Sent via email
March 21st, 2006
To the distinguished members of the ACSPC:
Since its formulation, we have been following with great interest the progress of the ACSPC as it has debated and discussed issues pertaining to implementation of the Sarbanes-Oxley act. We are writing to provide input on the recommendations proposed in the current exposure draft, as well as an estimate of the impacts SOX legislation has had, positively and negatively, on our cost structure as well as our internal control systems.
Quovadx, Inc. is a publicly held software and services company headquartered in Denver, Colorado that originated during the “.com era” and has grown primarily through acquisition to its current size of $83 million in annual revenues and a market capitalization of approximately $120 million. Quovadx primarily provides integration software, services and application development tools to healthcare and financial services companies.
At one point in 2003, prior to the drafting of Sarbanes-Oxley legislation, the Company reported record revenue, profits and enjoyed a market capitalization of well over $300 million. However, the momentum in the Company’s growth and the success that led to these record valuations was, as our SOX404 evaluation subsequently uncovered, predicated on material weaknesses in internal controls over financial reporting that led to restatements and inappropriate revenue recognition of a number of customer contracts. The restatement announcement, related SEC investigation into the accounting practices that led to the restatement and class action lawsuits, have had, and continue to have, a materially adverse impact on the market valuation of the enterprise as uncertainty remains in regards to the ultimate outcome and effect on the Company of the still outstanding class-action lawsuits and SEC investigation,, not to mention the burden on the Company of the ongoing legal defense costs associated with these matters.
In 2004 and throughout 2005, a new management team hired by the board to stabilize the company, has worked diligently to enhance internal process and control both in response to the SOX 404 mandate and also in response to the fallout from the restatements. We are pleased that the preliminary goals have been accomplished, one of which was to eliminate all material weaknesses by the 2005 examination. The primary goal of stabilization of the financial condition of the enterprise has been achieved and has allowed us to re-focus our strategic efforts in an attempt to invest in attractive market opportunities we see for our product offerings and within our markets. The Company faces many continued risks with executing to the strategic plan of returning long-term value to its stockholders from its low water mark in 2004, however compliance with Sarbanes-Oxley is no longer one of those risks.
We believe our focus on process, enhancing internal control and increased transparency has materially paid-off for Quovadx and its stockholders, but has come at a heavy price during a period where re-investments in market opportunities is critical for the Company’s success. In 2004, we spent approximately $2 million on SOX compliance efforts, nearly 3% of total revenue, internally and externally, with 75% of the costs being paid to either our outside auditing firm, or other firms that specialize in preparing a Company for the third party attestation. In 2005, these costs decreased to approximately $1 million, thanks in large part to efforts by internal teams to bear more of the administrative burden of updating documentation and internal testing, and the realization of year-one set-up costs being duplicated for minimal costs in year two of SOX. Many can argue the $3 million is a small price to pay to ensure ongoing compliance with financial reporting requirements as evidenced by a strong and effective internal control environment. Others can argue that the $3 million represents critical funds that could have been spent in other areas of the business to develop and market competitive tools that would have enhanced stockholder value via growth initiatives.
It is difficult to gauge the indirect benefits these costs have produced, especially for a company that has had to restate prior financial results because of poor controls. No matter your perspective, there are many real benefits that can be cited that have already been realized (improved business processes) and should be realized going forward (increased investor confidence in an effective control environment as evidenced by the recent unqualified opinion issued to our board and stockholders from our auditors).
While we have benefited tremendously from the practical implementation and monitoring of internal systems, we have struggled with the framework for evaluating the effectiveness, as well as the grading system used to evaluate deficiencies. We see on a daily basis our auditors also struggle with this situation. We believe this has translated to an over zealous approach to compliance and remediation, both internally and on our auditors part, that has produced costs and efforts that we believe go beyond the well-intended nature of the legislation. Additionally, because of our past problems with financial reporting, we believe we are sometimes held to a higher standard of acceptability than what is prudent or reasonable, thereby discounting the ability to apply well-reasoned business judgment in favor of unfounded or overzealous accounting interpretation. This has oftentimes contributed to even more remediation and compliance investments that at the margin may improve our internal control but don’t necessarily result in payback internally or for our stockholders. These debates and discussions about the appropriate level of controls and methodology for evaluation and ultimately for remediation are only complicated by the lack of a unified evaluation standard, especially for smaller entities such as ours.
We urge the ACSPC to include in its final report the current recommendations pertaining to the definition of “internal controls” to require development of an agreed-upon framework that takes into account small microcap companies such as ours.
We look forward to our on-going compliance with the current legislation and are hopeful for future clarifications going forward that will enable smaller organizations such as ours to meet the compliance requirements for demonstrating effective internal control environments, but at a cost that allows us to further enhance stockholder value by re-investing in other market opportunities at a greater rate of our limited available resource pool.