|
 |
|||||||
|
|
|
|
|||||||||||||||||
|
|||||||||||||||||||
|
|
||||
|
Reader
Profile
Editor's note: Each month, we ask a Directors & Boards reader to comment on critical issues facing directors today. If you'd like to participate in this section in the future, please email Scott Chase. What is your opinion about the most recent delay in compliance with Section 404(b) of SOX for smaller public companies? I have long been disappointed with the SEC for delaying full compliance and implementation of SOX for non-accelerated filers numerous times because I believe that all companies that solicit and accept funds in the public market need to have an effective system of internal accounting control in place. This delay, however, is the most disappointing insofar as it establishes how Mary Schapiro will discharge her responsibilities as Commissioner. As recently as June 2009, the SEC indicated that no further delay would be granted to smaller public companies and urged these companies to get ready for compliance. In reality, few small public companies reacted to this edict because of the past history of delays provided by the SEC. True to form, in early October 2009, the SEC announced that another delay was being granted to smaller public companies simply because the report on the effectiveness of Section 404 of SOX was only issued in September, thus reducing the time needed for the smaller companies to be ready. Are they serious? The smaller public companies have had 7 years to get ready for this and have not acted. The mixed message provided by the SEC in issuing a delay was addressed by SEC Commissioner Luis Aguilar in a statement where he said, “Over the last seven years, in several separate instances, the Commission has deferred the compliance date for non-accelerated filer to provide the auditor attestation under Section 404 (b).” I know that as a result there is uncertainty among investors and among non-accelerated filers about whether and when compliance with Section 404 (b) would actually be required, I want to highlight that in today’s deferral, the Commission is, for the first time resolving the uncertainty by making it clear that all public companies, regardless of size, will be required to comply with 404 (b) of the Sarbanes-Oxley Act, and that non-accelerated filers will begin complying in their first annual report for fiscal years ending on or after June 15, 2010.” I think any of us who have been blessed with children know that if you use the “you better not do this again or I will punish you next time” approach to parenting, you lose credibility with the children and more often than not, they will make the same mistake next time. If you do not follow through with your threat, you will lose them as far as trying to change their behavior. It is no different here. I am sure Mr. Aguilar recognized that what he was saying was an empty threat. By doing this action, Mary Schapiro and the SEC lost all credibility. And that was proven by the actions of the House and Senate shortly after the delay was announced. Were you surprised by the swift action of the House Special Services Committee calling for further delays and even abolishment of SOX for non-accelerated filers? I think everyone was a bit surprised, but in hindsight we should not have been shocked. I think the legislatures were waiting for the SEC’s position on SOX to make a move. When the SEC blinked and called for a delay, they saw this as a way to gain favor with a small business community that is being devastated by new taxes and initiatives, such as Health Care reform, which could easily undermine their very existence. The amendment offered by Rep. Carolyn Maloney, D-NY, calling for more studies is particularly troublesome and underscores the lack of knowledge and understanding most legislatures have on the subject of SOX and the implementation of internal controls over financial reporting. The Maloney amendment would require separate studies by both agencies of Congress by June 1, 2010 and to delay implementation of SOX until at least June 1, 2011. What is left to study and what costs should be used as a measure of benefit? Non-accelerated filers have not had to spend anything yet to comply with Section 404(b) since it has been delayed for seven years. Using the accelerated filers cost in 2004 as a basis is absurd since the original compliance costs were incurred at a time when there was no real software developed, no experience with compliance and was done under a more restrictive and comprehensive standard (AS 2). Significant efficiencies have been realized since 2004 and costs have been halved. The new AS 5 standard is a more practical approach to SOX compliance and is more user-friendly and COSO has published various guidance materials to assist smaller businesses design, implement and assess their internal controls. I wonder if Rep. Maloney is aware of any of this. We seem to have a very short memory. More than seven years ago, President George W. Bush signed into law the Sarbanes-Oxley Act of 2002, which was one of the most significant changes to the securities laws since they were enacted more than seven decades ago. Unlike today, SOX had nearly unanimous support of Congress. At that time, the country was outraged about the deterioration of trust in corporate America. What began as a reaction to the bankruptcy of Enron and the ultimate collapse of one of the Big 5 public accounting firms evolved into a larger corporate credibility issue and provided political impetus for corporate and accounting reforms. Investor concerns were fueled by almost daily revelations about perceived corporate misbehavior and very real accounting irregularities, including the situations at Adelphia, Tyco, ImClone, and WorldCom, just to name a few. By reducing compliance with SOX, Congress is risking another collapse of public confidence. Certainly, the recent fraudulent situations involving Bernie Madoff and many others are a warning sign that controls need to be placed over companies entrusted with investing financial assets. Frankly, it seems to me that more controls are needed, not less. The ability of the country to rise successfully out of this recession lies with entrepreneurial companies, which have traditionally been the lifeblood of our economy with job growth and innovation. However, these companies traditionally have less sophisticated systems and less experienced individuals in management positions. Statistics show that incidences of fraud and restatement of financial results are significantly more prevalent in smaller companies, yet Congress is demanding that they not be monitored due to cost. Truly, the cost of SOX compliance is far less than the consequences associated with non-compliance. In my opinion, it is imperative that non-accelerated filers begin to act and stop procrastinating. As an added incentive, recent studies have indicated that companies that are not SOX compliant or who have material weaknesses in their internal controls are paying more for their audits and receive a lower valuation in a transaction than those that are compliant, thus negating any perceived cost savings through non-compliance. What can be done better to improve the efficiency of SOX compliance? We have long been espousing the vast opportunities to improve efficiency by implementing IT controls to replace manual controls. Recent studies have indicated that movement to IT controls by many companies has been slow. This is due, I think, to the impact of the recession on many organizations and a reluctance to invest in IT infrastructure. Further, with less people to do more work, organizations are trying to just get by and do not want to create new initiatives. Of course, this is short-sighted because using IT controls can improve internal controls, streamline the business process and be far less impacted by economic downturns. Another area where there can be an efficiency improvement is using a centralized Governance, Risk & Compliance (“GRC”) tool to manage a company’s compliance process. Currently, organizations have relied on Microsoft (“MS”) products (Word, Excel and Access, in that sequence) to manage the compliance process. This is primarily due to the following factors:
There is still a lack of motivation to utilize a centralized GRC tool for the following additional reasons: Most companies/users do not understand the big benefits that will accrue by using a GRC tool such as:
Unfortunately, most organizations do not even realize the quick return on investment that is possible by the systematic and planned implementation of a GRC tool across the breadth of the organization. How have the delays in full SOX Compliance impacted boards of directors, CEOs and CFOs? I think it has caused much confusion and blurred the distinction between the Board’s fiscal responsibility to conserve costs and fiduciary responsibility to promote strong corporate governance. SOX highlighted the critical role that boards of directors are expected to fulfill in regard to a company’s strategic direction and risk management strategies. This is a very positive residual benefit of SOX. However, the waffling of the SEC on requiring full compliance with SOX has placed Board members in a rather uncomfortable position. On the one hand, Boards have taken seriously their responsibility to be the watchdog for corporate governance and placing the correct tone at the top. On the other hand, the Board does not want to spend unnecessary dollars to simply be in compliance, especially when the SEC is unsure of the direction non-accelerated filers (“NAF”) should take in maintaining effective internal controls over financial reporting. Instead of being proactive, Boards have become reactive, waiting for guidance from the SEC. Part of the problem is how SOX is perceived by many NAFs. It is looked upon as a compliance cost and not as a means of creating efficiency and effectiveness. We believe that SOX should be treated as a business process improvement exercise and not simply a compliance project. Having effective internal controls is simply good business. Many companies that have complied with SOX have become more efficient and better managed and have increased their use of technology to improve controls. Further, companies that are compliant have traditionally received a higher multiple when sold. We believe the board of directors should push management to action and not allow the procrastination that has gone on for the last seven years. CEOs and CFOs have actually put themselves at greater risk by not having the auditor attestation process (called for in Section 404 (b) of SOX and currently being delayed by the SEC) performed. What has been delayed is simply the independent assessment of the effectiveness of internal controls over financial reporting. Rather than having their risk shared with their independent auditors, CEOs and CFOs are out there all alone. They still need to sign the 10(q) each quarter and attest that the company’s controls over financial reporting are effective. So whether or not the auditors are required to independently attest to the effectiveness of internal controls, the CEOs and CFOs still are on the hot seat. Interestingly, most CEOs and CFOs do not focus on this. If the legislators succeed in eliminating the requirements of Section 404 (b) for NAFs, we believe the SEC enforcement group should prosecute the CEOs and CFOs if a material weakness in internal control results in restatement of the financial statements or loss of significant investor capital. This action will sensitize the CEOs and CFOs to their responsibilities and could create a call to action in this area. |
|
|||
| Thomas
A. Basil is the Chairman and CEO of WithumSmith+Brown Global Assurance,
LLC (WS+B GA), a division of WithumSmith+Brown, PC, headquartered in
New Brunswick, New Jersey. It provides expert counsel and project
support for Sarbanes-Oxley and other internal audit and risk assurance
related services to both public and private companies. He is a licensed certified public accountant in the states of New Jersey, New York and Connecticut. He is currently an adjunct professor at his alma mater, Seton Hall University, where he graduated with a BA degree in Accounting. He serves as Chairman of the Board of Advisors to the Center for Entrepreneurial Studies. Prior to joining WS+B, Tom was a member of Ernst & Youngʼs New Jersey Emerging & Growth Markets Group. He was also president of Basilo Associates and GBT Consulting, Inc., advising owners and managers of emerging growth companies on operational, managerial, succession and general business issues, fundraising and IPOs. Prior to creating Basilo Associates, Tom was the partner-in-charge of the Entrepreneurial Business Services practice for the NY metropolitan area at Coopers & Lybrand (nowPricewaterhouseCoopers). He worked extensively on the divestiture of AT&T and was responsible for AT&Tʼs international work. Tom is the author of several articles relating to the impact of the Sarbanes-Oxley Act of 2002 on middle market and small businesses. He was a contributing author to the tenth edition of Montgomeryʼs Auditing and served on the editorial advisory board of CPA Digest. Copyright © 2010 Directors & Boards, P.O. Box 41966 Philadelphia, PA 19101-1966. All rights reserved. Contact the webmaster. < Privacy Notice > |
|||||
