The U.S. Securities and Exchange Commission recently completed a review of how US domestic public companies have fared in their first year of compliance with Section 404 of the Sarbanes-Oxley Act. Under Section 404, the management of each company that is public in the US must report publicly on the adequacy of the company’s internal controls over financial reporting, and must have the company’s outside auditors attest to the quality of the internal controls and management’s report. Most non-US issuers that are subject to Sarbanes-Oxley have been granted an extension by the SEC and are not required to comply with Section 404 until they file their first annual report on Form 20-F for their first fiscal year ended after July 31, 2006.
The SEC’s review resulted in a statement by the SEC staff that offered guidance as to how Section 404 should be applied by companies and their auditors. It also resulted in a separate statement by the Commission itself. The Commission statement was brief and sought to make two broad points. First, the Commission asserted that compliance with Section 404 was producing benefits, including “heightened focus on internal controls at the top level of public companies”. Second, the Commission acknowledged that the costs of compliance have so far been significant. While attributing some of these costs to “start-up expenses”, the Commission also indicated that the Section 404 compliance process needs to be improved so that it is “more effective and efficient”.
Importantly for non-US issuers, the Commission indicated that the SEC staff will continue to monitor implementation of Section 404, particularly for smaller public companies and non-US issuers. This statement may signal a willingness by the SEC to show more of the flexibility in respect of non-US issuers that it showed when it extended their Section 404 compliance deadline with beyond the end of July 2006.
The Commission also made several broad observations that seem intended to improve the efficiency of Section 404 compliance going forward. First, the Commission noted that a “mechanical, and even overly cautious” application of the Section 404 rules and standards may lead to unnecessarily high costs of compliance. The Commission indicated that “management and external auditors must bring reasoned judgment and a top-down, risk-based approach to the 404 compliance process”. Using “one-size fits all, bottom-up, check-the-box” methods is less likely to improve internal controls than the “reasoned, good faith exercise of professional judgment focused on reasonable, as opposed to absolute, assurance”. And auditors in particular must recognize that there is a “zone” of reasonable Section 404 conduct by companies that auditors should tolerate.
Second, the Commission indicated that it expects future internal control audits to become better integrated with the audit of financial statements, which should lower Section 404 compliance costs. Third, the Commission stressed that internal controls and Section 404 compliance methods must be appropriately tailored to the operations of smaller companies. Finally, the Commission encouraged “frequent and frank dialogue” among management, auditors and audit committees as a means of improving internal controls and financial reporting. It stressed that so long as management decides on the accounting to be used and the auditor does not design or implement the company’s internal controls, the SEC’s auditor independence rules would not be violated by engaging in such a dialogue.
The staff guidance that accompanied the Commission’s statement is not binding regulation, and generally followed the themes of the Commission’s statement. Further guidance on Section 404 may be forthcoming as the SEC staff continues to review the implementation of Section 404. We expect that as companies and auditors overcome the costs of Section 404 start-up, and as the SEC continues to provide guidance, the cost of compliance with Sarbanes-Oxley Section 404 will decrease.
We would be pleased to speak with you if you have any questions about Sarbanes-Oxley Section 404 or other Sarbanes-Oxley compliance issues, or other questions about US capital markets matters, or if we can be of any other assistance to you.