The regulatory-reform bill passed by the House last week suggests that lawmakers will either exempt smaller companies from getting internal-controls audits or put off the decision for yet another year.
Sarah Johnson, CFO.com | US
December 17, 2009
I personally have implemented over 50 SOX engagements and seen its benefits. I also am not ignorant to the fact that the negative press SOX has received is in some cases real and warranted. I have battled with external audit firms and seen Board of Director meetings almost turn violent over outrageous auditor claims that were in no way in the benefit of the shareholders. The 404(b) aspects of my job are by far the most laborious and challenging; especially given the layered staffing style of 90% of the external auditing firms in the world (e.g., external auditing firms send in their first year associates to start reviewing the project data which equates to my clients getting the privilege of paying on average >$100 per hour for these "professionals" who typically do not understand accounting yet let alone business operations). But, I also understand why (for the most part) external auditors behave the way they do; the legislation has put them in a bad position. I was an external auditor for SOX engagements with PricewaterhouseCoopers and here is the truth; external auditors are personally and professionally liable for the quality of their audits. Auditors can be fined, sent to jail, fired, sued, stripped of their credentials, etc. Additionally, auditors live in fear of the Public Company Accounting Oversight Board (PCAOB) reviewing their audit work once it is completed and potentially stripping them of their right to audit public companies and lose their livelihood if the quality of their audit is deemed poor. Based on these potential risks, I can appreciate where an auditor may be paranoid which could cause them to over scope the project as a safety net. The auditor is put in a very tough position - over scope the audit ($) to protect ones neck (and risk upsetting the client who could take their business elsewhere) - or, bend to the wants of the client and risk not doing a good enough job. I have always thought this is a clear conflict of interest, requiring a for-profit industry to try to act in the best interest of the public. External auditing firms can charge any amount they want for 404(b) audits. Rather than having the external auditing firms perform 404(b) audits and then having the PCAOB come around and review the quality of their audit, why not take out the middleman and have the PCAOB perform the 404(b) audit on the client and charge a flat fee for this service? Or, why not impose a government cap on the costs an external auditing firm can charge? This type of sanction can be seen in other areas such as contingency caps on lawyer fees associated with Workers Compensation lawsuits, etc. Since the statistics show non-accelerated filers can benefit from 404(b) audits, and since it was imposed by the government as a way to provide a level of shareholder confidence, it would seem only prudent to have this level of review available to all public companies. If cost is the true issue, and since the legislation was imposed by the government, shouldn't the government also have the ability to control the costs associated with their imposition? Posted by: Teresa Bockwoldt MBA, MST CEO & Co-Founder Vibato, LLC 655 Montgomery Street, 5th Floor, Suite 540 San Francisco, CA 94111 Office: 415.240.4867 | Mobile: 707.477.0008 | Fax: 888.407.7725 http://www.vibato.com
Posted by Teresa Bockwoldt | December 18, 2009 06:10 pm
Sam E Antar, CFO back in the early 80's would have completely agreed with the statement that testing controls is a waste of money. Sam E. Antar, the former CFO of Crazy Eddie, Inc., a now-defunct smaller public company, a chain of consumer electronics stores in New York and New Jersey. He along with his cousin Eddie Antar, his father Sam M. Antar, and other members of Eddie's immediate family, helped to mastermind one of the largest securities frauds perpetrated in the 1980's. How? He said the auditors of Crazy Eddie did a so called "substantive audit" with no reliance on internal controls. ıThe absence of adequate internal controls poses the problem of making almost all companies difficult or virtually impossible to audit." Today, ALL audits of smaller public companies are "substantive audits", because SOX 404(b) has been delayed. SOX 404(b) is not about the CFO feeling comfortable with internal controls. Iım sure Mr Antar was very comfortable with his internal controls, as well as the CFOs of Tyco, Enron and WorldCom. It is about SHAREHOLDERS who invest in those companies... the shareholders of Crazy Eddie lost all the money, not the CFO. Tried and testing internal controls help prevent errors, fraud and help keep management from succumbing to pressures and rationalizations... especially in tougher times when ıthe powersı want to see bigger profits or smaller losses.
Posted by Bob Benoit | December 18, 2009 02:19 pm© CFO Publishing Corporation 2009. All rights reserved.