Article 6: The Goals and Promise of the Sarbanes-Oxley Act

PCAOB budget and staff

$100 million, 8 offices, 500 employees - includes 300 full-time inspectors annually reviewing all audit firms with more than 100 public company clients

SEC budget in 2005

$900 million, 18 offices, 3100 employees

Enforcement before SOX

- Laws against fraud and theft are ancient and uncontroversial. - The problem before the passage of SOX was not that such laws did not exist, but that in the area of corporate governance they were not effective enough.

Direct costs of SOX

- PCAOB fees (minor: more than half of companies paid less than $1000 in 2004) - firms' compliance costs (few firms disclose this) - increased audit fees (portion of this substantial increase attributable to the legislation is unobservable, esp since they were rising before SOX - less competition due to demise of top audit firm Arthur Andersen) - have been falling over time

PCAOB rules

- Registering and setting standards for inspecting, investigating and disciplining audit firms for public companies - 2/5 of board must be auditors to ensure expertise - 3/5 of board must be independent of accounting profession to constrain regulatory capture from the audit industry - board serve staggered five year terms to prevent them from political pressure from above, and can be removed only for cause

Audit failures implicating top audit firms in the lead-up to SOX

2000: Ernst & Young paid record $335 million to settle a single shareholder lawsuit 2001: SEC investigation revealed over 8000 violations at Pricewaterhous Coopers of a longstanding rule against auditors owning stock in their audit clients - violations involving over 2/3s of the firm's top partners

Delegation by Congress

Optimal auditing standards vary with nature and type of auditing firm and audit client so Congress knew it couldn't specify in detail the costs or variations in standard of quality for audits ==> delegated to PCAOB Could have delegated to one of three traditional types of agents (1) executive branch (2) independent agency (3) private self-regulatory body

Official name of SOX

Public Company Accounting Reform and Investor Protection Act of 2002

Bid-ask spreads

Wider: when sellers have more private information, such that adverse selection is more of a risk Lower: when private info is reduced by better auditing and revelation of information

SOX's new incentives to disclose control system weaknesses

Since top officers must certify personally that they have evaluated their firm's control systems, their ability to claim that they were unaware of control deficiencies is weakened

Public Company Accounting Oversight Board (PCAOB)

- a quasi-public institution to oversee and regulate auditing, created by SOX in its first and longest section - The rise in accounting restatements and earnings manipulation suggested that the deeper issue was not with the accounting standards themselves, but rather with the enforcement of those standards through auditing. -OVERSEES AUDITORS - Formally: PCAOB is a nonprofit corporation given a legal mandate to oversee public company auditors to protect investors and the public interest in the preparation of informative, fair, and independent audit reports

Problems with estimating empirically the effects of SOX

- created during a time of many simultaneous, disparate legal changes that continue to be implemented and phased in over time - benefits of SOX are difficult to isolate - given public scandals and awareness by market participants, there's a chance that public and private enforcement and manager behavior would have changed even if SOX had not been enacted

SOX

- designed to regulate auditors so that they will perform better as gatekeepers (improve audit quality) - response to the failure of self-regulation of the auditing profession - enforces laws against fraud and theft at public companies (reduce fraud) - complex legislation: 9 sets of mandates - legislation recognized that accounting standards were part of the problem -attacked as a costly regulatory overreaction

What does SOX not do?

- does not mandate a control system or its contents - that obligation predated the law and remains unchanged - doesn't direct the SEC, PCAOB, or other officials to focus enforcement resources directly on designing or improving control systems

Task of PCAOB

- enlist auditors to enforce existing laws against theft and fraud by corporate officers - new rules concerning auditor-firm relationship, auditor rotation, auditor provision of non-audit service, and corporate whistle-blowers

Effectiveness of SOX

- full costs hard to quantify, so assessment will be tentative...but article argues that SOX should bring net long-term benefits - spreads fell in the periods after SOX, reflecting successive implementation of SOX by the enactment of SEC rules - earnings management fell - frauds fell - correlation between abnormal accounting accruals and the importance of an audit client to its auditor vanished after SOX - investor confidence increased

Auditor-attestation

- induced further disclosures - Auditors have spread knowledge of best practice and common deficiencies - Some disclosures would have been made under pressure from market forces and salient scandals, but the sharp increase in such disclosures is consistent with the goals of SOX

Decline in cross-listings

- likely culprit is the dramatic decline in the research coverage of US listed stocks, caused in part by enforcement actions against investment banks and mutual funds by NYS AG Eliot Spitzer and the SEC - This resulted in costly structural regulation of research firms and a decline in funds' "soft-dollar" purchases of research, and the effects of the SEC's Regulation FD, which leveled the informational playing field between professional analysts and the public.

Private enforcement against corporate fraud and theft

- occurs through investor lawsuits - at best a weak enforcement tool - can harm investors since corporate managers can usually choose to settle the case and pay litigation costs with company funds

Gatekeeper strategy

- prevent fraud before it happens by enlisting informed private actors to help detect and deter fraud - These private actors include service providers like accountants and underwriters - managers are required to disclose any control weaknesses (material or not) to audit committees and auditors, and ti became a crime to mislead auditors with the SOX

Effect of SOX on stock exchanges

- some claim SOX hurt ability of US Stock exchanges (NYSE) to compete with foreign stock exchanges (LSE) for new listings generally, and particularly for cross-listings of foreign firms - but US exchanges' share of cross-listings fell more before SOX than after in both high-tech and non-high-tech firms - Alternative explanation: Continued improvements in the liquidity of foreign equity markets which have diminished the relative attractiveness of a US listing ==> decline in cross-listings

Overreaction (?) of SOX

- some critiques of overreaction aren't about the legislation since the criminal prosecutions at Enron, Tyco, and Worldcom enforced laws that were in place before SOX - existing threats of personal liability faced by directors from class action suits by shareholders remained largely unchanged by SOX - NYS AG Eliot Spitzer used laws before SOX for his investigations

Improving PCAOB's Governance and Accountability

1. Congress should require the PCAOB be reauthorized after some number of years of operation (would force an evaluation of PCAOB's performance and effectiveness) 2. Rather than SEC alone ensuring accountability of PCAOB, it might be better to involve PCAOB's constituencies in its governance 3. Audit clients that are unhappy about audit firm's judgments (esp control system weaknesses) should have a prompt and effective way to appeal the judgement to PCAOB staff 4. Increased disclosure by PCAOB would be appropriate since currently SOX prohibits PCAOB from releasing portions of inspection reports that criticize an audit firm's control systems unless the audit firm fails to address the criticisms within 12 months of the report (market and client firms won't know about/can't react to those criticisms) 5. As its power and influence grows, PCAOB's exemptions from public right-to-know laws (defensible in start up phase) would need to be revisited

Traditional types of agents

1. Executive branch (e.g. an agency within the U.S. Department of Treasury) 2. Independent agency (e.g. SEC) 3. Private "self-regulatory" body, like American Institute of Certified Public Accountants (AICPA)

Evidence of ineffectiveness of laws before SOX

1. General rise in accounting restatements 2. Rise in earnings management from 1987 to 2001 3. Decline in liquidity and investor confidence (measured by trading activity, market depth, and bid-ask spreads) 4. Number of securities frauds alleged in significant class action lawsuits rose dramatically

PCAOB adopted standards requiring audit firms to disclose three points:

1. How they tested a firm's financial control system and the test results 2. Material weaknesses not disclosed by a firm's officers 3. Whether a system is "effective" in the sense that it provides the required "reasonable assurance"

SOX 404 two main obligations

1. Officers must evaluate and disclose "material weaknesses" in their firm's control system, which the chief executive officer and chief financial officer must personally certify 2. Outside auditors "attest" to those disclosures - that is, either agree with officers or express a qualified or adverse opinions

Big Four accounting firms

1. Pricewaterhouse Coopers 2. Deloitte Touche Tohmatsu 3. Ernst & Young 4. KPMG - audit most U.S. public companies - audit 80% of U.S. public companies by number and 99% by sales volume - PCAOB staff spends several months on-site with these firms for spot-checks, has the authority to report deficiencies to SEC, provides a sanitized version of its inspection reports to the public

Four things that are clear about the costs of SOX

1. They are substantial 2. Hard to estimate 3. Have a fixed component, and so fall more heavily on small firms 4. falling over time

Earlier law on Control Systems

1977: U.S. public companies needed to have a system that provided "reasonable assurance" that transactions are authorized and recorded to permit preparation of compliant financial statements, and that fraud (inc. theft and deception) is detected and prevented -fed enforcement of control systems mandate focused on disclosure, so states needed to enforce laws against theft - few non-financial firms disclosed engaging in internal control reviews, or even stated that they had effective control systems

SOX and going private

2006 study shows that probability that US public firms would sell to private buyers increased from 43% to 66% - but this is limited to US firms with market capitalizations of less than 30 million and to transactions in the first year after passage of SOX, with no effect appearing in the second year (if all exits by such firms since mid-2002 were caused solely by SOX, they would represent less than 0.02% of U.S. market capitalization) Other studies examine broader set of firms that go dark (legally cease to file SEC disclosures because went private or because shareholders fallen below trigger level for SEC registration) and find that sarbanes-oxley modestly increased firms going dark, mostly among very small firms with poor performance and low growth

SOX's effect on SEC

Congress increased SEC's budget from $437 million in 2002 to $776 million in 2003

Securities and Exchange Commission (SEC)

Continues to oversee public companies - traditionally the lead agency for public enforcement of laws and regulations to protect investors

Outright theft by top corporate officials

Enron and Tyco

Long-term benefits promised by SOX

In exchange for higher costs: - investors will face lower risk of losses from fraud and theft, and benefit from more reliable financial reporting, greater transparency, and accountability - Public companies will pay a lower cost of capital and the economy will benefit because of a better allocation or resources and faster growth

What did the SOX incentivize?

It created new incentives for firms to spend money on internal controls, beyond the increases in audit costs that would've occurred after the corporate scandals of the early 2000s

When was Sarbanes Oxley passed?

July 25, 2002 - by that day, stock market indices of large capitalization stocks had fallen 40% over the preceding 30 months - financial bankruptcies and scandals (Enron, Worldcom, Xerox, Sunbeam, Waste Management, Adelphia, Tyco, HealthSouth, Global Crossing) - Accounting restatements were soaring in number, size and market impact

Material weakness

a deficiency with more than a slight chance of causing a material financial misstatement

Abnormal accounting accruals

accruals not predicted by standard empirical models of accruals

SOX increased disclosure requirements for auditor compensation

by requiring a clear breakdown of audit, audit-related and non-audit fees, and restricted non-audit services that audit firms can provide to audit clients

Indirect costs

i.e. opportunity costs of manager time spent or greater risk-aversion as a result of perceived pressure for tighter financial controls - harder to measure - also falling over time, as initial managerial attention needed to comply with SOX can be returned to normal business activities

How did Congress and the US Supreme Court curtail private suits in the 1990s?

required specific allegations of fraud and eliminated liability for "aiding and abetting" securities fraud