Will the SEC Roll Back Sarbanes-Oxley? April 25, 2006
Will the SEC Roll Back SOX? No Way. Pass the Sweet & Sour Shrimp
How ironic.� As the former CEO of
Enron continues to deny responsibility for the corporate governance mess he
encouraged, the�Sarbanes-Oxley law which arose directly from the failure of
companies like Enron and WorldCom to maintain the adequacy of internal controls
is in danger of being amended to exempt most public
Last week, the SEC's Advisory Committee�recommended that all
companies under $125m in revenue�be exempted from having to comply with Section
404 of SOX.��That's roughly 70% of all U.S. public
companies.� If the recommendation is adopted by the commission, SOX is
essentially repealed for all but the biggest public firms.�
November 30, 2005�edition of the IRA ("Sarbanes-Oxley: Is 2006 the Year of the Non-Accelerated
asked��if this�would be the year for Section 404 compliance for�the "non-accelerated filer,"�smaller�public firms listed on US exchanges which don't qualify for expedited
treatment of SEC filings.� And so it is, but�2006�seems to be devoted to�avoiding rather than�complying with SOX, a worrying trend tacitly supported by an indifferent White House and Treasury.�� But, as discussed
below,�a�prominent�Washington�insider involved in
the inception of SOX tells the IRA that a bipartisan majority of�the SEC ultimately will reject the Advisory Committee's recommendation.
growing election-year noise
around Section 404 of SOX, it
seems like a good time to ask again what has the nation gained from this exercise in
righteousness via legislation.� In January 2006, we noted that material restatement
filings with the SEC had fallen to�levels far below historical annual rates,
even for routine administrative corrections. This followed a flurry of restatement
filings during the heyday of SOX gap testing.�
surveillance system now
shows an almost total absence of significant�restatements, a result�which contrasts sharply
with the world prior to SOX. We were thinking that this might
have been because filers were suffering from hypertension and anxiety in preparing
their filings. But new information indicates this may not be the case.�
Indeed, the data from EDGAR suggests that�the compliance crisis is over
for large and mid cap firms alike.
According to surveys paid for by the largest�accounting firms, 2005 SOX compliance
44% less than 2004 costs for large firms with over $700m in annual
revenue and 31% less for midsize companies making more than $125m in annual revenue.
The average cost for SOX 404 compliance
in 2005 was $860K. This is quite a change from the millions of dollars in fees�people were complaining about the previous year, when audit forms worried openly�that 404-related fees would bankrupt smaller clients.� And with�all this activity,�spending high six figures per accelerated filer,�a mere 2.1% of public companies in the US�reported anything having to do with disclosing weaknesses in internal control adequacy.
So what does it mean? We always like the reasonableness of a
blanket statement test. Try this one on for size. SOX was so good that it turned
rampant evil in 2002 to 97.9% cleanliness in less than a business cycle.
No?� Ok, so maybe that shoe is not quite a fit.
Try this. For the most part, large companies already had extensive systems of internal control prior to SOX. Furthermore, these systems were already mostly compliant. Probably something near 97 of 100 filers had adequate internal controls even before the PCAOB was ever created. If true, then it looks like U.S. business spent billions to verify the status quo. So of course we had to ask what the inside spin on the issue might be.
View: SOX is Working
One way to
interpret the secular�decline in restatements filed with the SEC, our insider tells the IRA, is that controls are better now that before the enactment of SOX.� "The drop in
restatements last year�evidences a general improvement in audit controls," says the
former audit partner, who claims to be�the father of Section 404. "In 1991, we
imposed the equivalent of�Section 404 on the banks.�
They�complained for a while, but the result was a big improvement in bank
internal controls.� While 97% of firms did not�evidence the need to
restate earnings prior to the enactment of�SOX, had they been subject to
the level of scrutiny�now required for public companies, many would have
restated, especially in areas like tax and year-end closes."
tells the IRA that he expects the SEC to reject the Advisory Committee's recommendations, perhaps by as much as 4-1,
but that the PCAOB will probably implement an easing of the timetable
for compliance with 404 for non-accelerated filers.� In no�manner, however, does he support
a�roll-back of Section 404.�
"The fact is that we have already invested
the money to bring all public companies into broad compliance with 404,"
says the insider, who adds that there will always be problems with systems and
controls in smaller, fast-growing companies.� Rather than gut the requirements
of 404 for small companies, he opines,�the SEC should be looking for ways to
help them use technology to improve their internal systems.
"This is not rocket science,"
the insider concludes regarding small company internal controls.� "You
outsource the payroll and G/L functions to a competent vendor, then
you centralize oversight of�large payments and make sure you have a good audit
function.�Whereas less than 10% of public companies had decent boards prior to SOX, today
the figure is better than half and improving steadily,
especially among smaller firms.� I am not ready to declare victory today, but by
this time next year, the state of American corporate governance will be in
much better shape than it was�prior to SOX."
Next on the
Agenda: Interactive Data
Securities and Exchange Commission accept the recommendation of the Advisory
Board to exempt micro and small companies under $125m annual revenue from 404
compliance?� Probably not.
Smaller companies run a lot leaner
than their larger cousins. The proportion of Net Operating Loss (NOL) category
firms in the micro and small categories is considerable. NOL's tend to need to
take more life threatening risks to survive and must often do so with a mix of
staff less versed in the culture of internal controls compliance.� There needs to be some force that guides them towards adequate internal controls.
At the same time, we believe the indicators that a large proportion of firms are mostly compliant are not in error. There will be a degree of imposing costs to verify the status quo on non-accelerated filers. The SEC and PCAOB need to make the process workable both for those that will merely affirm their status and for those that will identify the need to ramp up the adequacy curve.
If our source is right about the SEC rejecting the Advisory Committee's recommendation regarding 404, then using�technology to enhance internal controls and external reporting may be the next big issue on the SEC's agenda.�Careful planning is required. Remember that these are the same IT departments which led the world down the path spending money to stop the Y2K apocalypse then�spent most of the SOX 404 budget to protect America against alleged internal controls evil doers.
Indeed many will fear that corporate IT departments might get to spend that amount again if a mandate for interactive data comes to pass under the banner of financial reporting to increase the transparency of internal controls. Federal regulatory agencies are jumping on the XML-based interactive data bandwagon to streamline all manner of information collection and dissemination. We continue to believe that the gains outweigh the costs.
We also believe that the progress of technology is cutting the cost. There's an old rule of thumb in techology circles that every year cuts the cost in half and once every three years something comes along that cuts it to a tenth.
We draw your attention to the fact that in January 2006, a company�led by a man named Gates released a product upgrade called ASP.NET 2.0. The price to add it to windows is free and the accompanying software development toolkit for it has just been declared to also be free by Redmond following an unprecendented 5 million downloads of same by developers. Version 2.0 contains some interesting features which reduce major pieces of the infrastructure for piping and manipulating interactive data literally down to one-line of code function calls. We recommend the SEC, the accounting and consulting sectors examine in detail the environmental implications of these emerging "nerd side" developments.�
We also note that smaller entity CEO's are often better computer programmers than their staffs. By necessity they are focused on growing their businesses, thus making investments in internal,
non-revenue generating infrastructure matters of secondary importance. To the extent that the SEC, and the vendor and audit community can add leverage to small company IT investments, the goals of Section 404 will become less painful and more strategic.
The Institutional Risk Analyst is published by Lord, Whalen LLC (LW) and may not be reproduced, disseminated, or distributed, in part or in whole, by any means, outside of the recipient's organization without express written authorization from LW. It is a violation of federal copyright law to reproduce all or part of this publication or its contents by any means. This material does not constitute a solicitation for the purchase or sale of any securities or investments. The opinions expressed herein are based on publicly available information and are considered reliable. However, LW makes NO WARRANTIES OR REPRESENTATIONS OF ANY SORT with respect to this report. Any person using this material does so solely at their own risk and LW and/or its employees shall be under no liability whatsoever in any respect thereof.
A Professional Services Organization
Copyright 2016 - Lord, Whalen LLC - All Rights Reserved