A company I once worked in was acquired by a subsidiary of a company that was listed on the New York Stock Exchange (NYSE). As a result, we suddenly had to put in place systems and processes that were compliant with (a) those of the new parent and the parent’s parent; and (b) the Sarbanes-Oxley Act (SOX).
All of this threw the office into a whirlwind of activity, the brunt of which was borne by the hard-working CFO and her team. Looking in from the outside, it seemed to involve poring over reams of paperwork and long calls to the Hong Kong headquarters conducted in polite but argumentative undertones.
Like Laxman’s forever bemused Common Man, we got to see the side-shows. This involved, among other things, a harried office help running around affixing stickers with unintelligible serial numbers on our lap-tops. Later, someone else sent us an email solemnly informing us that statements of the company’s mission and values were available on our intra-net. We had to reply, just as solemnly, testifying that we had received this mail. At some point, someone had us load a number on our office-paid mobile phones. Apparently this was an emergency number we could call at our Asia-Pacific headquarters if, say, the office burnt down together with its top leadership. This, we were told, was vital for business continuity planning (BCP). Then, a fire drill was instituted. Etcetera….
Eventually, a SOX auditor arrived and began her inspections. She was a woman of no great charm but presumably some efficiency. The atmosphere reminded me a bit of my convent school on the day the local inspector of schools arrived — rigorous restraint on our customary irreverence and many furtive glances at the glass-fronted conference room to see how she was getting on. After three days, she left, and it was business as usual again.
The SOX audit was voted into law in 2002 in the US following massive accounting scams such as Enron, WorldCom, Tyco and many others that emerged from the woodwork at the time. Companies listed on US exchanges (plus their subsidiaries and step-down subsidiaries regardless of country of origin) must meet the exacting standards that SOX instituted, presumably to prevent similar blow-outs.
Unlike the statutory audit, a SOX audit is far more exhaustive, involving not just financial audits, but HR, legal compliance, BCP, IT and a host of other business practices (though how knowing the company’s mission and values would have saved Enron was beyond me). It also requires more stringent disclosures from promoters and management that pin them down on accountability. SOX audits also involve random checks (for which companies are given a few days’ notice) that, no doubt, raise the veracity of the inspection. It has, therefore, become something of a gold standard for prospective clients, partners, investors and so on in the world of global business.
Now, here’s the thing. Satyam must also have been SOX-audited since it has an American Depository Receipt listed on Nasdaq. Yet, until Raju confessed to his long-standing accounting shenanigans last month, even this stringent inspection didn’t pick up traces of fraudery.
Price Waterhouse, the statutory auditor, is now in the dock for possible collusion. The Big Four firm has claimed that it was innocent because it was given fraudulent documents to verify — examining the authenticity of the paperwork would have expanded the scope of the inspection to a “forensic” audit. It has not yet been established whether PW’s claim is justified. As the Satyam fraud showed, disclosures by promoters and managers — and by extension their integrity — lie at the nub of all audits. As the CEO of one company put it to me, “Transparency is as much as I want to disclose.”
A couple of years ago, Nick Massey, former CEO of GlaxoSmithkline Consumer Healthcare, said, “Good governance is not just about having systems. Good governance is all about following those systems as well.”
This was true of the company I worked in. It already had a reputation for high standards of financial ethics so the SOX audit was a necessary irritant rather than an opportunity to clean up dodgy practices.
On the face of it, Satyam also had all the requisite compliance systems in place — it certainly would not have built up such critical mass in terms of income and clients without it. It is now clear that Raju and his team chose not to follow them in practice.
Doubts about Indian promoter integrity — almost without exception — have long been a staple with investors and analysts. Many of these suspected trespasses are forgiven and misgivings suppressed when their companies turn in sterling performances and hand out generous share bonuses or dividends. But to rise to the next level of global business, integrity is becoming much more than a good-to-have attribute. As the US has demonstrated, the consequences of flexible morality in business practices can be grim.
