Last year was excruciating for executives at many of Indiana's public companies, but not for the usual reasons, like a slumping economy or sliding stock market.
Instead, it was because they had to devote thousands of employee hours and millions of dollars to comply with a controversial new rule, Section 404 of the 2002 Sarbanes-Oxley corporate-accountability law.
The rule requires companies to assess the internal accounting controls they have in place to ensure their financial reporting is accurate and reliable-and requires accounting firms to vouch for those controls.
Executives are OK with the concept. In the wake of accounting scandals at Enron Corp., WorldCom Inc. and elsewhere, they favor additional steps to ensure the integrity of the nation's financial-reporting system.
But they say some accounting firms have interpreted the rules in such a narrow fashion that complying is too burdensome-in terms of financial costs and diverting manpower from regular duties.
"In some cases, I think there has been overkill," said Arnie Hanish, chief accounting officer at Eli Lilly and Co. as well as vice chairman of the Financial Executives International's Committee on Corporate Reporting.
Hanish doesn't quarrel with what Lilly's outside auditing firm, New Yorkbased Ernst & Young, required. That doesn't mean it was an easy process. He estimates employees spent 65,000 hours on the project, and he tallies Lilly's compliance cost at $6.5 million.
Internal controls aren't new for companies, of course. What sets Section 404 apart is the requirement that firms create detailed documentation of financial processes and the controls in them, such as required sign-offs by managers. Firms must also document they're following the processes.
Amid the analysis, companies routinely find gaps. The good news is that major Indiana companies were able to be in compliance by their Dec. 31 deadline. Firms on different fiscal years, and smaller firms, have more time.
Across the nation, more than 500 companies weren't in sync by their deadlines and suffered the embarrassment of disclosing deficiencies publicly. Among them: Rochester, N.Y.-based Eastman Kodak Co. and Wayne, N.J.-based Toys "R" Us Inc.
While Indiana firms stayed out of the spotlight, their executives sweated behind the scenes. At Conseco Inc., complying was a monumental task, in part because the company runs a patchwork of more than two dozen computer systems.
"Compliance was more challenging for Conseco than other companies, due in large part to our legacy of prior acquisitions that had not been integrated," CEO William Kirsch said in a conference call this month.
Brightpoint Inc., the wireless phone wholesaler that operates globally, rang up $1.6 million in external costs to come into compliance, CEO Robert Laikin said in a conference call this month, in addition to the thousands of hours the company's employees spent on the project.
Brightpoint CFO Frank Terence, who is recovering from a stroke he suffered this month, told industry publication Compliance Week in February that initially some foreign employees "brushed it off as a U.S. requirement that didn't affect them.
"We had some time lines on documentation work, and some of our international folks were slipping on those time lines," he said. "I personally had to make it crystal clear this was extremely important, and that any failure on anyone's part would have severe consequences for them personally."
Executives at some small firms find the costs so onerous they intend to take their companies private. Indianapolis-based Obsidian Enterprises Inc. and two northeast Indiana banks are among the Hoosier firms that announced plans in recent weeks to voluntarily delist their shares.
For Obsidian, a manufacturing and transportation firm suffering steep losses, the transaction likely would involve cashing out smaller shareholders in order to reduce the roster of shareholders from 1,200 to fewer than 300.
The costs of being a public company have risen steadily in recent years, and complying with Sarbanes-Oxley would add nearly $1 million to expenses in 2005, Obsidian CEO Tim Durham said.
Echoing what many other executives are saying privately, Durham said: "I think Sarbanes generally is an overreaction. ...You have a handful of companies that got in trouble, out of the thousands of companies out there."
Not only can the requirements distract workers from what they were hired to do, they're never-ending, critics say. Firms will have to make substantial investments each year to stay in compliance, though not as much as in the first year.
And even with the best-designed internal controls, there are no guarantees. Controls don't prevent "management override" by corrupt executives, Lilly's Hanish told a U.S. Senate Committee in September.
"Documentation can supplement, but will not supplant, judgment and honesty," he told the committee.
"In the rush to implement Sarbanes-Oxley, there has developed what seems to be an overemphasis on certain additional or duplicative levels of documentation, with a declining value in terms of how much that additional documentation would add to the effectiveness of internal control."