Advising private cos.: What you need to know about SOX

The Sarbanes-Oxley Act of 2002 has proved a boon to many firms helping companies come into compliance. However, if SOX compliance is not in your service line, or if your client base consists of privately held companies, you may not have focused too much attention on SOX beyond knowing the basics.It may be time to take a closer look. An increasing number of private companies are voluntarily bringing their organizations into at least partial compliance with SOX. Their actions are re-defining "best practices." Today, an ability to advise clients on the impact and implementation of SOX is the hallmark of the astute advisor.

Here is a look at some of the issues to consider when advising your clients. We'll also examine some unresolved issues facing private companies, and outside accountants, auditors and professional advisors.

Reasons to comply

As a general rule, a company's choice to voluntarily and selectively comply with SOX governance reform depends, in part, on its position on the business development continuum. Trend analysis and anecdotal evidence supports the view that "mom and pop" companies, not intending to sell, and where the only shareholders are also the only management, will pay only marginal attention to Sarbanes-Oxley. Likewise, available evidence suggests that companies at the higher end with passive shareholders, or with plans for a liquidity event involving outside capital or possible acquisition by a publicly traded company, most likely will voluntarily implement the less expensive aspects of SOX as best practices.

Those practices include:

* CEO/CFO certification of financial statements;

* Developing an internal code of ethics;

* Appointing independent board members and an audit committee;

* Creating processes for reporting concerns and protecting informants from retaliation for complaints made in good faith;

* Insisting on true independence for outside professionals;

* More clearly defining the client of the attorney or accountant as the organization as a whole; and,

* Splitting audit and non-audit services between separate accountant firms.

Some private companies are also finding themselves subject to pressures from non-shareholders to adopt aspects of SOX. Without mentioning SOX by name, lenders, private capital investors, and outside auditors providing certified financial statements are justifiably applying pressure for compliance, especially in the areas of accurate financial information and conflicts of interest.

The specter of shareholder litigation has also prompted management and boards to implement good faith efforts at compliance, so as to provide an additional layer of defense against potential exposure. Management has traditionally relied upon the defense of "business judgment," trusting courts not to review business decisions, or impose liability for errors or mistakes in judgment, as long as decision-makers are disinterested and independent, act in good faith, and are reasonably diligent in informing themselves of the facts.

However, management, and in particular directors, have increasingly been faced with disgruntled shareholders arguing that "business judgment" is synonymous with "best practices." However, since an increasing number of private companies continue to voluntarily comply with some portions of SOX, it is not unrealistic to anticipate that courts ultimately will conclude that SOX-type best practices establish the acceptable level of director conduct, especially in the areas of the degree of care and loyalty, and violation of fiduciary duties.

The language of many government or public company contracts may require SOX compliance. Customers seeking ISO certification may require vendors to comply in order to facilitate the process of obtaining and maintaining certification.

Companies anticipating an IPO or acquisition by a publicly traded company may find that SOX conformity increases share price or acquisition value. Eleventh-hour efforts to comply with SOX are expensive and can delay closing. Sub-standard compliance can increase pre-acquisition costs, delay or extend the due diligence period, require more extensive and expensive legal opinions, and decrease acquisition value.

At the same time, high-profile nonprofit companies are discovering that SOX governance reform adds credibility and enhances public trust. Financial transparency, openness and avoiding publicized conflicts of interest differentiate and give fundraising advantage to these nonprofits. Compliance also puts these nonprofits ahead of the curve related to potential changes in governmental oversight and reporting requirements.

Effective governance

The term corporate governance refers to the systems that control the business. Effective corporate governance documents the chain of responsibility, as well as rules, processes and procedures for making corporate decisions. Effective governance includes setting corporate objectives, and judging the performance of key management personnel, as well as board members.

Here are some areas to consider when advising clients.

First, and perhaps foremost, the company should adopt and publish a written code of management ethics. This code should address conflicts of interest, confidentiality, protection of corporate assets, compliance with applicable laws, and avoiding activity giving rise to an appearance of impropriety. The code should also instruct employees on how to recognize, avoid, handle and report unethical conduct.

To this extent, good faith reporting of unethical behavior must be protected. Like harassment policies under employment law, multiple methods for bringing unethical conduct to the attention of management are essential.

Companies should establish specific written qualifications for, and the responsibilities of, board members. If a director is expected to be at quarterly meetings, review material in advance, meet with the executive management team, consult with outside advisors, or expend a minimum amount of time discharging the duties of office, these requirements must be stated. Consequences for failing to discharge duties should also be stated.

If the company uses an advisory board or similar group of advisors, it should implement procedures ensuring the elected board does not abdicate responsibility to this group. Suggestions or "advice" in areas of finance or major operations should be reported to the board and independently evaluated prior to implementation.

An independent audit committee with a formal grant of authority should be established. At a minimum, it should be empowered to periodically review the company's internal accounting controls and practices. The committee should have the power to recommend or select the independent auditor, review the audit process and results, review and approve any related-party transactions, and approve any non-audit services provided by the auditor or any related firm. Even when the board is relatively small and does not want to appoint separate members, it should regularly sit separately as the audit committee to underscore the functional distinction of this committee from company-wide governance issues.

Effective internal governance should also specify formal review and oversight of the executive management team by the board. This is especially critical when reviewing compensation and performance, and adopting incentive bonuses for meeting corporate goals and objectives.

Independence

The enactment of SOX was precipitated by the perceived lack of independence by those charged with keeping corporate financial and operational affairs transparent and fair. Initially, the focus was on auditors. However, independence has increasingly been applied to accountants, attorneys and board members, as well as auditors. In evaluating independence you should consider the following:

Is the board truly independent? Often, the CEO is a controlling shareholder, and may select the majority of the board. The CEO may also have the dual title of board chairperson. If so, it will be impossible to adequately review issues involving CEO performance, allegations of conflict of interest, and executive management team compensation without the CEO's full support and agreement not to interfere.

SOX sets the bar at a completely independent board. At a minimum, private companies would be well advised to seriously consider the benefit of adding independent directors. While a considerable debate rages over who is independent, the old practice of seeking outside board members by adding the company's long-standing attorney, trusted accountant or involved banker does not equate to SOX independence.

The idea is a truly independent, almost professional, director. This entails locating qualified candidates, providing adequate insurance, arriving at fair compensation, overcoming board member reluctance to assume additional work and risk, and developing ground rules to address potential working relations between a more involved board and established management. Director compensation in some form other than cash, such as stock options or equity participation in anticipation of a liquidity event, could be an effective objection to any claim of independence.

Outside legal counsel should have one client - the organization. Engagement agreements, approved by the board, must specifically identify the responsibility of counsel to the company. They should prohibit the common practice of providing "additional" services, such as estate planning, to the CEO or other company insiders. Counsel should not have professional or personal relationships with the management team. Pressures that develop when the interests of the business and those of senior management are out of alignment hamper independence. Counsel has a duty to investigate, or oversee the investigation, of alleged violations. If the wrongdoer is also a personal friend or client, the conflict is obvious.

For accounting services, the best advice is to work with two firms. Companies that need, or anticipate needing, audited financial statements should divide the accounting and audit work between separate firms. Dividing the work provides the added advantages of more reliable financial information, fraud deterrence, peace of mind in having a better system of checks and balances, and improved attractiveness as an acquisition target. As with outside legal counsel, the auditor's engagement should be approved by the board, and specifically limit "additional services" to the company or insiders.

Conclusions

Voluntary compliance with SOX governance reforms by private companies has begun to set the benchmark for best practices in corporate governance and management. The growing consensus is that for companies on the higher end of the business development continuum, SOX now impacts management, advisors and board members.

The full extent of the impact, and its application to some, but not all, private companies, has not yet been fully developed. But one point is clear - private companies and their advisors that ignore the ramifications of SOX on their business run the risk of reducing value and enhancing exposure.

For reprint and licensing requests for this article, click here.
MORE FROM ACCOUNTING TODAY