Sarbanes-Oxley: A Guide for Venture Capitalists –

For some time we have been talking about the need for VCs to focus on capital-efficient deals, since venture exits are likely to remain in the $100 million to $200 million range for the foreseeable future. One major reason for this conservative exit expectation is the impact of Sarbanes-Oxley (SOX), which is adding cost and complexity to IPOs and M&A transactions, the traditional exits for venture-backed companies.

SOX legislation has raised the bar for private companies contemplating an IPO, since public companies must have the financial means to absorb the ongoing costs of SOX compliance.

In light of the size and nature of these costs, and the material impact they can have on the profitability of public companies, we expect to see more VCs use M&A as the preferred exit strategy. In addition, SOX will creep into many other aspects of private companies and change how VCs apply “best practices” to their portfolio companies. This month, we review some of the major SOX-related issues that VCs need to consider as they fund, build and exit companies.

What’s SOX?

SOX is an article of legislation that was passed by Congress in July 2002 with the intent to “deter and punish corporate accounting fraud and corruption.” SOX is a rat’s nest of new rules and regulations, but it boils down to a few major items that VCs need to be aware of:

* First, it massively increases the role and activities of external auditors in measuring and monitoring a company’s compliance with SOX.

* Second, it increases the internal corporate controls needed to ensure the reliability of reporting, the assessment of comprehensive risk components, and the monitoring of processes for quality, enhanced information, and communication.

* Third, SOX requires management not only to ensure that it supports, evaluates, and measures the effectiveness of these controls, but also to certify personally that this is the case.

Public companies have always been obligated to put controls in place to ensure the integrity of their organizations, but now management and directors can serve jail time if they do not get it right. Thus the stakes are high.

SOX compliance costs come with a hefty price tag. To understand what this all means to the bottom line, we interviewed a CFO of a $150 million company implementing SOX this year. The company’s initial implementation costs total over $2 million while its ongoing annual costs exceed $1.5 million (see Figure 1).

In addition, other miscellaneous costs include incremental directors-and-officers expenses as well as significant management (and board) time to recruit directors, who are both independent and willing to incur the personal risk associated with the position. The incremental time burden on management is estimated by many to be 20% for the CFO and CIO. As a rule of thumb, SOX costs a small company about 1% of sales. These costs could be a material issue to companies in sectors with thin margins or that are still young and only recently profitable.

Compliance Will Drive Value

It is becoming clear that VC-backed companies will need to have some or all of the SOX elements in place to generate high-value M&A exits. With private to public transactions, SOX imposes a five-year look-back period for fraud, manipulation or lack of internal controls. The acquiring company’s CEO and CFO need to be able to certify that their entire company, including any recent acquisitions, is SOX-compliant. Thus, if the target company cannot satisfy these SOX elements, the value of the deal will be adjusted downward to reflect the additional risk. This means that VCs need to encourage their portfolio companies, no matter how early-stage, to ensure SOX compliance in order to maximize exit value. For any limited partner looking to gauge the progress of an underlying portfolio company, this question should be at the top of the Q&A session at this fall’s annual meetings.

The CFOs we interviewed for this article believe that to easily absorb the cost of SOX, a company needs to be on a path to grow to a minimum of $300 million in revenue. For this reason, VCs should only take companies public that can reach this scale in a reasonable period of time after the IPO. Companies that go public and become stranded in the sub-$300 million revenue range run the risk of eroded earnings based upon SOX expenses and, by association, sub-par stock performance. Alternatively, companies not likely to break this barrier should find an M&A exit more attractive than an IPO. Consider a public company whose first $2 million of profits every year are siphoned by SOX compliance!

So what should VCs be advising their private companies to do as they move toward becoming SOX-compliant? First and foremost is the proper construction of the board of directors. SOX requires companies to have independent directors to staff its audit and compensation committees. At least one of the directors on the audit committee needs to be a “financial expert” with understanding of GAAP and experience in preparing, auditing, analyzing, or evaluating financial statements. In addition, VCs need to pay careful attention to potential conflicts of interest with company directors, a common risk with directors that sit on several boards. Internal controls need to be in place at least one year prior to filing for an IPO.

There are many hurdles that exist on the road to becoming SOX compliant prior to taking a company public. Companies often use their revenue and profitability as the main benchmarks in their quest to go public. Because of SOX, companies that can (finally!) meet the financial standards imposed by the public market are getting caught in SOX compliance: Intended IPOs are stalled for three months to a year during this period. With an IPO window that can shut without warning, delays can be very expensive to companies and their investors. As such, the best time for a company to focus on becoming compliant starts on Day 1.

Most companies easily recognize the importance of improving a company’s systems and procedures. Often, what a company doesn’t fully internalize early on is the need to address specific staffing requirements for the company as well as the board of directors. Formerly, public companies had their boards populated with friends who come from high places but who lack the necessary expertise and experience that might otherwise qualify them to provide governance to a company. Rubberstamping compensation packages and other proposals was par for the course. How else would Dick Grasso otherwise get a $187 million pay package?

About that BOD…

With SOX, companies are being forced to revisit the composition of their boards of directors and to make some difficult decisions. A public company now needs to have an audit committee comprised of independent directors, one of whom needs to be a “financial expert.” With the description of “independent” and “financial expert” having been defined, some companies have the onus of revamping their boards. Further, with the personal liability that SOX imposes on a company’s directors, it is no surprise that qualified individuals willing to serve as directors are hard to come by these days. And, by the way, directors are now having to do their jobs for the love and glory of it, since SOX prevents them from being well paid, lest they lose their “independent” designation.

For one of our own companies, it has taken nearly six months to recruit a financial expert to its board. From what we know from other situations, this is shorter than average. As VCs begin to understand the full implications of SOX, they will realize that this legislation is not just a new set of obscure financial rules. They should realize that SOX will directly impact exit valuations, IPO and public company costs, and timing for exits. Smart VCs will carefully study these new rules and regulations and modify their best practices for portfolio company management in order to optimize the $100 million to $200 million exit environment. VC best practices should factor in the needed elements to build a SOX-compliant company in concert with their exit planning. By paying attention to the details of SOX, VCs will raise the probability of exiting in a timely fashion.

Bart Schachter and George Hoyem are managing partners with Blueprint Ventures. Schachter focuses on comm. and IT infrastructure, wireless technologies, nanoelectronics, software and comm. semiconductors. Hoyem focuses on software, wireless, security and IT and comm. infrastructure. They may be reached at bart@blueprintventures.com or george@blueprintventures.com.