It's SOX as usual.
Faced with a broad challenge to the Sarbanes-Oxley Act, the U.S. Supreme Court ruled narrowly Monday: It found that the manner in which the accounting body that administers an important section of SOX can be fired is unconstitutional.
But the court unanimously rejected the challenge to the constitutionality of the accounting body itself or of the Sarbanes-Oxley Act. The ruling puts to rest speculation that the 2002 legislation, enacted to address the corporate fraud and accounting scandals at Enron Corp. and other companies, could be dismantled.
"It is just this real technical aspect that was unconstitutional. As far as real people, it didn't have any impact at all," said Walter Van Dorn, a partner at Sonnenschein Nath & Rosenthal LLP. Van Dorn, a former special counsel at the Securities and Exchange Commission (SEC), has been monitoring the case and its impact on Sarbanes-Oxley regulations.
The Public Company Accounting Oversight Board (PCAOB) is the private, regulatory body appointed by the SEC to watch over the accounting of corporate finance. Funded by fees paid by public companies, the five-member board has broad powers to set rules for the auditing industry and issue fines, and to sue and be sued. Since its inception, the PCAOB has been attacked by some for its overzealous approach to SOX, with the result that the regulations were more a financial boon to external auditors than a safeguard against fraud. The high salaries paid to its members have also raised eyebrows.
In a 5-4 opinion written by Chief Justice John Roberts, the court held that the provisions in Sarbanes-Oxley that make PCAOB board members removable by the SEC only for good cause were inconsistent with the Constitution's separation of powers. The provisions restricted the president's ability to fire a member, contravening the executive branch's constitutional obligation to ensure the faithful execution of the laws. The court ruled that the provision be excised, giving the SEC and, by proxy, the president the right to remove any board member for any reason.
"It was a kind of man-bites-dog story for the media," said attorney David Lynn, a partner in the law firm Morrison & Foerster LLP and former chief counsel at the SEC. But it turns out the news is pretty mundane. "It is a very narrow and practical result that addressed a specific issue -- the for-cause question with respect to the board members of the PCAOB. It excised that and let stand the rest of the statute." Lynn said the ruling doesn't change "anything about the rules and standards that the PCAOB has adopted. This is inside-the-beltway stuff."
Prior to the decision, experts watching the case speculated that a ruling against the PCAOB's removal provision could send the law back to Congress, opening up the possibility for making major revisions or using it as a vehicle for financial reforms. But Van Dorn said his reading of the ruling doesn't bear that out. "Congress might choose to revisit the law for their own purposes, but they don't need to as a result of this decision."
PCAOB Acting Chairman Daniel L. Goelzer concurred in a statement on the Supreme Court's decision. "Because the court severed these provisions from the act, however, no legislation is necessary to bring the board's structure within constitutional requirements. The consequence of the court's decision is that PCAOB board members will be removable by the SEC at will, rather than only for good cause. All other aspects of the SEC's oversight, the structure of the PCAOB and its programs are otherwise unaffected by the court's decision. Accordingly, all PCAOB programs will continue to operate as usual, including registration, inspection, enforcement and standard-setting activities."
French Caldwell, an analyst who covers governance, risk and compliance at Stamford, Conn.-based Gartner Inc., said the ruling does not "have much implication for CIOs" or the marketplace. According to Gartner research, SOX has not been a primary driver for governance, risk and compliance (GRC) spending for a couple of years.
"CIOs care about mitigating enterprise risk. Enterprise risk management is a larger driver than SOX for the GRC market," Caldwell said. Indeed, CIOs listed mitigating business risk, not IT risk, he said, as their third-highest strategic priority, suggesting that the bottoms-up approach to compliance has given way to a strong focus on the risk to the business' strategic objectives.
Still, the audit of internal controls stipulated by Section 404 of the act still costs companies plenty -- about $2 million annually. If Congress does revisit SOX for any reason, Caldwell suggests its members look at how some of the European countries have structured their Sarbanes-Oxley-like mandates, where "there is not so much of a cast associated with the audit of financial controls."
Let us know what you think about the story; email Linda Tucci, Senior News Writer.