The Securities and Exchange Commission announced a series of actions to improve implementation of the Section 404 internal control requirements of the Sarbanes-Oxley Act.
SEC Chairman Christopher Cox said that the five commissioners had made a number of decisions, one of which will hold smaller American companies to a requirement that they begin assessing their internal controls in fiscal years beginning after Dec. 16, 2006. For calendar-year companies, that means for the 2007 year.
While there will be a brief further postponement of the Section 404 requirements for the smallest filers, the SEC said that ultimately all public companies will be required to comply with the internal control reporting requirements of Section 404.
No decision has been made on when those controls would have to be audited, or on when foreign companies would be required to comply with Section 404.
"As we go forward, we will consider the special concerns of all companies that fall under our jurisdiction -- large and small, foreign and domestic," said Cox, in a statement. "By providing practical guidance to companies, by working with the Public Company Accounting Oversight Board on their forthcoming revised standard for auditors, and by examining how the PCAOB inspection process is succeeding in increasing the efficiency and cost-effectiveness of the audit process, we will take a giant step toward 'getting it right' when it comes to Section 404 compliance."
Specifically, the steps include:
- The issuance of new guidance for companies.
The SEC said that it believes management assessments under Section 404 have not fully reflected the top-down, risk-based approach originally intended. Though what form the guidance will take has yet to be determined, public comments will be solicited and the additional guidance offered by the Committee of Sponsoring Organizations of the Treadway Commission will be considered.
- Revisions to Auditing Standard No. 2.
As announced by the Public Company Accounting Oversight Board, proposed changes to the standard call for an audit of internal controls to be held in conjunction with an audit of financial statements . Any final revisions will subject to SEC approval.The trio of proposed revisions would ensure that during integrated audits, auditors focus on areas that pose higher risk of fraud or error; recent guidance issued by the PCAOB on May 16 is incorporated; and the role an auditor plays in evaluating the company's process of assessing internal control effectiveness is clarified.
- Oversight of the PCAOB inspection program by the SEC and an extension of compliance will be given to non-accelerated filers.
Feedback from issuers, auditors, investors and others was taken into consideration in making the decisions, the SEC said. The regulator pointed to the recently held Roundtable on Second-Year Experiences with Internal Control Reporting and Auditing Provisions, the report from its Advisory Committee on Smaller Public Companies and a report from the Government Accountability Office focusing on the Sarbanes-Oxley Act and the problems of implementation for small public companies.Previously on WebCPA:
