Recently, the House Financial Services Committee passed H.R. 3817, the Investor Protection Act. The bill includes an amendment, which would permanently exempt small public companies from complying with Section 404(b) of the Sarbanes-Oxley Act of 2002. The bill must still be voted on by the entire House of Representatives, but it is nice to know that there is hope.
As noted in the October 19th blog post by Mark Bailey, the 404(b) requirement for small business issuers is not beneficial in most cases and thus the passing of this act by the House Financial Services Committee is welcome news.
As a youngster the Song of the South stories penned by Joel Chandler Harris at the beginning of the 20th century and brought to life by Disney were some of my favorites. In one, Bre’r Fox and Bre’r Bear make a tar baby to catch Bre’r Rabbit. Bre’r Rabbit becomes offended when the inanimate tar baby doesn’t respond, strikes it and becomes stuck to it. The more he struggles the more inextricably attached he becomes. It certainly seems that the SEC has found a tar baby in SOX 404(b) as it pertains to non-accelerated filers.
Recently the SEC deferred the compliance date – once again. This time for 9 months. The reason for further deferral was explained as being necessary as the results of an on-line survey conducted by the SEC which was not completed in time. A survey, I venture, that was essentially unknown to virtually everyone it might have affected, so not having it available was irrelevant.
As you may recall the original rationalization for 404 included the premise it would reduce fraud while increasing investor confidence in the issuer’s reporting. Those interviewed for the survey above indicated they did not believe there had been any increase in investor confidence as a result of 404 applied by large filers. Yet in his public comment, Commissioner Aguilar stated ” I join Chairman Shapiro in assuring investors that there will be no further extensions of the compliance deadline.” What am I missing? By the SEC’s own survey, investors don’t care! So why is it mandated? Certainly there can and have been benefits enjoyed by larger issuers. For them it is good governance in many cases, and worthwhile. But not for small companies.
There is essentially no benefit to most non-accelerated filers either actual or perceived in most cases, and the cost is proportionately greater than for larger companies. Both the SEC and the PCAOB have exercised common sense in promoting ‘scalability’ in other areas. They need to do so here as well by eliminating the requirement – one with no or negligible benefit and grossly disproportionate cost – for small non-accelerated issuers.
Will it reduce fraud in small companies? I seriously doubt it and I believe most public company audit partners would agree. The SEC has the weapon it needs to fight fraud in the 302 certifications.
Send this tar baby back to Congress and let the money be redirected for innovation and growth.
It appears the time has come for non-accelerated filers to obtain an audit of internal controls over financial reporting from their external auditor, likely in the form on an integrated audit with the filer’s financial statements.
To date, the SEC has not updated its most recent rules release on the requirement for non-accelerated filers to include an attestation report of their independent auditor on internal controls over financial reporting for fiscal years ending on or after December 15, 2009 (with certain exceptions for new registrants).
Recent remarks by both SEC Commissioner Luis Aguilar and SEC Chairman Mary Schapiro seem to indicate no additional extension will be granted, absent the SEC’s on-going cost-benefit study of SOX Section 404 indicating costs significantly out of line with the benefits.
In preparing for obtaining an audit report, which is as of the annual balance sheet date, it is a good idea to be familiar with a couple of different pieces of guidance. The first of which is the COSO ICFR guidance for smaller reporting companies to ensure appropriately designed and implemented controls to detect and prevent material misstatement of financial information. Secondly, to get an idea of the auditor’s approach, review the PCAOB’s Auditing Standard No. 5 and further the PCAOB’s staff views issued January 23, 2009.