In the March 14 Opinion article, "Accountability's fear factor" (see page 4), Patrick Mannion asked if U.S. technological and corporate competitiveness in the global community has been handicapped by the implementation of Sarbanes-Oxley (SOX). With respect to Section 404 of the SOX legislation, my answer is a resounding yes.
While many components of the SOX legislation are effective at deterring fraud, Section 404, which requires certification of internal controls, is expensive and ineffective. In June 2003, the SEC estimated SOX implementation would cost about $91,000 per registrant, for an aggregate cost of $1.25 billion. The actual cost, however, is approaching $35 billion-more than 20 times the SEC's original estimate. Specifically, National Instruments, a leading provider of hardware and software for test, design and control, paid $3 million to comply with the guidelines in 2004.
The SEC also stated that the implementation costs and requirements would scale based on the size of the company. In reality, the effect on small- and medium-sized businesses (SMBs) under $1 billion in annual revenue is much greater than for larger companies. Section 404 compliance costs SMBs nearly $4,000 per employee, while larger organizations average only $400 per employee. As the readers of EE Times are well aware, it's SMBs that have developed a significant share of the technology innovations that have driven the electronics, computing and communications industries during the past two decades.
Section 404's costs have skyrocketed because this section is being conservatively interpreted by external auditors. External auditors have adopted a one-size-fits-all approach to Section 404. This means that a small company with $16 million in revenue and a relatively simple organizational structure essentially is being held to the same standard as a large multibillion-dollar company with a complicated organizational structure. Examples of the frivolous actions that companies must take and then pay an auditor to prove include:
Requiring an auditor to attend a meeting to prove it took place;
Having a technical support "help desk" document for every call it receives from employees;
Proving that all of the physical keys to an office in Europe have been accounted for since it opened in 1995;
Requiring people to respond to thousands of e-mails to prove they received them; and
Ensuring that every employee has a personnel performance evaluation.
Are these really the types of "internal controls" that would catch the Enrons and WorldComs? Instead, the flawed implementation of Section 404 hurts U.S. companies' ability to remain competitive, innovative and attractive to top talent, and has put a massive regressive tax on small business.
There is no doubt that the SOX Act contains many reforms that are in fact improving corporate governance. Unfortunately, the many positive reforms are being overshadowed by one section that is imposing high costs with little returns. In 2004, the AeA formed a committee of CFOs from SMB high-tech companies to provide feedback on Section 404 issues and make recommendations for change. I encourage you to review its report at www.aeanet.org/soxreport.
Senior Vice President and CFO
National Instruments Corp.
AeA Committee on Sarbanes-Oxley