
The Worst Ideas of the Decade - Sarbanes-Oxley - chwolfe
http://www.washingtonpost.com/wp-srv/special/opinions/outlook/worst-ideas/sarbanes-oxley.html
======
grellas
Sarbox has driven up audit costs for startups as well. A decade ago, all kinds
of small practitioners would be willing to do routine audits for $10K or less
for early-stage companies. Now that cost easily runs into the high five
figures, if not more.

Of course, startups usually do not do formal audits until they bring on
investors who will insist upon them, i.e., typically VCs. Thus, this is just
one more reason for a startup to try to bypass such funding sources and pursue
less restrictive sources if possible (why add yet another $100K to the annual
burn rate when you want above all to preserve cash and use it wisely?).

Combine this (and other factors) with the crimp that Sarbox has put on
companies going public, and you have an environment where the value of VC
funding (which typically is key to launching a startup on the road to going
public) has depreciated.

A founder might look at this and think that this has little or no impact on
his bootstrap or angel-funded startup that he plans to sell to Big Company X.
But the effect on valuations is real. As with any negotiation, if you have
fewer levers to use in the negotiating process, you will be at a relative
disadvantage. If your company has no alternative but to be acquired in order
to achieve a liquidity event, the buyers on the other side (i.e., potential
acquirers) will factor this into their pricing to your detriment.

These sorts of changes may have hurt VCs but they have hurt entrepreneurs as
well in limiting or eliminating funding options that were readily available to
such parties in the pre-Sarbox era, leaving all parties poorer in the process.

These are real costs (as are the ones that fall on public companies directly,
as noted in this piece), while the benefits of Sarbox to date have been
dubious at best. Of course, the accountants, lawyers, regulators, etc. who
benefit from the regulatory complexity through increased business and/or power
will beg to differ, but this doesn't mean they are right.

On a final note, the Supreme Court case noted in this piece does raise the
prospect that Sarbox will be declared unconstitutional and, should that
happen, there may indeed be some real prospects for reform. The justices
seemed skeptical about the constitutional argument during oral argument,
however, and this may therefore go nowhere as a potential solution to the
problems raised.

~~~
joubert
Why would Sarbox drive up audit costs for non-public companies (i.e. startups
and small business owners)?

Financial statement audits for private companies are exempt from SOX.

PS: I used to be an external auditor at PwC.

~~~
grellas
I can't speak for the auditors, since I am a business attorney, but I do know
what I have seen in helping to find this type of service for clients. For
example, just within the past year, I was asked to help find a good auditing
firm by one closely held Silicon Valley startup with fewer than 50 employees
and a few million in annual revenues - the cheapest estimate came in at the
$60K-$80K range (and this was from regional firms, not Big Four).

Don't know exactly why this is, except that the auditors themselves kept
referring to Sarbox-type requirements that had become standard practice for
all audits, public and private. Also, I think many of the smaller players have
been chased out of the auditing field by the new complexities injected by
Sarbox and relating recent developments in the field. Whatever the cause, at
least in and around Silicon Valley, it is no longer easy to find a small firm
that will do a quickie audit for a modest sum.

[Edit: just saw reply by tptacek - he says it much better than I do.]

~~~
kirsty
As an ex-Big 4 auditor, I have experience of auditing both private and public
US firms. Even without Sox requirements, there are enough complications in the
audit legislation to make a private company audit less than straightforward.
Trying to squeeze those regulations into a start-up type company structure is
what makes up the time and cost of an audit.

------
dhimes
I'm always skeptical when Congress legislates _process_. They are almost
always better off sticking to outcomes. In this case, hold the execs
responsible for company fraud, but let _them_ figure out how to make sure
their company stays legal.

~~~
bdonlan
The problem is when the execs start feeling like they will never be caught -
or worse, when they start tricking themselves into thinking that what they're
doing isn't fraud.

Sure, they'll be caught eventually and punished, but the damage is done.

~~~
rbanffy
Make all the top level execs liable. That way, one will watch the other and
the odds of all of them entering deliberate fraud (or tricking themselves into
it) is reduced.

It was also suggested on this thread that a carrot-and-stick (fines for the
less compliant, tax reduction for the more compliant) would be pretty clever.

~~~
litewulf
Or, it would just mean that all the top level execs would work to protect each
other.

~~~
lallysingh
Or blackmail one another.

~~~
rbanffy
And then all you need is one failing to pay to bring down the whole castle of
cards.

------
michael_dorfman
_It was never clear how more accounting and reporting regulations were
supposed to squelch fraud._

Really? That one seems pretty obvious to me. Standardized accounting practices
and more transparency via required reporting makes fraud harder to commit and
easier to detect. The _reductio ad absurdam_ almost writes itself.

~~~
dkarl
Plus, many of the new rules were targeted at kinds of fraud that have
_actually been perpetrated_. If you don't patch a security hole, people won't
get tired of exploiting it. They'll just keep on exploiting it until you do
something to make it harder or more dangerous.

------
pg
As well as the cost there's also greatly increased liability for corporate
officers:

[http://www.kirkland.com/sitecontent.cfm?contentID=223&it...](http://www.kirkland.com/sitecontent.cfm?contentID=223&itemId=2510)

~~~
ajross
To be fair: that's completely by design. S/O was a direct reaction to the
perception that the perpetrators of the Enron and Worldcom scams were
essentially unprosecutable because of the difficulty of proving their
knowledge of the events. So the new law puts the presumption of knowledge onto
the senior executives via the certification requirement.

Now, one might argue that this is bad, or has unintented consequences. But
it's not a surprise. It's the intended effect. If you lie (even, perhaps,
unintentionally -- though I don't think there's been a test case of that yet)
on your company's financial statements in the modern USA, you are a criminal.

~~~
grellas
Indeed, it is by design but this is a field in which it is easy to get
blindsided for conduct that has never been regarded as culpable on the part of
management by any historical (pre-S/O) standards.

Bottom line: for those who matter (i.e., those who build companies and make
key decisions on whether to take them public), this is another serious
disincentive to take a company public.

------
DanielBMarkham
Just from a writing perspective, you gotta love the opening lines:

 _.The dumbest government policies are almost always the fruit of the
bipartisanship that sets Beltway hearts beating with patriotic arrhythmia.
Think the Patriot Act, No Child Left Behind, the authorization of force in
Iraq and the TARP...._

To me it's the right mix of colloquial and editorial writing. Very nicely done
lead.

------
ShabbyDoo
I see parallels in California's ill-conceived desire to "protect" porn stars
through mandatory condom use:

[http://www.forbes.com/2009/12/07/entertainment-
pornography-c...](http://www.forbes.com/2009/12/07/entertainment-pornography-
condoms-opinions-contributors-alexandre-padilla.html)

One of the arguments against Sarbane-Oxley is that it created incentives for
smaller public companies to privatize and thus reduced the overall level of
economic transparency -- just like forced condom use could cause the self-
regulated adult industry to go underground.

W.r.t. Sarbanes, it seems that the US government would better serve the
"greater good" by creating a few standardized sets of
accounting/audit/disclosure requirements from which public companies could
pick. Presuming that investors actually valued disclosure laws, companies
could pick a set of rules which they think would maximize their valuation.

Let's say you are a small cap whose profitability would be significantly
affected by the cost off complying with onerous SEC requirements. You could
opt into a looser set of rules, but the market could punish you with a lower
valuation as a result. Perhaps this lower valuation for less
transparency/trust would be better than the reduced valuation from spending an
extra $2.3M to comply with Sarbanes regulations.

As a libertarian, I'm not keen on government involvement in markets, but the
above proposal is a compromise of sorts.

~~~
conover
Exactly. Why not rate a company's financial transparency like bonds are rated?
The market can factor that rating into the valuation.

~~~
byrneseyeview
One simple proxy: implied volatility of put options. Since put option buyers
only make money when the stock falls--dramatically, and quickly--they are the
most effective way to bet that someone is cooking the books.

~~~
joubert
How would they know the books are being cooked?

~~~
byrneseyeview
How would a rating agency? The options traders have money on the line; the
rating agency is betting its reputation--which means it can exploit
mispricings in the reputational marketplace by doing a bad job and hiring good
PR people and lobbyists. This is the purest, most cynical way to explain
ratings agencies in general.

------
lkrubner
My impression is that there was a stretch when some combination of the public
mood and the government's emphasis conspired to encourage small startups. The
1980s and 1990s were clearly good in this respect. The mood of the last decade
has been increasingly punitive. Sarbanes-Oxley is the most clear example of
this. What once would have been treated as a civil matter is now treated as a
criminal matter. Entrepreneurs are now faced with jail time instead of
lawsuits. This can only have a chilling effect on innovation. I think it is
urgent that everyone who cares about entreprenurial culture in America to make
the argument that innovation in business depends in part on tolerance, and
that, in practical terms, this means most matters of conflict should be
treated as civil rather than criminal cases.

A comparison might be made to the evolution of bankruptcy law. Before the mid
1800s, most Western countries treated bankruptcy as a criminal matter, rather
than a civil one. The liberalization of bankruptcy law was one of the factors
that allowed our modern economies to gain the dynamic nature they now enjoy.
The public's mood changed during the 1800s as it became more obvious that many
times entrepreneurs failed with their first venture. They needed a second
chance, when they were often more successful. John Bayer, who created what
became Bayer aspirin, is an outstanding example of this - at first he tried to
build a liquor business, but it failed. His father-in-law was suffering
arthritis, and therefore drinking large amounts of willow bark tea - the only
known source acetylsalicylic acid. John Bayer then put the willow bark tea
through the distillery equipment he'd bought for his liquor business - and
thus asprin was created. The point is, he needed a second chance to become
successful. Many entrepreneurs are in this category.

Since this is Hacker News, I would guess that most of us know someone who has
tried to do a startup, and failed on their first attempt. Many of us also know
entrepreneurs who tried again, and met with greater success on successive
tries. Tolerance of failure is the first pre-requisite of a dynamic economy.

More so, if you have any friends who have attempted to launch a startup, ask
yourself under what circumstances you think your friends should go to jail.

I posted a similar comment some months ago, and I mentioned how many lives
might be saved by the next wave of medically-focused startups. Someone
responded:

"When you cross the line into experimenting with medical treatments, you're
not gambling with other people's money, you're gambling with lives. You can't
just equate it to any other kind of start up, it has to be held to a higher
standard."

I want to repeat, many, many industries can lead to people's deaths. There is
nothing unique about medical innovation. If you build a new kind of jet
engine, which gets through testing but which then is responsible for a
spectacular crash, then your product has killed a few hundred people. And yet,
unless there was fraud in the documentation of the tests, there have not been
criminal cases in the past. Right from its creation, decades ago, the FAA has
taken a strong line against criminal - the feeling has always been that
criminal prosecutions would stifle the free flow of information, and the only
way to save lives over the long-term is through the free flow of information.

Many other fields can cause people to die - industrial automation, the
transport and disposal of toxic chemicals, the construction of buildings
(which could then fail and kill people). All industries are in need of
innovation all of the time, yet innovation brings with it risk, including the
risk of death. How much innovation will we get if we make these matters
criminal?

I should emphasize, just in case people forget, that fraud has always been
criminal. It has been criminal for centuries. So the move to criminalize more
aspects of business is not a move to make fraud criminal. If you think that
the Sarbanes-Oxley Act made fraud criminal, then you are mistaken. Fraud has
always been criminal.

Sarbanes-Oxley is representative of the new trend. The overall goal was to
encourage greater accuracy in the reporting of a company's financial health.
This goal could have been reached through a variety of methods, including both
the carrot (rewards) and the stick (punishments). Rewards could have included
tax breaks for meeting some additional level of compliance. Punishments could
have included fines levied against companies that failed to meet a higher
level of compliance. These approaches would not have raised the risk of jail
time for CEO's. Instead, Sarbanes-Oxley decided to go with the heaviest kind
of punishment of all - to treat infractions as criminal offenses, potentially
meriting jail time.

This punitive attitude is going to have a chilling effect on the amount of
innovation we can expect in any field.

~~~
johngalt
Couldn't agree more. Everyone see's the risk of advancement, but no one
considers the risk of doing nothing. The medical advance that kills the first
10 patients could save the next million. Organ transplants anyone?

SOX could have been penalty free and still effective at it's intended purpose.
Just have a new classification of public companies. Either you are SOX
compliant or you're not, and let the investors decide the risk based on that
knowledge.

~~~
netcan
You could say that about everything in the financial world. Create government
endorsed voluntary categories: SOX or anything else compliant (there are also
a lot of investment you need to be accredited to invest in).

------
barmstrong
As with many government regulations, good intentions but results that are
almost the opposite.

It reminds me a bit of this interview with Milton Friedman, which changed my
perspective on life immensely:

<http://www.youtube.com/watch?v=JfdRpyfEmBE>

------
Calamitous
So, best shortening of the worst idea: Soxley or Sarbox?

~~~
mmt
SOX is the one I've heard most often.

~~~
tptacek
I hear Sox and Sarbox. I've never heard Soxley. (Sarbox is a [weak] security
audit driver, so it's something we talk about a bit).

------
rortian
An op-ed should really never be on HN. It really sucks that this site has
turned into this.

