORRECTION: Million, not billion

you're right -- not that they lied but that the number's off. huge typo. should be "million. making the correction now. Thanx for the catch

[jv]

Execs nead to get there IT house in order

Emotional reaction to regulation causes executives to blow the budget. Story at 11.

The term SNAFU comes to mind. I have seen this repeatedly in corporate IT. Executives look at each requirement as a "new" system instead of looking at how they can bring the existing system into compliance.

Most moern companies had little trouble with SOA. Corporate lawyers and accountants set the rules and IT provided the adjustments to the accounting work stream and, as Emeril would say, "Bang! Another notch!"

[jv]

d

d

[jimg45]

Re: Execs Need to get their house in order

Perhaps they should, perhaps they, in reference to those who would bring about a need for legal intervention, should get themselves in order before handing directives down to their subordinates. Personally, I view the initial implementation as a fiasco with little of the plain English the law its self demands regarding changes in financial structure. Perhaps, the punishment should go to the crminal instead of the masses.

Crying all the way to the bank

Crying all the way to the bank is better than crying all the way to jail.
This saves honest tax payers a lot of money.
Trails and fancy jails are payed for by honest tax payers.
Enron stock holders are crying for them also,may be thay can get some help from them to repeal SOX.

[rdean]

The winners = the auditing industry

Those corporations and government contractors (even if they're privately held) that are forced to comply with SOX get very little value out of the process of complying.

Look at it this way. If I know 1+1=2, what value is it for me to write Principia Mathematica to show to an auditor so that they know we know that 1+1=2?

[goldfrap]

sox and audit

The problem is when i know that 1+1 = 2, but shows that 1+1 = 3. And there are people who cant figure this out without the auditors help!

Probably for the better

If you've been employed in the corporate world anywhere you've run into this one. The middle manager whose biggest concern in the entire world is whether you have all the pencils on your desk pointed the same direction. Or one who fears that if your shirt isn't tucked in the way they want it done that the entire company will come crashing down.

These are the people who wind up in middle and thus upper management. These are the people who outsource jobs overseas to save bucks this quarter and lose customers by the millions.

No, not every manager is like this, but a significant percentage is, otherwise you wouldn't be thinking of that person or persons you've had to work under who fit my above description.

These are the people made miserable by SOX. They now have something to occupy their time and so pencils are laid on desks every which way and shirt tails are coming dangerously close to hanging out of waistbands. THE WORLD AS THEY KNOW IT IS UNDER THREAT! Of course they would be upset. They have something they are now responsible for getting done and handing in at a set time. Something they can't slough off on an already over-worked underling. THE HORROR!

Let's face it. Companies run better when managers have to stop nit-picking their underlings work habits and let them be productive, getting done the actual product and service of the company. Since the only people who seem to believe they are doing real work are the boys in the suits who don't contribute a damn thing to productive work time then who gives a rat's behind if they are inconvenienced?

[rdean]

Not so...

SOX only requires that there be a paper trail. It *should* force every level of management to know what's going on and being involved in the process, but those managers that want to avoid doing work are going to find ways around this one as well.

[open-mind]

SOX SUX

SOX processes burden the grunts most by creating mountains of
red tape and bureaucracy. Basically wastes tons of time and
effort without preventing Enron-style dishonesty. The only ones
that benefit from SOX are consulting/auditing firms like PWC.
Big money for them.

[landlines]

SOX should have been applied to government programs first!

Social Security, Medicare, and Unemployment Insurance administration are just a few of the programs we'd love to see SOX'd!!!