The Sarbanes-Oxley Act might provide an opportunity for Libertarians to demonstrate how government intervention can lead to a cure that's at least as bad as the disease. In broad terms here is EqualOpportunityCynic's understanding of the chronology:
- A bunch of corporations did some undeniably naughty (and illegal) things: Enron, WorldCom, Tyco, ...
- Congress decided -- arguably correctly -- that lack of checks on corporate misdoings were partially to blame
- Congress came up with a scheme to ensure that no CEO or other offical, ever, can claim to not know some detail of the business.
Unfortunately this scheme also involved so many reams of excess documentation that a cottage industry sprang up of compliance consultants.
Descent into Ranting
Now, I'm not really crazy about corporate dishonesty, and I do think that one of the legitimate roles of government is to referee the free market -- i.e. make sure the actors are all telling the truth. But surely S-O is an example of how not to react to a serious social problem, at least from what I've seen.
OK, that's my rant for the day. I don't know enough details to really give better-informed opinion. Feel free to edit this and make it factual and NPOV. - EqualOpportunityCynic 14:13, 2 Jun 2005 (PDT)
Sarbanes-Oxley should be repealed, and the market should develop more comprehensive protection against financial statement fraud through the evolution of auditing firms into insurers offering varying degrees of coverage against harm resulting from misstatements. Entrepreneurs should take the initiative for this change, based on their own assessments of its viability, rather than having the reform imposed by legislatures. I believe this solution would be simpler and more flexible than Congress' flawed attempt at a one-size-fits-all regulatory framework.
Even before Sarbanes-Oxley, there were certain safeguards in place in reference to audits. Audits of financial statements had to be performed by Certified Public Accountants; if they did anything unethical, their licenses could be revoked, meaning the loss of much investment in their careers. CPAs' ethical codes required them to be independent, in the sense that they and certain parties related to them were restricted in what financial or other interest (if any) they could have in the audit client. Liability could be imposed on the CPA firm for gross negligence or knowing violations.
However, there were many loopholes as well. If the negligence was not sufficiently brazen, then the CPAs could not be held liable (although he might still have to shell out legal fees to mount legal defenses). Also, independence could be compromised by the fact that the audit firm could also conduct lucrative management consulting for the client. In a way, this made sense, as the existing relationship with the company allowed for easy cross-selling opportunities; however, it could also create conflicts of interest. Audit letters used language that inherently limited the auditors' responsibility, noting that the financial statements are the responsibility of the company's management and using phrases such as "reasonable assurance," "on a test basis," "we believe," "reasonable basis," "in our opinion," "in all material respects," etc. The idea was that auditors were to merely render an opinion based on limited information, rather than to actually insure the veracity of the financial statements.
After Enron, it became evident this system wasn't enough to prevent major financial statement fraud. In the wake of this scandal, Arthur Andersen was destroyed, and Congress set out to prevent anything like Enron from happening again. Sarbanes-Oxley was the result. It banned auditing firms from also performing allegedly incompatible work for the audit client, such as management consulting. It established the Public Company Accounting Oversight Board, to be comprised of two CPAs and three non-CPAs, to oversee the auditors of public companies. It required the CEO to certify and approve financial statements and to sign the corporate tax return. It also required internal and external audits to include internal control assessment.
Some, if not all, of these reforms are of dubious merit. Why should people with potentially no training or experience in accounting form the majority of a board designated to regulate, inspect, and sanction auditors for violations? Why should a CEO, also a non-accountant, have to approve financial statements that he may not even understand in detail? In a world in which the CEO's time is unlimited, it would be great to have him go through the financial statements with a fine-toothed comb and take personal responsibility; but in the real world, this takes him away from other important duties. Nuanced financial matters are what the CFO is for. The same goes for signing the corporate tax return. What does the CEO know about corporate taxation (aside from that it's unnecessarily exorbitant)? Good internal control is always good, but audit risk is a factor of inherent risk and detection risk as well as internal control risk. Firms with low inherent risk and detection risk may not need an internal control assessment. It has also been noted that Congress rewarded the accounting firms for their manifold failings by giving them a multi-billion dollar industry known as Sarbanes-Oxley.
We should dispense with all these regulations and instead simply have audit firms become insurers against financial statement fraud. The insurance policy should allow investors to file claims for losses sustained due to material misstatements. If auditors know that they will have to eat the consequences of failures on their part, they will have an incentive to take great care and institute methods to ensure not only that they will be absolved of gross negligence, but that they will not even commit the kind of milder negligence that would result in claims exceeding the costs of the due diligence the auditor would have needed to exercise to prevent a clean audit report from being mistakenly issued.
Of course, some investors are more risk-averse than others. Some conservative investors might feel the need for even small misstatements to be covered; accordingly, they will push for the company to get lots of insurance; and the company will have to pay higher fees as a result. Other investors may be less cautious, and push for less insurance coverage in hopes of saving the company money and thus getting a better return on investment. These decisions will likely be influenced by the investors' opinions of management's integrity. We already see many companies purchasing more or less stringent auditing in an effort to appease shareholders, so making these types of tradeoffs would be nothing new.
Some extremely aggressive investors may wish to do without any auditing or insurance at all; if that is their desire, who is Congress to deny them the freedom to do so? For all we know, it might pay off and enable many cash-strapped startups to save on overhead. On the other hand, if those investors lose their shirts, they will be all the less able to waste financial resources on further foolish investments, so the problem solves itself. Money will tend to gravitate toward those with good judgment on these matters. It is no different than a person who decides to get only liability insurance coverage on their car, and to self-insure for damage to one's own vehicle, in order to save money for food, education or other priorities. Sometimes the gamble pays off, and sometimes it doesn't; but it is a financial risk that millions of people knowingly take.
Once auditors sign up to cover the costs of misstatements, there will no longer be a conflict of interest involved in their also doing management consulting. Thus, the reluctance of some auditors to get involved in taking on such liability might be assuaged by the potential for more income. The auditors and consultants might pass information learned about the company back and forth, since their interests in doing a quality job would be aligned. There would be no advantage to auditors shredding documents and trying to hide what they knew about the company's questionable finances; they will be stuck with the bill whether they knew about the client's problems or not. The line between auditor and underwriter could become increasingly blurred, and that is a good thing.
(1) There is great enforcement power in reputation: even without legal liability, an audit firm that certifies statements which end up being materially wrong loses the credibility that gives its audits financial value. Arthur Andersen went out of business in about a year, not because of a government shutdown or loss of licenses, but because their audit opinion lost all value. Notice how quickly the market dealt with unethical auditing, while government prosecution has taken forever against Enron.
(2) It is the Securities Act of 1933 and Securities & Exchange Act of 1934 that allowed auditors to get away with opinions that commit to nothing, because these laws mandated audits by CPAs. In a free market, auditors would have to offer real value to compete, and couldn't rely on laws that compelled firms to use their services.
(3) Absent government regulation, stock exchanges and similar marketplaces would still set standards of reporting to enhance their own reputations. Absent restrictions on speech, information about companies would be widely and quickly available, and people would learn the most credible sources.
The driving force will probably be insurance companies themselves, which will bond companies against fraudulent financial information, and they will have the maximum incentive to evaluate the credibility of audit and similar services: they can decide what is and isn't a conflict of interest, since they will be bearing the cost of bad decisions, and they will stop suing auditors they don't trust. Absent government, people will quickly learn the difference between bonded and unbonded financial reports, and we'll have effective guarantees of accuracy without government.