Small companies could get yet another extension for compliance deadlines with Sarbanes-Oxley’s internal control provisions if regulators can’t move quickly enough with their latest proposals to ease compliance burdens, according to Securities and Exchange Commission Chief Accountant Conrad Hewitt.
Hewitt, speaking in New York last week at the Foundation of Accounting Education’s annual conference, stressed the need for a “cost-benefit balance under SOX” for smaller public companies, which currently must start complying with Section 404’s internal control provisions at the end of this year. If the reforms proposed in December by the SEC and the Public Company Accounting Oversight Board don’t achieve that balance, he said, “we’ll defer [the reporting requirements for smaller companies] even more until we can help.”
Hewitt focused his remarks on Auditing Standard No. 2, the PCAOB’s standard for auditing internal controls, which is widely criticized as being too strict; and on the proposed Auditing Standard No. 5, which would replace it. Hewitt said the SEC and the PCAOB “will do something different to keep costs down if AS5 doesn’t help,” and added that the current deadlines for smaller companies to comply—to start giving management assessments of internal controls with fiscal years that end after Dec. 15, 2007, and external audits of those controls starting one year after that—could be deferred until 2009.
As Compliance Week previously reported, under a delay approved by the SEC in December, non-accelerated filers (those with public floats of less than $75 million) don’t start providing a management attestation to the effectiveness of their internal controls over financial reporting until fiscal years ending on or after Dec. 15, 2007. The deadline for external auditors’ attestations for those issuers begins with their first annual report for a fiscal year ending on or after Dec. 15, 2008. The delay is intended to allow time for the SEC to finish guidance for corporate managements to understand Section 404, and for the PCAOB to revise its standard for auditors. Both proposals are out for public comment until Feb. 26.
Still, smaller companies shouldn’t hold out hope for an outright exemption, which the SEC has vowed it won’t support, and which Hewitt noted “becomes a political football.”
He did say changes to both proposals are likely after the comment period and advised that auditors “should be preparing for how they’ll implement [proposed] AS5, since additional training of auditing staff will likely be required.” He also urged companies and auditors to speak up on both measures. “We need your comments,” he said.
SEC’s Atkins Sounds Off On ‘Flawed Approach’ To SOX 404
With efforts to “fix” Section 404 of Sarbanes-Oxley underway, SEC Commissioner Paul Atkins—never one to hide his displeasure with the current state of SOX affairs—recently took yet another opportunity to rap the Public Company Accounting Oversight Board on the knuckles for doing a poor job by stating that many internal controls are a low-grade worry for financial statements.
Echoing an often-heard criticism that the problem with Section 404 isn’t the idea that management should have a reasonable control environment to assure the integrity of its financial statement, but rather “the flawed implementation” of that idea, Atkins squarely laid blame for the Section 404 mess on Auditing Standard No. 2. The standard’s primary flaw, he said, was that it lacked a firm grounding in the concept of materiality.
Atkins
“When we embarked on implementing Section 404, the SEC envisioned a top-down, enterprise-focused approach, where a company would focus on entity-level controls that could materially impact the consolidated financial statements,” Atkins said in remarks Jan. 22 at the Corporate Directors Forum in San Diego. While the SEC rule was a principles-based approach aimed at management, he said, “The rules that the PCAOB developed for auditors had an entirely different effect.”
In its efforts to “build a better mousetrap,” Atkins said the PCAOB set out on “a different path” from existing auditing approaches to internal controls. “In hindsight we see that the trap probably caught more fingers than mice,” he said, adding that the SEC approved the rule “mainly out of a misplaced sense of deference to the PCAOB.”
With the accounting industry reeling after audit firm Arthur Andersen’s demise, Atkins said, “Was it any surprise … that the way auditing firms implemented AS2 led to a very process-intensive, document-oriented, bottom-up approach?”
Atkins also clarified that most controls represent no material risk to the financial statements. While a company needs controls to ensure that theft or embezzlement doesn’t occur, he said, “As most accountants and corporate executives will tell you—and your common sense will advise you—many of these controls (except perhaps in extremely rare or unusual circumstances) should not rise to the level of being critical to material misstatements of the financial statements in most publicly traded companies.”
Control processes pertinent to a Sarbanes-Oxley-type discussion, including those designed to detect and correct mistakes, should be focused on picking up the material errors, he said.
“My comments are not intended to downplay the important role of effective internal controls and the role of the audit committee in these matters,” he added. “My point is that all of these efforts need to be placed in perspective and that professional judgment and rationality should prevail in balancing costs and benefits.”
Last month, the SEC proposed additional guidance for companies’ assessments of internal control, while the PCAOB proposed replacing AS2 with a new audit standard, tentatively known as AS5, for an outside auditor’s attestation of internal controls. “Far from being a rollback or lessening of standards,” Atkins said the new proposals “go a long way towards implementing the original vision of Sarbanes-Oxley.”
No comments yet