Sarbanes Oxley: A lesson in design fundamentals

Bad, hasty design decisions cost big, no matter the industry. In this case, our elected officials have given the best example to date with Sarbanes-Oxley.

Good software architects know how important it is to get the basic details of an environment and to ensure they have captured the conditions of an environment that mandate full attention. The variables in a complex environment must be at least acknowledged before putting a large, governing system in place. Professionals in software know how important it is to (ahem) read the fine manual. There's a reason for that. The truth is bad, hasty design decisions cost big, no matter the industry, no matter the motive or justification. In this case, our elected officials have given the best example to date.

Most of us know how far-reaching and how arduous compliance with Sarbanes-Oxley (SARBOX) has been.

SARBOX was designed to protect investors from accounting fraud and abuse and ensured tighter security controls within IT. By law, regular audits are now a commonplace activity where those controls were not in place before the Act. There is much debate on whether or not SARBOX accomplishes what it intends to do. However, there is little argument on how important some of the activities directed by SARBOX are for companies, such as creating full audit logs of what happens to money or ensuring the CEO of a company actually signs the company's tax return being filed. Things like these are good, regardless of federal law telling us they are. Nevertheless, the way SARBOX is enforced apparently requires more scrutiny.

The Government on trial

Enter the defendant: Title 1 of 11 of SARBOX created the Public Corporate Accounting Oversight Board (PCAOB). As the name indicates, the PCAOB acts as the dark overlord of independent auditors tasked with auditing public companies and as the main enforcer of the mandates dictated by the Act. The Board, in turn, is held to task by the Securities and Exchange Commission (SEC)  but functions as an entirely independent agency free from political influence.  The PCAOB consists of five members who are appointed by the SEC. So, therefore the SEC is really ensuring federal compliance through a separate and independent company. Sounds good, right?

Wrong. The United States Constitution has a little thing to say about separation of powers.  In its Appointments Clause, all officers of the United States must be appointed by the President and are accountable directly to him. The Executive Branch reserves the right to appoint and remove the appointees as it sees fit. The Clause also dictates inferior officers must be appointed by Congress.

Enter the plaintiff: The Free Enterprise Fund raised this very point back in 2006.  If the SEC board governs the PCAOB, how is it constitutional? You see, the members of the PCOAB making decisions and enforcing law are not  appointed by the President, therefore they also cannot be removed by the President. The PCAOB's members are hired and removed by the commissioners of the SEC, not Congress. The fact the PCAOB is "private sector, not for profit" is also a sticking point. It means it is exempt from any Executive oversight. And here's the final rub: the SEC commissioners do not report to the SEC Chairman directly (meaning he is not the "head" of the organization), nor are the PCAOB members "directed or supervised" directly by the SEC. The PCAOB has wide-open license to  do whatever "may be necessary or appropriate in the public interest or for the protection of investors."

The Supreme Court

On December 7, 2009,  the Supreme Court agreed to hear this case. Beforehand, lower court Judge Brett Kavanaugh of the U.S. Court of Appeals for the D.C. Circuit stated, "...we have an independent agency whose heads are appointed by, and removable only for cause by,  another independent agency."  During the trial on the 7th, Justice Scalia made the same damning observation: "The President has adequate control over the SEC only because he can dismiss the chairman of the SEC. But the activity here is not governed by the chairman of the SEC," Scalia said. "The governance of (the PCAOB) is by the members of the SEC." With regards to the ability of the President to dismiss an appointee for cause, Justice Roberts remarked, "That's for cause squared and that's a significant limitation on the President's power that this court has not recognized before."

The cost of overzealous design

I'd say this is an important detail our elected officials should have caught and avoided in the early planning phase of SARBOX. It's the requirement: laws must be constitutional. Was the manner by which  the PCAOB was created simply an oversight in haste of delivering salvation to deceived investors everywhere? Or was it deliberately crafted in such a way to avoid the restrictions of the separation of powers doctrine? Regardless of motive or just sheer incompetence, the result is the same and the ramifications are staggering. Does this mean SARBOX itself falls apart? If one part of SARBOX is deemed unconstitutional, are there provisions within it to keep it from having to be completely re-crafted? Is there a contingency plan? If not, does that mean all fines or sanctions imposed up until this point can be challenged?  Chew on this: In the 1995 case Ryder v. United States, the Supreme Court ruled unanimously that "an individual firm disciplined by a government agency can challenge that discipline if agency officials were improperly appointed." Think about what that means for everyone working for a public company from July 2002 to now who ended up in the iron jaw of non-compliance. Kenneth Lay must be rolling over in his grave.

Final thoughts

Somewhere, someone should have asked the core question and ensured it could be answered without challenge: Does the passing of the Sarbanes Oxley Act and the enforcement agency it created abide by our country's framing document, the one by which all law must align? Even if the initial answer was no, this query officially hit the courts nearly 4 years ago before public view. Were no steps even taken then to address the question at hand? (Maybe put the SEC directly in charge of the overseeing the public company accounting practices?) Was it even considered the plaintiff might have a point?

The answer is obviously no, because doing so would do what this decision by the Supreme Court in June 2010 potentially has the power to do: dismantle the PCAOB and bring SARBOX down with it. At best, the way the PCAOB was created resulted from poor planning due to hasty reaction to investor hoodwinking. At worst, the PCAOB was created by Congress with the absolute intention giving it free-reign power with no accountability to the Executive Branch of our Government. Just like a poorly developed application, having no provision in the Sarbanes Oxley Act to survive if parts of it are deemed unconstitutional means it will crash and burn when that fatal flaw is exposed. It means the PCAOB will be enjoined from further activity until SARBOX is amended and passes through Congress again. This is more than a loophole or oversight, it's Epic Fail.

Editor's Picks

Free Newsletters, In your Inbox