Thursday, January 13, 2005

Sarbanes-Oxley and business practices

Mark Kleiman asks why the WSJ would complain about Sarbanes-Oxley, which he characterizes as making "it just a little harder for corporate managers to steal from their stockholders." Sarbanes-Oxley is much more than that. It (and similar measures) have created entire new categories of computer products to meet record-keeping requirements. Companies are starting to store several years of e-mail in write-only devices, with near instantaneous recall. Many functions that used to be distributed are being centralized to increase control and ensure that business practices are uniform and compliant. People are making the kinds of defensive decisions blamed for increasing medical costs. Compliance costs small companies more (it's expensive just to maintain the expertise necessary to comply).

Are these changes rational reactions to SOA? I don't know. The number of actual prosecutions is small, and I don't know whether the actions being taken in the name of compliance are either necessary or sufficient. The overhead may indeed be justified, given the costs of a business system without integrity. The reactions are real, however. It's a bit glib to say that it's only effect is to make it a little harder for a few greedy rich managers to steal.

No comments: