Former Securities and Exchange Commission Chairman Harvey Pitt, who once led the implementation of the Sarbanes-Oxley Act (SOX), now does not have much good to say about it.
Pitt spoke on Thursday at the Compliance Week 2009 conference in Washington, noting that a decade has passed since Enron and WorldCom created the impetus for Sarbanes-Oxley. Pitt observed, however, that such laws are nearly always designed to address the last corporate crisis, ignoring that corporate failures are "like bugs that adapt to DDT" -- or regulatory oversight.
"SOX was hastily and badly drafted," he said. "[What it described] was all already illegal … but it was important in showing the country wouldn't stand for this kind of behavior. If SOX was really effective, would we have seen the subprime crisis in corporate America?"
He added that he does not see Sarbanes-Oxley genuinely assisting organizations with their governance efforts in the present, either. "I believe it's generally ineffective. Lawyers and companies approach SOX with a 'check the box' mentality. Success requires that you get behind the requirements, understand why they're there and implement the concept, not the literal words."
Pitt was equally blunt about the current state of the regulatory system and risk management.
"Eventually, we're going to have to reform our regulatory system," he said. "It's badly broken and doesn't address major problems. It would be much better to have a comprehensive game plan. Government has to be able to function deftly, swiftly and agilely when unexpected problems arise."
Every corporate employee bears responsibility for recognizing problems, and responsibility for addressing them internally.
Harvey Pitt, former chairman, Securities and Exchange Commission
In his view, reflecting the strong undercurrent of expectation flowing through the conference this week, it's now "inevitable that more regulation will come, forcing companies to be more ethical, more compliant and overall better corporate citizens."
With the new century "not even a decade old," the nation has already seen an "astounding cavalcade" of corporate malfeasance, Pitt said. In the past, he described corporate watchdogs who "merely watched." Risk management was "pushed to the side." There were "failures at all levels." Now, "every corporate employee bears responsibility for recognizing problems, and responsibility for addressing them internally."
Pitt framed the issue in the context of "The Sarah Pitt Syndrome." His mother, described as a "self-medicating health nut," endured stomach pain for two years before she made it to the doctor. In his assessment, businesses can't afford to similarly ignore issues until a crisis arises. As he sees it, business has been following a pattern of "reverse laissez faire." That's meant that they've sat back and "waited for government to tell them what must be fixed and then are shocked when they don't like it."
He kicked off his speech by focusing on the importance of history. In his view, "The single greatest mistake of business is avoiding the necessity of looking at all operations to identify issues before they evolve into a crisis."
So, given that, what is American business -- and the CEOs, CIOs, chief technology officers and CCO who are anticipating such regulation -- supposed to do? Pitt distilled his advice to what he termed a "simple" insight: "Businesses need to acknowledge that their success depends on their ability to adapt and thrive under corporate Darwinism."
Let us know what you think about the story; email firstname.lastname@example.org.