From the I’d-rather-watch-paint-dry department: That conservative outfit still arguing that the Sarbanes-Oxley Act is unconstitutional has, yet again, lost a court dispute and vowed to appeal. 

Earlier this week, the U.S. Court of Appeals for Washington, D.C., voted 5-4 not to review the case, which argues that the structure of the Public Company Accounting Oversight Board violates the appointments clause of the U.S. Constitution. And because SOX lacks a severability clause, if that section of the law establishing the PCAOB ever were ruled unconstitutional, the whole of Sarbanes-Oxley would go out the window.

This is the third consecutive legal defeat for the plaintiffs, the Washington D.C.-based Free Enterprise Fund and Las Vegas accounting firm Beckstead & Watts. They lost in federal court last year and lost an appeal to a three-judge panel of the D.C. Circuit in August. Now they’ve lost again, and (naturally) they have vowed to appeal to the U.S. Supreme court. Beckstead & Watts, by the way, was once previously discplined by—you guessed it—the PCAOB.

Here’s the painful truth, folks: As much as you may detest the Sarbanes-Oxley Act, it’s here to stay. Congress does not want to revisit this can of worms. The judiciary doesn’t want to revisit this can of worms. Even if the plaintiffs do appeal to the Supreme Court, and by some miracle the court decides to hear the case, arguments won’t happen at least until late 2009, and by then we’ll probably have at least one new justice anyway pulling the court back from its rightward tilt.

This case is going nowhere. One wonders what the Free Enterprise Fund’s stance is about frivolous litigation …

Corporate America had its first glimpse into the Obama Administration’s thinking yesterday with the news that Eric Holder, a partner at the law firm of Covington and Burling, will be nominated to be our next attorney general. Sure, we’re still in the rumor phase of this news, but the Obama team hasn’t made any mistakes yet and isn’t going to bungle its first Cabinet announcement now. This guy is in.

The appointment is a telling one for compliance executives. Holder spent his early years as a federal prosecutor, U.S. attorney, and judge in Washington, D.C. In the Clinton Administration, he rose to be deputy attorney general (that is, No. 2 in the Justice Department under Attorney General Janet Reno), overseeing all the department’s litigation and enforcement matters. Holder has also been a high-level adviser to the Obama campaign. Regardless of your particular political views, you have to admit that he has the chops to be attorney general under a President Obama.

Of real import to us, however, is what Holder did while working at the Justice Department in the 1990s: He drafted the “Holder Memo” on the criminal prosecution of corporations—the Justice Department’s first-ever attempt to articulate how it evaluated a company’s cooperation in a criminal investigation.

Many would say the department has been trying to do a better job of that ever since. The Holder Memo (1999) begat the Thompson Memo (2003), which begat the McNulty Memo (2006), which begat the Filip Memo in place today. Each memo has successively tried to weaken what general counsels hate the most: the concept that waiving attorney-client and work-product privilege is necessary to be deemed “cooperative” and avoid prosecution. (The Filip Memo isn’t even a memo, but a series of revisions to the Principles of Federal Prosecution of Business Organizations that U.S. attorneys use.)

Like all good former Justice Department officials now in private practice, Holder insists that he never intended the waiver provision to metastasize into what it is today. For the sake of argument, however, we’ve dug up the relevant original text:

In determining whether to charge a corporation, the corporation’s timely and voluntary disclosure of wrongdoing and its willingness to cooperate with the government’s investigation may be relevant factors. In gauging the extent of the corporation’s cooperation the prosecutor may consider the corporation’s willingness to … disclose complete results of its internal investigation, and to waive the attorney-client and work-product privileges.

What does that language really mean? I have no idea, and neither do you. But the important thing for compliance officers is that Holder does know what it means; he wrote it. Presumably he’ll abide by the current practices of the Filip Memo (at least, until some other deputy attorney general pens yet another memo in the future) which dictate that any request to waive privilege be approved by some high-level official in the Justice Department. Holder will be able to tell his deputies and U.S. attorneys exactly what he expects for waiver requests—and while Corporate America might not like what he communicates, at least we should have clarity. That would be better than what we have now.

All you internal auditors out there, take note: PricewaterhouseCoopers has published a paper clarifying what you ought to do with your life.

Titled “Internal Audit: An opportunity for transformation,” the paper suggests internal audit departments should shift their focus to auditing business risks to protect shareholder value. For too long, the authors say, companies have relied on financial models or credit ratings to gauge risks, and now those methods have turned out to be bogus. Companies should return to old-fashioned due diligence—and thus, enter the internal auditor.

Internal auditing always fascinates me, because when I started writing for Compliance Week, I assumed corporations already knew what internal audit departments were supposed to do and how to put them to work. In the intervening years, I’ve found just the opposite to be the case; nobody knows whether internal auditors should be in charge of Sarbanes-Oxley compliance, financial controls generally, or whatever else comes to mind. To PWC’s thinking, business risks and shareholder value are the new black for internal auditors. Someone else will propose something different next quarter, I’m sure.

On one hand, the idea of internal auditors prowling around for business risks and protecting shareholder value strikes me as sensible. After all, somebody has to do it, and too often that person is not in the corner office. (Anyone doubting this should ask a General Motors shareholder what he thinks of CEO Rick Wagoner these days.) And internal auditors do have a knack for assuming the worst, finding the weakness, or browbeating the masses into compliance. Those are all useful traits when it comes to passing judgment, and that’s what gauging business risk is all about.

Then come my doubts. Investigating business and strategic risks sounds a bit beyond the pay-grade of your average internal auditor. I’m also not entirely clear on how one “audits” a strategic risk, anyway. For example, what sort of documentation do you need to confirm that GM’s insistence on making large vehicles is risky? I’ve always thought those questions could be answered by exercising common sense, but that’s been in short supply around Corporate America for years.

I don’t mean to disparage PWC’s report; its suggestions are worth considering and they highlight a problem that does need to be addressed. But at its essence, the question is whether internal auditing departments are best used to audit changes in operations, as PWC suggests, or to audit adherence to policy, as most departments have historically done. I don’t know what the right answer is. Do you?

I’ve always thought that Barack Obama really clinched the White House during the third presidential debate—you know, the one starring Obama, John McCain, and Joe the Plumber.

Obama impressed me during that debate for all the usual reasons: his well-thought and well-articulated policies, his clarity, his demeanor. But above all I was impressed with how he let McCain insert Joe the Plumber into the debate, and rolled with it. I’m sure that in some small part of the brain behind that constantly pleasant face, he was thinking: “Are we really going to talk about this plumber guy? Well, OK.”

There’s a lot compliance executives (and all corporate executives, really) can learn from that attitude.

The challenge of corporate governance isn’t understanding what regulations you need to obey; it’s figuring out how to blend those compliance chores into your business operations. All good executives—chief compliance officers, general counsels, Securities and Exchange Commission chairmen, presidents—come into their jobs with a vision and an agenda of what they want to accomplish. Then the agenda gets shot to hell by real events. Too often, that’s where momentum ends; people sink into quagmires of arguments and ideas about how to respond to those distractions. The mark of any effective leader, however, is pursuit of his or her goals despite the distractions.

Obama did that in the third debate and throughout the whole campaign; hence, he’s going to the White House. Compliance executives need to develop that same skill of fixing on the overarching goal despite all distractions, if they want to maintain effective compliance programs and prosperous businesses.

I harp on this because many more distractions are about to come your way. For all the promise an Obama Administration holds, these are Democrats. They hold all levers of political power right now, and most Americans are deeply frightened of their economic circumstance. You may operate the most ethical corporation in the country, or know Sarbanes-Oxley compliance cold, or have flawless corporate accounting—still, policy changes are coming. Your agenda is about to be shot to hell.

As an editor, I look forward to the coming year. The Obama Administration will bring new people, new plans, new proposals, and new regulations. At the very least, your job as a compliance or governance executive will be different—at worst, it will be much harder. Do you have a strategy for achieving effective compliance while the agenda goes to hell? Does your board? Whatever your answer is, do your shareholders know it? Or are you, and your company, at risk of sinking into the quagmire of today’s problems?

As to what the future of corporate governance holds, we shall see that in due time. Compliance Week will be there every step of the way reporting those changes and offering as many resources as we can to help you do your job more effectively, of course. But so far, Obama has set a pretty good example of the skills a worthy compliance executive should have.

One bit of political flotsam flushed away in last night’s blue deluge: U.S. Rep. Tom Feeney of Florida. 

Feeney, a three-term Republican from central Florida, has been an outspoken critic of Sarbanes-Oxley and specifically of applying its notorious Section 404 provisions to small companies. Well, he lost last night. Democrat Suzanne Kosmas drubbed him out of town by a 57-41 margin. 

Feeney co-sponsored legislation in 2007 to delay Section 404 for non-accelerated filers until the end of 2008. That bill went nowhere, and ultimately the SEC decided to extend the deadline—for Section 404(b), the requirement for an auditor’s attestation on internal controls—until the end of 2009 anyway. But Feeney had been a reliable voice against Section 404 for six years. Notably, he also opposed the Wall Street bailout legislation. Anyway, he’s unemployed.

On the bright side for Section 404 opponents, Scott Garrett did hold onto his House seat in northern New Jersey. He was the other co-sponsor in that Section 404 legislation, and presumably will remain on the House Financial Services Committee, where he waged his anti-SOX battles. 

One last bit of political errata this morning: One of the many rumors around Washington and here in Boston is that Sen. John Kerry might take a position in Barack Obama’s cabinet, possibly as secretary of state. Kerry is chairman of the Senate Small Business Committee and a reliable opponent of extending Section 404 to small companies—so if he leaves the Senate, someone else will need to pick up that mantle. But there’s more: When it seemed that Kerry might win the White House in 2004, Massachusetts changed its law so that a vacant Senate seat is filled by a special election within 120 days. At the time, one rumored candidate for replacement was U.S. Rep. Barney Frank, now chairman of the House Financial Services Committee. 

I don’t believe Kerry will be offered a position in the Obama Administration. And if he does receive an offer, and he accepts, I don’t believe Frank will give up what is now one of the most important committee chairmanships in Washington. But stranger things have happened.

You’ve got to feel a bit of sympathy for SEC Chairman Christopher Cox these days. The SEC faces a Gordian knot on the regulatory front, certainly. But the SEC also faces a deeper, more serious political crisis: It is becoming irrelevant in the conversation now occurring across Washington to decide what should happen next. Cox is on the outside looking in, and that is not where any policy-maker wants to be. It is not where companies regulated by the SEC—that would be you—should want him to be, either.

The Cox Irrelevance Factor has become apparent in any number of ways recently. Foremost, you could see the irrelevance by not seeing Cox himself in the numerous Congressional hearings lately into the Wall Street meltdown. That hearing of the House Oversight and Government Reform Committee, where Alan Greenspan was grilled for four hours? Cox was there; he just received scant attention. His testimony consisted of a) giving a history of how regulators, himself included, missed the scope of the crisis; and b) calling for a merger of the SEC and the Commodities Futures Trading Commission. That’s pretty much it.

For financial reporting executives, however, the Cox Irrelevance Factor is surfacing in more subtle ways that also make your job more frustrating. Those plans to unveil a final mandate for XBRL technology in financial reports? Nowhere to be seen. That roadmap to adopt International Financial Reporting Standards for U.S. companies? Lost in the great glove compartment of bureaucracy. Even the SEC’s annual ritual of delaying Sarbanes-Oxley compliance for non-accelerated filers isn’t happening. When a Republican-tilted SEC can’t muster the willpower to give into the U.S. Chamber of Commerce, you know things are bad.

At this point, one has to wonder whether any of the promised major SEC initiatives will happen at all. Cox’s term ends on Jan. 20, 2009. Three of his four fellow commissioners have less than a year’s experience on the job. All evidence indicates a Democratic president is going to name a Democratic chairman to replace him, and that person is likely to have very different ideas about what the SEC’s priorities should be.

So why fight for roadmaps and blueprints now? After all, those decisions are only going to be revisited in three months, and the critics will only give you grief for spending time on them rather than the crisis at hand. It’s wiser simply to stick with the corporate accounting basics. At the New York Society of Securities Analysts meeting this week, an SEC accounting fellow talked of materiality thresholds and judgment frameworks as the order of business at the SEC these days. That’s not huge, but every little bit helps, right?

The Big Picture has gone on the road to Washington, D.C., to attend the XBRL International annual conference. SEC Chairman Christopher Cox is scheduled to speak this morning, and rumor is he might unveil the SEC’s final rule for mandating XBRL use in financial reporting. I suspect that’s not true, since the credit crisis has left the Commission scrambling to tend to other matters. But we’ll be blogging later today or tomorrow to give you all the latest.

Incidentally, if any Compliance Week readers are attending the conference and want to meet, please shoot me an e-mail at mkelly@complianceweek.com.

UPDATE: The SEC has not proposed a final rule to mandate XBRL in financial reports. Those of you holding your breath until XBRL technology arrives, please resume respiration.

A clue emerged this morning, when conference organizers announced that Cox had been scratched from the schedule. To be fair, the chairman does have more pressing items on his schedule these days—but the practical upshot for us is that no final rule is here, and we have no idea when one will arrive.

David Blaszkowsky, Cox’s chief henchman on all matters XBRL, did address the audience today. He gave the usual boilerplate we’ve heard at XBRL conferences for several years about the wonders of the technology … and then dodged the question of exactly when the Commission will unveil a final rule. His only hint: “very soon.”

That sort of statement requires an <obscure> tag, if I understand my XBRL taxonomy correctly. I’m off to bug the vendors for some free pens.

Who knew they still had it in them? Forty-three years after Winston Churchill passed from the scene and at least 15 years since the Rolling Stones put out a respectable single, the Brits are back at the helm of world leadership!

First, Prime Minister Gordon Brown proposes to combat the credit crisis by direct government purchase of stock in distressed British banks—socialism that would make Margaret Thatcher defect to Argentina, yes, but still the most intelligent idea out there. Within days, voices across Europe and the United States start to say publicly what everyone already knew: that U.S. Treasury Secretary Hank Paulson’s bailout plan bordered on daffy, and direct injections of capital in the banking system would jumpstart the credit markets much more efficiently. Next thing you know, the Treasury Department pulls another weekend shift to draw up a U.S. version of the Brown Plan, and Wall Street opens 450 points higher on Monday morning. Boring men everywhere rejoice that one of their own has finally succeeded at something.

But the British may not be done yet. The U.K. Financial Services Authority published a “Dear CEO” letter on Monday that squarely warns financial firms to re-examine their executive pay policies. The three-page missive explains to boards and CEOs that while the agency ostensibly “has no wish” to wade into the minefield of setting CEO pay, it does want to ensure that pay policies are aligned with sound risk-management principles and with risk tolerances spelled out by each company’s board. My favorite gem from the letter:

We believe that given the events of the past year firms recognize the need to review their remuneration policies and to take steps to change them if necessary. We believe that in working with the industry we can assist and encourage this process.

Translation from the Queen’s English into American vernacular: “Everyone knows you screwed up, and you have even less political capital than you do financial capital. Fix this or we’ll fix it for you.”

The FSA letter should surprise nobody on either side of the pond. The British government has become a shareholder in its banking industry, and like any other shareholder, it now wants to exert influence. A polite “Dear CEO” letter is a quintessentially British way of going about the task, but make no mistake about why the FSA is sending out such a warning: because it has the newfound political muscle to do so.

We can already see the parallels forming here in the United States. The bailout legislation passed two weeks ago allows for the Treasury Department to buy stock in U.S. banks directly (who slipped that into the bill, anyway?) and contains a few mild admonishments for greater scrutiny of CEO pay. Shareholder activists want stronger curbs against pay abuses, and Democrats in Washington seem to be in full agreement. The only major difference between Britain and the United States is the greater political context: They have Gordon Brown running the government, and we have George W. Bush.

But we won’t have the Bush Administration for long. You might want to start watching the BBC for ideas about what could come next.

As many of you already know, Compliance Week hosts its annual reader conference every June. We strive to provide a comprehensive look at all things related to compliance and corporate governance, which isn’t exactly easy. (You try fitting financial reporting, risk management, internal auditing, and SEC enforcement into a two-day agenda sometime. And that’s only half of what we squeeze onto the plate.)  Compliance Week 2009, our fourth annual conference, will be held June 3-5 in Washington, D.C., at the Mayflower Hotel. And while that date is still nine months away, we’re already deep into planning the conference and pondering what should be on the agenda.

That’s where we need your help.

For the first time, we’ve formed an advisory board to steer the tone, topics, and agenda for the conference. The board is comprised of compliance, risk, audit, finance, and legal officers at public companies; all of them subscribe to Compliance Week, and most have participated in (or attended) our past conferences or workshops. Among the membership:

• Robert Brewer, chief compliance officer at Office Depot;
• Dave Farrell, chief ethics and compliance officer at Yahoo;
• Jon Hoak, chief ethics and compliance officer at Hewlett-Packard;
• Pat Sheller, chief compliance officer at Eastman Kodak;
• Glen Cusano vice president of corporate compliance and audit at JetBlue;
• Neil Frieser, vice president of internal audit at Frontier Communications;
• Vanessa Vargas-Land, chief compliance officer at Chiquita Brands;
• Jean Bua, corporate controller of American Tower;
• Wayne Brody, chief compliance officer for Arrow Electronics;
• Cynthia Schmitt, vice president of ERM at Pitney Bowes;
• Gary Kabureck, chief accounting officer at Xerox;
• Richard Robbins, general counsel and corporate secretary at Morningstar.

We limited the advisory board to public company executives, as they comprise our core audience of readers and conference attendees. We also sought a cross-functional group—hence the diversity of titles such as general counsel, chief accounting officer, vice president of internal audit, compliance officer, and ERM leader. We also tried to span industries, and deliberately tried to focus on sectors that typically don’t get a lot of attention (opposed to, say, a certain financial sector hogging the spotlight these days). So we have voices as diverse as Office Depot, Raytheon, McDonald’s, JetBlue, and Morningstar, plus many others I didn’t have room to list above.

Sometimes advisory boards are more spectacle than substance; that’s not the case here. Over the next few weeks, Compliance Week Publisher Scott Cohen and I will be hosting a series of calls with the board (most likely divided into sub-committees for financial reporting, legal, audit, ethics, and so forth) to pick their brains about what is on their minds and what should be on our 2009 conference agenda.

As we shape that agenda, we’ll keep Compliance Week readers informed on this blog and elsewhere on our Website. We’ll want your feedback then—but we also want your input now. What do you want to see at the 2009 conference? What do you discuss when you call up colleagues to talk shop?

We want to know. Always feel free to send an e-mail to me or to our publisher, Scott Cohen, and let us know your thoughts.

Behind every spectacular corporate meltdown, there’s an auditing firm sweating bullets.

Little surprise, then, that when the entire financial sector melts down, all four of the Big 4 auditing firms start to sweat. Each one has (or had) at least several clients in the financial sector that have recently been forced into acquisition, government oversight, or bankruptcy. That means greater litigation risk—as you can see from this story in Compliance Week, the sub-prime lawsuits have barely begun—and the probable loss of a client engagement. That can’t be fun. For our amusement here, however, I’ve compiled a short list of recent financial failures and who the auditing firms were:

• AIG: PricewaterhouseCoopers
• Bear Stearns: Deloitte
• Countrywide Financial: KPMG
• Fannie Mae: Deloitte
• Freddie Mac: PricewaterhouseCoopers
• HBOS (Bank of Scotland): KPMG
• IndyMac Bancorp: Ernst & Young
• Lehman Brothers: Ernst & Young
• Merrill Lynch: Deloitte
• Wachovia: KPMG
• Washington Mutual: Deloitte

That’s four failures for Deloitte, three for KPMG, and two each for Ernst & Young and PwC. Deloitte looks particularly bad here, since it has the distinction of auditing the largest bank to fail so far (WaMu), the investment bank that started this panic (Bear Stearns) and one of the two largest banking companies in the whole mess (Fannie Mae).

Deloitte confirmed in August that it was laying off 900 people, about 2 percent of its total staff. Over at the ever-popular blog Re:The Auditors, rumors are running rampant of a much larger wave of layoffs coming sometime soon.

Stay tuned, folks. The Sarbanes-Oxley Act was supposed to start an era of lifetime employment at the Big 4; the credit crisis seems to have ended it.