Compliance Could Snare Skeptics

any significant new business agreement or debt obligation;

staff severance payments;

decision to de-list from a public exchange or failure to satisfy a rule for a continued listing;

determination by a company or its auditor that its financial reports are unreliable and need to be restated; and

significant reduction in value of a commercial asset such as goodwill or securities.

Large public companies also face a November 15 deadline for full compliance with Sarbanes-Oxley (see Another Reason to Hate Compliance).

So is all this just another bureaucratic pain in the storage system? No, the experts say. Reducing the time for disclosure puts a greater emphasis on a public company's ability to manage and retrieve its important financial documents. And the stakes are high: CEOs and CFOs can face big-time penalties for failing to comply with Sarbanes-Oxley or meet auditors requests fast enough.So threatened with extradition to remote parts of New England, nearly all public corporations have a solid document management system in place, right?

Wrong, says a partner in the Boston-based law firm Testa, Hurwitz & Thibeault, LLP.

Carl Metzger, a member of the firm's Litigation Practice and Securities Litigation Groups, says most public companies fit into one of three categories.

“The first type is not up to speed,” Metzger said today on a Sarbanes-Oxley panel discussion organized on the Web by email management vendor iLumin Software Services Inc. “They have no policies firmly in place. They need to become the most active now. Second are companies trying to keep everything . This is not a workable solution.”

Metzger says the keep-everything strategy fails because the retention of too many documents makes it impossible to access information in the timely manner the SEC demands.The third type of company has what Metzger calls “a sophisticated plan of attack. You keep what you need to keep and keep it in an organized fashion so people who need information can have it on a real-time basis.”

So what has kept more companies from entering the third category? It’s not lack of tools or services – nearly every major storage company has compliance-related products, and professional services have jumped on the compliance bandwagon (see B&S Insider Tackles Compliance, IBM's Compliance in a Cabinet and Help for the Compliance Crazed). What's more, regulatory compliance certainly should not have snuck up on anybody, considering it's a key pitch-point for storage vendors everywhere. (See A Rosy Look at Compliance, Gartner: Savor Sarbanes Extension , In 2004, It's Comply or Die, and The Real Cost of Compliance.)

Yet there are executives from companies not in compliance who reportedly view the whole process as a hype-filled initiative aimed solely at loosening budgets.

“There’s no question a lot of people view Sarbanes-Oxley with a jaded eye,” Metzger says. “There’s obviously slick marketing and advertising that you have to sort through, but that doesn’t mean you can turn a blind eye. The truth is, companies have to deal with it. You have to get over your displeasure with regulations and get into compliance. Companies not in compliance will get punished.”

iLumin VP Mike Gundling, one of those slick marketers, says another reason companies aren’t compliant is because they’re still not sure how to go about it. “There still is confusion,” he says. “Not about whether to do something. They know they need to do something. The confusion is in defining what needs to be done.”— Dave Raffo, Senior Editor, Byte and Switch