Will Sarbox change ding IT vendors?
The Securities and Exchange Commission tweaked its Sarbanes-Oxley requirements and that could be bad news for the technology companies, consultants and accountants on the Sarbox gravy train.
The SEC said Wednesday that it was making changes to the Sarbanes-Oxley Act, known in some quarters as the accountant and consultant employment act, to reduce the regulatory burden on companies. Specifically, the SEC outlined guidance on how to read Section 404, which requires companies to attest annually that internal controls are up to snuff.
In its statement on the matter, the SEC said companies could keep their own internal controls as long as they could vouch for its financial results. Some excerpts:
The Commission’s interpretive guidance should reduce uncertainty about what constitutes a reasonable approach to management’s evaluation while maintaining flexibility for companies that have already developed their own assessment procedures and tools that serve the company and its investors well. Companies will be able to continue using their existing procedures if they choose, provided of course that those meet the standards of Section 404 and our rules.
And:
The Commission also approved rule amendments providing that a company that performs an evaluation of internal control in accordance with the interpretive guidance satisfies the annual evaluation required by Exchange Act Rules 13a-15 and 15d-15. The Commission also amended its rules to define the term “material weakness” as “a deficiency, or combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis.” The Commission also voted to revise the requirements regarding the auditor’s attestation report on the effectiveness of internal control over financial reporting to more clearly convey that the auditor is not evaluating management’s evaluation process but is opining directly on internal control over financial reporting.
Those moves effectively lower the bar for companies and puts auditors on a tighter leash.
John Newton and Eric Savitz at Barrons have opined that the SEC guidance is good for companies and bad for technology vendors.
These opinions are largely based on a report from Gerald Hallaren, a technology analyst that runs a firm called JPRG.com. Hallaren argues that lower spending on Sarbox could add two percentage points to profits in 2008. Staffing firms such as Kforce, Robert Half and MPS Group would take a hit and companies such as EMC's Documentum, Cognos and Business Objects would also see lower demand. According to Savitz, Hallaren is projecting the $35 billion in Sarbox spending to disappear and corporate IT spending would fall 7 percent.
- Sarbox spending is clearly an expense that doesn't go away. However, I think Hallaren overstates the impact Sarbox has had on IT spending in recent years. IT spending has been mediocre at best. If you completely buy that Sarbox has been the prop then in implies no one has been spending on any other technology.
- It's early to project the impact of the rule tweak. On the surface it appears most companies will write Sarbox off as a bad dream. But the SEC hasn't published all the details on its guidance or rule change.
- There are no pure Sarbox technology companies that would be crushed by the SEC changes. At last check, folks still needed the content management and business intelligence software that can also tackle Sarbox issues.
For folks that just can't get enough of Sarbanes-Oxley see all resources.