No More 404(b) Compliance Delays Expected for Non-Accelerated Filers
The Securities and Exchange Commission (SEC) has been sending clear signals in recent months that there will be no further postponements for non-accelerated filers to comply with SOX Section 404(b), which requires an auditor’s attestation on internal controls over financial reporting.
Compliance with 404(b) had been delayed three times for public companies with market caps below $75 million. But all indications are that delays are over and the first attestations will be required with annual reports filed for the fiscal year ending on or after Dec. 15, 2009.
In granting the last extension in 2008, the SEC announced it would conduct a cost-benefits study to assess whether efforts to ease compliance burdens had been helpful. Without revealing any specific details, SEC Commissioner Luis Aguilar told attendees of the Compliance Week Annual Conference in June that the study is nearly complete. He noted that early indications are that the work done to date by accelerated filers, revisions to Auditing Standard No. 5 by the Public Company Accounting Oversight Board (PCAOB) and guidance from groups including the Committee of Sponsoring Organizations (COSO) have helped create a more scalable system.
In a May speech at the Fraud and Forensic Accounting Education Conference, Aguilar further noted that SOX has been successful in focusing attention on the effectiveness of a company’s internal controls over financial reporting. Again pointing to the work done by the SEC, PCAOB and COSO, he noted that available guidance and accumulated experience “should reduce the costs of compliance for smaller companies.”
“It should also be noted that investors in smaller public companies may get particular benefits from having 404(b) apply,” he added. “As noted in the COSO guidance for smaller public companies, these companies face particular challenges with respect to internal control over financial reporting. As the COSO guidance indicates, these challenges can include management's ability to dominate and override the controls that do exist, as well as limitations on resources to maintain appropriate technical controls and sufficient skilled personnel. Thus, having 404(b) apply to smaller companies should increase investor confidence in their financial reporting.”
The question is, are non-accelerated filers ready to comply? According to SOX consulting firm Lord & Benoit, the answer in many cases is “no.” The firm found that 20 percent of non-accelerated filers have not yet complied with Section 404(a), management assertion about the effectiveness of internal controls. Of those that did report under 404(a), more than 12 percent were non-compliant – a situation that does not bode well for 404(b) compliance.
The firm also released “Sarbanes-Oxley Section 404: 10 Threats to Compliance for Smaller Companies,” which looked at historical evidence of material weaknesses from companies with revenues under $100 million to identify the top areas of weakness to help smaller companies prepare for compliance. These included:
1. Accounting and Disclosure Controls: Nearly two-thirds of the companies reviewed had issues relating to accounting
and disclosure controls, including departures from U.S. GAAP, income tax accounting and inadequate or inaccurate
financial statement disclosures.
2. Treasury: Among the material weaknesses in the process level control area of Treasury included accounting for stock,
debt, investments, derivatives and cash controls. Common in the cash area were lack of separation of duties between
signing checks and access to accounting records. Wire transfers with only one person involved was also noted in
many instances.
3. Competency and Training of Accounting Personnel: A lack of management commitment to competency and formal
training programs were described as the root cause for many instances of improper accounting and disclosures.
4. Control Environment: Nearly half of the companies had problems related to Audit Committee effectiveness, including a
lack of effective internal audit function, ineffective monitoring of code of ethics and ineffective technical review of
financial statements leading to financial restatements.
5. Design of Controls/Lack of Effective Compensating Controls: Many companies reported issues with regards to proper
segregation of duties, often caused by the breakdown in the compensating controls that were designed to mitigate the
preventive control.
6. Revenue Recognition: About one-third of the companies had improper revenue recognition, primarily with proper cut of
and timing of transactions.
7. Financial Closing Process: For many companies, the financial closing processes did not identify non-recurring and
adjusting journal entries that should have been made. Consequently, material audit adjustments were necessary
leading to material weaknesses in internal controls over financial reporting.
8. Inadequate Account Reconciliations: A number of account reconciliation deficiencies were noted.
9. Information Technology: Access controls, change controls, ineffective application controls and critical spreadsheet
controls were some of the points contributing to material IT weaknesses.
10. Consolidations, Mergers, Intercompany Accounts: Many companies had material weaknesses in mergers and
acquisitions, intercompany accounting controls, consolidations and foreign exchange translation gains and losses.
Noted Bob Benoit, president and director of SOX research for Lord & Benoit: “Quick proactive action now could minimize the likelihood of an adverse Section 404 report at the end of the first year of compliance.”
Also in this month's issue:
Help Wanted: Companies Brace for Exodus of Baby Boomers
Shanta' Stewart - Kforce Consultant of the Quarter