Risk & Compliance

More 404 Guidance, Please

Panelists at the SEC's roundtable request more guidance aimed at helping management, not auditors, cope with Sarbox 404.
Helen ShawMay 10, 2006

See our special report on “The 404 Debate.”

Speakers at the first panel of the Securities and Exchange Commission/Public Company Accounting Oversight Board roundtable on Section 404 requested management-specific guidance for the internal-controls assessment process and raised the hope that such guidance would reduce the compliance costs involved.

While the representatives of corporations, audit firms, and investors noted improvements in corporate disclosure and the compliance process with Section 404 during the second year of compliance for accelerated filers, they also noted that the lack of guidance for corporate management has partially led to excessive testing of controls and significant compliance costs.

One panelist likened the situation to that of the medical profession, in which doctors prescribe medical tests that would not be performed except for the prospect of litigation. “The same natural economic forces push people with good intentions to apply controls that are suboptimal because of social pressures,” commented Joseph Grundfest, a co-director of the Rock Center on Corporate Governance and a law professor at Stanford University.

Guidance to management and the accounting profession on what is truly important in terms of misreporting on financial statements would be helpful, stated Mary Bush, president of Bush International. Some areas pose extraordinary risk for misreporting while others have little or no risk, she said, yet some companies apply a “checklist approach” toward testing and assessing internal controls, which places equal emphasis on both low- and high-level process controls.

Edward Nusbaum, chief executive officer at Grant Thornton, said that while his audit firm used the May 16, 2005, guidance from the SEC and the PCAOB to apply a risk-based approach in audits to improve efficiency and effectiveness, incorporating guidance is a multiyear process and more modifications can still be made to implement the regulators’ guidance from last year. Meanwhile, he said, further guidance for management would be useful.

Nusbaum suggested that regulators, auditors, corporate companies, and investors gather to create practical guidance for management. “Real, practical guidance based on case studies would allow us to use judgment,” he said. And, he added, such guidance would help smaller companies in particular.

However, Colleen Cunningham, president and chief executive officer of Financial Executives International, believes that principles-based guidance is needed. “When I hear guidance, I worry we will get another standard that will box management in to some degree,” she said. Principles-based guidance should focus on key definitions and clarify that management should not follow the same rules as auditors, she stated.

Panelists also discussed experiences with management assessment of internal controls and the costs of compliance. Some suggested that the PCAOB’s Auditing Standard No. 2 (AS2) should be revised to improve the internal-controls process and the quality of companies’ financial statements. “I think it’s now time to amend the standard,” said Barbara Hackman Franklin, president and CEO of Barbara Franklin Enterprises and former U.S. Secretary of Commerce. “Take last year’s guidance and put it into the standards. That will empower auditors in a way they don’t feel empowered now,” said Franklin, who added that the SEC should give guidance to management and especially to smaller companies.

Samuel DiPiazza, global CEO of PricewaterhouseCoopers International, disagreed that AS2 needs to be revised, but he did say the industry needs “help on materiality.” Cunningham and Franklin noted that the SEC is the only regulator with the authority to provide the management guidance that the panelists requested.

All panelists noted the improvements in corporate disclosure and audit committees during the second year of compliance. Dennis Johnson, senior portfolio manager at the California Public Employees’ Retirement System, noted that in the universe of the Calpers focus list of companies (the annual list of companies with corporate-governance issues from the perspective of the retirement plan), there were fewer concerns about material weaknesses in the past 12 months versus previous periods. Also, audit-committee members at companies on the focus list were more engaged in their companies and better at planning, said Johnson.

Compliance costs, while declining according to various surveys, continue to be an ongoing concern. Rodgin Cohen, chairman of Sullivan & Cromwell, commented that the qualitative cost of a continuing, very conservative environment with respect to the internal-controls procedure is a concern. “If the environment is made easier, costs will go down,” predicted Cohen. Panelists called for a better balance between costs and benefits associated with Section 404.