Commentary: Governance Reform
Sarbanes-Oxley has caused concern among foreign firms that want to conduct business in the US. Now, US companies are increasingly facing similar legislation abroad.
By now enough ink has been spilled over the Sarbanes-Oxley Act that the legislation has essentially become synonymous with corporate governance reform. Call it the “Kleenex” or “Xerox” of regulatory compliance. But as companies hustle to meet the first Sarbox deadline in November, two trends have become clear: First, the mandate for good governance and systematic internal controls stretches well beyond Sarbox (and US shores). Second, it is a mandate that also affects companies not listed on any stock exchange.
While most aspects of regulations like Sarbox only legally apply to public companies, many private firms now view compliance as a considerable benefit—if not a requirement—to stay competitive. Companies with plans to go public, or those looking to be acquired, need to preemptively establish and articulate internal controls and financial reporting practices. Even companies that rely on lenders or venture capital must now demonstrate effective governance practices and financial transparency in order to gain funding. Beyond this, many private and nonprofit companies have established compliance programs simply because they see it as good business.
Simultaneously, the advent of Sarbox- like regulations in Europe has made global companies of all sizes— public and private—realize that Sarbanes- Oxley is only the beginning. Thanks to the growing international consensus, regulatory compliance is, now more than ever, a transnational concern. In fact, the Wall Street Journal recently reported that the US Securities and Exchange Commission plans to strengthen its ties with European securities regulators to identify emerging risks in the US and EU securities markets and to promote regulatory convergence.
Clearing Country Compliance
First, global companies need to understand what’s facing them. While Sarbanes-Oxley has become a household word, non-US regulations remain less familiar. EU countries alone collectively have more than 35 regulatory codes. While that may sound overwhelming, there are fundamental similarities between these laws that make compliance a less “nuanced” process. All of them essentially require management to be accountable to stakeholders. All require companies to establish a reliable information system that allows them to report using international standards from all of their operations and comply with local legislation and good-neighbor practices. And all, to one degree or another, require company management to articulate internal controls and manage the risks of financial reporting error and loss.
Whether a company faces Sarbox or compliance with Australia’s AIX code, it is essential to go beyond the “checklist” of regional reporting mandates. Those that will benefit from compliance will do so by creating a pervasive and permanent “culture of compliance” throughout the organization. Companies must set the tone from the top down.This means taking measures to ensure the sales force doesn’t come under unreasonable pressure to aug-ment the numbers, for example. It means making sure the accountants don’t view “cutting edge” accounting as a euphemism for outfoxing the standard setters. And it means assuring managers that they will never be asked to pressure an employee, customer or supplier to bend the rules.
ViewSonic, a producer of visual technology, is a company that exemplifies this progressive approach to compliance. When Sarbanes-Oxley became law, ViewSonic—a private firm—viewed the legislation as a strategic model.“We saw this as an opportunity to put into place reasonable, manageable and welldocumented controls that will help us work more efficiently and effectively as a global corporation,” says Robert Moon,ViewSonic’s CIO.
Previously,ViewSonic had consolidated its global IT operations, a step that allowed it to standardize business processes on a global basis. Both the financial and operational benefits have been tremendous.ViewSonic can now globally close its financial books in less than three days, a process that previously took three weeks or more. In addition, it saves over $2.5 million annually from reduced IT staffing and hardware costs. In the past year the company took the extra step of implementing a software solution specifically aimed at satisfying Section 404 of Sarbanes-Oxley (the provision that requires companies to articulate and test internal controls). Aside from offering reassurance to current and potential investors, the operational benefits of embracing a system of global corporate governance have been extremely positive.
“In both finance and IT, we realized that consistent, global controls would provide a similar benefit and make certain that all our employee partners throughout the world, particularly managers, would be singing from the same sheet of music when it came to corporate controls,” Moon explains.
But the company’s compliance efforts stretch well beyond Sarbox.With over $1 billion in sales,ViewSonic is growing rapidly in every region of the world and needs to ensure that all regional operations meet corporate standards.“We are ensuring that we are including all requirements for internal controls in every country we operate in,” says Moon. “While our IT setup is standardized across the globe, we have regional processes implemented where required— Europe, Asia Pacific and so on—to meet local country statutory requirements.”
Controls Improve Business Practices
Although compliance may no longer be a choice for many companies, it can be a two-way street—one that boosts investor confidence while fostering leaner, more agile business processes and more profitable operations. Companies can leverage Sarbox and other corporate governance mandates as a benchmark to articulate and consciously redesign the way they do business.
As ViewSonic illustrates, executives who look at the broad picture of what regulations like Sarbox are designed to do often recognize best business practices. The new focus on control and visibility opens up avenues for business process improvement. Documenting business processes creates a body of easily shared and enforced organizational knowledge.Visibility and transparency in reporting brings timely, accurate information— moving companies toward a “daily close”—that lets executives manage with today’s facts rather than last month’s information. Visibility also helps identify non-compliance and breakdowns in processes.
The toughest part of the compliance challenge for most organizations is not in finance; it’s in technology systems. A recent study by Ernst & Young found that virtually all of the companies surveyed placed significant reliance on controls in some or all parts of their businesses to reduce the risk of inaccurate financial reporting.
If the systems supporting the company’s daily transactions aren’t controlled properly, a distorted picture of the company’s performance results. Many companies today operate in environments that make this distortion of reality all too easy. For instance, companies often operate varying systems to support different parts of the business—from Customer Relationship Management (CRM) to financials to manufacturing. Inaccuracies can result from data that is poorly managed as it passes through these multiple applications. Establishing a compliant environment by unifying IT operations with integrated application suites improves control, reduces overall cost and increases the assurance of data quality.
Regulatory compliance is no longer a choice, and corporate governance will stay in the spotlight for the foreseeable future. However, embracing the spirit of these requirements—ethical corporate governance and reliable, timely reporting— can ultimately prove less expensive than grudgingly complying with the letter of the law. In fact, it can deliver measurable bottom-line results. Strategic companies will distinguish themselves by transforming regulatory compliance into corporate excellence—the excellence of success.