The Securities and Exchange Commission announced on Wednesday in no uncertain terms that small companies as well as large ones will be required to comply with the Section 404 internal-control requirements of the Sarbanes-Oxley Act.
The SEC’s statement, posted in a press release on its website, clearly contradicts the recommendations of its own Advisory Committee on Smaller Public Companies, which stated on April 23 that micro-cap and small-cap companies of certain sizes should be exempted from 404 “unless and until” guidance tailored to smaller issuers’ needs is generated.
The statement also came on a day when a group of senators and representatives introduced a bill in Congress that would give many smaller companies the right to choose not to comply with the internal-control rules.
In the statement, the commission also announced that it would issue guidance for companies and work with the Public Company Accounting Oversight Board on revisions of the PCAOB’s internal-control auditing standard.
Further, the SEC plans to launch inspections of PCAOB efforts to improve 404 oversight and to further postpone of 404 compliance for non-accelerated filers, “although ultimately all public companies will be required to comply with the internal control reporting requirements of Section 404,” according to the press release. (Generally speaking, non-accelerated filers are companies with a public float of $75 million or less.)
SEC Chairman Christopher Cox, however, foresaw the possibility of some custom tailoring. “As we go forward, we will consider the special concerns of all companies that fall under our jurisdiction — large and small, foreign and domestic,” he said.
Elaborating on the size issue, John White, director of the SEC’s Division of Corporation Finance, said, “We will be working on our own, and with the PCAOB, to improve the implementation of Section 404 so that it will work efficiently and effectively for companies and auditors of all sizes and types while still maintaining the important investor protections it provides.”
The commission expects to issue guidance to managers to help them perform “a top-down, risk-based assessment of internal control over financial reporting,” according to the release. To help non-accelerated filers and smaller public companies, the commission said, it wants the guidance to “be scalable and responsive to their individual circumstances.” The form of the guidance has yet to be determined.
For its part, the PCAOB announced Wednesday that it plans to propose revisions to its Auditing Standard No. 2, An Audit of Internal Control over Financial Reporting Performed in Conjunction with an Audit of Financial Statements. The revisions, which are subject to SEC approval, would:
• Encourage auditors to focus on areas of higher risk of fraud or material error.
• Incorporate key concepts contained in PCAOB guidance issued on May 16, 2005, which emphasized such matters as auditors’ need to incorporate the work of internal auditors and other parties in their controls attestations.
• Take a fresh look at and clarify “what, if any, role the auditor should play in evaluating the company’s process of assessing internal control effectiveness.”
The SEC will also take steps to oversee the accounting board’s inspection process. The PCAOB announced on May 1 that its inspections this year would focus on whether auditors have kept 404 costs low. In its statement, the SEC said it plans to inspect “aspects of the PCAOB’s operations, including its inspection program.”