With a few years of Sarbanes-Oxley implementation behind them, both the Securities and Exchange Commission and the Public Company Accounting Oversight Board announced concrete steps that they will follow in considering some tweaking of the sweeping corporate reform law.Both regulators proposed a series of steps to make revisions to the Section 404 internal control requirements laid out under SOX.
While there will be a further - albeit short - postponement of the Section 404 requirements for the smallest filers, the SEC said that all public companies will ultimately be required to comply with the internal control reporting requirements of Section 404.
SEC Chairman Christopher Cox said that the five commissioners had made a number of decisions, one of which will hold smaller American companies to a requirement that they begin assessing their internal controls in fiscal years beginning after Dec. 16, 2006. For calendar-year companies, that means for the 2007 year.
But no decision has been made on when those controls for small-cap companies would have to be audited, or on when foreign companies would be required to begin complying with Section 404.
The plans arrived shortly after the commission was asked to consider a proposal from an advisory panel to scrap many of SOX's provisions for small public companies, and as the PCAOB prepares to battle a lawsuit questioning its legality under the U.S. Constitution. Specifically, the steps include:
Issuing new guidance for companies, with the SEC saying that it believes that management assessments under Section 404 have not fully reflected the top-down, risk-based approach originally intended. The PCAOB singled out small companies in particular as needing better guidelines.
Revising and amending Auditing Standard No. 2, which calls for a joint audit of internal controls to be held with an audit of financial statements. The trio of revisions floated would ensure that during integrated audits, auditors would focus on areas that pose a higher risk of fraud or error. Also, recent guidance issued by the PCAOB in mid-May is incorporated, and the role that an auditor plays in evaluating the company's process of assessing internal control effectiveness is clarified.
Closer oversight of the PCAOB inspection program by the SEC. The PCAOB has already said that its next round of inspections will reinforce the need for auditor efficiency during inspections.
"We believe an effective internal control environment is vital to healthy companies - but at a cost that does not significantly outweigh the benefit," said Colleen Cunningham, president and chief executive of Financial Executives International, a group representing CFOs, controllers and other financial professionals. "We're hopeful that by amending AS 2 and clarifying some of the definitions, management can cost-efficiently ensure that internal controls are operating as intended."
In addition to the brief extension of compliance that the SEC will give to non-accelerated filers, the board said that it would continue holding forums on auditing in the small business environment, which are attended by auditors, directors and financial officers of smaller public companies.
"[The] board is in a good position to evaluate how to make the auditor's involvement as efficient as possible, without sacrificing the benefits we have already begun to see," said acting PCAOB chair Bill Gradison. "To promote the long-term sustainability of the internal control reporting process, we will work to eliminate costs that are unnecessary to achieving those benefits."
The full plans are available at the SEC's Web site, www.sec.-gov, as well as at the PCAOB's Web site, www.pcaob.org.
