|
The early SOX teams had to start assessing their controls while guidelines were being created and frequently locked horns with auditors over how to interpret requirements.
Furthermore, many companies had not allocated funds to pay for SOX Section 404 compliance. The money for SOX was redirected from other planned business investments, putting those projects on hold. In addition, companies did not anticipate the massive effort involved in Year One compliance. Auditors couldn't help them design or implement controls because they had to eventually sign off on the companies' work. To meet the deadline, businesses had to hire consultants to assist with documentation and testing, which resulted in higher costs.
When the dust settled in late 2004, the accelerated filers had largely achieved their initial SOX goals. They had identified and corrected deficiencies and incorrect accounting treatments improved IT controls created and enhanced central policies and procedures found lost revenues and identified cost leaks reinforced internal accountability.
THE IT MANAGER'S WORKING GUIDE TO SUSTAINABLE SOX COMPLIANCE
For many businesses, success came via adrenalin-driven heroics and with a large price tag. Since companies had to react quickly in Year One, they identified entirely too many key control objectives supported by numerous processes and manual procedures that are costly, resource intense, and prone to failure over the long run. At the most basic level, businesses must now reduce costs and gain value out of compliance by doing it efficiently and effectively year in and year out.
Although implementation was expensive, SOX has produced the anticipated benefits. According to Compliance Week, only six companies out of 300 large year-end filers reported ineffective controls in their second year of compliance. Compliance Week also cited preliminary results from a study by PricewaterhouseCoopers (PwC), which found that nearly 80 percent of companies that filed adverse opinions about their Sarbanes-Oxley compliance in 2004 had improved their internal controls over financial reporting for 2005.
As the next round of SOX deadlines approaches, the SEC, which has determined that SOX is good for investors, continues to move forward on steps to reduce costs and minimize the burden that Section 404 imposes, particularly on smaller companies and foreign private issuers.
Foreign companies that are listed on the New York Stock Exchange and meet the definition of large accelerated filer must ensure that their annual filings fully comply with SOX for their next financial year ending on or after July 15, 2006.
However, in August 2006 the SEC granted relief for foreign private issuers that are accelerated filers, but not large accelerated filers, and that file their annual reports on Form 20-F or 40-F:
- This group of issuers will need to include the management certification required by Section 404 in their Form 20-F or 40-F annual report for fiscal years ending on or after July 15, 2006.
- Auditor attestation will not be required until their next fiscal year ending on or after July 15, 2007.
The SEC also proposed an extension of dates for non-accelerated filers -domestic and foreign public companies with a capital valuation less than $75M. While management would have to provide the certification required by Section 404 for fiscal years ending after December 15, 2007, auditor attestation would not be required until fiscal years ending after December 15, 2008. Businesses going public would not be required to comply with Section 404 until the release of their second annual report.
THE IT MANAGER'S WORKING GUIDE TO SUSTAINABLE SOX COMPLIANCE
These actions are intended to ease the financial burden of compliance for smaller public companies. In addition, the proposed extension gives these companies and their auditors another year to adapt to upcoming changes in Auditing Standard No. 2, as well as an opportunity to benefit from new management guidance coming from the SEC.
With these new deadlines in sight, companies have the opportunity to learn from the experiences of their peers who have already been through SOX audits. In fact, at a May 2006 conference on SOX 404, speakers noted that foreign private issuers are designing their processes with ROI in mind.2 That said, 36 percent of smaller companies polled at this conference had not yet begun to even scope their SOX compliance effort.
As non-accelerated filers approach SOX with sustainability as a goal, and larger companies - who have now made it through Year Two - move toward sustainable processes, there is much to learn from each other's experiences.
THE IT MANAGER'S WORKING GUIDE TO SUSTAINABLE SOX COMPLIANCE
SARBANES-OXLEY BASICS
SOX mandates a comprehensive accounting framework for all public companies doing business in the United States. Companies are required to disclose all pertinent financial performance information publicly in a uniform and transparent manner.
|
