Bill Teuber prickles a bit at the notion that the landmark Sarbanes-Oxley legislation has forced major reforms within EMC Corp. “I think about internal controls all the time; I didn’t need the law to get me to think about them,” says the CFO of the $5.4 billion information-storage giant. For the past decade, Hopkinton, Massachusetts-based EMC has carefully tracked its financial results with monthly closes and updated forecasts, says Teuber. In the same spirit, his regional controllers have been attesting to their compliance with EMC’s procedures since mid-2001 — before Enron imploded. Teuber has also been thinking about financial transparency since being promoted to CFO in 1998, breaking down revenue streams by product classes rather than broad categories, and disclosing the quarterly earnings impact of stock options as early as July 2002.
Yet by the end of the year, EMC will have spent more than $1 million and thousands of man-hours complying with two of the main statutes in the Sarbanes-Oxley Act of 2002 — Section 404, related to internal controls; and Section 302, mandating CEO and CFO certifications of quarterly financial statements. Teuber won’t even speculate on the price tag for full compliance, except to say “it’s not insignificant.” Moreover, he doesn’t expect that burden to lift, thanks to ongoing testing and disclosure requirements. “Even maintenance mode will require a sizable effort,” he says.
Like Teuber, CFOs across America say they are spending more time and money trying to shoehorn existing practices into legally acceptable formats. Forty-eight percent of companies will spend at least $500,000 on Sarbanes-Oxley compliance, according to finance executives who participated in a recent CFO magazine survey. Unlike Teuber, however — who sees the increased internal-controls documentation as “a chance to get best-of-breed solutions in our sales offices across 50-plus countries” — other CFOs (nearly 40 percent) see the increased burden as having “very little” or “no effect” on their current processes. Moreover, only 30 percent believe the benefits outweigh the costs.
In fact, many CFOs, such as Borland Software Corp.’s Ken Hahn, who expects to spend $3 million on compliance — including having some 25 percent of Borland’s employees sign papers “saying they’re not doing anything wrong” — see Sarbanes-Oxley as nothing more than “an efficiency tax.” Stephen P. Bishop, CFO of Berkshire Hathawayowned NetJets Inc., speaks for many when he says the “documenting and papering” of internal controls for Section 404 compliance will result in little “value-add.” And E. Follin Smith, CFO of $4.7 billion Constellation Energy Group, goes so far as to say the law could eventually make the “fear of personal liability so great that managers are afraid to take risks on innovation.”
Indeed, many finance executives believe that in seeking to curb the freewheeling ways of the likes of Enron, Tyco International, and WorldCom, Congress has committed some excesses of its own. Part of the problem, of course, was the haste with which the law was written. “If Congress had given the [Securities and Exchange Commission] more time to promulgate the regulations and the SEC had given companies more time to comply, costs would have been lower,” says Goodwin Procter LLP partner Steve Poss. Instead, by rapidly legislating a whole set of processes, the law has become a windfall for auditors and lawyers and a time drain on overburdened finance departments. Moreover, the liability implications have “put people so on edge that they’re looking over their shoulders all the time to see whether they’re perceived as doing the right thing, not whether they are doing the right thing,” says LCC International senior vice president and CFO Graham Perkins. “I don’t think the legislators really understood all of the adverse consequences.”