Firms must pull SOX up

DAVID CANTON - For the London Free Press - April 16, 2005 Read this on Canoe

After the controversies involving Enron and WorldCom came to light, the United States government took steps to ensure companies would be held accountable for their actions, particularly for their accounting practices.

The Sarbanes Oxley Act (SOX) was enacted to make companies' accounting procedures more transparent to investors and regulators.

Some may think since it is an American initiative, Canadians are not affected by SOX.

But many U.S. companies with Canadian affiliates will expect the Canadians to keep up with SOX.

Canadian entities providing services to American firms may be forced to comply to keep the business.

The Canadian government has not passed equivalent egislation, but many believe it is only a matter of time.

The legislation provides stringent guidelines that must be followed to ensure appropriate representations are being made to shareholders and the public. A cornerstone of the legislation is the need for "controls" to lessen the risk of fraud.

One of the major requirements of SOX is that information must be stored to provide accurate data for quarterly reporting. Companies may need to upgrade their information technology

infrastructure to comply. This can involve major investment in data storage solutions.

Section 404 of SOX requires companies to have policies and controls to secure and process material and document information dealing with their financial results.

As companies are now required to archive data, one must wonder what exactly is being done with it. One concern is that many firms are storing heaps of data, but are not analysing it. This makes fraud more difficult to spot.

The more data there is in storage, the easier it is to hide fraudulent activities. If fraud is detected, it may take even longer to uncover, as companies will have to wade through all the data they have stored to find proof of the fraud.

This would go against the main premise of SOX, which is to ensure transparency in accounting processes.

In a similar type of situation, a Dutch Internet service provider has filed a lawsuit against the Dutch government to recover about $660,000 US it spent to comply with a law requiring it to monitor each website that each client visits and to read customers' e-mail. The results would be handed over to the police if they had a court order.

The company believes it has obtained no gain by providing this service and that the law is unreasonable. The software is in the general public interest, as it traces criminals.

The Dutch government acknowledges that although it helps companies with the administrative costs of maintaining the software, it does not provide funding for development costs.

In the case of SOX, firms are left to their own devices in order to comply with regulations. The U.S. government does not provide any funding for developing the required systems. Undoubtedly, this means the costs of compliance with SOX are ultimately paid for by the end consumer in the form of higher prices for products and services.