Sarbanes Oxley and Do Not Call regulations are interdependent for publicly traded R.E. companies

Since 2002, the Sarbanes Oxley Act has had the management teams of publicly traded companies scrambling to comply with its demanding hurdles. Having holes in your SOX has meant more than cold feet. While non-accelerated filers have caught a break, the SEC postponed their external SOX-compliance audit for at least one fiscal year and most likely another, this does not exempt management from being SOX-compliant now. SOX has generated some positive improvements. It has highlighted the need for both management and employees to focus on internal controls and acted as a springboard for management to move from merely mitigating compliance risk to full enterprise risk management seen from a more comprehensive perspective. So what does it mean to be SOX-compliant, that first step toward creating a comprehensive risk management strategy? Management must be able to assert that they have analyzed, documented, and assessed the key internal controls over financial reporting using a risk-based approach to focus its efforts on those critical areas of the business. This is no small task considering that management must also include in its assessment the risk of not knowing about or ignoring financially significant transactions, especially unrecorded liabilities. Public and private companies in the real estate industry that rely on telemarketing as a key part of their sales and marketing processes face a special challenge that is requiring them to embrace a more holistic approach to risk management from the onset. In their world, failure to comply with the Do Not Call (DNC) rules could also lead to failure to comply with SOX. DNC difficulties are numerous and massive since both state and federal governments maintain their own lists. Forty-three states have their own DNC legislation and the Federal Registry currently has more than 140 million numbers. The chances of dialing one of those numbers without a comprehensive solution are certainly too high. Telemarketers that do not have internal controls in place to ensure that they do not call phone numbers on the DNC lists, could be racking up fines and penalties they don't even know about. And if they don't know about them, they certainly aren't recording and disclosing them in the financial information. The risk of unrecorded liabilities associated with DNC violations goes unmitigated and most probably unidentified. Furthermore, if a company does not have some kind of DNC solution in place it cannot even reasonably estimate its liability associated with those violations. So there is no effective method of recording liabilities or losses in accordance with applicable accounting rules. The risk of DNC violations is not insignificant. With fines of up to $25,000 per violation, the unrecorded liabilities associated with these calls could quickly result in a material misstatement to financial information, and thus, point to a material weakness in internal controls. While settlement amounts may be less than the actual fines levied against violators, companies must consider the costs of defending against and appealing these fines over the years while being conservative in estimating and recording liabilities in their financial information. These costs are not taken into consideration in the total settlements reported by the FTC, FCC, and state agencies, but must be accounted for by violators. Take for example the $2.2 million settlement imposed on ADT Security Services and those on its distributors, or the $4.4 million settlement agreed to by Craftmatic Industries, Inc. One company called more than nine hundred thousand numbers on the DNC registries; at $11,000 per violation, the initial fines are exorbitant and trying to reasonably estimate the amounts to record or disclose as part of financial information is daunting. Moreover, consumers continue to have the ability to bring a civil action against the violating company and potentially recover civil penalties inclusive of court costs, attorney fees and monetary fines, compounding the issue of unrecorded liabilities. CFOs of companies that use telemarketing as a strategy not only need to address the financial losses associated with fines but the lack of controls in place to identify these losses. Fortunately, there are some DNC-compliance solutions on the market and some large companies have developed their own in-house processes. The adequacy of a DNC-compliance solution as an effective internal control is dependent on the design of that solution. Such solutions need to address the risks of: lack of necessary functionality, circumvention, security, failure, and insufficient monitoring. For those working in the real estate industry - building developers, property and facility managers, realty agents, contractors, and construction workers - telemarketing continues to be a vital marketing tool for raising customer awareness, landing bids, and boosting sales and rentals. It is imperative that management is made aware that its DNC-compliance is a key component of its financial reporting strategy and implements or maintains internal controls to address this financial reporting issue and include them as part of its SOX assessment process. Dean Garfinkel is chairman and CEO of Compliance Systems Corp., Glen Cove, N.Y.