Congress Missing the Point, Yet Again

Matt Kelly

October 03, 2011

Print
Email
Reprint
Text: A | A | A

More The Big Picture

Another week, another foolish attempt from Washington to impose a simple solution to our economy's complex problems. And as usual, the Sarbanes-Oxley Act is right in the middle of things.

Witness legislation from a gaggle of Republican Congressmen that seeks to exempt far more companies from Section 404(b) of the Sarbanes-Oxley Act. Their bill would exempt all companies with market capitalization of $500 million or less, and exempt all companies from $500 million to $1 billion for the first five years after their initial public offering. Just days later the Senate countered with its own anti-regulation bill, the Regulatory Time-Out Act, proposing a one-year moratorium on pretty much every new regulation any agency might want to impose on anyone.

Yes, government regulation is a pain, and we all want faster, easier paths to achieve prosperity. But let's remember the central thesis of the anti-regulation crowd: that rules such as Section 404 obstruct capital formation and market liquidity. Small companies can't go public, IPOs go elsewhere, the United States loses is economic vitality, and we all suffer.

That would be convincing logic except for the small detail that it contradicts reality. This country is awash in capital. Corporations are sitting on more cash than ever before, and many of the largest literally have more money than they know how to spend. Hedge funds and private equity funds are in the same plight: too much money, chasing too few opportunities for quick return. More than 200 companies are currently in the IPO pipeline in the United States, the largest number in at least 10 years.

The truth is that companies aren't going public because the markets are volatile, and won't necessarily deliver the quick riches company insiders want. Groupon, for example, has not postponed its IPO because of the high cost of going public; it postponed because regulators questioned its kooky ratio for measuring alleged profits and investors were starting to fear that its business model won't be sustainable over the long term. Hopes for a quick cash-out evaporated, and so the registration statement went back into mothballs. It should stay there.

Likewise, private equity funds aren't buying small companies because that would entail actual hard work to cultivate them over the long term, when their limited partners want fast returns—so the private equity firms invest in hedge funds, who then gamble in high-frequency trading to score those quick profits.

Nowhere in any of this mess are people sparing a thought for rigorous cultures of growth, business conduct, and long-term prosperity. Granted, none of these bills will ever get passed due to Washington's paralysis anyway, but even if they did, little would change because they don't address the real problems causing our economic engines to seize up.

On the other hand, if businesses did have to audit their internal controls over financial reporting prior to the recession of 2001-03, or if we did have stronger regulation of derivatives trading prior to the mortgage implosion… Well, I don't know how that might have affected capital formation or the IPO pipeline for the last decade, but I'd be willing to wager that our economy would be healthier than what we have today.

In Other News…

Why, funny you should ask about the update to the COSO Internal Control-Integrated Framework. As it so happens, I do have some fresh news on that front.

We last saw every internal audit department's favorite control framework at the start of 2011, when COSO announced a sweeping effort to bring the framework into the modern age. The need could not be greater; COSO unveiled the landmark document in 1992, long before technology marched into the center of corporate operations and 10 full years before the Sarbanes-Oxley Act was passed. We've seen a few supplements since then, such as the 2006 guidance for internal control over financial reporting at smaller public companies, and the 2009 guidance on monitoring internal control. But for most public companies seeking to document effective internal control over financial reporting, as required by Section 404 of SOX, the go-to blueprint is still a COSO framework developed when cutting-edge technology was the fax machine.

Now word on the street is that an exposure draft of the updated COSO framework should arrive sometime next month. I haven't seen a draft personally, but one well-placed spy tells me that the new framework will put a heavy emphasis on auditing management judgment and IT controls. (Of course, if anyone on COSO's development committee would like to violate your own IT controls and leak a draft to us, my email address is at the top of the page.)

What should compliance officers do with this new draft when it arrives? Speak up! The internal auditing crowd always comments on proposals like this, which is excellent—but that can also lead to a final control framework skewed heavily toward internal audit's line of thinking. Corporate compliance hardly existed as a function back in 1992, so if you want to have a voice in the next-generation COSO framework coming along, this will be your opportunity. Take advantage of it.

Compliance Week Podcasts ...

Every week we chat with leading thinkers in compliance, auditing, risk management, public policy and more. These short (10-15 minutes) interviews are free to all. Follow Compliance Week podcasts on iTunes.

Compliance Week LinkedIn Group

Compliance Week now has a companion group on LinkedIn, where members can network and discuss the compliance and governance news of the day. Open to all compliance professionals, free to join.

Survey of the Week

Deloitte is conducting their annual Look Before You Leap: Managing Risks in Global Investments survey to better understand the approaches companies are taking to address compliance and integrity-related risks in emerging markets.