Vendor Fun and Games: Dirty SOX
I got wind from another blog that vendors are at it again--using Sarbanes-Oxley or "SOX" as a lame negotiation ploy. What follows is an excerpt from my book, "The Contract Negotiation Handbook: An Indispensable Guide for Contract Professionals," that describes this lame ploy. If you have a vendor that pulls the "I can't do that because of because of Sarbanes-Oxley..." please send your vendor this blog link...
The Ploy
This ploy seems to the 21st Century version of the That Would Violate GSA ploy. Apparently people have been falling for this ploy because I’m seeing its increasing use; therefore, it must be relatively effective or vendors would quit using it. Since it’s such a new ploy, I’m going to over-explain the basis for the ploy, which is the Sarbanes-Oxley Act of 2002 or “SOX.”
SOX was enacted in response to a number of major corporate and accounting scandals including Enron, Tyco, Adelphia, and WorldCom. Those scandals, which cost investors billions of dollars, eroded public confidence in the nation's securities markets (which are a critical part of the nation’s financial infrastructure). In an effort to put some faith back into the securities markets and to keep companies from publishing fictional financial information, SOX established standards for all U.S. public company boards, management, and public accounting firms (it doesn’t apply to privately held companies). SOX contains 11 titles that describe specific mandates and requirements for financial reporting. For purposes of the ploy, two titles are particularly relevant:
TITLE III—Corporate Responsibility. Title III mandates that senior executives take individual responsibility for the accuracy and completeness of corporate financial reports. It defines the interaction of external auditors and corporate audit committees, and specifies the responsibility of corporate officers for the accuracy and validity of corporate financial reports.
TITLE IV—Enhanced Financial Disclosures. Title IV describes enhanced reporting requirements for financial transactions, including off-balance sheet transactions, pro-forma figures, and stock transactions of corporate officers. It requires internal controls for assuring the accuracy of financial reports and disclosures, and mandates both audits and reports on those controls. It also requires timely reporting of material changes in financial condition and specific enhanced reviews by the SEC or its agents of corporate reports.
In a nutshell, SOX is about how financial information is collected, verified / audited, and reported. There is nothing in SOX that mandates what concessions can or can’t be made.
How to Spot the Ploy
This ploy is easy to spot because you’ll hear it verbatim. The vendor will actually say that it can’t offer a concession because it would violate SOX. You’ll likely hear something along the following lines:
- “Our management won’t allow us to make that concession because we won’t be able to recognize the revenue.”
- “SOX won’t permit us to offer that concession because [insert some lame vendor reason here].”
Why the Ploy Works
Like the That Would Violate GSA ploy, it sounds “official.” Despite SOX having been around for a while, many people still don’t know what it means, so you can pretty much relate anything to SOX and people will likely believe you.
Counter Tactic
The first thing to understand is that SOX has nothing to do with what concessions can or can’t be made. For example, the concession of not paying the vendor for software at delivery but instead paying the vendor for software at the time of acceptance (more favorable) isn’t a violation of SOX. Even something as extreme as the vendor giving you everything free wouldn’t be a violation of SOX. As the first counter tactic, make the vendor aware that your understanding of SOX is that it doesn’t prohibit any concession and that SOX pretty much only deals with the collection, verification, and reporting of financial information.
The second step is to determine whether the vendor’s company is public or private. If it’s private, SOX doesn’t even apply to them. Some private companies have gone the extra mile and strive to comply with SOX, but it still doesn’t apply to them. In any case, if the vendor’s company is private, point out to the vendor that you know for a fact that SOX doesn’t apply. The vendor may mix SOX with revenue recognition issues, saying that it can’t offer you the concession because it affects revenue recognition in violation of SOX. There is absolutely no connection, other than recording and financial reporting, between revenue recognition and SOX. The procedures and parameters for revenue recognition come from the American Institute for Certified Public Accountants (e.g., AICPA Statement of Position, or "SOP" 97-2 and 98-9) and the SEC (e.g., Staff Accounting Bulletin No. 101). Neither of those organizations prohibits a vendor from giving you a concession.
Point this information out to a vendor as a counter tactic and you’ll appear informed. If the ploy doesn’t start crumbling before your eyes and the vendor insists on perpetuating fiction, try using one or more of the following:
- “Can I please talk with your accounting folks?”
- “Can you tell me what section in AICPA’s SOPs you’re referring to?”
- “Uh, where in SOX does it say that?”
- “Your RevRec issues aren’t my problem.”
What it boils down to is that the vendor simply doesn’t want to offer you the desired concession, and the vendor is trying to find some "official" basis to get you to believe that it can’t offer the concession. Similar to SOX, as people get educated on this ploy, it will hopefully disappear since it’s totally based in fiction.
P.S. Software vendors sometimes pull a similar ploy using Generally Accepted Accounting Principles or "GAAP" instead of SOX. It's still the same lame ploy with a different look. There is nothing in GAAP that prevents a vendor from offering you a discount or any other concession.
For more on revenue recognition, check out the following resource:
Software Revenue Recognition: An Analysis of SOP 97-2 and Related Guidance, Second Edition (KPMG)
The Ploy
This ploy seems to the 21st Century version of the That Would Violate GSA ploy. Apparently people have been falling for this ploy because I’m seeing its increasing use; therefore, it must be relatively effective or vendors would quit using it. Since it’s such a new ploy, I’m going to over-explain the basis for the ploy, which is the Sarbanes-Oxley Act of 2002 or “SOX.”
SOX was enacted in response to a number of major corporate and accounting scandals including Enron, Tyco, Adelphia, and WorldCom. Those scandals, which cost investors billions of dollars, eroded public confidence in the nation's securities markets (which are a critical part of the nation’s financial infrastructure). In an effort to put some faith back into the securities markets and to keep companies from publishing fictional financial information, SOX established standards for all U.S. public company boards, management, and public accounting firms (it doesn’t apply to privately held companies). SOX contains 11 titles that describe specific mandates and requirements for financial reporting. For purposes of the ploy, two titles are particularly relevant:
TITLE III—Corporate Responsibility. Title III mandates that senior executives take individual responsibility for the accuracy and completeness of corporate financial reports. It defines the interaction of external auditors and corporate audit committees, and specifies the responsibility of corporate officers for the accuracy and validity of corporate financial reports.
TITLE IV—Enhanced Financial Disclosures. Title IV describes enhanced reporting requirements for financial transactions, including off-balance sheet transactions, pro-forma figures, and stock transactions of corporate officers. It requires internal controls for assuring the accuracy of financial reports and disclosures, and mandates both audits and reports on those controls. It also requires timely reporting of material changes in financial condition and specific enhanced reviews by the SEC or its agents of corporate reports.
In a nutshell, SOX is about how financial information is collected, verified / audited, and reported. There is nothing in SOX that mandates what concessions can or can’t be made.
How to Spot the Ploy
This ploy is easy to spot because you’ll hear it verbatim. The vendor will actually say that it can’t offer a concession because it would violate SOX. You’ll likely hear something along the following lines:
- “Our management won’t allow us to make that concession because we won’t be able to recognize the revenue.”
- “SOX won’t permit us to offer that concession because [insert some lame vendor reason here].”
Why the Ploy Works
Like the That Would Violate GSA ploy, it sounds “official.” Despite SOX having been around for a while, many people still don’t know what it means, so you can pretty much relate anything to SOX and people will likely believe you.
Counter Tactic
The first thing to understand is that SOX has nothing to do with what concessions can or can’t be made. For example, the concession of not paying the vendor for software at delivery but instead paying the vendor for software at the time of acceptance (more favorable) isn’t a violation of SOX. Even something as extreme as the vendor giving you everything free wouldn’t be a violation of SOX. As the first counter tactic, make the vendor aware that your understanding of SOX is that it doesn’t prohibit any concession and that SOX pretty much only deals with the collection, verification, and reporting of financial information.
The second step is to determine whether the vendor’s company is public or private. If it’s private, SOX doesn’t even apply to them. Some private companies have gone the extra mile and strive to comply with SOX, but it still doesn’t apply to them. In any case, if the vendor’s company is private, point out to the vendor that you know for a fact that SOX doesn’t apply. The vendor may mix SOX with revenue recognition issues, saying that it can’t offer you the concession because it affects revenue recognition in violation of SOX. There is absolutely no connection, other than recording and financial reporting, between revenue recognition and SOX. The procedures and parameters for revenue recognition come from the American Institute for Certified Public Accountants (e.g., AICPA Statement of Position, or "SOP" 97-2 and 98-9) and the SEC (e.g., Staff Accounting Bulletin No. 101). Neither of those organizations prohibits a vendor from giving you a concession.
Point this information out to a vendor as a counter tactic and you’ll appear informed. If the ploy doesn’t start crumbling before your eyes and the vendor insists on perpetuating fiction, try using one or more of the following:
- “Can I please talk with your accounting folks?”
- “Can you tell me what section in AICPA’s SOPs you’re referring to?”
- “Uh, where in SOX does it say that?”
- “Your RevRec issues aren’t my problem.”
What it boils down to is that the vendor simply doesn’t want to offer you the desired concession, and the vendor is trying to find some "official" basis to get you to believe that it can’t offer the concession. Similar to SOX, as people get educated on this ploy, it will hopefully disappear since it’s totally based in fiction.
P.S. Software vendors sometimes pull a similar ploy using Generally Accepted Accounting Principles or "GAAP" instead of SOX. It's still the same lame ploy with a different look. There is nothing in GAAP that prevents a vendor from offering you a discount or any other concession.
For more on revenue recognition, check out the following resource:
Software Revenue Recognition: An Analysis of SOP 97-2 and Related Guidance, Second Edition (KPMG)
Steve thanks for posting such a comprehensive document.. And I agree that all things considered. Sox or gaap ploy is common practice and depending on level of the sales guy we should always assume they want to maximize recognizing rev's up front over the need of the customer to protect their interest and financial position of their respective company.
Reply to this