Thriller

"The foulest stench is in the air
The funk of forty thousand years"

Ed Teach at CFO Magazine invokes the Michael Jackson hit as he describes the US Federal government's annual report:

• Deficits and debt and unfunded obligations abound. Some liabilities would terrify the most hardened CFO. (Try $45 trillion!)
• The worst offender by far is the Department of Defense. The GAO said the agency could not accurately account for its property, plant, and equipment, which make up 69 percent of the government's total.
• The federal mandatory spending is now more than 62 percent of the total budget
• For the 11^th year in a row the GAO could not express an opinion on the government's books, primarily because of material weaknesses in financial reporting.

Boy, they have played this April Fool's day joke on us for 7 years now - Sarbanes-Oxley to keep the private sector honest, but little to keep check on themselves.

Have you balanced your eggs, er books today?

Spring Equinox - day to balance eggs!

In the meantime, with ironic timing given the spectacular write down of assets at Bear Stearns and at other financial institutions,   the Center for Audit Quality releases survey results  "More than three-quarters of audit committee members who took part in a recent survey commissioned by the Center for Audit Quality (CAQ) rate overall audit quality “very good” or “excellent,” and 82 percent say it has improved in recent years."

I can just see the excuses - "we were primarily focused on fraud after Enron, not market turbulence or other risks".

My pet peeve about SOX for a few years now has been we have focused on tactical aspects of risk management by throwing low level controls and compliance staff at the problem, while not being focused more on the higher level risks which allow for spectacular frauds and other meltdowns. And risk comes from every corner - from your supply chain, from financial markets, acts of God and yes, sometimes internal fraud.

The Shelf Life of an Audit Report

Courtesy of Dennis Holwett I see Prem Sikka at the Guardian raise the "shelf-life" issue. There was less than a week at Thornburg Mortgage and less than 2 weeks at Carlyle Capital between when the auditors certified their accounts and they hit a material crisis.

We live in turbulent times, and the auditors cannot be blamed for the problems in the first place, but it is disappointing to see this even though in the last 7 post-Enron, SOX driven years, we have given them unprecedented power and budgets to be more invasive in their diligence and their ability to challenge managements.

In case you are wondering about Bear Stearns, Deloitte certified their annual report on January 28.

Oracle's M&A trump card: Sarbanes Oxley?

When we met Charles Phillips at Oracle OpenWorld he mentioned one of the nice things about being acquired by Oracle was entrepreneurs did not then have to worry about Sarbanes Oxley. I took his comment as a negotiation throwaway line.

But I read at the Wired blog the CEO of a company who sold to Yahoo saying "SarbOx? Not my problem." Darn, I thought it was the accountant full employment act, but maybe the legislation is also an M&A investment banker incentive program.

Talking of banks, I am still waiting for people to explain: how come all our new controls did not unearth the risk and exposure that is coming to light and now causing massive write offs and executive turnover on Wall Street? The investment in the last 5 years was supposed to  have provided the controls against such meltdown.

Likely it is will be used as justification for we need even more controls and compliance. Son of SOX? S.O.S. Appropriate...

I thought SOX and GRC made this a thing of the past...

Every time you question SOX and compliance spend, there are plenty of folks who say "...but things are so much cleaner now, investors are so much more confident."

Well, explain where risk mitigation fell apart at Merrill Lynch...and I imagine at plenty more financial institutions as write downs continue on Wall Street.

CEO heads may roll but auditors and software vendors continue to roll on ...

Wagging the Dog

At the AlwaysOn conference last week on a panel with VCs, it is interesting how many different times SOX came up. Bill Gurley of Benchmark, in particular, has pretty strong opinions of the impact it has had and continues to have on start ups and emerging companies. As I have written in past, most large companies have complained about it for years now.

The only ones who seem to want it are accountants and software companies which would rather make money from compliance than business innovation. Talk about tail wagging the dog.

The Glamorization of Compliance

I came back from trip to C. and E. Europe and wrote this.

Now Czech President Vaclav Klaus writes What is at risk is not climate but freedom

Green is chic right now, but it will mean lots of compliance and big government, and the Czechs and the Hungarians and the Romanians know all about big government and how it stifled them for generations. Ask the Czech about the humiliation the vaunted Skoda brand went through in the 60s through the 80s as conformity and mediocrity became the major drivers in that regime.

And as with SOX, compliance advocates are using fear and guilt to push their agenda. Except, this time, the reach is much wider and the stakes are much higher.

People! More Government is Not Good!

There has been spirited debate (read the comments in particular) about SOX and SAP's GRC (Governance, Risk and Compliance) in the last couple of days at Thomas Otter's and Dennis Howlett's

The debate to me goes way beyond arcane sections of the law. Every dollar spent on compliance IT - and by some estimates in the last few years it is up to 15% of IT budgets - sucks oxygen that could be used towards innovation. It is frustrating for my firm to save clients on utility spend, only to see that money not go towards innovation but compliance.

Even more bothersome is we may be glamorizing government regulation.

As I commented on Thomas's

"I cannot believe so many of you think government policy has caused the stock market stabilization(or improved investor confidence in the last few years)

Or that SAP which has mostly private sector customers is continuing to push the “compliance is good” agenda.

Here’s Fortune’s take (about perceptions of business versus government) from the same article I quoted (in my post Shambala)

“For all that business has done to rehabilitate itself since, a significant factor has been what government has failed to do. It did not become the hero the public wanted. In the fight against terror, polling shows, just over half of Americans think the Iraq war made the U.S. more vulnerable to terrorism, not less so. Washington scandals - the Jack Abramoff lobbying mess, the Mark Foley sex mess - reminded voters that politicians can be every bit as sleazy as any executive.

One episode did more than any other to turn attitudes around. That was Hurricane Katrina, when government at nearly every level looked utterly incompetent while businesses became the heroes. FedEx delivered 440 tons of relief supplies, mostly at no charge. Wal-Mart meteorologists informed managers that Katrina was headed for New Orleans more than 12 hours before the National Weather Service told the public; the company later hauled millions of dollars of supplies into the worst-hit areas days before FEMA showed up.”

Shambala

"Wash away my sorrows, wash away my shame..." Three Dog Night

Fortune's cover screams "Business is back".

"No CEO dares say it, yet it must be said: The shaming is over. The 5 1/2-year humiliation of American business following the tech bubble's burst and the Lay-Skilling-Fastow-Ebbers-Kozlowski-Scrushy perp walks that will forever define an era has run its course. After the pounding and the ridicule, penance has finally been done."

And Rep. Oxley of Sarbanes-Oxley fame  now says  ""Frankly, I would have written it differently, and he would have written it differently," he added, referring to Sarbanes. "But it was not normal times."

Wish he had said that 3 years ago - but sounds like we are back to "normal times" after pissing away billions on gun-to-the-head compliance spend.

So, I had to double check James Governor's post - SAP's Governance, Compliance and Risk (GRC) is the "new ERP" to make sure it was not dated 5 years ago. Like DUET - a bit after its time?

But then I read it's not just about SOX. He goes on to talk about exposure to pollution and a whole bunch of other emerging  social responsibility expectations.  And I go, may be GRC is 5 years ahead of is time.

I mean I would love to see SAP's GRC being able to pinpoint

- which of my balance sheet items are hiding slush funds?

- which of my suppliers are using sweat shops around the world?

- which of my factories are potential Bhopals?

- what is the carbon emission from my facilities, my fleet etc?

So, I could go the Google mirror on the wall and ask "What shall I do tomorrow?’" and next to the SAP GRC mirror and ask "What risks will I be taking tomorrow?"

And then expect insurance payouts from both for not protecting me from various risks and eager lawmakers like Rep. Oxley.

In the mean time, I am glad I see the flowers in the mirror in my brother and sister's eyes. On the road to Shambala. Not going to be easy to shame or guilt corporations in to buying stuff.

Post-elections SOX

Neither Rep. Sarbanes nor Rep. Oxley ran for re-election, and Barney Frank, the new chair of the Financial Services Committee is not a big SOX fan .

In this new environment, the WSJ (subscription required) reports:

"Business has won the battle to ease one of the most controversial requirements mandated by the Sarbanes-Oxley corporate-reform law: that companies first review their own systems for ensuring accurate financial reports and then have them tested by outside auditors."

SEC chairman Christopher Cox set the ball rolling this week....as the Washington Post reports.