Sarbanes-Oxley KIA?

By Robert Green, Senior Editor

Will the nation’s most celebrated corporate governance law, and the legislation that launched a thousand new compliance requirements for systems operators, be killed in the courts?

That was the overarching question on June 15 when a jury hearing the first criminal case under the Sarbanes-Oxley (SOX or sometimes Sarbox) Act entered its third week deadlocked in an Alabama courthouse. The case, charging Richard Scrushy, the founder and CEO of HealthSouth, with fraud under the statute, was thought to be a slam-dunk when it began. Scrushy stood accused of conspiracy, money laundering and false reporting as well as fraud in how he operated HealthSouth.

But even while Scrushy was being tried, the Supreme Court unanimously undid the conviction of the former Arthur Andersen Co., the celebrated Enron accounting firm which collapsed under the weight of the scandal that led to SOX in the first place. The Court essentially ruled that the destruction of records in the Andersen/Enron matter was only criminal if criminal intent had been proved by the Justice department, and it was not.

To date, legal experts have advised that court cases alone will not alleviate organizations of meeting SOX requirements. But apparent weaknesses in the law were uncovered even in the Alabama case prior to the Supreme Court ruling, when the judge threw out many SOX-specific charges. Much of the pressure exerted by SOX to date has come from a fear of criminal ramifications that might be related to bad or even merely inadequate financial reporting systems in organizations.

One white collar crime expert recently told the Washington Post that in the event of a Scrushy acquittal, SOX would likely lose much of its momentum as a maker of specific reporting requirements. Conversely, several CIOs have already said that any alleviation of SOX at this stage of the national compliance effort is probably “too little too late” because most systems now have considerable SOX-related compliance drills implemented.

Robert Green can be reached at RobertGreen@PubSector.com.