On July 30, 2002, President Bush signed
the Sarbanes-Oxley Act (SOX), which
he labeled the most far-reaching reform of American business since Franklin Delano
Roosevelt’s administration. The purpose of
SOX is clear: It is designed to improve companies’ standards of corporate transparency
and accountability and raise the quality of
corporate governance and financial reporting. It charges a company’s officers and directors with the responsibility for doing so.
SOX imposes tougher regulatory and
enforcement powers upon the U.S. Securities
and Exchange Commission and, ultimately,
on the 12,000 publicly traded companies
affected by its requirements. Not surprisingly,
it has generated some controversy.
Smart Business spoke with Peter E.
Metzloff, CPA, a partner with Skoda Minotti,
to get a clear picture of what companies have
to do to comply, how much time they have to
do so and whether there will be any changes
to contend with as the deadline for mandatory compliance approaches.
What companies need to be compliant?
Only publicly traded companies are
required to be compliant. That does not
mean other companies and organizations
should ignore SOX completely, though.
Is it advisable for other companies to comply
even though they are not required to?
That is up to individual organizations’ leadership. Executives should carefully analyze
the advantages and disadvantages of compliance. There is a ‘trickle down’ effect among
companies that are not required to comply.
For example, nonprofit organizations that
have people on their governing boards who
work for public companies might feel obligated to comply because they think it is the
right thing to do. That can be counterproductive, though, because it means less money for
the organization’s mission. And, privately
held companies that are trying either to position themselves to become public or sell
themselves might think about complying
with the public company rules. Private company executives in particular have to remember that public companies are less likely to acquire their companies close to year-end
and that the first question on anybody’s due
diligence checklist is, ‘What about SOX?’
What changes have been made to SOX?
The big change is the effective date. When
SOX became law, the government said that
only ‘accelerated filers’ — those public companies that have more than $75 million of
market capitalization — would have to comply immediately. Those companies have been
complying for quite a while now. But the SEC
has delayed the compliance requirements
every year since 2002 for the smaller public
companies, the ‘nonaccelerated filers,’ that
have under $75 million of market capitalization. Those delays may be a thing of the past.
When should nonaccelerated companies
start their compliance process?
Right now. It appears that in March of 2008
the nonaccelerated filers will have to certify
in their public filings as of Dec. 31, 2007, that
everything is in compliance with SOX. Since
the chairman of the SEC has intimated
recently that there is no need for further compliance delays, companies that have delayed
their compliance process have to start
preparing for those dates immediately — and even now it may to be too late for them to be
ready. For all but the smallest companies,
preparing documentation for management
and the outside auditors represents a significant amount of work. And, for the most part,
this is something that companies should not
try to do completely by themselves.
How can business advisers help companies
prepare for SOX compliance?
One way is to analyze the company’s general and detailed risks associated with producing accurate financial statements. In the past
five years, companies have changed their
focus on what is important. Lately, they are
more likely to concentrate on possible risks
during the SOX process. Originally, auditors
were looking at what happened at every
company location, every type of transaction,
everything that had ever gone wrong —
everything they could think of. That was very
costly and led to a lot of criticism of SOX.
Concentrating more on the risks of what
could go wrong is a more pragmatic
approach, and it is less costly. It comes down
to a cost-versus-benefit approach.
Another way business advisers can help is
by analyzing the company’s strengths and
weaknesses to determine what weaknesses
can be improved and what strengths can be
made more viable. It is a search for administrative efficiency that becomes part of the
SOX process. A third way advisers can help is
to emphasize that, in the SOX world, if it isn’t
written down, it doesn’t count. They can help
clients develop more streamlined documentation that ensures everything that is key is
written down, which facilitates SOX reporting and makes it easier for outside auditors to
perform their work.
What are keys to successful compliance?
There are two. First, the process has to be
directed from the top down. Management
has to be involved and in the forefront.
Second, and most important, the process has
to be in motion now.
PETER E. METZLOFF, CPA, is a partner with Skoda Minotti, a
CPA, business and financial advisory firm. Reach him at (440)
449-6800 or [email protected].