After a boom-and-bust cycle in the early 2020s, Special Purpose Acquisition Companies are cautiously re-entering the IPO landscape. These blank-check firms, which raise money to acquire private companies and take them public, once symbolized a faster alternative to traditional listings. However, the SPAC market sharply cooled when deals led to disappointing returns and increased regulatory scrutiny.
Now, a more restrained version of the model is resurfacing. Crucially, investors and regulators are drawing clearer distinctions between the SPAC — the shell company that goes public — and the de-SPAC phase, when a target company is acquired and begins trading publicly. Many deals faltered in the past during this de-SPAC process, often marked by inflated projections and limited oversight. Today, with tighter SEC rules and more selective investor interest, that transition is under far greater scrutiny.
Completing a traditional IPO or de-SPAC marks a significant regulatory and reporting milestone for a company. Going public through an IPO or de-SPAC requires careful planning and prioritization. Companies should identify key focus areas, such as accounting, finance, governance, tax, treasury, human capital and equity administration, that are essential for the transition. Management must coordinate with stakeholders, including legal advisors, underwriters, auditors and regulators, to align on requirements and timelines.
A critical consideration is compliance with the Sarbanes-Oxley Act, which aims to protect investors by enhancing the accuracy of corporate disclosures and financial reporting. Preparing for SOX typically takes 12–24 months, depending on a company's maturity in key areas. Without a structured plan, the process can become costly and burdensome.
Disclosure controls and procedures are among the most important and often less complex requirements, and they should be prioritized early in the public-readiness process.
Purpose of disclosure controls and procedures
Disclosure controls are procedures implemented by companies to ensure that information required for SEC reports and filings is accurately recorded, processed, summarized and reported. These controls involve management reviewing financial statements, footnotes and related disclosures to ensure they are complete and reliable. The main goals of disclosure controls are to ensure financial information is correct, no relevant details are omitted, and information provided to investors and regulators is trustworthy.
- Regulatory compliance: Public companies must comply with various legal requirements, especially under the Securities Exchange Act of 1934. Under SEC Rules 13a-15 and 15d, issuers must maintain disclosure controls that reasonably ensure their ability to accurately report the information required by the Exchange Act within the specified timeframes. An issuer is a legal entity — like a corporation, government or trust — that creates and sells securities to raise funds. Issuers must meet regulatory requirements, including SEC filings and compliance with auditing standards set by the PCAOB.
- Investor protection: Disclosure controls help protect investors by providing accurate and timely financial information, enabling informed investment decisions.
- Enhanced transparency: Strong disclosure controls foster a culture of transparency. Clear communication and documentation protocols improve the reliability and credibility of public disclosures.
- Risk mitigation: Disclosure controls help preserve the integrity of financial reporting, building trust among investors and stakeholders. Companies with effective controls demonstrate a commitment to transparency and governance, which can enhance investor confidence.
Supporting disclosure controls
Disclosure controls are supported by underlying processes and systems, including Information Technology General Controls, critical to the internal control environment. Key ITGC areas include access security, change management and operations. For example, management should document and retain evidence of ERP user access reviews. Reviewing Service Organization Control reports for financial applications managed by third-party providers is also necessary to ensure proper data protection.
Other supporting control activities include management reviews of journal entries, flux analysis, financial statements, 409A valuations, tax provisions and balance sheet reconciliations. Before finalizing disclosure controls, management should consult external auditors to review and refine the design and scope of controls.
Disclosure control responsibility
Responsibility for disclosure controls is shared across accounting, finance, treasury and tax functions. However, executive management — typically the CEO and CFO — holds ultimate accountability and must certify these controls under Sections 302 and 906 of the Sarbanes-Oxley Act.
Under Section 302, officers must certify that disclosure controls have been designed and evaluated for effectiveness and that material information is communicated correctly. To meet these obligations, management should test each disclosure control to ensure it is well designed and operating effectively. Formal documentation of this testing is recommended. Engaging a third-party advisor can be valuable in designing and validating the effectiveness of disclosure controls.
Document retention
Management should maintain thorough documentation of the disclosure process. This includes the procedures, responsibilities, risk assessments and processes used to identify and disclose relevant information. Proper documentation supports the company's ability to demonstrate adherence to sound disclosure practices and can be essential during audits or regulatory reviews.
Continuous monitoring
Regular evaluation of disclosure controls is necessary to identify weaknesses and implement corrective actions. Management should test controls' design and operating effectiveness and meet periodically with key stakeholders involved in the disclosure process.
Periodic reviews provide insight into control status, challenges and areas for improvement. Ongoing training for employees involved in the disclosure process ensures they understand their roles and stay current on regulatory requirements. Through continuous monitoring and training, companies can maintain effective controls and enhance the accuracy and transparency of disclosures throughout the registration process and beyond.
Governance and oversight
The board of directors plays a critical role in overseeing disclosure controls. It is responsible for establishing a governance framework that supports transparency, ethical conduct and compliance. The board's role includes setting expectations, approving key disclosures, managing risk and ensuring regulatory compliance.
Executive management is responsible for designing and evaluating the company's internal control systems, including disclosure controls. In many cases, the audit committee is directly involved in overseeing financial reporting and internal controls, making it a vital part of the company's governance structure.
Disclosure control support
Privately held companies preparing to go public should prioritize the development and implementation of disclosure controls early in the IPO or SPAC process. These are the first set of controls required for public filings and serve as a foundation for meeting ongoing compliance expectations. Establishing disclosure controls early demonstrates a commitment to transparency and readiness for public company obligations.
