SEC Relaxes Sarbanes-Oxley Compliance Rules for Smaller Companies
Michelle Carrozzella is the Controller of Touchstone Software, a MA-based public company specializing in computer diagnostics and PC update technology. Her company has 12 employees and $3 million+ in revenues. Yet, she faces many of the same accounting compliance issues under the Sarbanes-Oxley Act of 2002 as multi-billion-dollar corporate behemoths.
Complying with Sarbanes-Oxley is a “pain,” says Carrozzella. She estimates that the law raises her audit costs by 50% and doesn’t provide much in the way of protection against fraud and mismanagement. “I’d much rather see that money going to boost the value of our stock for the benefit of our stockholders.”
Fortunately, some relief is now in sight for Corrozalla and countless other small business owners. The U.S. Securities and Exchange Commission (SEC) and Public Company Accounting Oversight Board (PCAOB) recently approved new standards aimed at reducing the burden that small companies face in complying with Sarbanes-Oxley. Now the question is, do these changes go far enough?
Few people question the overall benefits of Sarbanes-Oxley—the law passed five years ago to prevent future accounting scandals arising from mismanagement and fraud like those highly publicized world-class blunders at WorldCom, Enron and Tyco International. Under the law, corporate managers must determine whether they have sufficient safeguards to catch fraud and bookkeeping errors, and have those controls certified by an outside auditor.
However, often lost in the debate over compliance is the law’s impact on smaller public companies—variously described as those with under $200 million in revenues or $700 million or less in market capitalization. The cost of compliance has been disproportionately much higher as a percentage of revenues, for small companies than for large businesses, particularly with respect to the internal control reporting provisions in Section 404 and related audit fees.
The problem is particularly acute for firms worth less than $75 million—known by the Securities and Exchange Commission (SEC) as “non-accelerated filers.” According to a 2006 report by the Government Accounting Office (GAO), non-accelerated filers paid a median of $1.14 in audit fees per $100 in revenues versus $0.13 for public companies with market capitalizations greater than $1 billion. The GAO also found that smaller companies proportionally incurred far greater non-audit compliance costs than large firms.
SEC Ruling Clarifies Section 404 Requirements
The SEC’s new interpretive guidelines will enable public companies to streamline their internal controls over financial reporting by focusing their compliance efforts in areas where there is the highest risk of potential fraud or mismanagement. This will allow smaller companies, in particular, to avoid time-consuming and costly compliance efforts in areas where problems are unlikely to occur. According to SEC Chairman, Christopher Cox, instead of a one-size-fits-all approach, “companies of all sizes will be able to scale and tailor their evaluation procedures according to the facts and circumstances.”
Congressional leaders, and even other Administration officials, are not entirely satisfied. Senators John Kerry (D-MA) and Olympia Snowe (R-ME), Chairman and Ranking Member, respectively, of the Senate Committee on Small Business and Entrepreneurship, immediately questioned the SEC’s requirement that non-accelerated filers must file their first Sarbanes-Oxley management assessments with their annual reports closing on or after December 15, 2007 (the deadline for audits of internal controls is December 15, 2008). The Senators reiterated their desire that small public companies receive a one year delay in their filing requirements and that the SEC issue a “small business compliance guide.”
The SBA’s Office of Advocacy has also asked the SEC to reconsider an extension.
Representatives Nydia Velázquez (D-NY) and Steve Chabot (R-OH), Chairwoman and Ranking Member, respectively, of the House Committee on Small Business, have urgedn the SEC to issue a similar delay and plan to hold hearings on the matter.
Bob Benoit, President of Lord & Benoit, which specializes in small company Section 404 compliance, is pleased that the SEC and PCAOB have clarified some of the questions about internal management control reporting. “Some of the guidance is still at a 30,000 foot level,” says Benoit. However, “by allowing management to use its judgment about materiality and risk, smaller public companies can now avoid some of the potentially cumbersome and costly compliance requirements that had been implied by earlier PCAOB audit rulings.”
Benoit points out that many smaller firms have already taken steps to comply with Section 404, and that some corporate managers actually welcome the opportunity to get their financial houses in order. He points to a study by his firm that shows that companies with no internal control weaknesses showed an average stock share gain of 28% between 2004 and 2006, versus a 6% stock price decline for companies with compliance problems.
Benoit believes that smaller companies have time to bring themselves into compliance this year. To help alert companies to areas in which they should be focusing, his firm has issued a report entitled 10 Threats to Compliance for Small Companies, and has also prepared a list of 10 Steps to SOX Compliance for smaller corporations to follow.
Sarbanes-Oxley Doesn’t Just Affect Public Small BusinessesPrivate companies that supply public corporations with products or services that are a material part of the financial control process are often subjected to audits of their own processes and controls. While this can be extremely burdensome, some vendors have actually used this requirement as a way to establish a competitive advantage with their customers. To learn more, read Sarbanes-Oxley Hits Small Business, Too. |
John Arensmeyer is Founder and CEO of Small Business Majority, a national small business advocacy organization.
