In September 2001, the US stock exchanges were startled by what has become known as the Enron scandal. Enron was a large distributor and service provider on the American energy market that brought together demand for and supply of energy. The company was listed on the US stock market. Until 2000 the company realized profits and rapid growth [Enron, 2001]. In 2001 things went thoroughly wrong: the company had to issue profit warnings almost daily and restate its published accounts downwards. Shareholders of Enron were hit by plummeting stock prices: the stock price went down from $ 47 in July to several pennies in December.
The scandal shocked everyone who was directly involved in Enron. The Enron employees not only lost their jobs, but often also their pensions, as they had invested their pension reserves in Enron stock. Many of the Enron managers and directors were brought to trial on suspicion of fraud, market abuse and insider dealing. The external auditor, Arthur Andersen, was criticized for its lack of independence; it used to be one of the largest accountancy firms in the world, but it did not survive the Enron scandal.
Enron was the first accounting scandal that came into the light, but the Enron scandal turned out not to be unique. Since 2001 severe shortcomings in the financial statements of companies like MCI Worldcom, Quest, Vivendi, Paramalat and Ahold have been discovered. This came hand in hand with other developments, such as the terrorist attacks on September 11th 2001, the global economic downturn, and the end of the Internet bubble. This resulted in a world-wide loss of confidence in the stock markets.
In order to counteract the accounting scandals and regain the trust of investors, all over the world measures have been taken to improve corporate governance. These measures aim for a strong and more transparent corporate management, and a more stringent supervision on this management. Below a brief introduction is given into the developments in corporate governance legislation since 2002.
In the US, Congress designed and accepted new legislation in July 2002. The new law was named the Sarbanes Oxley law after the two senators that initiated it: Paul Sarbanes and Michael Oxley [Sarbanes &Oxley, 2002]. The name of the law is often abbreviated to Sox.
The law has almost seventy sections. As an example, the Sox section that must guarantee the external auditor’s independence is presented in below image.
The most drastic Sox section is Section 404. It states that every US-listed company has to extend its annual report. Until 2003, the annual report consisted of the financial statements, such as a balance sheet and an income statement, notes to the financial statements, and a director’s report. Since 2004, or for some companies since 2006, presenting the financial statements is no longer sufficient. The corporate management also has to assess the quality of the so-called system of internal controls, the whole of internal processes and procedures that have resulted in the presented financial statements. This assessment has to be audited by the external auditor, who also has to attest to the findings in a new part of the auditor’s report.
All companies world-wide that have a US listing and all world-wide subsidiaries of US-listed companies have to meet the requirements of Sox. Especially meeting the requirements of Section 404 can implicate a lot of work: companies have to describe their internal control system, assess it, and adapt it if its quality is insufficient. After having done this, they have to present it to the external auditor, who also has to assess it and attest to it.
In reaction to local accounting scandals and the US Sox legislation, many other countries also updated or extended their corporate governance rules and legislations. In he Netherlands for example, the Ministry of Economic Afairs invited a committee to revise the existing, outdated corporate governance code. The committee, which was chaired by former Unilever CEO Morris Tabaksblat, published its recommendations in 2003 [Commissie Tabaksblat, 2003]. In 2008, a slightly revised version of the code became an integral part of the Dutch company law [Monitoring Committee, 2008].
The Dutch corporate governance code gives recommendations for good corporate governance with respect to corporate management, the supervisory board, the shareholders and the financial reporting.
Every recommendation consists of a principle, in which the objectives of the recommendation are presented, as well as a number of potential measures. An example of a measure that should guarantee the external auditor’s independence is presented in below image.
Companies that have to adhere to the code have two options for each of the recommendations: they can either comply with the recommendation or they can explain why they chose not to comply. he complyor- explain principle, which is also used in corporate governance codes in various other countries such as the United Kingdom and Germany, makes the Dutch corporate governance code fundamentally different from Sox, which requires full compliance.
This does not mean that the Dutch corporate governance code is easier to comply with than Sox. Like Sox, the Dutch corporate governance codes have requirements with respect to internal controls. According to Section II.1.4 of the code, corporate management has to report on the functioning of the internal risk management and control system during the fiscal year in the annual report over this year. This section is more stringent than Sox, because the whole system has to be described, while for Sox the description is limited to internal controls over financial statements.
Originally, corporate governance rules and regulations were designed for listed companies only. It is expected however, that their scope will be extended in the coming years, first to all companies, and then to the public sector of the economy. Several related codes have already been developed, for example for building societies, housing corporations, health care organizations and education.
The recent corporate governance legislation has not always been received enthusiastically by the organizations that have to comply with it. The need for more transparency and accountability is generally accepted, but the way this has been prescribed in legislation has been criticized severely. Especially the mandatory description, assessment and auditor attestation of the system of internal controls is considered time-consuming and expensive [Sneller & Langendijk, 2007]. Describing and testing internal controls can take thousands of hours, even in medium-sized companies [FEI, 2005]. he auditor fees in companies that have to comply with Sox have increased with ity percent on average since the effectuation of Sox [Eldridge & Kealy, 2005].