Due Diligence Under Sarbanes-Oxley


Due Diligence Under Sarbanes-Oxley

By John O. Nigh, Louis J. Bevilacqua – Towers PerrinWickersham & Taft

M&A due diligence has always been a good business practice. But in the wake of the Sarbanes-Oxley Act, it is now essential.

In an effort to restore public confidence in the capital markets and the accounting profession, which were shaken by the collapse of a number of well-regarded companies, U.S. President George Bush signed the Sarbanes-Oxley Act. With some features effective July 30, 2002, the Act aims to curb highly publicized business scandals, accounting irregularities and bankruptcies by revising corporate governance standards, adding new disclosure requirements, increasing the penalties for security law violations, creating an auditor oversight board and, in essence, redefining “independence.”

In the years preceding these accounting debacles, life insurer merger and acquisition activity reached historic levels, reflecting both general market optimism and the economic belief that most companies could not achieve projected growth levels through organic expansion alone. In the wake of Sarbanes-Oxley and the resulting intense internal and external scrutiny, most companies abandoned aggressive acquisition strategies and opted instead for more cautious business models. This lead to a sharp decline in M&A activity.


Sarbanes-Oxley is a corporate governance and accounting oversight act that substantially affects the duties and liabilities of accountants, corporate executives, boards of directors and the lawyers who represent them. The Act addresses corporate responsibility, the creation of a public company accounting oversight board, auditor independence and enhanced criminal sanctions. The effect is much broader. Investment banks, regulators, shareholder groups, plaintiff lawyers and other parties must now analyze companies with a focus on the broad mandates of Sarbanes-Oxley.

■ Corporate ResponsibilitySarbanes-Oxley sets standards for the independence of audit committee members. Most significantly, it also requires CEOs and CFOs of public companies to certify their financials and establish and evaluate specific internal disclosure policies and practices. These policies and practices must ensure that CEOs and CFOs are made aware of all operational information that is material to the financial results of their companies.

■ Public Company Accounting Oversight Board. Sarbanes-Oxley subjects public accounting firms and accounting professionals to supervision by a new Public Company Accounting Oversight Board. This Board is vested with broad regulatory authority, including the power to create standards for quality control, ethics and independence for the industry, as well as the power to conduct inspections, investigations and disciplinary proceedings.

■ Auditor Independence. Sarbanes-Oxley limits the scope of non-audit and consulting services that accounting firms can perform for their public audit clients. It requires that a company’s audit committee pre-approve all permissible non-audit services performed by the company’s auditors.

■ Criminal SanctionsSarbanes-Oxley establishes new criminal offenses, specifically as regards securities fraud, record tampering and conspiracy. It also toughens criminal penalties under certain existing statutes. The concept of “conspiracy” liability sends shivers down the spine of seemingly remote third parties. For example, bankers and lawyers who participate in a Sarbanes-Oxley violation (e.g., by giving limited structuring advice) may be implicated with the primary corporate officers.


In the 1990s, the economy was strong, stock prices were rising and a good deal of M&A activity took place among insurers. Mergers were popular with stock analysts, and the revenue growth achieved through acquisitions tended to hide internal problems. Management was not closely questioned as long as stock prices continued their upward trend.

But many deals did not deliver the anticipated benefits, and years of relying on stock prices for value enhancement abruptly came to an end with the depressed stock market. Variable life and annuity companies experienced additional difficulties caused by minimum guaranteed death benefits, minimum guaranteed income benefits and other guarantees. In fact, some have said that the acquisitions transacted in the late 1990s across all industries lost more for shareholders than did the entire dot.com bust.

A 2003 survey of mergers and acquisitions in the life insurance industry showed that 57% of all insurance company transactions failed to meet the expectations of the buyer CFOs. This compares to an unsatisfactory/ disastrous rate of 59% for a cross-industry survey completed in 1996.

Exhibit 1: Most Mergers Have Not Been Successful
Exhibit 2: CEOs Give Reasons for MA Failures


Today, rating agencies view acquisitions with skepticism. In fact, the opinion of rating agencies has become a critical hurdle in making acquisitions. If the rating agencies do not take at least a neutral position on an acquisition, the deal will likely not be consummated.

Sellers and buyers must now present a strong rationale for the transaction price. Mistakes or oversights can no longer be overcome through increasing stock values, on which acquirers had relied. CEOs and board members are unwilling to risk the potential liability that would follow any misstep. Analysts are scrutinizing both the transaction financials and the underlying business strategy as never before. And the SEC now often uses the acquisition-related filing as a reason to exercise its power to review the buyer’s earlier periodic filings.

Consequently, a buyer’s appraisal has become critical to establishing value. The process generally begins with the seller’s appraisal, which can be very useful for analysis. The seller’s appraisal must be carefully vetted because it often reflects unsupported optimism (e.g., in projected experience or revenue generation assumptions, or by not addressing all off-balance sheet items). Scenario testing is now a mandatory part of a buyer’s appraisal, given that insurance and reinsurance contracts have many types of embedded options that may need evaluation under varying economic scenarios.

Finally, U.S. GAAP income accretion or dilution must be calculated in detail as part of the appraisal process because pool accounting is no longer an option under U.S. GAAP. (See Emphasis 2001/3.) Income accretion or dilution will significantly shape the opinions of investment analysts on the attractiveness of the deal. Buyers will be questioned closely on this.


Historically, the prevailing environment for M&A deals has affected the scope of the due diligence review of the target business. As the landscape has changed, so has the process of due diligence. In the 1990s, acquirers rarely had the opportunity to conduct extensive, time-consuming due diligence. Buyers were seldom granted exclusivity periods, and the typical auction may have allowed the potential buyer only a day or two in the “data room” (which sometimes had a no-copy rule) and a few hours of management interviews.

In the wake of Sarbanes-Oxley, comprehensive due diligence has become an essential element in nearly all of today’s mergers and acquisitions. Although advisers have kept the opening bid process largely unchanged, complete and unfettered access during due diligence is becoming the norm. Post-Sarbanes-Oxley standards for best practices for M&A due diligence are still being established. Nevertheless, today buyers’ senior managers are participating more fully in acquisition evaluation and integration. This includes taking an active role in supervising and documenting the due diligence efforts to evaluate potential risks.

For due diligence to have real value, it must be thoughtfully tailored to the particular facts and circumstances surrounding the potential transaction. Generic due diligence data request lists and procedure checklists no longer suffice. Certain aspects of Sarbanes-Oxley will always be of particular importance to acquirers.

A buyer must keep in mind the effects of the certification requirements (Sections 302 and 906 of the Act) on the structure and scope of due diligence. These obligate the buyer CEO and CFO to certify the financial statements and internal disclosure controls of the combined company as of the end of the first quarter post-acquisition. In major acquisitions, this can be an impossible task if substantial due diligence is not done prior to the closing.

The CEO and CFO certifications do not apply to financial statements filed by the target company (Form 8-K) in connection with an acquisition. However, the CEO/CFO post-acquisition certifications, which accompany a quarterly or annual report that includes consolidated financial statements, will be based in part on financial information from the target company.

This can sorely test the confidence of CEOs and CFOs in the pre-closing financial reports of the acquired business. The potential personal liability and criminal penalties imposed on CEOs and CFOs for inaccurate certifications raises the stakes and necessitates heightened scrutiny by all involved. The accuracy of the target company’s financial information and the sufficiency of the target’s disclosure controls and procedures become absolutely critical.


One can no longer assume that audited financials are sufficient to accurately represent the target’s financial position. Although some comfort can be taken from the existence of audited financial statements from a reputable, independent auditing firm, the fact that a large number of public companies have recently had to restate their audited financial statements suggests that a review of the financial statements will be necessary. Recent corporate scandals show that a target’s financial statements do not necessarily present an accurate picture of the true financials.

Buyers must scrutinize the target’s financials from the ground up by assessing its internal audit functions, including the involvement and independence of its audit committee. As a result of Sarbanes-Oxley, the duties of the audit committee have substantially increased. A review of committee minutes often uncovers potentially important issues. How the committee resolves these issues may indicate its effectiveness and independence.

The process used by the target’s audit committee to select its outside auditor, as well as the target’s relationship with its outside auditor, should also be examined. Comparing the amount of money spent on non-audit services to the amount spent on the audit itself may suggest the relative importance of each to the auditor. If non-audit services are significant, the buyer should consider potential exposure to bias that could affect the integrity of the audit.

When reviewing a target’s accounting practices, the buyer must ensure that such practices comply with GAAP and determine whether these practices are consistent with its own accounting policies. U.S.

“Today, rating agencies view acquisitions with skepticism…. Sellers and buyers must now present a strong rationale for the transaction price.”

GAAP practices often allow for discretion, and to the extent that the target’s account- ing practices differ from the buyer’s, the differences need to be harmonized. The buyer should recognize the potential impact this may have on the combined company’s earnings.

For example, buyers should pay attention to the target’s policies for accounting for contingent liabilities. If the buyer’s accounting practices are more conservative (i.e., will result in greater reserves), the impact must be understood and taken into account in the buyer’s evaluation.


Section 404 of Sarbanes-Oxley requires that “issuers” certify the effectiveness of specific internal control standards. Buyer CEOs and CFOs will have to rely on the target’s control procedures (at least until such procedures can be migrated to the buyer’s system of controls).

A thorough due diligence review of the target’s control procedures must be con- ducted to ensure the accuracy of the financial information of the acquired business. Prudent acquisition due diligence will require the buyer’s accountants to review procedures used by the target to establish the necessary financial controls. Generally, target companies will have charged their accounting firms with designing responsive financial control procedures and will have designated appropriate officers to certify the effectiveness of such procedures.

Prudent buyers must evaluate the status and effectiveness of a target’s disclosure controls and procedures, and internal (financial) controls to ensure compliance with Sarbanes-Oxley. Among other things, audit committees must enact whistleblowing procedures to report questionable accounting or auditing practices. The buyer should also compare the target’s internal controls with its own to identify any deficiencies or differences. This will enable the buyer to prepare integration steps to harmonize both sets of control procedures after closing.


A key goal of the due diligence investigation of the target is to turn findings into meaningful contractual provisions to protect the buyer. Post-Sarbanes-Oxley, buyers often seek bulked-up representations and warranties related to the target’s financial statements and compliance with laws.

But reliance on representations, warranties or other contractual provisions as a substitute for due diligence can be fatal. Representations and warranties can only be adequately drafted if the buyer has already made a detailed inquiry and is fully aware of the relevant issues. In addition, representations and warranties are only as good as the force given to them in other parts of the acquisition agreement (i.e., how the particular representations and warranties relate to closing conditions and indemnification).

In virtually all public company acquisitions, the target’s representations and warranties will typically contain materiality qualifications, which can force the buyer to accept a substantial diminution in value before it can refuse to close the transaction. In public acquisitions, representations and warranties merely serve as closing conditions. There is no remedy for breaches after closing. In private deals, where post-closing indemnification is provided, breaches of representations and warranties are often subject to limitations, which usually work to prevent a full recovery of losses.


M&A activity in financial services has increased in recent months. The ManuLife/John Hancock acquisition and the proposed JP Morgan Chase/Bank One acquisition indicate that executives are becoming comfortable with the current economic environment and are again looking at strategic growth opportunities.

History teaches us that thorough due diligence has always been a good business practice and always an option. Time will tell if the pendulum will swing back to the point where prudence is once again replaced with expediency — or if Sarbanes-Oxley-related due diligence (and the fear of personal liability for key executives) has added a fundamental protection to shareholder value.

2024 Top Global M&A Deals

IMAA’s 2024 Top Global M&A Deals industry coverage offers an overview of the year’s most significant M&A transactions across eight key industries. This monthly M&A

Read More »

Subscribe our newsletter!

Stay up to date with IMAA Institute company news

Are you sure you
want to log out?

In order to become a charterholder you need to complete one of the IMAA programs