On July 30, 2002, President Bush signed the Sarbanes-Oxley Act (SOX), which he labeled the most far-reaching reform of American business since Franklin Delano Roosevelt’s administration. The purpose of SOX is clear: It is designed to improve companies’ standards of corporate transparency and accountability and raise the quality of corporate governance and financial reporting. It charges a company’s officers and directors with the responsibility for doing so.
SOX imposes tougher regulatory and enforcement powers upon the U.S. Securities and Exchange Commission and, ultimately, on the 12,000 publicly traded companies affected by its requirements. Not surprisingly, it has generated some controversy.
Smart Business spoke with Peter E. Metzloff, CPA, a partner with Skoda Minotti, to get a clear picture of what companies have to do to comply, how much time they have to do so and whether there will be any changes to contend with as the deadline for mandatory compliance approaches.
What companies need to be compliant?
Only publicly traded companies are required to be compliant. That does not mean other companies and organizations should ignore SOX completely, though.
Is it advisable for other companies to comply even though they are not required to?
That is up to individual organizations’ leadership. Executives should carefully analyze the advantages and disadvantages of compliance. There is a ‘trickle down’ effect among companies that are not required to comply. For example, nonprofit organizations that have people on their governing boards who work for public companies might feel obligated to comply because they think it is the right thing to do. That can be counterproductive, though, because it means less money for the organization’s mission. And, privately held companies that are trying either to position themselves to become public or sell themselves might think about complying with the public company rules. Private company executives in particular have to remember that public companies are less likely to acquire their companies close to year-end and that the first question on anybody’s due diligence checklist is, ‘What about SOX?’
What changes have been made to SOX?
The big change is the effective date. When SOX became law, the government said that only ‘accelerated filers’ — those public companies that have more than $75 million of market capitalization — would have to comply immediately. Those companies have been complying for quite a while now. But the SEC has delayed the compliance requirements every year since 2002 for the smaller public companies, the ‘nonaccelerated filers,’ that have under $75 million of market capitalization. Those delays may be a thing of the past.
When should nonaccelerated companies start their compliance process?
Right now. It appears that in March of 2008 the nonaccelerated filers will have to certify in their public filings as of Dec. 31, 2007, that everything is in compliance with SOX. Since the chairman of the SEC has intimated recently that there is no need for further compliance delays, companies that have delayed their compliance process have to start preparing for those dates immediately — and even now it may to be too late for them to be ready. For all but the smallest companies, preparing documentation for management and the outside auditors represents a significant amount of work. And, for the most part, this is something that companies should not try to do completely by themselves.
How can business advisers help companies prepare for SOX compliance?
One way is to analyze the company’s general and detailed risks associated with producing accurate financial statements. In the past five years, companies have changed their focus on what is important. Lately, they are more likely to concentrate on possible risks during the SOX process. Originally, auditors were looking at what happened at every company location, every type of transaction, everything that had ever gone wrong — everything they could think of. That was very costly and led to a lot of criticism of SOX. Concentrating more on the risks of what could go wrong is a more pragmatic approach, and it is less costly. It comes down to a cost-versus-benefit approach.
Another way business advisers can help is by analyzing the company’s strengths and weaknesses to determine what weaknesses can be improved and what strengths can be made more viable. It is a search for administrative efficiency that becomes part of the SOX process. A third way advisers can help is to emphasize that, in the SOX world, if it isn’t written down, it doesn’t count. They can help clients develop more streamlined documentation that ensures everything that is key is written down, which facilitates SOX reporting and makes it easier for outside auditors to perform their work.
What are keys to successful compliance?
There are two. First, the process has to be directed from the top down. Management has to be involved and in the forefront. Second, and most important, the process has to be in motion now.
PETER E. METZLOFF, CPA, is a partner with Skoda Minotti, a CPA, business and financial advisory firm. Reach him at (440) 449-6800 or firstname.lastname@example.org.