Sarbox has driven up audit costs for startups as well. A decade ago, all kinds of small practitioners would be willing to do routine audits for $10K or less for early-stage companies. Now that cost easily runs into the high five figures, if not more.
Of course, startups usually do not do formal audits until they bring on investors who will insist upon them, i.e., typically VCs. Thus, this is just one more reason for a startup to try to bypass such funding sources and pursue less restrictive sources if possible (why add yet another $100K to the annual burn rate when you want above all to preserve cash and use it wisely?).
Combine this (and other factors) with the crimp that Sarbox has put on companies going public, and you have an environment where the value of VC funding (which typically is key to launching a startup on the road to going public) has depreciated.
A founder might look at this and think that this has little or no impact on his bootstrap or angel-funded startup that he plans to sell to Big Company X. But the effect on valuations is real. As with any negotiation, if you have fewer levers to use in the negotiating process, you will be at a relative disadvantage. If your company has no alternative but to be acquired in order to achieve a liquidity event, the buyers on the other side (i.e., potential acquirers) will factor this into their pricing to your detriment.
These sorts of changes may have hurt VCs but they have hurt entrepreneurs as well in limiting or eliminating funding options that were readily available to such parties in the pre-Sarbox era, leaving all parties poorer in the process.
These are real costs (as are the ones that fall on public companies directly, as noted in this piece), while the benefits of Sarbox to date have been dubious at best. Of course, the accountants, lawyers, regulators, etc. who benefit from the regulatory complexity through increased business and/or power will beg to differ, but this doesn't mean they are right.
On a final note, the Supreme Court case noted in this piece does raise the prospect that Sarbox will be declared unconstitutional and, should that happen, there may indeed be some real prospects for reform. The justices seemed skeptical about the constitutional argument during oral argument, however, and this may therefore go nowhere as a potential solution to the problems raised.
Sarbox has driven up audit costs for startups as well.
That's exactly what legislators and regulators in DC never seem to understand. Every politician repeats bromides about the small businesses and how they're the engine of growth in this country. And then they make it impossible to be a small business by raising barriers to entry through fee after fee and regulation after regulation. Big companies don't care, because they would rather pay the government than face competition.
From the article:
Larger firms lobbied for passage of the act,
figuring they could absorb the costs that would
hobble smaller competitors - which is just what happened.
This is what happens with every major piece of economic regulation going back to the New Deal. Well-intentioned legislators regulators aim to constrain big business, but end up choking small business.
Securities laws generally would have choked small-business capital formation when first enacted but for the fact that broad categories of "exemptions" were recognized that essentially allowed private placements to continue without being burdened by onerous disclosure and registration requirements.
Attempts are afoot to get a comparable carve-out from Sarbanes-Oxley's most burdensome requirements for small-cap public companies but these have stalled to date as the regulatory impulse continues unabated in today's Washington.
I can't speak for the auditors, since I am a business attorney, but I do know what I have seen in helping to find this type of service for clients. For example, just within the past year, I was asked to help find a good auditing firm by one closely held Silicon Valley startup with fewer than 50 employees and a few million in annual revenues - the cheapest estimate came in at the $60K-$80K range (and this was from regional firms, not Big Four).
Don't know exactly why this is, except that the auditors themselves kept referring to Sarbox-type requirements that had become standard practice for all audits, public and private. Also, I think many of the smaller players have been chased out of the auditing field by the new complexities injected by Sarbox and relating recent developments in the field. Whatever the cause, at least in and around Silicon Valley, it is no longer easy to find a small firm that will do a quickie audit for a modest sum.
[Edit: just saw reply by tptacek - he says it much better than I do.]
As an ex-Big 4 auditor, I have experience of auditing both private and public US firms. Even without Sox requirements, there are enough complications in the audit legislation to make a private company audit less than straightforward. Trying to squeeze those regulations into a start-up type company structure is what makes up the time and cost of an audit.
Supply and demand, and business processes tuned for bigco audits?
A similar thing happened with security audits. Huge demand from large companies with extreme requirements has definitely raised the cost of assessments for small companies.
If VC's and F-500 acquirers aren't going to accept results from small CPA firms, then increasing the supply of small CPA firms will only indirectly help startups.
I'm always skeptical when Congress legislates process. They are almost always better off sticking to outcomes. In this case, hold the execs responsible for company fraud, but let them figure out how to make sure their company stays legal.
The problem is when the execs start feeling like they will never be caught - or worse, when they start tricking themselves into thinking that what they're doing isn't fraud.
Sure, they'll be caught eventually and punished, but the damage is done.
Make all the top level execs liable. That way, one will watch the other and the odds of all of them entering deliberate fraud (or tricking themselves into it) is reduced.
It was also suggested on this thread that a carrot-and-stick (fines for the less compliant, tax reduction for the more compliant) would be pretty clever.
You will never legislate away corruption no matter how high the penalty or how onerous the regulations. The goal is to achieve an acceptable level of corruption with minimal interference on the good guys. It actually reminds me of the questions that DRM raises.
The only hammer I could imagine. Board of directors members would be liable to minority share holders if they allow chief executives to collect sufficiently high compensation that it diminishes the company's profits + punitive damages if it involves conflict of interest.
There, you have a mechanism for private individuals to suing companies and directory for siphoning profits away from the business and essentially force officers and directors to think long terms.
I don't know if this would work but it seems better than any scheme I've heard.
that sounds nice, but in this case, it's precisely the process that's important. the goal of the act isn't necessarily to decrease fraud, it's to increase transparency. you have to fill out more (and better audited) paperwork so that your investors know what you're doing. you can't pass a law that says, "companies have to be transparent"; that would be nonsensical.
Making the shareholders legally liable is a bad idea. To start, it defeats one of the primary purposes of incorporating (more companies would remain as private entities, and enjoy lower taxes and fewer reporting obligations). In order to justify shareholder liability, more individual control by the shareholders would be necessary. Think of what the decision process would be like if America were a pure democracy. If voters were responsible for what their elected officials did (think corruption by our officials), then we would demand more control over their actions - Why have them if we make all the decisions anyways? The same is true for corporations. Shareholders elect board members, who in turn elect managers who run the company.
The execs are responsible if they commit fraud via the company. I think that making the board of directors as responsible as the management is a good idea, since it requires the board to police the company, instead of turn a blind eye to the management team's fraud when it's producing positive returns. The individual shareholders though, should not be liable for the actions of an often distant management.
It doesn't. It does shield shareholders. Sharesholders control what a company does, by choosing its directors, so if they are made responsible for a company's misdeeds, they'll have an incentive to police it.
Obviously if you only hold a piffling number of shares, you have little control over the company. So it'd make sens to restrict this to major and/or controlling shareholders.
It was never clear how more accounting and reporting regulations were supposed to squelch fraud.
Really? That one seems pretty obvious to me. Standardized accounting practices and more transparency via required reporting makes fraud harder to commit and easier to detect. The reductio ad absurdam almost writes itself.
Plus, many of the new rules were targeted at kinds of fraud that have actually been perpetrated. If you don't patch a security hole, people won't get tired of exploiting it. They'll just keep on exploiting it until you do something to make it harder or more dangerous.
To be fair: that's completely by design. S/O was a direct reaction to the perception that the perpetrators of the Enron and Worldcom scams were essentially unprosecutable because of the difficulty of proving their knowledge of the events. So the new law puts the presumption of knowledge onto the senior executives via the certification requirement.
Now, one might argue that this is bad, or has unintented consequences. But it's not a surprise. It's the intended effect. If you lie (even, perhaps, unintentionally -- though I don't think there's been a test case of that yet) on your company's financial statements in the modern USA, you are a criminal.
Indeed, it is by design but this is a field in which it is easy to get blindsided for conduct that has never been regarded as culpable on the part of management by any historical (pre-S/O) standards.
Bottom line: for those who matter (i.e., those who build companies and make key decisions on whether to take them public), this is another serious disincentive to take a company public.
Just from a writing perspective, you gotta love the opening lines:
.The dumbest government policies are almost always the fruit of the bipartisanship that sets Beltway hearts beating with patriotic arrhythmia. Think the Patriot Act, No Child Left Behind, the authorization of force in Iraq and the TARP....
To me it's the right mix of colloquial and editorial writing. Very nicely done lead.
One of the arguments against Sarbane-Oxley is that it created incentives for smaller public companies to privatize and thus reduced the overall level of economic transparency -- just like forced condom use could cause the self-regulated adult industry to go underground.
W.r.t. Sarbanes, it seems that the US government would better serve the "greater good" by creating a few standardized sets of accounting/audit/disclosure requirements from which public companies could pick. Presuming that investors actually valued disclosure laws, companies could pick a set of rules which they think would maximize their valuation.
Let's say you are a small cap whose profitability would be significantly affected by the cost off complying with onerous SEC requirements. You could opt into a looser set of rules, but the market could punish you with a lower valuation as a result. Perhaps this lower valuation for less transparency/trust would be better than the reduced valuation from spending an extra $2.3M to comply with Sarbanes regulations.
As a libertarian, I'm not keen on government involvement in markets, but the above proposal is a compromise of sorts.
Probably because one needs standardized accounting methods, otherwise looking at two sets of financial statements would be like looking at a tractor on the one hand, and a strawberry on the other.
One simple proxy: implied volatility of put options. Since put option buyers only make money when the stock falls--dramatically, and quickly--they are the most effective way to bet that someone is cooking the books.
How would a rating agency? The options traders have money on the line; the rating agency is betting its reputation--which means it can exploit mispricings in the reputational marketplace by doing a bad job and hiring good PR people and lobbyists. This is the purest, most cynical way to explain ratings agencies in general.
My impression is that there was a stretch when some combination of the public mood and the government's emphasis conspired to encourage small startups. The 1980s and 1990s were clearly good in this respect. The mood of the last decade has been increasingly punitive. Sarbanes-Oxley is the most clear example of this. What once would have been treated as a civil matter is now treated as a criminal matter. Entrepreneurs are now faced with jail time instead of lawsuits. This can only have a chilling effect on innovation. I think it is urgent that everyone who cares about entreprenurial culture in America to make the argument that innovation in business depends in part on tolerance, and that, in practical terms, this means most matters of conflict should be treated as civil rather than criminal cases.
A comparison might be made to the evolution of bankruptcy law. Before the mid 1800s, most Western countries treated bankruptcy as a criminal matter, rather than a civil one. The liberalization of bankruptcy law was one of the factors that allowed our modern economies to gain the dynamic nature they now enjoy. The public's mood changed during the 1800s as it became more obvious that many times entrepreneurs failed with their first venture. They needed a second chance, when they were often more successful. John Bayer, who created what became Bayer aspirin, is an outstanding example of this - at first he tried to build a liquor business, but it failed. His father-in-law was suffering arthritis, and therefore drinking large amounts of willow bark tea - the only known source acetylsalicylic acid. John Bayer then put the willow bark tea through the distillery equipment he'd bought for his liquor business - and thus asprin was created. The point is, he needed a second chance to become successful. Many entrepreneurs are in this category.
Since this is Hacker News, I would guess that most of us know someone who has tried to do a startup, and failed on their first attempt. Many of us also know entrepreneurs who tried again, and met with greater success on successive tries. Tolerance of failure is the first pre-requisite of a dynamic economy.
More so, if you have any friends who have attempted to launch a startup, ask yourself under what circumstances you think your friends should go to jail.
I posted a similar comment some months ago, and I mentioned how many lives might be saved by the next wave of medically-focused startups. Someone responded:
"When you cross the line into experimenting with medical treatments, you're not gambling with other people's money, you're gambling with lives. You can't just equate it to any other kind of start up, it has to be held to a higher standard."
I want to repeat, many, many industries can lead to people's deaths. There is nothing unique about medical innovation. If you build a new kind of jet engine, which gets through testing but which then is responsible for a spectacular crash, then your product has killed a few hundred people. And yet, unless there was fraud in the documentation of the tests, there have not been criminal cases in the past. Right from its creation, decades ago, the FAA has taken a strong line against criminal - the feeling has always been that criminal prosecutions would stifle the free flow of information, and the only way to save lives over the long-term is through the free flow of information.
Many other fields can cause people to die - industrial automation, the transport and disposal of toxic chemicals, the construction of buildings (which could then fail and kill people). All industries are in need of innovation all of the time, yet innovation brings with it risk, including the risk of death. How much innovation will we get if we make these matters criminal?
I should emphasize, just in case people forget, that fraud has always been criminal. It has been criminal for centuries. So the move to criminalize more aspects of business is not a move to make fraud criminal. If you think that the Sarbanes-Oxley Act made fraud criminal, then you are mistaken. Fraud has always been criminal.
Sarbanes-Oxley is representative of the new trend. The overall goal was to encourage greater accuracy in the reporting of a company's financial health. This goal could have been reached through a variety of methods, including both the carrot (rewards) and the stick (punishments). Rewards could have included tax breaks for meeting some additional level of compliance. Punishments could have included fines levied against companies that failed to meet a higher level of compliance. These approaches would not have raised the risk of jail time for CEO's. Instead, Sarbanes-Oxley decided to go with the heaviest kind of punishment of all - to treat infractions as criminal offenses, potentially meriting jail time.
This punitive attitude is going to have a chilling effect on the amount of innovation we can expect in any field.
Couldn't agree more. Everyone see's the risk of advancement, but no one considers the risk of doing nothing. The medical advance that kills the first 10 patients could save the next million. Organ transplants anyone?
SOX could have been penalty free and still effective at it's intended purpose. Just have a new classification of public companies. Either you are SOX compliant or you're not, and let the investors decide the risk based on that knowledge.
You could say that about everything in the financial world. Create government endorsed voluntary categories: SOX or anything else compliant (there are also a lot of investment you need to be accredited to invest in).
Yes, fraud has always been criminal. However, SOX says that the CEO can't escape by pleading ignorance to the goings-on of his company. If his company commits fraud, the CEO is responsible, and can face jail time because of the fraud.
I've no problem with that. I doubt it will stop innovation, except perhaps the kind Enron was involved in (that is, innovation in fraud).
You conflate a lot of issues here by introducing medical innovation and jet engine technology. However, the common denominator is jail time for fraudulent behavior. We're not talking about jailing failed attempts. We're talking about fraud.
As I mentioned above, SOX goes too far in dictating how the company should be transparent. I don't really care. But: the CEO (or, as a reply in the thread above advanced, all of the officers EDIT: http://news.ycombinator.com/item?id=1008571) is (are) responsible. They can't simply testify, "I didn't know about that" and get away with it.
I actually think that by spelling out all of these rules, even though they are expensive, they just give bad guys a set of rules to be gamed.
dhimes, fraud has been illegal for centuries. Sarbanes-Oxley did not outlaw fraud. You are confusing issues of corporate governance with issues of fraud. There are some important issues that the law should address about how much power shareholders should have over their officers, and how much information the officers should be compelled to share. I can think of a 100 reforms I'd like to see that would give more power to shareholders. A CEO is a hired hand, just like a janitor or an electrician, but CEOs have vastly more power to do harm to shareholders interest than any janitor or electrician. Enron is an outstanding example of this. But of the 100 reforms I'd like to see, none of them look anything like Sarbanes-Oxley.
The two of you agree on everything that sane and rational people should. Fraud bad. Innovation good. Prevent fraud good. Hinder innovation bad.
You've just got different internal estimates of the prevalence of fraud, the ease of deterring innovation, and the costs associated with each.
Interestingly, when people disagree like this they almost always either start talking about principles, generalities, or hypotheticals that are obviously very good or very bad. They never say "let's start with some numbers we can both agree on and see if we can figure it out together."
I think that's because people are wired to think with representative symbols (genius inventor, robber baron, welfare queen), and to weight their judgments according to their loyalty to various ideology brands.
I think part of the problem is that the general public thinks of the "business sector" as all one group. They think businesses are trying to screw them and don't realize that some businesses are trying to screw them, AND their competitors.
Of course, startups usually do not do formal audits until they bring on investors who will insist upon them, i.e., typically VCs. Thus, this is just one more reason for a startup to try to bypass such funding sources and pursue less restrictive sources if possible (why add yet another $100K to the annual burn rate when you want above all to preserve cash and use it wisely?).
Combine this (and other factors) with the crimp that Sarbox has put on companies going public, and you have an environment where the value of VC funding (which typically is key to launching a startup on the road to going public) has depreciated.
A founder might look at this and think that this has little or no impact on his bootstrap or angel-funded startup that he plans to sell to Big Company X. But the effect on valuations is real. As with any negotiation, if you have fewer levers to use in the negotiating process, you will be at a relative disadvantage. If your company has no alternative but to be acquired in order to achieve a liquidity event, the buyers on the other side (i.e., potential acquirers) will factor this into their pricing to your detriment.
These sorts of changes may have hurt VCs but they have hurt entrepreneurs as well in limiting or eliminating funding options that were readily available to such parties in the pre-Sarbox era, leaving all parties poorer in the process.
These are real costs (as are the ones that fall on public companies directly, as noted in this piece), while the benefits of Sarbox to date have been dubious at best. Of course, the accountants, lawyers, regulators, etc. who benefit from the regulatory complexity through increased business and/or power will beg to differ, but this doesn't mean they are right.
On a final note, the Supreme Court case noted in this piece does raise the prospect that Sarbox will be declared unconstitutional and, should that happen, there may indeed be some real prospects for reform. The justices seemed skeptical about the constitutional argument during oral argument, however, and this may therefore go nowhere as a potential solution to the problems raised.