Oct 29 2010 - Since the enacting of the Sarbanes-Oxley (SOX) Act 2002, publicly quoted businesses have experienced a tightening of financial reporting regulations. Lyle Smith, Director of Global SOX Compliance, Walmart Stores Inc. gives his insight as to how the SOX provisions are continuing to impact companies across America. Lyle is a speaker at our partner event the 20th Edition SOX Compliance & Evolution to GRC Conference from November 4-5, 2010 at the Doubletree Hotel in Philadelphia, PA.
Have the Sarbanes-Oxley provisions introduced an overly complex regulatory environment into US financial markets?
LS: SOX definitely added to the complexity of the regulatory environment, but more than anything it really increased the cost of compliance. Certainly in the first three years the requirement for Sec. 404 of the regulation meant it was very expensive to comply and to create and maintain all the necessary documentation and testing that was required under the law. It may have been misunderstood somewhat, but once it was understood I wouldn't refer to it as overly complex. The primary obstacle was the cost associated with it. That has led to what has been happening over the last two to three years, which is the right sizing of the regulatory effort to comply with SOX.
What are the difficulties and challenges that SOX compliance presents for a company like Walmart?
LS: The challenges and difficulties that we have at Walmart are universal to all companies that have to comply with SOX. Continuing to mature and evolve our SOX compliance efforts to make sure that we're gaining the most value out of the efforts that we undertake to comply so that we aren't being too burdensome on the business or incurring too much cost has been an ongoing challenge.
Another common challenge we have is learning to connect SOX compliance with other governance and compliance activities. SOX is just another area where a company has to comply and is regulated and to the extent that we can integrate that effort with other compliance activities there is the opportunity to gain economies of scale.
We have other challenges and opportunities that are directly attributable to our size, being the largest company in the world. Walmart is experiencing tremendous growth internationally. As a result, we must continuously monitor each country to consider how their growth is impacting SOX compliance, including whether they need to be a part of our formal program. Additionally, we have over 100 IT applications operating on multiple platforms in various geographic areas that need to be in compliance with SOX. The depth and breadth that comes with Walmart is certainly a challenge but it also creates an exciting and diverse environment where SOX compliance remains fresh and relevant.
Has SOX compliance restored investor confidence in corporate governance systems?
LS: Somewhat. It has provided increased visibility into controls over financial reporting for investors as well as management within organizations. It definitely has provided early warning signs for companies that are considering going public. This hasn't been a big deal in the US in the last couple of years as the economic environment has been so unfavorable for companies considering a public offering. However, one recent example where SOX compliance requirements are providing that visibility in potentially restoring investor confidence was the very popular and well-publicized S-1 filing that General Motors just submitted. In the filing they mention that their disclosure controls and procedures and their internal controls over financial reporting aren't effective. That is a good illustration of putting investors on notice for what their current control environment looks like.
With its focus on transparency, did the SOX Act lessen the severity of the global financial crisis or did the meltdown point to the failure of the SOX Act?
LS: Neither. It did uncover a gross misunderstanding of what SOX compliance does for a company. I think that some folks were either explicitly or inherently relying too much on SOX compliance and the assurance that should provide. It provided an opportunity to better understand SOX - what level of assurance it provides, what level of assurance it doesn't provide.
The marcus evans 20th Edition SOX Compliance & Evolution to GRC Conference will take place from November 4-5, 2010 in Philadelphia, PA.
For the PDF version of the interview, click here
