A who’s who of corporate governance will convene in Washington, D.C., this week for a much-anticipated summit meeting on the state of Sarbanes-Oxley compliance, as regulators try to gauge how compliance has evolved in the last two years and what further steps they might need to take to make the process more efficient.
Billed as a “roundtable discussion” with issuers, investors, auditors and others, the Securities and Exchange Commission and the Public Company Accounting Oversight Board want to gauge whether or not assessment, reporting and auditing processes around SOX grew any easier for accelerated filers in 2005, their second full year of SOX compliance. The meeting, to be held May 10, has been expected for months and prompted a deluge of public comment to the agencies in the last few weeks.
This week’s roundtable repeats a similar summit meeting held in April 2005, where the SEC sought tales of companies’ first-year compliance experiences. Afterwards, the SEC and PCAOB issued joint guidance that companies and auditors should adopt a top-down, risk-based approach to assessing internal control over financial reporting—intended to discourage companies from lapsing into a check-the-box mentality, which was a key complaint that emerged last year. (See related coverage in box at right.)
Likewise, the two agencies this year want to hear whether any other impediments remain to achieving sustainable, efficient and effective compliance with SOX and particularly its Section 404 mandate to audit internal control over financial reporting.
What won’t be discussed: any accommodations or exemptions for small companies or foreign private issuers, which don’t yet have to comply with Section 404. In a briefing paper released ahead of this week’s meeting, the SEC and PCAOB emphasized that because the roundtable’s purpose is to review second-year experiences with Sarbanes-Oxley, issues relating to non-accelerated filers that haven’t yet experienced SOX at all will be left to “other forums.”
Speakers at the all-day event include executives from corporate titans such as General Electric, Microsoft and Lockheed Martin, as well as the Big 4 accounting firms and several smaller ones. The New York Stock Exchange and Nasdaq are sending representatives, as are Financial Executives International and the Committee of Sponsoring Organizations. Audit committee members, corporate lawyers and others will also be in tow.
The roundtable will consist of five panel discussions, all to be Webcast live. The scheduled topics are:
Year Two—A general overview of second-year compliance, to discuss the nature and extent of changes in corporate processes in Year Two, and whether resources were allocated more efficiently and financial reporting improved. Among other themes, panelists were asked to consider whether the requirements of Section 404 improved the quality of financial statements or resulted in other benefits, and the countervailing costs of compliance.
ICFR—A panel focusing on management’s evaluation and assessment of internal controls, to see how companies improved the efficiency and effectiveness of their processes and whether they found ways to make compliance more sustainable. The SEC specifically asked the panelists whether processes for evaluating internal controls were more risk-focused in the second year, and how management might approach its assessments differently if it didn’t know it would be subject to independent audits.
AS2—A third panel on the audit of internal control over financial reporting, asked to provide input on strategies used by auditors, additional improvements that could be made in the auditor’s performance of a risk-based audit, the impact of PCAOB inspections, and whether fully integrated audits were performed in the second year.
404 Impact—Another panel reviewing the effect of Section 404 requirements on the market, and whether the new reports and disclosures from management and auditors have been useful to investors. Panelists will discuss whether the benefits to shareholders justify the costs of SOX compliance, how investors benefit from internal control reporting, how the requirements affect the competitiveness of U.S. companies and their cost of capital, and whether the costs associated with Section 404 will influence companies seeking to go public.
SOX 2.0—A final panel examining possible “next steps” for Sarbanes-Oxley, such as what amendments could be made to SEC or PCAOB regulations to improve the efficiency of management assessments and external audits, and whether Section 404 costs will continue to fall in subsequent years.
AS2 On Hot Seat
While commenters have been split in their views of whether smaller public companies ought to get a pass on Section 404’s requirements for internal control assessments and external auditor attestations on controls, a consensus appears have emerged that changes are needed for the PCAOB’s Audit Standard No. 2, the primary blueprint for auditors examining internal control over financial reporting.
Regulators have indicated they are open to modifying AS2. Among the discussion questions posed to the roundtable panelists, the SEC asked about possible modification to AS2, or to the auditors requirements as a whole. And as comments solicited in advance of this week’s roundtable imply, many observers believe the problems with Section 404 compliance stem from issues surrounding the implementation of AS2.
Grundfest
In a comment letter to the Commission, former SEC chairman Joseph Grundfest—now a law professor and co-director of Stanford University’s corporate governance center, and a roundtable participant—contended that the difficulties with Section 404 “arise primarily as a consequence of the specific language” employed in AS2. Grundfest recommended that the SEC and PCAOB amend AS2 to “incorporate many of the observations found in their later policy statements and reports, and to redefine the objective of the control audit process so as to reduce auditors’ incentive to examine controls that are unlikely to have a material effect.” He also suggested that the PCAOB “audit the auditors” for evidence of “cost-inefficient 404 practices and appropriately sanction violators.”
Meanwhile, the Society of Corporate Secretaries & Governance Professionals, a professional association comprised largely of attorneys, accountants and other governance professionals, submitted its “wish list” of five suggested changes to AS2.
Among its “wishes,” the group said it would like to see AS2 modified to limit the frequency of testing and walkthroughs in some circumstances. Specifically, the SCSGP suggested testing be required every other year or every third year for controls that are highly automated, haven’t changed from the prior year and have had no significant deficiencies or material weaknesses in the past three years. The group also proposed that walkthroughs of “major transactions” be required only every other or every third year for control processes for major transactions that haven’t changed in a significant way.
The SCSGP also asked for further PCAOB guidance on the definition of “remote” under AS2, saying that accounting firms have taken the position that “something that may occur, however unlikely, can never be categorized as remote.” It also said management’s assessment of the effectiveness of internal control over financial reporting should cover the effectiveness that existed during the fiscal year, rather than as of the fiscal year-end as currently required, since an issuer could change its systems or controls immediately prior to year-end, excluding a system that had been in place virtually all year from the assessment.
Noting that most audit firms have viewed restatements as automatically resulting in a material weakness, the group also asked for expanded joint guidance from the PCAOB and SEC on the impact of restatements, and included four examples of situations in which it believes a restatement typically wouldn’t be evidence of a material weakness.
Lastly, the SCSGP said some audit firms are reluctant to apply appropriate judgment in light of the recently released PCAOB inspection reports, and requested that AS2 be updated to incorporate all later guidance. In the interim, the group said the PCAOB should provide guidance to clarify the relationship between the published guidance and how the deficiencies in the inspection reports should be addressed in light of that guidance.
Related coverage and resources are available from the box above, right, and Compliance Week will update subscribers on the roundtable in next week’s edition.
No comments yet