While all companies will be subject to the audit of internal controls required under Section 404 of Sarbanes-Oxley, the head of the Securities and Exchange Commission says regulators will lighten the burden of the requirement on smaller companies, according to a published report.
In a recent interview with The New York Times, Cox said regulators will push auditors to focus their attention on the areas of greatest risk, which should help hold down the cost of the audits.
“There will be an audit for everybody, which is a major decision we took,” Cox is quoted as saying. But the nature of the audit “is supposed to be risk-based, so that the auditor’s time is focused on the areas of greatest risk.”
Cox
Cox said he’s been in talks with Public Company Accounting Oversight Board chairman Mark Olsen about clearing a path for the PCAOB to propose a new auditing standard to be approved by the SEC by this spring. While he expects the revised standard to be easier to comply with, Cox said he’s “very concerned that no matter what we do in this audit standard, we will not have much impact on audit fees. But it is our intention to do so, in a way that gives investors far more bang for the buck.”
Earlier this year, an advisory committee appointed by previous SEC chairman William Donaldson recommended that the SEC eliminate internal control audits for certain smaller companies. Cox said that the SEC is likely to accept the size categories proposed by that committee, though all companies would be subject to the internal controls audit.
According to his comments in The Times, for two years companies with market capitalizations below $75 million would be required to evaluate their own internal controls, but not to have the results audited. Audits would begin in the third year, and continue every year thereafter.
Cox said audits most likely would focus on the “suitability of the design of internal controls,” noting that in many cases, auditors would need to go beyond those controls to conduct the financial audit. Companies with market caps of up to $700 million also would get less expensive audits, although the details still are unclear, according to the report.
The SEC also plans to propose new rules to provide guidance to companies on how to evaluate their internal controls. That guidance is expected to be released next month.
Citing Cost, British Regulators Pass On XBRL
While the SEC continues its push for companies to adopt the XBRL computer language for their regulatory filings, a close overseas counterpart, the British Financial Services Authority, has decided not to use XBRL for companies to file their periodic reports.
The FSA rejected XBRL (eXtensible Business Reporting Language) largely because it would be too expensive. Instead, the agency has opted to use eXtensible Markup Language, a related language with a longer track record and proven success.
The FSA initially planned to use XBRL as the language to implement its mandatory electronic reporting program, but changed its view following a review and amid industry concerns over the availability and cost of XBRL resources in the United Kingdom.
A recent report in trade magazine ComputerWeekly.com quotes FSA Information Systems Director Darryl Salmons as saying, “XBRL was not the best technological fit for the firms that we regulated. XML is being used in our other systems, so it could be used to achieve our target of having a single reporting system.” An FSA spokeswoman later confirmed Salmons’ statements to Compliance Week.
The FSA set out its position on XBRL in a note included in a June 2006 report on an overview of Mandatory Electronic Reporting. That document notes that XML “is an established technology in the U.K.’s financial services industry and expertise is readily available in the U.K.” But, it continues, “in recognition of the fact that XBRL activity within the regulatory community is on the increase,” the FSA said it will continue to monitor the development of XBRL.
The SEC is building a system to receive companies’ quarterly results in XBRL, and SEC Chairman Christopher Cox is an outspoken supporter of the technology—despite a reception from Corporate America that has been tepid at best, with many critics fearful that XBRL will cost too much and deliver little value. That system is slated to go live next year.
SEC Chair Blogs On Disclosure By Blog
In what seems like the latest sign that the SEC is on the high-tech bandwagon, Chairman Cox recently responded to a letter sent to the SEC by leaving a note on the author’s blog.
Cox posted his response to a Sept. 25 letter from Jonathan Schwartz, chief executive of Sun Microsystems. Schwartz is renowned in blogger circles for being the only CEO of a major company who maintains a blog.
“Since you’re talking about transparency and efficiency in communications, I thought you might appreciate my taking advantage of the Internet’s speed and potential for broad dissemination by posting here as well,” Cox wrote in his Nov. 3 post.
Schwartz
Schwartz’s letter suggested that the Commission state that certain types of corporate Web site postings, including electronic mail alerts, would satisfy the broad non-exclusionary dissemination conditions of Regulation FD.
“You are certainly correct that a corporate Web site is a tremendous vehicle for the broad delivery of timely information,” Cox posted. Because information that isn’t “selectively disclosed” or that isn’t material nonpublic information is exempt from the public dissemination provisions of Regulation FD, Cox noted, “Sun and other public companies can [post certain information online] without implicating the provisions of Regulation FD.”
Cox went on to say that, “Assuming that the Commission were to embrace your suggestion that the ‘widespread dissemination’ requirement of Regulation FD can be satisfied through Web disclosure, among the questions that would need to be addressed is whether there exist effective means to guarantee that a corporation uses its Web site in ways that assure broad non-exclusionary access, and the extent to which a determination that particular methods are effective in that regard depends on the particular facts.”
Luddites in Corporate America need not fear, however: Cox also sent a copy of his comments to Schwartz via mail.
No comments yet