Skip to main content
Jan 31, 2006

A recipe for trouble?

Directors, executives and, in fact, everyone involved in compliance and governance operations are working much harder and longer than they ever have before. No one disputes this.

However, the situation may be creating a problem for companies beyond greater stress on employees and increased costs of doing business. Indeed, some groups may be sacrificing the time they need to perform their traditional roles, though it may just be a matter of reorganizing workflows to better reflect modern responsibilities.

Board members don’t need to question whether Sarbanes-Oxley has made workdays longer – they can simply review their own schedules. Boards are scheduling additional meetings every year, from the traditional two or four to as many as eight or twelve. Gatherings that once lasted a day are now taking two. As one knowledgeable source put it, audit committee meetings ‘used to be an hour or two hours and then punch the ticket and go. Now they’re half a day.’

There’s no doubt that board members are working longer and harder these days, and that much of this extra time is a direct result of Sox-mandated compliance monitoring responsibilities. But some experts and academics are starting to ask whether compliance issues are threatening to push business strategy out of the boardroom.

Although there is reason for concern, the picture is more complex than merely chanting, ‘Compliance is bad.’ Yes, directors face additional responsibilities, but it is unclear how much of their current workload is here to stay and how much is simply the result of a temporary adjustment period. There are those who argue that once boards and companies get used to their new duties, and they finish implementing technology updates, their workloads will return to more manageable levels.

But it’s not just the amount of extra work that is being done. There’s also the matter of the type of work directors are doing. Boards must look at whether they have become off-balance, or whether part of their increased workload is due to CEO and CFO regulatory myopia – and how they can rectify the situation.

The time trap

There seems to be little doubt that corporate board members are finding their duties taking far longer than ever before. According to George Davis Jr, co-leader of the US board practice group for executive search firm Egon Zehnder International, ‘Sarbanes-Oxley and Section 404 have put huge burdens on directors and simply filled up the calendar.’ He sees boards generally meeting six to eight times a year, and that doesn’t include weekend conference calls, strategic off-site meetings, visits to regional facilities, more face-to-face time with different layers of management and committee meetings. Daniel Langer, solutions director of internal audit and controls at corporate finance services provider Jefferson Wells, has seen his clients average as much as a board meeting every month.

Audit committees in particular have become time sponges. A survey conducted last year by the Business Roundtable shows that 95 percent of the 106 members who responded have seen an increase either in the number of audit committee meetings or in their length. Not only are committee members meeting alone, says Joseph Carcello, a professor and director of research at the University of Tennessee’s Corporate Governance Center, but they’re also meeting more frequently with external and internal auditors, in addition to holding executive sessions without management present. (The Business Roundtable study found that 71 percent of companies expected executive sessions at every board meeting.)

Not only do directors have the obligatory oversight of the Sox statute, but managers – who may be facing increased personal liability – have taken to documenting every ‘i’ they dot and ‘t’ they cross. For example, according to a 2004 study of the Association for Financial Professionals, financial managers are being asked to personally sign off on a wide range of issues, from specific disclosures in management discussions and account balances to compliance with company codes of conduct. According to Jim Kaitz, the association’s CEO, some companies are pushing this certification requirement down to the analyst level.

At every stage, managers take the sheaves of sign-offs, bundle them and pass them up to the next level. What was once a single report can become boxes of papers – and the ream stops with the directors. ‘If they get a report, they have to review it,’ explains Davis. ‘If they get these statements … good governance dictates that they have to review the material. It’s not expectations; it’s requirements.’

The time needed to perform the job is taking its toll. Davis says the board candidate pool has been shrinking ‘because they know the requirements are growing,’ while compensation rates are rising. Although he cannot pinpoint a number for the current rate of compensation, ‘it’s much more than it’s been the past two decades,’ he says.

A loss of focus

Some people studying the effect of Sox on corporations warn that the increased focus on regulatory compliance is distracting management and boards, and is having a detrimental impact on companies. According to a Booz Allen Hamilton study titled Too much Sox can kill you, Sarbanes-Oxley can lure managers into treating risk management as a box-checking activity, resulting in a narrow view that can constrict innovation and growth.

Additionally, in a report sponsored by the Corporate Research Forum called The role of the board in creating a high-performance organization, UK researchers Dr John Roberts and Don Young suggest that pressure from investors, analysts and the press has pushed directors – particularly non-executive directors – into becoming compliance watchdogs at the expense of their critical strategic responsibilities.

But there are questions as to whether these reports are over-reaching. For example, Booz Allen says the Sox check-box mentality means that companies are not looking at broader categories of risk that can prevent a company from thriving. As evidence, it cites its own study of 1,200 firms with market capitalizations of more than $1 billion for 1999 through 2003. Identifying the poorest performers, the study states that compliance problems accounted for only 13 percent of instances in which there was a loss of shareholder value. The remaining 87 percent ‘was attributable to strategic and operational blunders.’

But that latter interpretation is actually quite cloudy. The consultancy took the worst performing part of the worst performing index, as determined by stock performance, and then took the publicly offered explanations for the shortcomings. It came down to interpretation, without additional data, to determine whether the loss was because of a regulatory issue – which, according to Jim Newfrock, senior director and leader of the global strategic risk practice, meant that the company based the loss of shareholder value on having to pay a fine – or whether it was due to an operational issue. However, making a clear distinction between these two issues is difficult at best, since Sox infractions are intrinsically intertwined with what are now operational issues. (The authors did not interview any of the companies, so they could not glean additional information that might make the difference more clear.)

Further complicating the issue is the timeframe. Booz Allen examined company share price performance from 1999 through 2003, ending the year before the requirements of Section 404 came into effect. And it’s that extra layer of reporting that is causing much of the operational indigestion that many corporations now face.

The UK study, in turn, refers to the Booz Allen figures and then uses interviews with 40 ‘chairmen, executives, non-executive directors and others’ as a basis for the suggestion that board members, facing liability under Sox, are taking a defensive posture and focusing on short-term issues instead of long-term corporate health. This study also has some weaknesses.

‘Sarbanes-Oxley really didn’t increase your liability one bit as a director,’ says Gary Brown, chair of the business department at the law firm Baker, Donelson, Bearman, Caldwell & Berkowitz and a special counsel to the US Senate’s Committee on Governmental Affairs during the investigation into the collapse of Enron. ‘Do you have more to do? Yes, you do. Should you get paid more? Maybe you should. Do you have more liability? No, you don’t.’

The authors note that they focused on a qualitative, not quantitative, study of people in the UK, where the nature of governance and the comfort level with Sox are likely to differ from board members in the US. It is also a leap to say that the extra spent time on compliance necessarily translates into fewer hours on strategic issues.

Striking a balance

According to some observers, boards are still spending the same amount of time they always have on strategic issues – they are simply expanding the number of hours they work in order to deal with the increased compliance monitoring duties. Still, the concept of a new lack of strategic oversight is partially supported by a study performed by PricewaterhouseCoopers late last year. According to corporate governance partner Catherine Bromilow, out of almost 1,100 board directors interviewed, 59 percent want to devote more time to strategic planning, and nearly a third want their boards to spend less time on Section 404 analysis.

So boards should take stock of where they are in relation to Sox compliance. They have the potential for focusing too much on the regulation, for a variety of reasons, and there are steps they can take to help mitigate any detrimental effects.

One important question is whether or not the Sox effect – in terms of a shifting focus to compliance – is permanent. Steven Wallman, founder of Proxy Governance, suggests that the current pains that boards face could be the result of a transition phase and that, with time, people will get into the routine of dealing with Sox. ‘Once the reports get to the board on a regular basis, and you’re only looking at differentials, it should start to even out and become a bit easier,’ he says.

Avoiding the compliance trap

But achieving a level of ease requires a company to integrate its compliance efforts into daily operational activities and make them routine processes. Otherwise, management – and, by extension, the board – is forced to handle the issue as a massive annual project, with every phase being an exception to normal operations.

Steve Wagner, managing partner of the US center for corporate governance at Deloitte & Touche LLP, estimates that at best only half of corporations – and possible as few as 40 percent – have ‘the mind-set … to embrace Sarbanes and say, This is something we’re going to make a commitment to and embed in our ordinary operational activities … as opposed to viewing it purely as a compliance activity with a big costly exercise with very little benefit.’

The problem is that while board members may not face additional personal liability under Sox, CEOs and CFOs do. And this gives them some impetus to become full-time legislation experts. Look at how the need to sign off on financial results has permeated companies. While a board can direct a company to some extent, a management team can derail that broader perspective by continuing to pile on the Sox report slush.

Some boards are finding ways to keep from being bogged down by the weight of minutiae. For example, a growing number of audit committees are getting more involved with auditors – not just external, but also internal.

‘Some audit committees are having the internal auditors report to the committee directly,’ says Carcello. The audit committee must approve hiring and firing, budgets and scope of work. ‘It’s not as if the audit committee is suddenly managing the day-to-day internal audit function, but its substantive involvement is much greater than in the past,’ he notes. This way, the board can more directly monitor and affect the degree to which compliance becomes integrated into normal business processes.

All boards can immediately start taking a greater hand in setting agendas, according to Bromilow. ‘Our study showed that it’s still largely management doing that,’ she says. ‘If the board truly takes control of its agenda, one of the things it can do is order the agenda in terms of what’s most important to discuss.’ She suggests that the board could start any meeting with management analyzing issues of strategy or broader risk management, to get robust discussion while people are still fresh. ‘But if strategy is number 19 out of 20 and compliance is 3 through 18, [a board] is going to be spending all of its time on compliance.’

Bromilow also suggests taking a more active role in defining just what information and reports the board actually needs. In new situations, like the onset of Sox, the board might ask for special reports. ‘But that kind of reporting becomes entrenched when they may not need it on an ongoing basis,’ she says. ‘We deal with boards frequently [when] they get too much detail. It’s often tough for them to close the feedback loop.’

What they need to do is use an intermediary, like the corporate secretary or compliance and governance officers, to let managers know when reports are no longer needed or whether an executive summary could be used to speed things along. Without engagement, reports can take on a life of their own, and directors will never see an end to information that has lost its usefulness.

There is a risk that boards can get caught up in the daily details of monitoring compliance, thus creating an environment in which strategy and risk analysis lose some of their importance. The key to avoiding such a situation is to evaluate the balance of board meetings and manage the information received in order to ensure that board members do not become overloaded and can continue to provide the vital insight and experience for which they were appointed in the first place.