The internal control rules under section 404 of the Sarbanes-Oxley Act of 2002 have been in place for two years in the United States and have generated more controversy than any other corporate governance reform. The Securities and Exchange Commission and the Public Company Accounting Oversight Board hosted a public roundtable on May 10, 2006 to get feedback from market participants, including officers and directors of public companies, audit committee members, institutional investors, public accountants, governance experts and lawyers.
Most of the roundtable participants expressed the belief that the internal control rules, while enormously costly, have been beneficial in increasing accountability for financial reporting and in boosting investor confidence in the U.S. capital markets. On the other hand, implementing the rules has not been an unqualified success because management and auditors are still sometimes being unnecessarily cautious—for example, by overtesting low-level controls instead of adopting a risk-based approach. Therefore, the costs of compliance, especially audit fees, are not decreasing as much or as fast as hoped.
Many of the roundtable participants expressed concern about the impact of the rules on the competitiveness and attractiveness of the U.S. public capital markets, particularly relative to AIM, the junior market of the London Stock Exchange. While no consensus emerged among the diverse group of commentators, some are worried about a growing trend of private companies choosing to go public outside the United States, often adding a U.S. private placement tranche to their IPOs instead of registering with the SEC.
Two main questions emerged from the roundtable for the SEC and PCAOB to consider. First, what accommodations should be made for smaller companies to make the internal control rules less burdensome for them? Options include scaling down the relevant auditing standard or not requiring an auditor’s attestation. The latter option was recently recommended by the SEC’s advisory committee on smaller public companies. Second, do larger companies need additional regulatory guidance to further encourage a more cost-effective, risk-based approach to compliance? Views were clearly split on this question. Some commentators believe that new guidance is urgently needed, whereas others believe that a cooling-off period is appropriate to "let the rules work" without further confusing the market.
As a reminder, most Canadian cross-border companies will be required to include an internal control report and auditor’s attestation in their SEC annual reports covering fiscal 2006 (to be filed in 2007). Cross-border companies that have been reporting with the SEC for less than one year or whose public float is less than $75 million will have an extra year to comply.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
