Senators John Kerry and Olympia Snowe have sent another letter to Securities and Exchange Commission chairman Christopher Cox asking him to give small companies more time to prepare for complying with the internal-control provisions of the Sarbanes-Oxley Act.
The small-business committees in both the House and Senate have recently met with Cox and Public Company Accounting Oversight Board Chairman Mark Olson to go over how the revised management guidance and corresponding new auditing standard for internal control over financial reporting address the concerns of small businesses. Those companies with a market capitalization of less than $75 million must include 404 management reports starting with their 10-Ks filed on or after December 15, 2007 and auditor-attestation reports one year later.
Building up expectations of an outsized financial burden as they watched large companies rack up high auditing costs during the first stages of Sarbox 404 compliance, the small-business community pressed regulators for rule changes tailored to them. Both the SEC and the PCAOB have said their new revisions clarify that management and auditors should concentrate on materiality–that is, only those areas that could lead to a material misstatement. With AS5, the PCAOB is asking auditors to take a top-down, risk-based approach. Companies that have incorporated those principles have reportedly cut down the number of key controls that are reviewed, saving them time and expense.
In comment letters to the SEC’s new guidance for complying with Section 404, nearly one-third of the letters from small-business representatives sought “sufficient time” to consider the final version, according to Kerry. The SEC approved of its guidance in late May but has not yet published the final text.
Since the enactment of Sarbox in 2002, the SEC has delayed the deadline for small companies to comply with the standards a number of times. Cox said earlier this week that another delay would only be needed if the SEC doesn’t approve of the PCAOB’s Auditing Standard No. 5 this summer. The SEC released the rule for comment on Thursday afternoon. If the commissioners don’t approve of the new rule — which the PCAOB approved in May — “we’ll once again postpone the requirement that smaller public companies have a Section 404 audit until the new auditing standard is done,” Cox said during a hearing with the House Committee on Small Businesses.
Apparently that’s not reassuring enough for the lawmakers who head the Senate Committee on Small Business and Entrepreneurship. “Properly implementing and calibrating internal
controls will require time and repetition,” Kerry and Snowe wrote. “We remain convinced that small companies need additional time to evaluate and adjust for any weaknesses they find in their daily, monthly, quarterly, and annual internal controls.” They also asked the commissioners to:
• Publish guidance specific to small companies.
• Update the cost analysis for complying with the internal-control rules. In 2003, the SEC estimated small companies would each spend $35,286 each year.
• Ask the SEC’s Advisory Committee on Smaller Public Companies to give regular reports on Section 404’s impact and evaluate how the financial burden for complying could be reduced. Doing so “would help to ensure that small public companies do not suffer from additional unintended consequences which may harm their ability to compete, innovate, and grow,” the senators wrote.
Kerry, a Democrat from Massachusetts, and Snowe, a Republican from Maine, similarly teamed up on this issue in February when they sent a joint letter to the SEC during the simultaneous comment periods on the draft for AS5 and the new Section 404 guidance, calling for a year-long delay. In Thursday’s letter, they did not ask for a specific new deadline but asked that Cox announce a change within 30 days.