I sense a series of enterprise software and law-compliance posts brewing. I tried to explain some compliance stuff last night via email, but I failed. Signal-noise ratio was wonky. So I’ll post instead. Warning if you find law, finance costs and software boring, stop reading now.
I’d rather pick up on other laws than the Sarbanes-Oxley Act of 2002, it tends to crowd out discussion on other important laws, and paints a very US centric picture of compliance. But given that the Act is undergoing a timely fine tuning, I figured it was worth a revisit.
. Details here on the SEC site.
Congress never intended that the 404 process should become inflexible, burdensome, and wasteful. The objective of Section 404 is to provide meaningful disclosure to investors about the effectiveness of a company’s internal controls systems, without creating unnecessary compliance burdens or wasting shareholder resources,” said SEC Chairman Christopher Cox. “With the Commission’s new interpretive guidance for management on the evaluation and assessment of its internal controls over financial reporting, companies of all sizes will be able to scale and tailor their evaluation procedures according to the facts and circumstances. And investors will benefit from reduced compliance costs.”
You can watch the SEC broadcast here. (nice transparency!) I’ll explore the implications of these changes in another post, but it seems that the US is moving to a more principles based control framework, which is more like the UK’s FSA model. SOX isn’t being scrapped or radically transformed, but after 3 years of year-ends the SEC is a better position to improve the “protection-cost” ratio.
Vinnie has a regular go at SOX, SOX costs, and indeed those selling compliance tools. His recent post is no exception, commenting on Oxley saying he would have done things differently..
Wish he had said that 3 years ago – but sounds like we are back to “normal times” after pissing away billions on gun-to-the-head compliance spend.
In this post I’d like to explore SOX costs in a little more detail, because I’ve been privy to some interesting research. As part of my job I have access to the Hackett Group Research, and I’d really urge anyone who is interested in understanding technology and best in class performance spend some time reading their stuff. It is thorough, independent, compelling and worth the money.
In 2005 Hackett commented.
This is the first time in Hackett’s 14-year history of benchmarking that finance costs have risen for typical companies.
2005 was the first year that Section 404 really hit home for most companies: they had to begin to comply with the requirement in their annual reports for their first fiscal year ending on or after April 15, 2005.
Hope Hackett don’t mind me linking the graph here.
Again in 2005 Hackett said.
Hackett’s research also found that world-class finance organizations now spend 42 percent less in the finance function than typical companies, and have 44 percent fewer finance staff. According to Hackett’s research, world-class finance organizations now spend 42 percent less than typical companies overall (0.73 percent of revenue versus 1.26 percent). Typical companies have seen an 18 percent increase in total finance costs since 2003, while world-class finance organizations have seen a 5 percent drop during the same period.
Compliance costs have risen significantly for both world-class and typical companies since 2003. World-class now spend 36 percent less on compliance than typical companies (.060 percent of revenue versus .094 percent). For instance we see that the typical company is spending an additional $340,000 per billion in revenues or a total of $940,000 per billion in revenues for additional internal finance and external resources to meet today’s compliance requirements.
There are a couple of things I’d like to pick up on this.
1. The impact of SOX is clear here. The big jump in costs can largely be linked to SOX related projects, especially the panic projects that drove early spend. Interesting though that the world class companies cost of compliance post-SOX is lower that of the peer group pre-SOX. The impact of SOX is less on world-class companies than on the peer group too, the jump in absolute terms being significantly smaller.
2. Now, let’s move on to the more recent numbers from Hackett. (I don’t have a graph I can share publicly, but book of numbers owners can look it up) The finance costs as a percentage of revenue for world class companies have now dropped down to below pre-SOX levels, whereas for typical companies the cost continues to climb. The delta is growing. For those companies that lurch from audit to audit and spreadsheet to spreadsheet the cost of compliance will spiral, as SOX is just one wave in the ebb and flow of compliance demands. For those that invest in compliance automation, strong foundation systems and smarter processes, the picture is a whole lot better. Hackett has the numbers to prove it.
The message here is clear. Moan about SOX all you like, but the best companies in the world have focused on putting in place the processes and the technologies to drive down the cost of compliance. Every year they will relentlessly improve their processes, further automate and drive out more costs. Yes, compliance costs, but how big that cost becomes is entirely up to you. SOX will not be the only law that causes compliance challenges.
I’m not sure where the shame comes into it. The finance folks that I talk to want a finance function that provides transparency, control and trust at the lowest possible cost. And that is just for starters.