SOX 2002: Unintended Consequences - Should the CFO be the COO?

Abstract

This paper addresses and presents insights concerning an important organizational issue that arises with advent of Section 302 of the Sarbanes-Oxley Act of 2002 [Pub.L. 107-204; 116 Stat. 745] and the role and responsibility of the Chief Financial Officer (CFO). Classical organizational theory indicates that effective organizations align roles, responsibilities, and resources in order to achieve the best outcomes. Today, many of the resources required to carry out the financial and accounting functions (computers, programming, systems, and networks) are the responsibility of the Chief Information Officer (CIO) who typically reports to the Chief Executive Officer (CEO) or Chief Operating Officer (COO), not the CFO. As SOX now places individual responsibility on the CEO and CFO alike regarding the material correctness and integrity of the financials and the adequacy of internal controls [and by inference control over assets and operations that generate the financial, the question arises as to whether the CFO should be elevated in authority or have control and responsibility for the assets required to properly affect the CFO operating and reporting function and compliance with the required SOX 302 attestation.