The joke making the rounds at the NRFtech IT Leadership Summit in La Jolla, Calif., last month was about the “the full-employment act for consultants and attorneys” — otherwise known as the Sarbanes-Oxley Act of 2002. Of course, no one was laughing.
Sarbanes-Oxley is the legislative response to the financial disasters at Enron, WorldCom, Tyco and others. It requires all publicly traded companies to document in excruciating detail what safeguards they have in place to prevent financial malfeasance — from certifying what IT systems are being used to track all financial data and keeping written records of any changes in IT systems or application codes, to notifying shareholders if disruptions in product supplies threaten to have a substantial negative impact on upcoming earnings. Of course, it also requires chief executive officers and chief financial officers to personally sign off on the company’s financial statements.
The majority of requirements under Sarbanes-Oxley have already become law, though the deadline for complying with the most onerous of the mandates has been postponed until November.
For apparel retailers, many of which can ill afford to spend the time, money or human resources to comply with the law, the impact could be severe, ranging into the tens, if not hundreds, of thousands of dollars in new software, revised operating procedures and additional staff hours. But Sarbanes-Oxley, like it or not, is here to stay, so the only choice is to comply. Moreover, the extensive documentation required to comply with the law is not a one-shot deal. Retailers are required to comply with the act and file documentation every year.
Will these more stringent mandates protect against so-called white-collar criminal activity? Certainly better and more aggressive oversight and prosecution for criminal wrongdoing is called for. But Sarbanes-Oxley? The government, of course, is always an easy target at which to take potshots when things go wrong, especially when Washington steps in to fix things. But you really do have to wonder about this one.
“Wasn’t it the government that was supposed to be overseeing Enron?” one senior executive in mocking tones asked me at NRFtech. “Wasn’t it the government that was supposed to be protecting us from WorldCom? And from Tyco? And now these same people are going to tell us how to run our [retail] business and protect shareholders against wrongdoing? Am I missing something here?”
One serious impact of this law was made clear by the senior vice president and chief information officer of a multibillion-dollar chain. The executive, normally one of the more upbeat as well as straight-as-an-arrow types I know, was furious because his management team had mandated all nonessential IT implementation projects immediately be stopped and much of the IT department’s resources be devoted instead to ensuring compliance with Sarbanes-Oxley.
It could be that the retailer’s systems were in such bad shape that such drastic measures were needed to make sure the company could comply fully with the law. Or top management could have just felt especially jumpy about signing off personally on financial statements. But the retailer is known both for its IT system prowess and down-to-earth business philosophy, so I wonder if the details mandated by Sarbanes-Oxley had more to do with nervousness than any problems with IT. Moreover, the executive was far from the first person to share similar stories, to one degree or another, with me. It was just the most vivid and extreme.
Sarbanes-Oxley is a well-intentioned piece of legislation. Some greater enforcement or oversight measures were absolutely called for after Enron, et. al. No one argues with that! But the road to hell is paved with good intentions, as the saying goes (and as most of us have learned the hard way).
So how do you explain Enron, WorldCom and the others? Laws prohibiting and penalties punishing behaviors and activities deemed unacceptable by society are as old as civilization. Yet people — rich, middle class, poor — continue to break laws. Sarbanes-Oxley will not stop that.
“Good law, bad guidance,” said one senior vice president and chief information officer about Sarbanes-Oxley. Said another, when all is said and done, there’s “still going to be crooks” who find ways to skirt the system.
Most executives I talk to say they believe adherence not just to the letter but also to the spirit of existing laws is enough to protect against corporate financial fraud. Another senior-level executive at a major retailer told me at NRFtech that she had just endured a grueling yearlong Securities and Exchange Commission investigation into another company on whose board she sat. “It was an awful experience, but I am glad I did it. I would urge other executives to do the same thing. Because what it proved is that the [existing] system works. It really works, and that’s something we should all know.”
Let’s hope Sarbanes-Oxley deters would-be crooks from slamming shareholders. But let’s also hope the cure for the overall marketplace isn’t worse than the disease.
Marc Millstein is the editor in chief of Executive Technology.