At least one piece
of the Dodd-Frank legislation now has a ribbon neatly tied around it: the
Securities and Exchange Commission has issued its rules to exempt small
companies – generally those with less than $75 million of common equity – from
having a separate independent auditor’s report on their internal control
assurance under Section 404 of the Sarbanes-Oxley law.
(For her
customarily concise and lucid summary, see Edith Orenstein’s FEI
Blog.)
I’ve been quiet on
Dodd-Frank. Why not? Unmanageable in its creation, incomprehensible in its
enactment, unpredictable in its consequences, as it was. Who could work up an
appetite to ingest such a pigs’-breakfast of law-making?
Small companies may
say, with the night watch in Hamlet’s Elsinore, “For this relief much thanks.”
But marginal tinkering with the mis-begotten obligations of Sarbox 404 will
matter less, and for different reasons, than are usually put on view.
To start, the toxic
post-Enron environment in which Sarbanes-Oxley was enacted in 2002 has
effectively immunized its impositions from critical cost-benefit evaluation.
Persistently asking the wrong question – “Has the quality of corporate reporting
actually improved since the days of WorldCom and HealthSouth?” – not only
ignores the built-in cyclicality by which outbursts of scandal are purged by
self-cleansing returns to virtue. It also leaves unasked the proper question: “Is
that reporting better than if Washington had done something else – including
doing nothing at all?”
More importantly,
can any scarred survivor of the last three years of Bear-Lehman-Fannie-Freddie-AIG-Merrill
– the most disruptive economic period since the Great Depression – argue
seriously that auditors’ reports on the “out-of-controls” of those fallen
industry giants actually made any positive
contribution to systemic safety, stability or credibility?
In that dreary
context, of course, it makes perfect rational sense to give small companies a
“Get Out Free” card.
That’s because, as
I was advised about parenting strategy when our daughter was born: “Little
kids, little problems; big kids, big problems.” A new father’s worries escalate, from the essentially trivial inconvenience of an infant’s colic or
spilled oatmeal, on to little league injuries and a teenager’s driving safety,
up to college admission and the launch to the challenges of adulthood.
In the same way,
the fewer zeroes on a balance sheet, the lessened likelihood of systemic impact
of mis-behavior that makes a difference. “Out-of-control” at a Koss or an American
Apparel may be inconvenient for a limited constituency, and provide grist
for the mill of the plaintiffs’ securities class action lawyers – but otherwise
doesn’t matter in the great scheme of things. It’s altogether different when
the entire global financial system can seize up under the effects of a
threatened, undetected and undeterred collapse at an AIG or a Lehman.
History and
experience teach that regulatory systems designed and applied under motives of
political correctness over the fat part of the compliance curve are wasteful
and ineffective – whether aimed at school truancy, auto emissions or corporate
disclosures. Instead they will fail to identify and address the “outliers” that
actually prove disruptive – the SEC’s sorry performance in regard to Bernie Madoff
and Allen
Stanford make the case.
Section 404 reports
on small companies were never any more likely to be effective by way of
detection or deterrence for small companies than they have proved for the
large. So it was an inevitability that inflicting Sarbox 404 auditor reports on
small companies would have been largely an exercise in even further futility.
If regulation has not worked for the big and dangerous, in other words, how can
it be good or useful for the small and irrelevant?
Drab as it may
seem, finding negative comfort that at least our legislators have stumbled into
a way to avoid making a weak situation even worse, there is both logic and
benefit in leaving bad enough alone.
Thanks for joining this dialog. Please share
with friends and colleagues. Comments are welcome, and subscription sign-up is
easy, both at the Main page.
Jim,
What you don't mention when you ask, "Can any scarred survivor of the last three years of Bear-Lehman-Fannie-Freddie-AIG-Merrill – the most disruptive economic period since the Great Depression – argue seriously that auditors’ reports on the “out-of-controls” of those fallen industry giants actually made any positive contribution to systemic safety, stability or credibility? " is that in none of these cases did auditors cite a going concern opinion in the year before their failure. In addition, in only one of those cases was a material weakness cited in internal controls over financial reporting (AIG). I considered that move too little too late and basically a CYA activity on PwC's part. All the while they let the elephant in the room - the ongoing dispute over valuation of CDS insurance contracts sold by AIG and purchased by Goldman, both PwC clients, go unresolved until AIG fell apart and GS eventually got their money.
So I contend that it was not the lack of efficacy of Sarbanes-Oxley but the limp application of it by the auditors and the absence of enforcement of this discipline on the part of auditors' regulators that is to blame. SOx is a good law but not worth the paper it is printed on if no one weilds it on a timely and sincere basis.
Posted by: Francine McKenna | September 26, 2010 at 03:48 PM
Thanks Francine. As is often the case, we appear to be on the same page. It could be said that "going concern" and SOX 404 were, during the recent turbulence, related elephants -- cousins perhaps -- going unrecognized in the same room, and for related reasons.
At the top level where this discourse should be taking place is, I urge, the fundamental issue of what type of financial assurance our society is prepared to demand, and to pay for -- and how can a sustainable audit function be designed and regulated to make that delivery -- the present system being so demonstrably ill-suited to the task.
Posted by: Jim Peterson | September 26, 2010 at 04:31 PM
@Jim
We are, as you say, in agreement on the main point - the lack of value delivered by the current audit product under the existing business model.
Posted by: Francine McKenna | September 26, 2010 at 04:42 PM
Perhaps if there were not just four large public accounting firms (nearly three) controlling the marketplace, then maybe quality would improve and cost decrease.
Thanks you, Jim and Francine.
Posted by: William Brighenti | September 26, 2010 at 07:00 PM
William -- Thanks for the thought -- an understandable but unfortunate example of the "nirvana fallacy" -- that is, wishing as if that could only make it so. For well-discussed reasons, limitations of scale, expertise, resources and risk tolerance mean there will be no additions to the Big Four -- and regulators concede that they have no effective policies to enable new entrants.The problems facing tomorrow will have to be addressed with today's roster of players.
Posted by: Jim Peterson | September 26, 2010 at 08:29 PM