Intel Corp., Pfizer Inc. and other companies on Tuesday urged the government’s accounting oversight board to limit the scope of newly required financial-control audits so they won’t become too costly and intrude on management’s responsibilities.
Public companies and accounting firms are at odds over how much scrutiny is needed before auditors should certify that a company has implemented adequate safeguards to prevent financial fraud. Accountants say detailed audits are required. Companies want auditors simply to vouch for management’s certification of the controls.
The Public Company Accounting Oversight Board, created by Congress as part of last year’s Sarbanes-Oxley corporate governance law, is writing a standard for the reviews and held a roundtable hearing on the topic Tuesday in Washington. The oversight board has made drafting the internal-control standard one of its top priorities.
“It is the role of management to determine what controls should be in place and to evaluate the adequacy of the controls designed,” said Janice Wilkins, a vice president and director of internal audits at chip maker Intel. “The auditor’s work should not include a separate evaluation of controls that essentially duplicates or mimics management’s work.”
The Securities and Exchange Commission, which oversees the oversight board, has estimated that the internal-control requirement was the most expensive provision in the Sarbanes-Oxley law, costing companies a total of $1.24 billion a year on paperwork, legal fees and other costs, an average of about $91,000 each.
“There has been a good deal of concern about the cost of internal controls,” accounting board Chairman William McDonough said at the roundtable discussion involving representatives of companies, accounting firms, investors and government agencies. “In my view, good internal controls are cost effective and once put in place more than justify the expense involved.”
The Sarbanes-Oxley law, enacted after accounting scandals at Enron Corp. and WorldCom Inc., requires that accounting firms attest that companies have an effective system in place to detect fraud and financial reporting mistakes.
The SEC issued rules in May requiring financial-control audits by June 2004 for companies that have a stock market value of $75 million or more.
Alan Beller, director of the SEC’s corporation finance division, said auditors would need to do some checking on the quality of a company’s internal-control system. “It would come as a great surprise” to the SEC if auditors gave their approval without examining the controls, Beller said.
Company representatives said they interpret the Sarbanes-Oxley law as requiring accounting firms simply to review management’s own certification that its controls are proper. Partners at the biggest accounting firms said they would need to test a company’s controls before signing off.
Shareholder representatives attending Tuesday’s discussion said the corporate failures of the last three years have convinced them that strong internal control audits are necessary despite the increased costs, which will be passed on to investors.
“We’d like to see auditing costs kept at a reasonable level, but what we’ve experienced in the past few years is the costs when internal controls fail,” said Linda Scott, director of corporate governance at TIAA-CREF, the biggest teachers’ pension fund. “We’re willing to pay a little bit to have internal controls done the right way.”