Paul Sharman

As president and chief executive of the Institute of Management Accountants for the past three years, Paul Sharman has worked to establish a new direction for the association.Sharman’s ultimate goal is to reposition management accountants at the forefront of the accountancy profession, and in recent years the IMA has focused on advancing the management accounting and finance profession through certification, superior professional ethical standards and competence-based continuing education.

In an exchange with WebCPA, Sharman discussed the recent proposals from the Securities and Exchange Commission and Public Company Accounting Oversight Board to make changes to the internal control provisions of the Sarbanes-Oxley Act, and offered a capsule of the issues the IMA hopes to tackle in the New Year.

Is the revamping of SOX Section 404 something you think should have been attempted sooner?

While the law was a good idea in theory, it was fast-tracked without careful attention to implementation. The SEC is accountable for taking nearly three years to develop management guidance for SOX Section 404.  The SEC originally estimated that it would cost $91,000 per publicly traded company to comply with SOX, but in reality, most estimates place the real number at $4 million to $6 million -- with disproportionate impact on smaller publicly traded companies. This does not include opportunity costs, due to the fact that public companies haven’t had time to create economic value. Instead, they’ve been consumed by meeting compliance-oriented, auditor-driven SOX requirements.

Keep in mind the SEC is compliance-oriented. Lawyers and accountants populate the organization and the PCAOB is much the same, but with a specific focus on the accounting firms. Asking either organization to establish productive guidance for implementation of an effective process-control methodology is like asking a few diners at a fine restaurant to give instructions to the chef on how to create millions of great meals that will satisfy millions of other diners. The result was predictable. Quality must be built-in by corporations.

The IMA agrees with the Committee on Capital Markets Regulation and international securities forums who believe that regulatory initiatives should be treated like a business process -- reasonably assess cost-benefit upfront (the equivalent of management developing a business case), and be accountable to investors for continuous process improvements.

Was there anything in the SEC’s guidance (released Dec. 13) that caught you off guard, or that you were surprised to see?

In their announcements, both the SEC and PCAOB [which released its own proposal Dec. 19] referenced risk-based frameworks and processes.  However, in reviewing the two exposure documents, there is no semblance of risk-based frameworks, just periodic references to risk factors that management and auditors should consider in performing assessments.  This is the most specific reference to risk-based [frameworks] that has been offered to date, but it is not specific enough. The IMA believes that patchwork improvements won’t resolve the issue.
  
From the IMA’s point of view, the two documents must be consistent and in alignment in defining a risk-based framework. For example, what if the auditor’s definition and tolerance for risk is different from that of management? How would this significantly reduce the current high levels of testing and costs? It is clear the SEC and PCAOB will perpetuate the very costly, inefficient and intrusive requirement that auditors issue an opinion on effectiveness of management’s system of internal controls over financial reporting. SOX Section 404(b) did not call for this practice, which is not followed in any other regulatory regime around the globe. We believe this requirement creates “over-auditing” to protect auditor’s liability in providing a “pass/fail” opinion.   

We were also pleasantly surprised to see that three IMA comment letters to the SEC are referenced in the SEC guidance footnotes.  This indicates that, in theory, the SEC wants to move closer to a true risk-based approach for management. 

The PCAOB goes to great length to note that the new guidance comes in 65 pages, as opposed to the original 180 pages.  Is less more?

Let’s play “SOX Jeopardy,” though you don’t have to frame your answer in the form of a question.

The page count of Accounting Standard 5 follows:

  • Summary: 35 pages;
  • Appendix 1 (the actual standard): 65 pages;
  • Appendix 2 (considering and using the work of others:) 8 pages; and,
  • Appendices 3 and 4: over 20 pages.

On the plus side, the new guidance is much easier to read and does a much better job of defining [the terms] “significant deficiency” and “material weakness.” On the negative side, it is still too long (best practice guidance around the globe, if it truly is principles-based, is typically 20 to 50 pages total).More importantly, there is absolutely no semblance of a risk-based framework, only passing references to, “Here are the risk factors to consider …” As the IMA has pointed out before, risk-based approaches (enterprise risk management) constitute a global body of knowledge that should not be taken lightly. 
Finally, consider the following “fun facts” word counts:

  • Basel II guidance [released in June 2004] has 1,500 instances of the word “risk” and 67 instances of the word “control;”
  • AS2 guidance has 79 instances of the word “risk” and 1,203 instances of the word “control;” and,
  • AS5 guidance has 186 instances of the word “risk” and 960 instances of the word “control.”

Will the IMA have formal comments to regulators on either proposal? And were the IMA’s concerns satisfied regarding: 1) scalable, risk-based guidance for management, and 2) U.S. global competitiveness?Yes, absolutely. The IMA will provide formal comments and meet with the SEC, PCAOB, Congress, the U.S. Chamber of Commerce, and other decision-makers and influencers, as appropriate. Additionally, beginning in January 2007, the IMA will be rolling out a suite of new products and services to provide education in the areas of ERM, quality assurance and related topics.

As for your second question, both the SEC and PCAOB guidance proposals appear to be incremental improvements -- not transformational. Both proposals are principles-based, non-prescriptive and basic in defining elements of describing a risk-based approach. However, the vagueness in definition and application in both proposals will likely result in only minor improvements. The IMA believes this will not likely have a major impact on stopping the erosion in shareholder wealth and U.S. global competitiveness.

What else can we expect to hear/see from the IMA in 2007?

The IMA will continue to provide thought leadership and willingness to be forthright when it comes to SOX and all other matters impacting the profession. The IMA is expanding beyond SOX compliance into ERM, by introducing a Statement on Management Accounting technical paper on the ERM body of knowledge. The document describes the principles, frameworks and broad applications of ERM beyond compliance and will be available for free on the IMA’s Web site (http://www.imanet.org/).

Further, a “how-to” tools and implementation guide on ERM will be available by March of 2007. Our webinar series will expand in scope to focus on the growing field of GRC (Governance, Risk and Compliance). 

In addition, the IMA will continue to provide thought leadership to the SEC on XBRL/interactive data, and to the Financial Accounting Standards Board on business reporting simplification.  Finally, we will roll out online learning communities in 2007 to reflect the varying learning modalities of professional accountants in business.

Anything else you would like to add?

Yes. The IMA believes it is necessary to take a more aggressive and transformational approach to business reporting, interactive data, internal controls, enterprise risk management and other areas vital to protecting stakeholders' interests. The IMA plans to remain at the forefront of this debate by providing provocative, research-based thought leadership.

In the context of the market-based, expanding, global economy, we believe the complexity driven by the litigiousness of U.S. society is not present, nor desired, in most other countries. We will endeavor to bring international best practices to the United States.

For reprint and licensing requests for this article, click here.
Audit Regulatory actions and programs Accounting standards
MORE FROM ACCOUNTING TODAY