404 Makes an IPO: Mission Impossible

As a backdrop for Tom Cruise in Mission: Impossible III, satellite images of "enemy surveillance" and "global reconnaissance" are scattered about a dimly-lit, futuristic control room. The set may be a Hollywood fantasy, but the software generating the clandestine images is real, and supplied by defense contractor Analytical Graphics Inc. (AGI), a small ($250 million market capitalization) company based in Exton, Pa.

While Cruise's character, Ethan Hunt, has his hands full dodging explosions and bullets, AGI's chief financial officer William Broderick faces another impossible mission: going public under the burden of Section 404 of the Sarbanes-Oxley Act, the internal controls provision of the investor protection law.

At a Congressional hearing last week held by the House Committee on Small Business, Broderick testified that 404 compliance for small companies "has the effect of being penny-wise but pound-foolish," because the current regulations lack reasonable cost-benefit analysis. Instead of protecting shareholders, investors are "significantly harmed" from a shareholder value perspective, said the CFO.

Using a back-of-the envelope calculation, he figured that some 7,400 small companies would lose an aggregate $60 billion in equity valuation on a permanent basis by complying with 404 in its current form. He bases his numbers on a report issued in April by the Securities and Exchange Commission's Advisory Committee on Smaller Public Companies.

In the report, the committee estimated that for companies with market caps between $75 million and $700 million, compliance with 404 averages $900,000 annually. Thus, as a percentage of revenue, the cost is 16 times greater for small companies than for larger ones (market caps between $1 billion and $4.9 billion. "Congress did the right thing [passing Sarbox], but they can't bury their head in the sand when it comes to the unintended consequences," Broderick told CFO.com in a separate interview. "They have to correct it."

Hefty Sarbox compliance bills are the main reason AGI did not issue an initial public offering in 2004, says Broderick. Although the company was being pushed by a venture investor to go public, the management team decided it would have been the wrong move, given the additional cost and management time that would have been required on top of public company rigors, like attracting analysts and investors to the stock.

Because the investor was eager to cash out, AGI liquidated the venture company's full stake in Jauuary 2005, for $28 million, which amounted to a 33 percent compounded annual return for the backer. A significant gain for the investor on its original $2.5-million outlay made in 1995. To buy out the investors, the once debt-free AGI had to take on $15 million in bank debt and use $13 million in cash.

The capital drain, says Broderick, makes investment in advanced research and development "difficult." It also squelches other growth objectives, such as investments into sales and marketing and business development. Further, low cash reserves forces the software maker to operate much more conservatively, a competitive disadvantage in the high-tech industry.

Broderick's ideas for a Sarbox fix are simple, but controversial. Auditors and others who oppose a scaling back of Sarbox for small companies argue that if companies want to be in the public company game, they have to follow public company rules.

Comments like that are made in a vacuum, says Broderick, contending that the notion lacks common sense, fundamental cost-benefit analysis, and business judgment. "The big misperception," contends Broderick, "is that small companies don't have any controls, and that is just not the case."

He believes that until companies hit a market cap of $500 million, they don't have the "critical mass" to absorb full Sarbox costs. Those companies, Broderick says, should get an exemption from Sarbox until the rules are scaled back.

Large company CFOs have a similar view about 404 overkill. For example, in a letter to the SEC commenting on second-year Sarbox experiences, Mike Coke, finance chief of AMB Property Corp. suggests moving toward a Canadian model, which eliminates the need for a separate audit of internal controls by external auditors. External auditors would still be required to form an opinion on management's assessment of controls, but the second controls audit would be dashed.

AMB is a real estate investment trust with a $4.5 billion market cap. By Coke's lights, management’s assessments of the design and operating effectiveness of internal controls, and the audit committee's oversight of the functions, meet the objectives of the law.

Other large company CFOs are fans of the Canadian model too, including CIT Group's Joseph Leone. CIT has a market cap over $10 billion. In his comment letter to the SEC, Leone threw support behind using risk-based concepts to determine the scope of controls testing. In that way, a strong controls environment — one with best-in-class governance practices, codes of conduct, anti-fraud programs, and internal audit functions — would require less process-level testing than those with weak programs.

• 1
• 2
• next »