The Securities and Exchange Commission has announced its decision to reject calls for smaller public companies to be exempt from compliance with the internal controls assessment and attestation requirements of Section 404 of the Sarbanes-Oxley Act of 2002, including the recommendations for exemption in the recent Report of the SEC Advisory Committee on Smaller Public Companies. See SEC Press Release No. 2006-75 (May 17, 2006).
The SEC concurrently outlined a number of steps it will take to provide greater guidance regarding Section 404 compliance and help reduce compliance costs, including:
- issuing a Concept Release seeking public comment on areas of guidance;
- considering additional guidance for smaller companies to be provided by the Committee on Sponsoring Organizations of the Treadway Commission (COSO) on its internal controls framework;
- issuing guidance based on responses to the Concept Release and the COSO guidance;
- working with the Public Company Auditing Oversight Board on revisions to Auditing Standard No. 2 (governing auditor attestation) aimed at incorporating previous PCAOB guidance on the role of auditors and helping ensure that auditors focus on areas posing higher risk of fraud or material error; and
- helping ensure PCAOB inspections focus on "increasing the efficiency and cost-effectiveness of the audit process."
In addition, the SEC has indicated that it will announce a short extension in the compliance deadline for non-accelerated filers (public companies, including foreign private issuers, with a public float less than $75 million) to permit them to consider the new guidance and the revisions to AS No. 2. It is anticipated, however, that all public issuers will be required to comply with Section 404 for fiscal years beginning on or after December 16, 2006.
Application of Section 404 to smaller public issuers remains extremely controversial. Critics continue to claim that compliance will disproportionately burden such issuers and drive them to list their securities outside the United States to avoid the burden of SOX compliance.
Republican lawmakers introduced a bill in Congress on May 17 that would amend SOX to allow issuers with market capitalization less than $700 million, revenues less than $125 million or fewer than 1,500 shareholders to opt out of Section 404 compliance and to lighten the compliance burden for those that do not opt out. The bill is not expected to pass in this session of Congress.
Public companies not currently subject to internal controls reporting should monitor the steps outlined by the SEC carefully as they play out over the next several months and should prepare for Section 404 compliance, which now seems inevitable absent Congressional action.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.