Sarbanes-Oxley: No more delays
Time’s up!
That’s the message for small public companies from the Securities and Exchange Commission, which met recently to give final approval to new guidelines and amendments to the Sarbanes-Oxley corporate reform law.
The five-member commission didn’t include a hoped-for extension of the Dec. 15 deadline for small public companies to comply with provisions that critics say are too costly and time-consuming. That means small public companies will have to follow the complex Sarbanes-Oxley rules, which require an annual evaluation of the effectiveness of internal controls, for fiscal years that end after that date.
“We feel at this point it’s full throttle ahead to get us fully compliant by the end of the year,” said Wayne Lipschitz, chief financial officer and vice president of finance for Brentwood-based Grill Concepts Inc., which owns and manages the Daily Grill and Grill on the Alley restaurants.
Small public companies are defined as those whose market value -- the price of their stock multiplied by the number of their shares outstanding -- is less than $75 million. Grill Concepts has a market value of about $45 million.
While preparing for the new requirements, small companies have been hit hard by the cost and time involved in creating, testing and reporting on a wide range of internal controls.
A survey by Financial Executives International last year found that small public companies with a market value of less than $100 million were expected to spend 2.55% of their revenue on compliance with the Sarbanes-Oxley law, contrasted with 0.16% of revenue for firms with a market value of more than $1 billion.
That disparity has sparked repeated calls by small businesses and their supporters to delay the compliance deadline for small companies for a year while larger firms with more resources work out the kinks in the rules.
“Our point really is to show the economic underpinnings of why they’ve got to take additional steps -- not just because we all love small business, but because economically you’ve got to level the playing field,” said Thomas M. Sullivan, chief counsel for the Office of Advocacy at the Small Business Administration.
In a four-hour meeting May 23, SEC Chairman Christopher Cox, a former California congressman, noted that an additional delay probably wasn’t warranted, because the commission had issued its long-awaited guidelines in time for the 2007 audit season. Since the law was adopted in 2002, implementation of the guidelines has been delayed four times.
Two members of the commission raised the possibility that a further delay might be considered in the coming months. Such an extension would require approval by three of the five commissioners.
Cox said Tuesday that a delay in the second phase of the reporting process -- the requirement for outside auditor reports on internal controls now due beginning with SEC annual filings in 2009 -- would be appropriate if the SEC doesn’t approve by the end of the summer the streamlined audit rules for the reports proposed last month by the Public Company Accounting Oversight Board.
“If it is not, we’ll once again postpone the requirement that small public companies have a Section 404 audit until the new auditing standard is available, with plenty of time for them to prepare,” Cox said in testimony before the House Small Business Committee on Tuesday.
Cox also reiterated his expectation that compliance costs for small companies would come down under the new guideline and rule changes that allow management “in each small business to exercise significant judgment in designing an evaluation that is tailored to its individual circumstances.”
The Sarbanes-Oxley Act was passed after a string of major public-company meltdowns, including the accounting scandal at the former energy trader Enron Corp. in 2001.
The goal was to ensure that public companies large and small issued the accurate financial statements that investors and markets needed to function properly.
To create a transparent view of the company’s financials, a management team has to show that internal controls that work are in place. Outside auditors have to concur.
The problem in part has been the long list of controls a company has had to create and test. For example, companies have had to test for information technology controls in the many areas where IT affects financial reporting and human resources policies. Companies must show that the corporate culture encourages ethical behavior from the top down, among other things.
Though most small businesses probably wouldn’t argue with the idea that companies and markets may benefit from the controls and reporting required by Sarbanes-Oxley, many believe portions of it go too far.
“There’s no question this is a bit of a kick in the pants for people, and so there’s certainly some benefit to that, but at the same time there is a burden in that it’s a bit far-reaching and there’s also some inefficiency,” said Stewart Halpern, chief financial officer of San Diego-based Mad Catz Interactive Inc.
The public company, which has a market value of about $67.8 million, designs and markets accessories for video game systems and publishes GameShark video game software.
The new SEC guidelines, which were first issued for public comment in December, allow managers at public companies to safely focus on testing controls in areas that pose the highest risk to the accuracy and integrity of their financial statements. Previously, often pushed by outside auditors, they worked from a lengthy checklist of potential controls not so clearly tied to high risk.
The guidelines are meant to be scalable for small public companies that often struggled under the burden of Section 404 financial controls many felt were designed for much larger firms.
The SEC also approved several amendments to Sarbanes-Oxley rules at its recent meeting.
One major change is a clarification of the role of outside auditors. The amended rule more clearly conveys that auditors do not have to give an opinion on the effectiveness of management’s internal-control evaluation process, the commission said. They do have to report on how well the internal controls over financial reporting work.
In another revision, the commission defined “material weakness” as a deficiency in internal controls over financial reporting that create a “reasonable possibility” (rather than “more than a remote possibility”) that internal controls won’t prevent, in a timely manner, “inaccurate information that could distort a company’s financial statements.”
For more information, go to www.sec.gov.
