SOX And Related Reforms: Where Are We?

As we reach year-end 2004, it is appropriate to take stock (pardon the pun) of the corporate governance reform initiatives reflected in the Sarbanes Oxley Act of 2002 and its regulatory progeny.

Internal Control

Much has been written and continues to be written about Section 404 of Sarbanes Oxley. That provision requires public companies to provide a report regarding the sufficiency of their internal controls as part of their year-end annual report. The company must also provide an attesting report to be prepared by the company's auditors. The SEC has staged and then delayed more than once the initial compliance dates. Initially, only so-called accelerated filers must comply, with all other filers receiving an eight month deferral. As it stands now, implementation has been delayed such that the first significant deluge of Section 404 reports will be filed in the annual reports for accelerated filers having a year end of December 31, 2004.¹

The loudest complaints to date regarding Section 404 focus upon the extraordinary expenses associated with compliance. Companies have found it necessary to expand internal staffs, hire outside accounting firms and/or consultants and increase the fees payable to outside auditors. Initial predictions of the cost of Section 404 compliance, that it may equal the cost of the year-end audit, could very well represent a significant understatement, especially in the first year. Yet, beyond the expense associated with Section 404 compliance, there are other, somewhat more hidden legal and social costs. The hidden costs of Section 404 compliance include:

• Divergence of Attention. Year-end is typically a time of high stress and substantial time demands for financial and legal personnel. Imposing Section 404 obligations on top of existing year-end obligations has not only made life miserable for financial and legal personnel. it also expands the risk that mistakes may be made. That stress is only intensified by the accelerated filing periods for annual reports described below.
  
• Unworkable Solutions. The Wall Street Journal recently reported on a company whose consultants insisted that complicated passwords be used by employees to access computers in order to prevent financial fraud. Unfortunately, many employees found the process so cumbersome that they wrote the passwords on Post-its on the computers. We are aware of a company being advised that it could not do certain calculations on Excel because it was not sufficiently reliable. Many are concerned that Sarbanes procedures go too far and miss business reality.
  
• Strained Relationships. Pre-Sarbanes, a company's auditors were also trusted business advisors, who could help less expert inside accountants find the right answers and the correct reporting positions. In the push for independence, executives and accounting personnel are now unable to get advice from these auditors, losing a valuable resource to the company.
  
• Unintended Effects. One of the principle purposes of Sarbanes Oxley was to shore up investor confidence in the capital markets. One can only wonder about the impact of an announcement by a company that it is unable to issue a clean Section 404 report. A skittish market may punish the market price of that company's stock disproportionately for information that it would never have known a year ago. Shareholders with investments in such companies could become innocent victims of these regulatory initiatives.
  
• Litigation Risk. If the market reacts negatively to an announcement that a clean Section 404 report cannot be given. the next shoe to drop will be the plaintiffs' class action lawsuit. No doubt, if there is a significant market reaction, plaintiffs' lawyers will consider whether the applicable company should have been aware of its internal control weaknesses sooner and should have disclosed those weaknesses more recently than at the time that the Section 404 report is filed.²

Periodic Reporting

In an effort to reach the goal of "real time" reporting. the SEC implemented during the past year its reform measures relating to 8-K reporting. The SEC not only reduced the time period between the reportable event and the initial filing date for most 8-K events to four business days, but also significantly expanded the types of events that must be reported. Among the most significant of these modifications, the 8-K rules now require immediate disclosure upon the execution or termination of a material contract, upon the issuance of unregistered securities and in connection with various significant business events. This initiative serves to "level the playing field." While many companies have felt compelled to provide public disclosure at such events in press releases, other companies were previously able to justify non-disclosure on materiality grounds.

Closely akin to the acceleration of 8-K reporting, Sarbanes Oxley spawned the SEC's efforts to reduce the time a company has to file quarterly reports on Form 10-Q and annual reports on Form 10-K. Initially, the SEC mandated that accelerated filers take no more than 75 days after year-end to file their annual reports and take no more than 40 days to file their quarterly reports, as opposed to the then existing 90 day and 45 day deadlines. In the following year, the time periods were to be reduced to 60 days for annual reports and 35 days for quarterly reports. On November 17, 2004, the SEC retreated from its 60 day and 35 day filing deadlines, Specifically, the SEC deferred for an additional fiscal year the time when such accelerated reporting obligations would commence, so that currently, the 75 day and 40 day deadlines remain in place.

Over the years, auditors have become increasingly concerned of the time gap that may exist between the announcement of quarterly earnings and the filing of the related SEC periodic report. The longer the gap in time, the greater the likelihood that an issue may surface which calls into question the results reported in a quarterly earnings release. Any difference between earnings reflected in a quarterly press release and the final numbers reflected in a Form 10-Q or 10-K represents fodder for plaintiffs' counsel. In that respect, the acceleration of Form 10-Q and 10-K filing deadlines may be consistent with "best practices." On the other hand, as the SEC expands the scope of disclosures that must be made in connection with the filing of quarterly and year-end financial statements, there is a significant tension between the regulatory desire for expedited disclosure and the regulatory desire for full and complete disclosure. Over time, companies are likely to revise their procedures so that they may comply with expediting filing requirements. In the meantime, however, the ability to make full and complete disclosure may suffer in instances when a company's disclosure processes are rushed because of insufficient time.

Independence And RelatedRequirements

Sarbanes Oxley, the SEC and various self-regulatory organizations have combined to impose various independence and related requirements on the boards of directors of public companies. As part of proxy preparation procedures, as well as Section 404 compliance, public companies should take steps to assure that they comply with applicable independence and related requirements. At a minimum, public companies subject to such requirements should assure that their Board minutes reflect the fact that the independent members of the Board have met in executive session on at least two occasions and should assure that there have been no changes in the personal circumstances of individual directors that would result in such directors ceasing to be independent. While less significant from a disclosure standpoint, the passage of time may result in certain non-independent directors becoming "independent."

While the specific means for assessing independence compliance are not prescribed, we believe that many companies will expand their standard director and officer questionnaires to cover independence issues. Thus, for example, a NASDAQ listed company may ask its directors whether or not they can confirm that:

• The director is, or during any of the past three years was, employed by the company or any parent or subsidiary of the company.
  
• The director is a Family Member (as defined in the Nasdaq rules) of an individual who is, or during any of the past three years was, employed by the company or any parent or subsidiary of the company as an executive officer.
  
• The director or any Family Member receives in the current year, or received during any of the past three fiscal years, payments in excess of $60.000 from the company, its parent and its subsidiaries.
  
• The director or any Family Member is a general partner in. or a controlling stockholder or executive officer of, any entity which, during the current fiscal year or any of the past three fiscal years, received from, or made to, the company payments for property or services in excess of five percent of the recipient's gross revenues for that year, or $200,000, whichever is greater.
  
• The director or any Family Member is part of an interlocking relationship. An interlocking relationship will exist for a director of Company A if an executive officer of Company A serves on the compensation committee of another entity which employed the director or a Family Member of the director as an executive officer at any time during the past three years.
  
• The director or a Family Member of a director is currently a partner of the company's outside auditor or, at any time during the past three years, worked on the company's audit either in a partner or employee capacity.

If these questions are asked in a true-false format, companies should consider asking non-employee directors to specify what other factors may make them not independent. Companies should recall that such questionnaires typically represent the beginning, and not the end, of an inquiry. Affirmative determinations of independence should be made from time to time by the boards of public companies, viewing all facts and circumstances. The key to good governance is not meeting a formulaic test, but being able to truly act knowledgably and independently.

Charter Compliance

Board committees derive their authority from resolutions or charters established by their board of directors. Particularly in the case of charters, companies and directors should be concerned about the compliance risks that arise when Board committees fail to perform each of their designated tasks. Counsel to such committees (if they exist) or other inside or outside counsel should take steps to assure that charters are drawn in a manner to clearly articulate that which is performable (e.g., beware of the task to "ensure" that any requirement will be fulfilled). Where necessary, overly broad charters should be re-submitted to the applicable Board to assure compliance will be possible.

Board members, attorneys and accountants continue to feel their way through the new world of Sarbanes Oxley. Despite the fact that two years have passed since adoption, it is clear that there is no one set of "best practices" yet that can apply to all companies, and that companies will continue to try to balance the desirability of perfect reporting and a 100% fraud-free world with the costs of compliance and the reality that there are limits to what any set of systems can achieve.

¹The SEC recently announced that issuers with a public equity float of less than $700 million will be permitted an additional 45 day delay for filing Section 404 reports, given the extraordinary time pressures being experienced by public accounting firms. The relevant annual report must be filed timely, however.

²Some companies have drafted disclosures in their third quarter 10-Qs pointing out the possibility that they may not be able to obtain a clean Section 404 report. We suspect that while such a disclosure may be helpful, there will be other issuers which did not make such disclosures and which will be unable to render a clean Section 404 report.