Perhaps have compliance tiers such that smaller co's can optionally be in a riskier and less audited stock system or level. However, we probably don't want too much of the economy in that pool.

As it is, private investors may be willing to take on riskier and even dodgier companies who don't want auditors snooping around. That's fine: if the rich want to gamble with dodgy companies via private investment, go for it.

The folks who wanted to take down the country faced almost NO consequence and SOX did little to prevent it. Seriously - thousands of companies jump through regulatory hoops - and the aggressive players get off with nothing.

There are lots of people (most people) working to do the RIGHT thing. It's SUPER annoying to have people put in huge efforts to get a bunch of small things right, and then to have goverment totally fail to enforce truly 101 big things.

I would trade out some of the stuff that 4,000 companies and 100,000's of individual have to jump through for even 100 companies getting some actual enforcement action. Everything from IRS audit to anything else you can think of, just at least make there be some consequence for the 101 style abuse of the systems.

Even auditing another 10,000 individuals, 200 additional executives - the number of folks putting money offshore - with full disclosure now available through leaked documents and information sharing, there should be 1000's of cases to chase this stuff down, not just voluntary disclosure programs.

I think it's arguable, though, that setting up onerous regulations is itself an example of throwing the baby out with the bathwater. A ton of otherwise honest companies are required to spend money on compliance because of the actions of a (relative) few bad apples.

The thing that always gets me is that the industries that have grown up around simply guiding and auditing other companies around process and financial compliance suck billions of dollars out of the economy that could be spent in better ways.

Not saying we should throw away the entirety of this regulatory apparatus, because it does serve a useful function, but I think it would be wise to examine the cost of regulation and eliminate parts that cost more than they're worth.

Why not create stronger incentives for individuals? Simplify regulations with massive painful corporate fines and jail/asset forfeiture for culpable leadership. Red tape is implementation details, let them figure it out. A laser pointer is the best way to herd cats.

It makes more sense to punish those who cheat than to create onerous regulations to prevent cheating. (Of course no reason you can't have appropriate levels of regulation alongside severe penalties for the white collar crimes the regulations are supposed to prevent.)

> The curious task of economics is to demonstrate to men how little they really know about what they imagine they can design.

Tends to ring true more often than not.

The people who have been attacked by Uber drivers wouldn't agree with that statement. I think Uber/Lyft/etc. are largely safe, but their standards are pretty low, and for a long time they weren't even doing proper criminal background checks on prospective drivers. Agreed that the old taxi system was entirely broken and needed to get shaken up, but Uber was hardly a responsible darling in all this.

It's not immediately obvious which one would be safer. In theory ridesharing yields a more extensive data/evidence trail (driver identity, passenger identity, GPS history, etc), making assault much harder to get away with; this would seem to be a better deterrent than relatively anonymous cab rides.

I did a bit of googling and can't find any hard numbers that compare the two types of transport from a driver-on-passenger assault POV. I would welcome cited figures anyone else might have.

On my local Nextdoor someone posted recently about a trial being finished and warning that his wife had been sexually assaulted in a nearby area. The actual newspaper story was a little heart-breaking, on the one hand the guy clearly had been trying to improve and felt remorse, on the other he's a menace to women, he literally walked up to the women and put his hand up her skirt.

While they may have "served their debt" would a taxi firm or someone like Uber really want to hire a serial rapist?

1. https://en.wikipedia.org/wiki/John_Worboys

How long ago is 2008?

> are we sure it's still a problem in the modern era?

Sure seems like it to me.

As mentioned earlier, Sarbanes-Oxley regulations on public company reporting (which is what is being discussed here) precedes the 2008 financial crisis. There are different regulations that came into place on banks after the 2008 crisis like the Basel III capital requirements that attempt to solve a different problem.

Why do you think 2008 could not have happened without Fanny and Freddy?

Of course it is. The system rewards greed, which is a strong incentive to bend the rules or even break them if one thinks they can get away with it. That is why tight controls are necessary, even if they are costly.

Also, Uber's behavior isn't helping the cause in anyway.

There are thousands of public companies in the US, and they all have to endure SOX. It's a pain in the ass but it's not something to be feared. There are plenty of regulations that many companies need to go through that are less onerous than SOX.

From what I've heard from people at my company who deal with auditors, there's no fear or antagonistic relationship; both sides want a positive outcome (which shouldn't be surprising at all). But the cost of the audits and the cost to develop compliant process is real, and I wouldn't blame a private company for eschewing public markets to avoid having to deal with that, especially if they have enough access to private capital.

But here’s the thing; any company over a certain size is going to have internal compliance. Because that’s just good business; you want to know if money is walking out the back door.

Parent companies are still going to audit their subordinates; they don’t want the risk. Banks audit private companies before giving them loans. Investment bankers and private equity do the same. These auditors publish standards. So good internal controls processes will still be necessary, just for different reasons. If you want access to funding and resources, you had better be compliant.

Well, it is suprising to me. In my country, when there is some audit by government agency, be it tax office, or stock market regulators the usual approach is that auditors won't rest until they find something against the company, some reason to fine it.

I think that auditors simply consider their time wasted if their come back to their office empty handed (i.e. without fining the audited company).

There are many cases where tax office made a company go bankrupt by first charging it with some crime, then blocking its accounts, then fining it. After few years of lawsuits company wins, court finds them innocent and orders refund of all the fines, but by the time this happens it is already too late: company is long bankrupt.

So I think you are lucky to live in a country where auditors are this friendly :)

I interpret it as the parent saying that they're afraid of making changes because they're afraid that the auditors won't sign off on it. "Scared" is a funny word to use when they could have called it a "pain in the ass", etc.

For example?

Some facts for those that may read the above and get the wrong idea. EVERY major big four firm and their clients and all other major players have had great difficulty in this area. It's super painful because the question is not - are the numbers right - which pretty much everyone in accounting would understand putting efforts towards, but a very meta (and wide) question on systems getting to the numbers (with turns out to be subjective).

What's crazy is I can step back from this type of thing and without even going into a company spot lots of issues likely illustrating poor control or even worthy of enforcement action (actual enforcement) from the outside. Seriously, go to a consumer complaint website - if you see a ton of the same complaint it's worth a look.

This is why CFPB was such a powerful idea. Yes - they overreached slightly but 90%+ great work - and very focused on bad actors which was wonderful to everyone trying to do right thing. Absolutely should have kept going with that idea.

Just a flavor... pay close attention to words like all and every which open up each item to huge scope - the auditor here picked a random month to test a system and actually went in person to a meeting where reconciliations were performed. Now repeat this 100x for each client. Every firm out there doing audits has had issues like this (many).

These are the MOST experienced people - so I laugh when I hear that "only inexperienced people" have problems.

KPMG:

A.1. Issuer A

In this audit, the Firm failed to obtain sufficient appropriate audit evidence to support its opinions on the financial statements and on the effectiveness of ICFR.

The Firm identified this manual control and certain other manual review and reconciliation controls as compensating controls, but failed to sufficiently test these controls. Specifically —

o To test the review and approval of changes to the financially significant applications, the Firm tested a sample of changes to determine whether they had been appropriately approved. The Firm's testing was not sufficient as ... its sample was limited to changes made in only one month (the third month before year end) and the Firm failed to consider whether this month was representative of changes made throughout the year.

o To test the manual review and reconciliation controls, the Firm obtained certain monthly operating review reports and reconciliations and attended certain monthly management meetings where the reports and reconciliations were discussed. The Firm's testing was not sufficient, as (a) it did not test controls over the completeness and accuracy of the data in the reports, and (b) it failed to test whether these controls identified all of the relevant issues for investigation and, if so, whether such issues were appropriately investigated and resolved.