The American Competitiveness and Corporate Accountability Act of 2002, commonly known as the Sarbanes-Oxley Act (SOX), was signed into law July 30, 2002.
Almost all of the provisions in the act apply to publicly traded companies. However, certain aspects of the act do apply to nonpublic and not-for-profit organizations.
- Active participation by an independent board of directors and the audit or finance committee
- Enhanced whistleblower protection of reported suspected illegal activities
- Management’s establishment and continued maintenance of effective internal controls
- Creating and monitoring ethics, conflict of interest and other organizational compliance policies
The most-discussed section of this act is section 404 — management’s assessment of internal controls.
Section 404 is aimed at helping public companies prevent financial reporting mistakes and mitigate the risks for fraudulent activity. This section requires companies to include the following items in their 10-k filings.
- A statement of management’s responsibility for establishing and maintaining adequate controls over financial reporting
- Management’s assessment of the effectiveness of the company’s internal controls
- A statement identifying the framework used by management to evaluate the effectiveness of the internal controls
- An auditor’s report on management’s evaluation of internal controls
- Any material weaknesses identified in the internal controls review
- The company’s remediation plan for material weaknesses identified
The potential benefits realized from well-established internal controls are numerous.
- Entity-wide compliance with management’s policies and procedures
- Efficiency and effectiveness in company operations
- Safeguarding of company assets
- Reliable and timely financial and operational data
- Compliance with applicable federal, state and local regulations
- Increased public trust
As with any new law, there are drawbacks. With SOX, the largest drawback by far is cost.
Nonaccelerated filers, those with equity market capitalization of $75 million or less are spending on average $550,000 annually to comply with SOX, while accelerated companies are spending anywhere from $1 million to $8 million annually.
To combat the burden nonaccelerated filers are facing to comply with section 404, two recent developments have occurred. First, in September 2005, the SEC deferred the section 404 compliance deadlines for these nonaccelerated filers to the first fiscal year ending on or after July 15, 2007.
Second, in October 2005, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued an executive summary draft on guidance for smaller public companies reporting on internal controls.
For an internal control system to be effective, a framework needs to be in place. One of the most common frameworks is the COSO model. This framework contains the five critical components necessary for the coordination of the company’s operations, financial reporting and compliance. With the executive summary draft, COSO has identified certain enhancements that relate specifically to nonaccelerated filers.
- Control environment. This sets the tone at the top of the organization. For nonaccelerated filers, the actions and commitment of management are often more transparent.
- Risk assessment. This identifies and analyzes external and internal risks. Added focus for nonaccelerated filers should be on controls that mitigate risks related to financial statement assertions and account balances.
- Control activities. These are the policies and procedures established by management. For nonaccelerated filers, these may require a minimal level of formalization.
- Information and communication. This is the reliable information that is captured and communicated. Nonaccelerated filers should take advantage of information technology to promote more effective controls.
- Monitoring. This is the ongoing process that assesses the quality of internal control performance. For nonaccelerated filers, ongoing monitoring by key executives who have direct and explicit knowledge of the activities of the business should be emphasized.
Patrick D. Fuelling is a Certified Public Accountant and director at Doeren Mayhew, a regional accounting and consulting firm in Troy, Michigan. Doeren Mayhew provides a wide range of professional services to middle-market companies. Contact Fuelling at [email protected] or (248) 244-3104.