The May 10 roundtable on second-year experiences with Sarbox 404 compliance ended with a bang, as a representative of organized labor clashed with a CFO arguing the case for small companies. The issue: whether the internal-controls requirements should be softened.
Lashing out at many proposals made during the day for altering the current 404-compliance regime, Damon Silvers, associate general counsel of the AFL-CIO, declared that the provision’s requirement that management assess internal controls applies to “all management of all public companies,” suggesting that meant small companies as well as big ones.
Silvers said he was speaking on behalf of unionized workers as investors. “We don’t want to be subject to a pitch by any company not required to [comply with 404],” he added.
During the day, some panelists proposed that compliance should be limited to a “top-down,” “risk-based” approach in which management sets priorities about which controls to work on. Others suggested that doing without auditor opinions on management’s assessment of internal controls might be a good idea. The AFL-CIO lawyer would have none of it.
Investors can’t “rely purely on management — that’s not an audit,” contended Silvers. “You cannot do this merely on an entity level.” If internal-controls audits rely solely on an assessment of the ethics and competence of top managers, junior-level executives could well commit undetected fraud if lower-level controls aren’t assessed, according to Silvers.
For his part, Alex Davern, CFO of National Instruments and chairman of the American Electronics Association committee on reform of Sarbanes-Oxley 404, said he disagreed with Silvers. Unlike the union attorney, Davern favors an approach in which the controls are tested on a rotating basis, with those concerned with the biggest risks of material errors given priority. He also called for a “scaled” approach to compliance with 404, with small companies being treated differently than larger ones.
Davern thinks the SEC should adopt the recommendations of the commission’s small-company task force, which call for exemptions from 404 for microcap companies with less than $125 million in revenues and for small-cap companies with less than $10 million in annual product revenues.
The finance chief also had harsh words for the SEC — and the roundtable itself. The midcap CFO said he was “disappointed with the tenor of the discussion,” characterizing the panelists as engaging in “a tremendous amount of polite discussion” without saying how bad things really were for many small companies. As for the SEC, it “deserves a failing grade for implementation of 404,” he added.
Particularly egregious, according to Davern, was the inaccuracy of the commission’s initial predictions that per-company 404 costs would average about $90,000, and that they would be relatively the same for small and large companies. The failure to correctly estimate the costs and forecast the heavier toll on smaller companies reveals a “lack of realistic, common-sense thinking,” he said.