Risk & Compliance

Capital Markets Report Urges 404 Fixes

A panel says changes in the way Sarbanes-Oxley has been applied will improve the competitiveness of the U.S. capital markets.
Helen ShawNovember 30, 2006

The Committee on Capital Markets Regulation today officially released its first report, which calls for a fix of section 404 of the Sarbanes-Oxley Act, the internal controls provision, before it is required for smaller companies.

That was just one of the recommendations in the 135-page report by the Committee on Capital Markets Regulation. The report says there is evidence that a stricter regulatory regime, and most notably the Sarbanes-Oxley Act, has diminished the competitiveness of the U.S. equity market. The report offers 32 recommendations that it says will balance shareholder protection with regulatory costs. According to the committee’s report, “the threat to U.S. competitiveness appears to be real and growing.”

The committee, composed of 22 professionals from finance, law, business, accounting, and academia, urges policy makers to consider changes to the areas of shareholder rights, the regulatory process, public and private enforcement of securities laws, and the implementation of the Sarbanes-Oxley Act. The report says most of the committee’s recommendations can be achieved without legislation, through regulatory changes at the Securities and Exchange Commission and the Public Company Accounting Oversight Board.

The report suggests changes to the way those agencies have implemented Sarbox section 404, which requires companies to assess, and auditors attest to, the effectiveness of their internal controls over financial reporting.

Compliance with Section 404 should not be required for small companies until the committee’s proposals for changes in materiality, improved guidance by the SEC and the PCAOB, and the rotational audits are in place, according to the committee. Once those changes have been made, the SEC should reconsider the costs and benefits of applying Section 404 to smaller companies, the report says.

If the costs are still too high in relation to the benefits for small firms after such changes, the report says, the SEC should ask Congress to exempt small businesses from the auditor attestation requirement. Without the auditor’s attestation, the requirement for management certification should be changed to one of management’s “reasonable belief” in the effectiveness of internal controls, the committee says.

The committee also proposed that 404 use a different definition of materiality— that is, the point at which a weakness in a company’s controls would affect an investor’s decisions, and therefore should be reported as a “material weakness” by the company. The committee argued that the definition of what is material in 404 is not consistent with traditional financial reporting practice, which the committee described as five percent of annual pre-tax income. In fact, the SEC has long avoided putting a specific number on materiality, and its guidance has often been interpreted by the accounting community to be much stricter than the five percent figure. In suggesting that the threshold for materiality be defined for 404 as five percent of annual pre-tax income, the committee also recommended that the SEC consistently define materiality for financial statements as well—a recommendation likely to cause a stir in accounting circles.

Several of the committee’s recommendations echoed suggestions that many companies have been making since the first SEC roundtable on the impact of section 404 was held in April 2005. For example, the committee recommended that the PCAOB and SEC approve the use of intermittent testing, rather than requiring that all internal controls be tested annually. Under multi-year rotational testing, companies and their auditors would test internal controls in high risk areas every year, but companies with clean records would be allowed to test lower-risk areas less frequently.

Another long-standing recommendation was the committee’s suggestion that the PCAOB and the SEC let auditors rely more on the work of other auditors when testing controls.

While there is much to chew on in this report for companies, securities regulators, litigators, and auditors, there is more to come from both this committee, which plans to issue more reports, and from regulators. The SEC is expected to issue Section 404 guidance for management on December 13 and the PCAOB plans to revise its Auditing Standard No. 2, the standard that auditors and, by default, management, refer to when complying with Section 404.