Sarbanes-Oxley: Tech's big complaint of 2005

Tech CEOs can't imagine that Sarbanes-Oxley's backers ever thought compliance would cost so much, says CNET News.com's Charles Cooper.

Charles Cooper Former Executive Editor / News
Charles Cooper was an executive editor at CNET News. He has covered technology and business for more than 25 years, working at CBSNews.com, the Associated Press, Computer & Software News, Computer Shopper, PC Week, and ZDNet.
Charles Cooper
3 min read
Silicon Valley is never short on opinions, especially when it comes to explaining why the government should butt out of its affairs.

But few are bold enough to go on the record when the subject turns to Uncle Sam's fumbling--real or imagined.

Not so, when the issue is the Sarbanes-Oxley Act.

SOX became law nearly two-and-a-half years ago, in the wake of a string of corporate financial scandals that nearly wrecked public confidence. The idea was to force companies to eliminate "creative accounting" and accurately report what was going on. SOX also carried the threat of penalties if the folks at the top of the company--the chief executive, the chief financial officer and the board of directors--failed to certify that the numbers were accurate and that they had reviewed internal controls, identifying any concerns they might have come across.

Straight shooting, honesty and full disclosure--that's right up there with motherhood and apple pie. Who could argue against? For all the good intentions, however, you don't find many CEOs giving glowing testimonials about the wonders of SOX.

The reason: The law is making them miserable.

SOX is costing technology companies time and money in ways the bill's authors could have never imagined.

I know--who has sympathy after all the shenanigans uncovered the last few years? But it's not as if these guys pine for the days when corporate crooks looted their own companies with impunity. Nobody of sane mind is itching to spend quality time with Bernie Ebbers in Cellblock 27. They simply worry that the law has everyone looking over their shoulders.

Typical corporate whining? Some surely is. But this groundswell is more than the predictable backlash against heavier government regulation.

In the tech industry, SOX is viewed as something on the order of the Curse of the Cat People. CEOs can't imagine the bill's supporters ever thought SOX compliance would cost this much time and expense. If they did, then it would be right to storm the halls of Congress.

"We spent $1.6 million on Sarbanes-Oxley and got, maybe, $1.60 in value," recalled a frustrated Harold Hughes, the chief executive of Rambus.

I feel the guy's pain, but he got off easy. Another CEO at a much larger tech company told me his quarterly spending on SOX amounted to several times that amount.

"It's costing us a fortune," said the executive, who asked to remain unidentified. "I'm spending a lot of time on things where my attention would usually be focusing what the shareholders want me to do--which is running the business."

Spreading pain
The resentment extends to the venture capitalist community, though that was to be expected. After all, this is a red-meat constituency that still pines for the go-go days of the late 1990s. (Hey, greed dies hard.)

SOX also has reached beyond the confines of the VC world. For instance, it's not now unusual to see IPOs get delayed by a quarter--or longer--because of the scramble to meet SOX compliance rules. What's more, money that might otherwise get invested in infrastructure or sales instead gets earmarked for meeting regulatory requirements.

"This is a heavy ongoing burden," said Christopher Lochhead, chief marketing officer at business technology optimization company Mercury Interactive. "It's not like Y2K. There's no finish line. It's kind of like the gift that keeps on giving."

This groundswell is more than the predictable backlash against heavier government regulation.

Some gift. Lochhead offers the example of what might happen when there's a new government stipulation. To comply with the change, companies will need to modify their own business processes--and that's guaranteed to become an expensive headache. Most sophisticated compliance systems are already automated, so this inevitably becomes a major IT project. Leave the aspirin bottle close by.

Get used to it, because SOX is not going away. So what about the future? Most companies got through SOX 1.0 with chicken wire, tape, lawyers, money and lots of prayers. That won't cut it next time around. They'll need to find ways to build systems that are scalable and auditable.

The silver lining here is that practice makes perfect. In time, companies should be able to get their systems into shape without needing to turn the place upside down. They really don't have much choice. More than ever, they understand that the acceptable risk of getting things wrong is zero.

Face it: It's a new world.