Counting Up the Effects of Sarbanes-Oxley

More than a decade after its inception, the effects of Sarbanes-Oxley seem, if anything, beneficial, say Harvard's Suraj Srinivasan and John C. Coates. Why then do so many critics remain?
by Julia Hanna

Widely deemed the most important piece of security legislation since formation of the Securities and Exchange Commission in 1934, the landmark Sarbanes-Oxley Act of 2002 was born into a climate still reeling from the burst of the high-tech bubble and fraud scandals at Enron and WorldCom.

Its intent was to improve corporate governance and restore the faith of investors, but many in the business world spoke out against SOX, viewing it as a politically motivated overcorrection that would lead to a loss of risk-taking and competitiveness.

“The big, unanswered question is whether SOX-related changes had any impact in the lead-up to the financial crisis.

HBS Associate Professor Suraj Srinivasan and Harvard Law School Professor John C. Coates leverage the benefit of hindsight to assess research findings from over 120 papers in accounting, finance, and law to evaluate the act's impact and establish takeaways to guide the creation of future legislation.

While current measurement systems are insufficient to make an unambiguous, overarching judgment of the act's net benefits, Srinivasan and Coates isolate a few clear findings and make a case for flexibility and experimentation to guide future laws and reforms in the financial arena.

One thing is clear: Despite severe criticism, the act and the institutions it created have survived almost intact since enactment. But so have condemnations. It's a puzzle, say the authors, that "on the one hand, the law continues to be fiercely and relentlessly attacked in the US" while those most affected by the act as implemented express "acquiescence or even mild praise."

The paper, SOX after Ten Years: A Multidisciplinary Review, is scheduled to be published later this year in Accounting Horizons.

"We took a cost/benefit approach when considering SOX," explains Srinivasan. The most worrisome part of the act on the business side was the mandate that required public companies to obtain an independent audit of their internal control practices. The cost of this requirement, he says, was felt most acutely by smaller companies, although it was ultimately deferred for companies with market caps of less than $75 million and made permanent in the Dodd-Frank Act. Audit standards also were modified in 2007, a change that reportedly reduced costs for many firms by 25 percent or more per year.

Sarbanes Oxley's effects on financial institutions is still being studied.
Photo: iStockPhoto

"That aspect of flexibility—being able to exempt some smaller companies from the mandate and make it easier for others to implement—is an important quality to keep in mind when we discuss future regulation," says Srinivasan, who also cites the important role of the Public Company Accounting Oversight Board (PCAOB), a nonprofit private corporation created by SOX that oversees auditors of SEC-registered companies.

Markets Have Benefitted

Despite high initial costs of the internal control mandate, evidence shows that it has proved beneficial. "Markets have been able to use the information to assess companies more effectively, managers have improved internal processes, and the internal control testing has become more cost-effective over time," according to Srinivasan.

The research does not support the fear that SOX would reduce levels of risk-taking and investment in research and growth. Another concern that the act would shrink the number of IPOs has not been borne out either; in fact, the pricing of IPOs post-SOX became less uncertain. The cost of being a publicly traded company did cause some firms to go private, but research shows these were primarily organizations that were smaller, less liquid, and more fraud-prone.

"Yes, SOX may have cut off public market financing to these companies, but the question is whether it was appropriate for them to be in public markets in the first place," Srinivasan says. "That is a value judgment, to be sure. But it may not be a bad thing if certain companies are restricted in their access to financing, simply because loss of trust in public capital markets has big consequences for the entire economy."

A 2005 survey by the Financial Executives Research Foundation found that 83 percent of large company CFOs agreed that SOX had increased investor confidence, with 33 percent agreeing that it had reduced fraud.

And yet—the financial crisis of 2008 still happened.

"The big, unanswered question is whether SOX-related changes had any impact in the lead-up to the financial crisis. Did it make things better or worse?" says Srinivasan. "We don't know the answer to that. We only know that there were benefits in terms of financial reporting and corporate governance; that costs of implementation were higher for smaller companies; and that concerns about risk-taking and investment haven't come to bear. One of the big takeaways from this paper is how difficult it is to measure costs and benefits of regulation in a systematic way."

Costs And Benefits

Building flexibility into new policymaking that allows for more experimentation and measurement is helpful, he notes, as is avoiding a one-size-fits-all approach. "The costs of regulation are more direct and easier to comprehend than the benefits, which are mostly indirect. So there will always be upfront concerns about regulation, which leads back to the importance of building in opportunities to measure the costs and benefits.

"A skeptic of regulation would say that SOX wasn't needed at all, that the system would have fixed itself," he continues. "But what was the cost of fraud to the overall economy? We intuitively feel it was large, but we have not made progress in measuring it. That is a future question for research."

Despite the difficulty of assessing the effects of regulation, Srinivasan stresses the importance of continuing to look for ways to do so, citing the possibility of experiments such as random implementation or a voluntary opt-in/opt-out approach that would enable researchers to make causal inferences.

"It's important for everyone who has a stake in the US economy to realize how these laws are being made and to assess whether they are working or not," he says. "We have to be very thoughtful and allow for experimentation and performance measurement. We can't have a knee-jerk reaction and leave it only to political entrepreneurs to create the law."

About the Author

Julia Hanna is Associate Editor of the HBS Alumni Bulletin.

Post A Comment

In order to be published, comments must be on-topic and civil in tone, with no name calling or personal attacks. Your comment may be edited for clarity and length.
    • olakunle ogunsanya
    • Management, Ali Amoco Inc Milwaukee WI
    Clearly one and Fin system should understand the strategic implementation though the SOX-related changes did part take to lead-up of the financial crisis even if has many more contribute to the financial system and business world. Other, its use has a political contribute tool in this aspect other policies seem not working but believe in it that SOX should not be neglected but rather strengthened.
    • Hank Brock
    • CEO, Mutual Benefit Int'l Group
    As a CPA and one who has written and spoken extensively worldwide on the crisis of 2008, and who has analyzed both the number of public companies going private and the reasons why, the author's apparent bias makes the value of her research questionable.

    First, SOX did nothing to address the fundamental issues at the bottom of either the Enron-Worldcom scandal or the crisis of 2008, the same issue that was at the root of and that has remained unaddressed for the past 25 years: the unregulated and undisclosed derivatives--the so-called "off balance sheet" transactions that brought down Orange County, the LTCM hedge fund, the collapse of the British Barings Bank, Enron, Worldcom, and the collapse of all the financial institutions associated with the crisis of 2008. Derivatives are still not regulated nor disclosed. These highly-leverage bets total some 10X the world's GDP and 37X the U.S. GDP, and Wall Street and academicians continue to argue they are a zero-sum game, but they are not. Thus, there WILL be another financial crisis, and SOX has done nothing to avert it. Thus, the primary premise behind SOX, to guard against another Enron-Worldcom, has been a total failure.

    Further, in advising companies and in our own corporate decision about whether to go public or not, SOX has certainly entered the equation on the negative side, big time. And the Jobs Act of 2012 increasing the number of permissible shareholders for private companies from 500 to 2,000 has certainly tilted the scale in favor of remaining private.
    • Kapil Kumar Sopory
    • Company Secretary, SMEC(India) private Limited
    SOX was need of the time when a number of companies failed due to fraudulent activities, mostly for individual gains, and misgovernance. It has lived for about 12 years and has helped the economy in a number of ways. No doubt, scope for improvement in some areas of business activity still exists.
    SOX, on the face of it, is a stringent Act. Its main purpose was to empower regulators, auditors and corporate boards to improve governance and reduce frauds.
    While initially SOX faced lot of criticism and it was felt it would create fear thereby retarding businesses growth, it has by and by been understood that ultimately good governance is the key to growth. Investor confidence is directly proportional to the extent to which corporates are straightforward in their actions and remain fraud-free.
    The major impact of SOX has been the improvement in the quality of financial reporting and a steep fall in adverse SOX 404 Auditor Attestation Opinions. Now the auditors do not indulge in cosultancy for the company audited and hence carry out audits without favour which obviously leads to more bold reporting. Any facts which used to be hidden by manipulation of figures are now duly observed and elements of fraud, if any, are brought to the open.
    A mechanism of internal (day-to-day/concurrent) audit, notwithstanding cost, seems necessary as the statutory auditors work on the basis of a fair sample only.
    In India, the new Companies Act 2013 has also many elements like those covered by SOX which, in course of time, are bound to be beneficial on the whole.
    • adamya
    • Founder, Value Excellence Consulting
    I think the fundamental issue is still unaddressed which is "Fraud". In case of Enron and worldcom fall reason was fraud penetrated by management. SOX have tried to put responsibility on management but I am not sure if putting responsibility will deter person from doing fraud.
    If I want to do fraud I would be happy to say that everything is fine.
    This was the prime issue and continued to be an issue as SOX does not address it. PCOAB has tried to address this issue in last year with practice advisory and guided the auditor to review the management review controls effectiveness also while concluding the control effectiveness.
    Let's see if we as an auditor are able to justify with our responsibility in light of last year practice advisory.
    • Jay Anthony
    • President, Audit Liaison, PA
    I believe Mr. Srinivasan states the issue taken with lack of access to public markets well: "was (it) inappropriate for them to be in public markets in the first place". If you don't have the infrastructure to implement an internal control framework which is the cost-prohibitive part of the SOX legislation, then should you be going public anyway? SOX is not that difficult to implement. You do generally have to add a few heads around IT General Controls (which are absolutely necessary in this day and age) and in Finance to ensure adequate segregation of duties.

    With regards to the legislation not addressing Enron/Worldcom, that's partially true because no amount of money or legislation can prevent intentional fraud at the very top of an organization. If the CEO and CFO are both intentionally defrauding financier and investors, I have yet to understand how that can be efficiently regulated or even monitored/audited.

    However, SOX certainly has done what it could to address fraud in that it establishes a Whistleblower hotline mandate which is the #1 in which fraud has been uncovered per the ACFE who tracks multiple governmental and private sources.
    • Dave Rice
    • Director Soft-Drinks Strategy, SABMiller
    I disagree with the author's conclusion. The business world I was working in certainly changed around me in very visible and negative ways with the implementation of SOX. Here is what I've observed:

    1 - When SOX was implemented the company that I was working for, which was preparing to go public with a strong business case for growth, decided instead to stay private and harvest the business by cutting costs. The CEO was not willing to accept the personal liability for any reporting errors as required by SOX.

    2 - The next company that I joined was based outside the US and considering relocating its HQ to either the US or London. The cost implementing SOX was one of the factors that led them to select London instead. That business has appreciated in value by $75 billion since this decision and we have certainly not regretted the decision to avoid costly SOX process requirements.

    3 - During the 90's McKinsey did so many growth studies they nearly lost the institutional knowledge on how to do downsizing projects. Every CEO needed a growth story and we developed business plan after business plan that drove investment for growth. Once SOX was implemented, CEO's could no longer make forward looking statements and now all the messaging to investors is about increasing margins and efficiency. The 2 recoveries since SOX have both been "jobless recoveries" and businesses have traded their obsession with growth for an obsession for ROIC.

    The US has become less competitive at attracting investment, while our share of the Global 500 is declining. Many factors have driven this, but certainly over-regulation has been a major factor and SOX is one of the most profound mistakes we have made in my opinion. If the authors are confident that on-balance, SOX has been good for US interests, why is it that the rest of the world has not followed the US in implementing these regulations? And why is so much capital fleeing the US to be invested in economies around the world that are unencumbered by regulation at the level of SOX?