VideoTo CFOs, all this signing of documents feels more like punishment — the equivalent of writing "I will not commit fraud" 100 times. Yet regulators like the basic concept of sign-offs and certifications, if only because they believe they help assure accountability. After all, it was the SEC that first proposed requiring CEOs and CFOs to certify financial statements in June 2002 — six weeks before Sarbanes-Oxley Section 302 made it law. More recently, the unfolding American International Group Inc. (AIG) scandal prompted the New York State Insurance Department to require insurance company CEOs to certify the economic legitimacy of certain transactions that can be used to manipulate financial reporting.
The FEI's Cunningham hopes that a reasonable approach by the PCAOB as it begins to inspect auditors' work will eliminate such overkill. "It's the first time the auditors are being regulated, and the inspection process from the PCAOB will drive their behavior." At the roundtable, McDonough promised "evenhanded" inspections. "It is at least as likely that we will find that the work [auditors] did was excessive as it was inadequate. Now, will we throw someone in jail for an excessive audit? Not likely. However, will we have a very severe conversation with the management of that audit firm? You bet."
Bright Llines
Another major concern for CFOs is the definitions of "significant deficiency" and "material weakness." "This was the great unknown," says AMB's Coke. "What is a significant deficiency, and how do you aggregate [those deficiencies] to become a material weakness?"
There are no specific figures in the auditing standard. But CSC's Level and his staff parsed the accounting world's definitions of "inconsequential" and "remote" to conclude that auditors would define a significant deficiency as one that had a greater than 5 percent chance of resulting in a misstatement of one percent of earnings before taxes. Coke says he arrived at the same conclusion. But, he adds, "one percent of net income would have been a penny and a half a share, and I think in terms of pennies, so we ended up going with a more conservative threshold." Either way, Level says the threshold is too low, causing companies and auditors to spend far too much time on minor issues. "In a lot of cases, we are looking at deficiencies that are quite unlikely to result in a misstatement," he says.
That's a widely held sentiment. A less onerous definition of "significant deficiency," says Level, would do more than any other change to reduce the cost of 404. But is that likely? When it comes to materiality, let alone a material weakness, the SEC has long eschewed bright-line tests. And while Level claims to want principles-based guidance, his own exercise shows how quickly auditors tend to put a price on a principle.
Moreover, any effort to raise the threshold on internal controls could be seen as weakening 404. "I believe [costs are] heavy because firms are repairing corporate infrastructures that have been neglected for years," Jack T. Ciesielski, publisher of The Analyst's Accounting Observer, told the SEC. Not every material weakness he has seen reported "pointed to a future financial meltdown—but I'd have to say every weakness I've noticed would have raised concerns about the reliability and fairness of published financial information if they went uncorrected...."
Ciesielski and OPERS's Richson note that companies have been responsible for maintaining controls since the Foreign Corrupt Practices Act of 1977, a point echoed by Alan Beller, head of the SEC's Corporation Finance division, during the roundtable. "The complaints ring hollow," wrote Ciesielski. "If there is supposed to be an adequate internal-control system in place already, and it costs so much to comply with Section 404, how adequate was the system before?"
Nonetheless, both the SEC and the PCAOB already have shown a tendency to respond to certain corporate concerns. On March 2, the SEC announced a one-year extension of the 404 deadline for foreign firms and small companies with a market cap of less than $75 million.
"I have great sympathy for the small and midsize companies that in some cases actually have very good internal controls, but are much less formal than a large, complicated company," the PCAOB's McDonough told CFO in August 2004.
On March 31, the PCAOB proposed a new standard for companies that have fixed a material weakness. If it is adopted, those companies could hire an auditor to attest to the fix immediately, rather than waiting until year-end for an auditor to confirm the company's assertion. That doesn't actually change any existing rules, but it does show an understanding of the corporate need to reassure investors.
Whither the Regulators?
Still, it's far from clear how all this will play out. Both Donaldson's and McDonough's constant references to small companies are likely small consolation for executives like Urban Outfitters's Ross, whose company is small by retail standards, with 142 stores, but has a market cap of $3 billion. Yet "concessions for small business" don't make Richson happy, either. "Research I've looked at suggests small business is oftentimes a higher risk," she says.
Reader Comments» Post a comment