This is the first year in which nonaccelerated filers (companies with market caps below $75 million) will need to comply with Sarbanes-Oxley (SOX) legislation, specifically Section 404. An added weight is that implementation costs are disproportionately larger for smaller companies, according to the Security and Exchange Commission (SEC).
“Some accelerated filers thought they would handle this thing easier than they did,” says John Gutierrez, a founding principal of Avvantica Consulting LLC in Dallas and the company’s SOX Practice leader. “They thought they had good controls for financial reporting already in place. The thing that is new about SOX is that it now holds management responsible for testing and making an assertion as to the effectiveness of their system of internal controls. Before SOX, they simply needed to sign off on their responsibility to define and maintain them.”
Smart Business discussed how nonaccelerated filers should approach compliance.
Has any progress been made in giving nonaccelerated filers an extension on their exemptions from Section 404?
Although there has been much discussion about the possibility of creating an exemption for nonaccelerated filers, it does not seem likely that the SEC will give in to this pressure.
Time heals many wounds, but while some may be tempted to forget the financial meltdowns that prompted SOX legislation, SOX has been widely recognized for helping boost investor confidence. It has also improved transparency in financial reporting and general accountability within public corporations.
In addition, public accounting firms are now being inspected by an independent Public Company Accounting Oversight Board (PCAOB) to make sure they are doing the right thing and are not being overzealous in implementing Section 404 requirements.
How can technology make compliance easier and less expensive for a nonaccelerated filer?
There are good technology solutions available to help companies comply with SOX compliance requirements. The right process-based solution will pay for itself many times over and can dramatically make compliance more efficient and sustainable particularly for controls maintenance, testing and remediation processes.
However, some of the true process-based solutions are cost-prohibitive to smaller companies. I think smaller companies should consider using a pragmatic SOX process solution through the Software as a Service (SaaS) model that some companies offer. This model will allow them to realize the benefits of the best solution without expensive traditional software and maintenance costs. In addition, the SaaS model affords them the ability to always have the latest version of the software without additional upgrade charges.
Do nonaccelerated filers realize how much more Section 404 will cost, or how long compliance will take?
Certainly, many executives of these smaller companies have learned from watching their bigger counterparts.
However, some companies may be counting too much on the SEC’s promise to provide a revised version of Auditing Standard No. 2 as somewhat of a SOX ‘silver-bullet.’ Although such a revision should help rein in the scope and related costs of their external audit in future years, it will not likely reduce the underlying requirement to maintain an effective system of internal controls over financial reporting. Overall, even though nonaccelerated filers have much experience to learn from, it will still be very much uncharted territory for them. That’s why the earlier they start, the better off they will be.
How long is too long to wait to begin preparation for compliance?
Nonaccelerated filers will need to be compliant at the end of their first fiscal year on or after Dec. 15, 2007. But, well in advance of that, they have to define their control environment and test it to prove its effectiveness in order to support management’s year-end 404 assertion.
Some companies may be tempted to wait until the second or even third quarter to start focusing on SOX. That’s too late. They have to start working on compliance during the first quarter or they will get themselves into a jam.
Are there other ways that CEOs and CIOs can make Section 404 compliance smoother, less expensive and less intrusive?
Small companies would save a lot of time and money by doing what many accelerated filers have done. That is, outsource or co-source most of their compliance process to a reputable firm that specializes in SOX compliance.
We recommend considering a holistic, result-based solution with an expert adviser that offers a predictable outcome at a cost-effective price. We believe such cost predictability and overall reliability is more important for a smaller company than an open-book rate-per-hour approach through staff augmentation.
JOHN GUTIERREZ is a founding principal of Avvantica Consulting LLC in Dallas and the company's SOX Practice leader. Reach him at (214) 379-7904.