Sarbanes-Oxley: Stop Whining!

Computerworld - Publicly, most chief executives are begrudgingly positive about the Sarbanes-Oxley Act. In private, some of those same CEOs express grave reservations about its costs and complexity. If they are self-contradictory, it's because few want to risk being cast as spokespersons against good corporate governance.
Industry front groups have been more open in their criticism of Sarbanes-Oxley, citing it as a threat to U.S. competitiveness. The naysayers have warned that the high cost of compliance will squeeze profit margins, discouraging initial public offerings (IPO) and forcing smaller public companies to delist.
But more than two years after passage of the act, the sky hasn't fallen. On the IPO front, activity has actually increased since Sarbanes-Oxley went into effect. According to Thompson Financial, there have been 164 IPOs in 2004 through October, raising a total of $31.07 billion, compared with just 84 deals totaling $15.58 billion for all of 2003. If anything, Sarbanes-Oxley seems to have engendered investor and market confidence, not wariness.
Another argument against Sarbanes-Oxley is that it's a major distraction. Senior executives, detractors say, are spending more time jumping through regulatory hoops and less time running their businesses. This is a specious argument, though, because the burdens of compliance aren't high, either in time or money.
Part of the reason for the widespread complaints about Sarbanes-Oxley is that this is a broad set of new regulations, leading to inevitable miscommunications regarding regulator expectations and realities in the corporate boardroom. The start-up costs of any initiative are always front-loaded, and this is even more true for the large number of organizations that lacked even an informal compliance framework.
Many companies hit the panic button. They hired teams of expensive consultants, bought specialized auditing point solutions, and launched hasty projects to make sure they were on track to document their controls. This approach may help a company meet a deadline, but I believe it's a fundamental misunderstanding of the post-Enron business environment.
Sarbanes-Oxley isn't like Y2k, when we had to race to meet a deadline and then sighed in relief when everything didn't blow up. It is an ongoing corporate governance initiative that requires a long-term framework to succeed. Certainly, certification of controls by external auditors is a mandate of the act, and you need them. However, taking a short-term approach that will need to be repeated year after year is a self-fulfilling prophecy, which reinforces the gripe that Sarbanes-Oxley is a cost center with no strategic value.
Instead, companies should treat Sarbanes-Oxley as a philosophy of good corporate governance and