VideoIt's getting much harder for public companies to keep skeletons in their closets. As they ready internal controls for the harsh light of Section 404-compliance testing, the pressure to disclose problems uncovered in the process has become palpable.
In the first six months of the year, more than 100 companies raised red flags about the current state of their internal controls in their Securities and Exchange Commission filings, largely at the behest of their auditors, according to a CFO magazine analysis of a database compiled by Compliance Week newsletter. While there is no comparable data for previous years, the month-over-month growth — from 10 in January to 32 in June and 30 in July — has convinced many experts that such public confessions are on the rise.
"Even though Section 404 certifications won't start to be due until later this year, you're seeing a lot of companies trying to get ahead of the curve," says Stephen Poss, senior partner and chair of the securities litigation, SEC enforcement, and corporate-governance practice area at law firm Goodwin Procter LLP. He expects those numbers to increase until the completion of the first round of Section 404 testing, "as more companies get word from their auditors that they may have problems."
"Problems" can mean poor procedures or IT weaknesses, but in many cases they are more basic: unqualified or inadequate finance staffs. "A company needs to have a certain amount of [in-house] knowledge to determine the appropriate accounting issues, now that it cannot rely so heavily on its auditor," says Richard Steinberg, who led Pricewaterhouse-Coopers's governance practice before starting his eponymous consulting firm. The deficiencies that BDO Seidman noted at $14.5 million Advanced Materials Group Inc., which included operating without a full-time CFO and a lack of staff expertise, were typical of what one-third of companies making disclosures heard. And while smaller companies are most susceptible to such criticisms, large companies are not immune. PwC told international insurance giant AXA that the company had "insufficient personnel in the corporate accounting department with sufficient knowledge...of U.S. GAAP," the company reported in June.
With the threat of Section 404 failures looming, many firms are scrambling to fix their problems by hiring additional personnel and reorganizing. Thanks to quarterly Section 302 certification requirements, though, many are finding that agreeing to remedy weaknesses also entails reporting them. That means even the companies that end up passing Section 404 may be exposed to unwelcome investor scrutiny. The big question, says Wayne Avellanet, director of internal control at SST Truck Co., is: "Will I suffer the consequences of having a material weakness because I have a problem I can't fix fast enough?"
What Is Reportable?
Companies have long been required to disclose control weaknesses, but before Sarbanes-Oxley, they were rarely held accountable for knowing about them. The annual testing that Section 404 demands now leaves executives with little opportunity to plead ignorance. "With all the documentation and monitoring required, companies are much more likely to detect problems now," says Steve Wagner, a partner with Deloitte & Touche LLP and co-chair of its Sarbanes-Oxley steering committee. Although the controls covered by 302 are not exactly congruent to those described by 404, there is enough overlap so that "CFOs should be vigilant about any disconnects," says Poss.
Experts say many of the issues being revealed might once have stayed behind closed doors until fixed. But an arguably broader definition of what constitutes a "reportable condition" is making that strategy harder to pull off. Auditing Standard 2, recently issued by the Public Company Accounting Oversight Board (PCAOB), parses the historically used phrase into three categories — control deficiencies, significant deficiencies, and material weaknesses — in order of severity. The old standard allowed for a "low" probability of error before the dreaded material-weakness label was applied. But now a material weakness is one that creates "a more than remote" chance that "a material misstatement will not be prevented or detected" in a company's financial statements. And to further complicate matters, now multiple significant deficiencies can combine to equal a material weakness.
While auditors and companies (which must conduct their own independent assessments) must vet all types of deficiencies, only material weaknesses must be disclosed. But delineating between what does and does not have to be disclosed "requires a lot of judgment," says Wagner, who expects there to be "a fair amount of discussion and dialogue" between companies and auditors.
Such semantic issues are already leading to serious arguments between CFOs and auditors, as filings show. A number of companies, such as PhotoMedex Inc., Sports Club Co., and Alloy Inc., dismissed their auditors shortly after they identified the problems. At other firms, such as Western United Holding Co., auditors resigned because they were unwilling to rely on the data provided by management. AirGate PCS Inc., meanwhile, simply disagreed with KPMG in its second-quarter 10-Q. "The company believed that no reportable condition existed by the end of fiscal year September 30, 2003" related to a previously disclosed problem with the accounts-receivable information provided by Sprint Corp., "but our independent auditors have not made that finding."
Reader Comments» Post a comment