Sarbanes Oxley Ebook

2,498 views

Published on

Contents

1. Dodd Frank Act and Whistleblower Protection: Sarbanes Oxley on Steroids - Page 5
2. Dodd Frank Act, Section 922: Whistleblower Protection - Page 8
3. The 12 most important definitions in the Sarbanes Oxley Act - Page 23
4. Dodd Frank Act, SEC. 989G: Exemption for Non accelerated filers - Page 27
5. Internal Controls, the Sarbanes Oxley Act and the Dodd Frank Act - Page 28
6. Study and Recommendations on Section 404(b) of the Sarbanes - Oxley Act of 2002 For Issuers With Public Float Between $75 and $250 Million - Page 33
7. A very interesting letter - Page 54
8. Auditing Standards Related to the Auditor's Assessment of, and Response to, Risk (AS No. 8 through 15) - Page 57
9. Oversight of the U.S. Securities and Exchange Commission: Evaluating Present Reforms and Future Challenges by Chairman Mary L. Schapiro - Page 59
10. The PCAOB passes the Adequacy Assessment of the European Union - Page 69
11. Public Company Accounting Oversight Board (PCAOB)
Interesting parts from the Strategic Plan (2009 - 2013) - Page 71
12. Sarbanes Oxley jobs and careers in 2011 - Page 98
13. What is "internal control over financial reporting"? - Page 102
14. What is "Off-Balance Sheet Arrangement"? – Page 105
15. PCAOB Enters into Cooperative Agreement with United Kingdom Audit Regulator - Page 110
16. Congressional Oversight Panel, Examining the Consequences of Mortgage Irregularities for Financial Stability and Foreclosure Mitigation, and the PCAOB Staff Audit Practice Alert NO. 7 -
Page 112
17. PCAOB staff audit practice Alert No 7 - Page 118
18. PCAOB Issues Concept Release on Auditor's Reporting Model - Page 128
19. SEC Proposes Rules Requiring Listing Standards for
Compensation Committees and Compensation Consultant - Page 130
20. The Statement on Standards for Attestation Engagements (SSAE) No. 16 - Page 135
21. PCAOB Issues Concept Release on Auditor Independence and Audit Firm Rotation - Page 143
22. Joint Press Release - U. S. Securities and Exchange Commission,
China Securities Regulatory Commission, Chinese Ministry of Finance - Page 145
23. Updated Information on PCAOB International Inspections - Page 148
24. Opening Remarks, Daniel L. Goelzer, Board Member
PCAOB Roundtable , Sept. 15, 2011, Washington, DC - Page 156
25. The Auditor's Reporting Model, James R. Doty, Chairman
PCAOB Roundtable, Sept. 15, 2011 - Washington, DC - Page 158
26. Case Study: UBS - Page 160
27. COSO Internal Control - Integrated Framework Update Project
Frequently Asked Questions (September 2011) - Page 169
28. The role of the Board of Directors in Enron’s Collapse - Page 173
29. PCAOB Enters Into Cooperative Agreement with Dubai - Page 201
30. U.S. Securities and Exchange Commission, Annual Report on the Dodd Frank Whistleblower Program, Fiscal Year 2011 - Page 203
31. Whistleblower Incentive Awards Made During Fiscal Year 2011 - Page 212
32. The 1st Circuit ruled that employees of private contractors
working for public compani

Published in: Career, Business, Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,498
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
115
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Sarbanes Oxley Ebook

  1. 1. Page |1_________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  2. 2. Page |2 Contents1. Dodd Frank Act and Whistleblower Protection: Sarbanes Oxley onSteroids - Page 52. Dodd Frank Act, Section 922: Whistleblower Protection - Page 83. The 12 most important definitions in the Sarbanes Oxley Act - Page 234. Dodd Frank Act, SEC. 989G: Exemption for Non accelerated filers -Page 275. Internal Controls, the Sarbanes Oxley Act and the Dodd Frank Act -Page 286. Study and Recommendations on Section 404(b) of the Sarbanes -Oxley Act of 2002 For Issuers With Public Float Between $75 and $250Million - Page 337. A very interesting letter - Page 548. Auditing Standards Related to the Auditors Assessment of, andResponse to, Risk (AS No. 8 through 15) - Page 579. Oversight of the U.S. Securities and Exchange Commission:Evaluating Present Reforms and Future Challenges by Chairman MaryL. Schapiro - Page 5910. The PCAOB passes the Adequacy Assessment of the EuropeanUnion - Page 6911. Public Company Accounting Oversight Board (PCAOB)Interesting parts from the Strategic Plan (2009 - 2013) - Page 7112. Sarbanes Oxley jobs and careers in 2011 - Page 9813. What is "internal control over financial reporting"? - Page 102 _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  3. 3. Page |314. What is "Off-Balance Sheet Arrangement"? – Page 10515. PCAOB Enters into Cooperative Agreement with United KingdomAudit Regulator - Page 11016. Congressional Oversight Panel, Examining the Consequences ofMortgage Irregularities for Financial Stability and ForeclosureMitigation, and the PCAOB Staff Audit Practice Alert NO. 7 -Page 11217. PCAOB staff audit practice Alert No 7 - Page 11818. PCAOB Issues Concept Release on Auditors Reporting Model -Page 12819. SEC Proposes Rules Requiring Listing Standards forCompensation Committees and Compensation Consultant - Page 13020. The Statement on Standards for Attestation Engagements (SSAE)No. 16 - Page 13521. PCAOB Issues Concept Release on Auditor Independence and AuditFirm Rotation - Page 14322. Joint Press Release - U. S. Securities and Exchange Commission,China Securities Regulatory Commission, Chinese Ministry of Finance -Page 14523. Updated Information on PCAOB International Inspections - Page14824. Opening Remarks, Daniel L. Goelzer, Board MemberPCAOB Roundtable , Sept. 15, 2011, Washington, DC - Page 15625. The Auditors Reporting Model, James R. Doty, ChairmanPCAOB Roundtable, Sept. 15, 2011 - Washington, DC - Page 158 _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  4. 4. Page |426. Case Study: UBS - Page 16027. COSO Internal Control - Integrated Framework Update ProjectFrequently Asked Questions (September 2011) - Page 16928. The role of the Board of Directors in Enron’s Collapse - Page 17329. PCAOB Enters Into Cooperative Agreement with Dubai - Page 20130. U.S. Securities and Exchange Commission, Annual Report on theDodd Frank Whistleblower Program, Fiscal Year 2011 - Page 20331. Whistleblower Incentive Awards Made During Fiscal Year 2011 -Page 21232. The 1st Circuit ruled that employees of private contractorsworking for public companies are not entitled to whistleblowerprotections under the Sarbanes-Oxley Act - Page 22733. Public Company Accounting Oversight Board, Reflections on theState of the Audit Profession, Jay D. Hanson - Page 23334. Remarks (at the Practicing Law Institute’s SEC Speaks) byChairman Mary L. Schapiro, U.S. Securities and ExchangeCommission, Washington D.C., Feb. 24, 2012 - Page 24435. Unreasonably Feeble” Opening Statement of Commissioner Scott D.O’Malia Regarding Open Meeting on One Final Rule and One ProposedRule February 23, 2012 - Page 262 _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  5. 5. Page |5The Sarbanes Oxley Act after the enactment of the Dodd FrankActDodd Frank Act and Whistleblower Protection: Sarbanes Oxleyon Steroids.For months we read in blogs and some newspapers that the SarbanesOxley Act is dead, or that it is not important any more, as there are otherlaws and regulations that matter.Well, they are dead wrong.The Sarbanes Oxley Act has become much more important. It is a fact.The two most important reasons for that are:1. The new US financial regulatory reform, the Dodd Frank Act, amendssome sections of the Sarbanes Oxley Act. SOX is part of the newregulatory reform. They did not delete the SOX provisions, they havemade them more strict and clever.For example, whistleblowers now have a monetary incentive to reportmatters to the SEC (they may be entitled to as much as 10 percent to 30percent of the monetary sanctions imposed).Management should clearly explain to all employees the importance ofprompt reporting of violations.Public companies should do much more for complaints submitted toaudit committees or employee hotlines to address areas of potentialconcern.The Dodd-Frank Act also provides an employee with remedies againstthe employer that has violated the whistleblower provisions of the Dodd-Frank Act. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  6. 6. Page |6These remedies include reinstatement with the same seniority status thatthe individual would have had, two times the amount of back payotherwise owed to the individual, with interest, and even compensationfor litigation costs, expert witness fees, and reasonable attorneys’ fees.Does it look like the end of Sarbanes Oxley? No, it is Sarbanes Oxley onsteroids.According to the Dodd Frank Act, no employer may discharge, demote,suspend, threaten, harass, directly or indirectly, or in any other mannerdiscriminate against, a whistleblower in the terms and conditions ofemployment because of any lawful act done by the whistleblower:- In providing information to the SEC in accordance with the provisionsof the Dodd-Frank Act;- In initiating, testifying in, or assisting in any investigation or judicial oradministrative action of the Commission based upon or related to suchinformation; or- In making disclosures that are required or protected under theSarbanes-Oxley Act, the Securities Exchange Act and any other law, rule,or regulation subject to the jurisdiction of the SEC.2. The US Supreme Court denied putting the Public CompanyAccounting Oversight Board (PCAOB) out of business, and now thePCAOB, with its role clear and well understood, has decided toannounce new and stricter risk assessment standards.Sarbanes Oxley becomes more strict and mature.The PCAOB imposes more sanctions on accounting firms and managersthat don’t adequately supervise their staff.The suite of risk assessment standards, Auditing Standards No. 8through No. 15, sets forth requirements that enhance the effectiveness of _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  7. 7. Page |7the auditors assessment of, and response to, the risks of materialmisstatement in the financial statements.The risk assessment standards address audit procedures performedthroughout the audit, from the initial planning stages through theevaluation of the audit results."These new standards are a significant step in promoting sophisticatedrisk assessment in audits and minimizing the risk that the auditor willfail to detect material misstatements," said PCAOB Acting ChairmanDaniel L. Goelzer."Identifying risks, and properly planning and performing the audit toaddress those risks, is essential to promoting investor confidence inaudited financial statements." _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  8. 8. Page |8Dodd Frank Act, Section 922: Whistleblower Protection(a) IN GENERAL.—The Securities Exchange Act of 1934 (15 U.S.C. 78aet seq.) is amended by inserting after section 21E the following:‘‘SEC. 21F. SECURITIES WHISTLEBLOWER INCENTIVES ANDPROTECTION.‘‘(a) DEFINITIONS.—In this section the following definitions shallapply:‘‘(1) COVERED JUDICIAL OR ADMINISTRATIVE ACTION.—Theterm ‘covered judicial or administrative action’ means any judicial oradministrative action brought by the Commission under the securitieslaws that results in monetary sanctions exceeding $1,000,000.‘‘(2) FUND.—The term ‘Fund’ means the Securities and ExchangeCommission Investor Protection Fund.‘‘(3) ORIGINAL INFORMATION.—The term ‘original information’means information that—‘‘(A) is derived from the independent knowledge or analysis of awhistleblower;‘‘(B) is not known to the Commission from any other source, unless thewhistleblower is the original source of the information; and‘‘(C) is not exclusively derived from an allegation made in a judicial oradministrative hearing, in a governmental report, hearing, audit, orinvestigation, or from the news media, unless the whistleblower is asource of the information.‘‘(4) MONETARY SANCTIONS.—The term ‘monetary sanctions’,when used with respect to any judicial or administrative action, means— _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  9. 9. Page |9‘‘(A) any monies, including penalties, disgorgement, and interest,ordered to be paid; and‘‘(B) any monies deposited into a disgorgement fund or other fundpursuant to section 308(b) of the Sarbanes- Oxley Act of 2002 (15 U.S.C.7246(b)), as a result of such action or any settlement of such action.‘‘(5) RELATED ACTION.—The term ‘related action’, when used withrespect to any judicial or administrative action brought by theCommission under the securities laws, means any judicial oradministrative action brought by an entity described in subclauses (I)through (IV) of subsection (h)(2)(D)(i) that is based upon the originalinformation provided by a whistleblower pursuant to subsection (a) thatled to the successful enforcement of the Commission action.‘‘(6) WHISTLEBLOWER.—The term ‘whistleblower’ means anyindividual who provides, or 2 or more individuals acting jointly whoprovide, information relating to a violation of the securities laws to theCommission, in a manner established, by rule or regulation, by theCommission.‘‘(b) AWARDS.—‘‘(1) IN GENERAL.—In any covered judicial or administrative action,or related action, the Commission, under regulations prescribed by theCommission and subject to subsection (c), shall pay an award or awardsto 1 or more whistleblowers who voluntarily provided originalinformation to the Commission that led to the successful enforcement ofthe covered judicial or administrative action, or related action, in anaggregate amount equal to—‘‘(A) not less than 10 percent, in total, of what has been collected of themonetary sanctions imposed in the action or related actions; and‘‘(B) not more than 30 percent, in total, of what has been collected of themonetary sanctions imposed in the action or related actions. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  10. 10. P a g e | 10‘‘(2) PAYMENT OF AWARDS.—Any amount paid under paragraph (1)shall be paid from the Fund.‘‘(c) DETERMINATION OF AMOUNT OF AWARD; DENIAL OFAWARD.—‘‘(1) DETERMINATION OF AMOUNT OF AWARD.—‘‘(A) DISCRETION.—The determination of the amount of an awardmade under subsection (b) shall be in the discretion of the Commission.‘‘(B) CRITERIA.—In determining the amount of an award made undersubsection (b), the Commission—‘‘(i) shall take into consideration—‘‘(I) the significance of the information provided by the whistleblower tothe success of the covered judicial or administrative action;‘‘(II) the degree of assistance provided by the whistleblower and anylegal representative of the whistleblower in a covered judicial oradministrative action;‘‘(III) the programmatic interest of the Commission in deterringviolations of the securities laws by making awards to whistleblowers whoprovide information that lead to the successful enforcement of such laws;and‘‘(IV) such additional relevant factors as the Commission may establishby rule or regulation; and‘‘(ii) shall not take into consideration the balance of the Fund.‘‘(2) DENIAL OF AWARD.—No award under subsection (b) shall bemade—‘‘(A) to any whistleblower who is, or was at the time the whistlebloweracquired the original information submitted to the Commission, amember, officer, or employee of— _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  11. 11. P a g e | 11‘‘(i) an appropriate regulatory agency;‘‘(ii) the Department of Justice;‘‘(iii) a self-regulatory organization;‘‘(iv) the Public Company Accounting Oversight Board; or‘‘(v) a law enforcement organization;‘‘(B) to any whistleblower who is convicted of a criminal violation relatedto the judicial or administrative action for which the whistleblowerotherwise could receive an award under this section;‘‘(C) to any whistleblower who gains the information through theperformance of an audit of financial statements required under thesecurities laws and for whom such submission would be contrary to therequirements of section 10A of the Securities Exchange Act of 1934 (15U.S.C. 78j–1); or‘‘(D) to any whistleblower who fails to submit information to theCommission in such form as the Commission may, by rule, require.‘‘(d) REPRESENTATION.—‘‘(1) PERMITTED REPRESENTATION.—Any whistleblower whomakes a claim for an award under subsection (b) may be represented bycounsel.‘‘(2) REQUIRED REPRESENTATION.—‘‘(A) IN GENERAL.—Any whistleblower who anonymously makes aclaim for an award under subsection (b) shall be represented by counselif the whistleblower anonymously submits the information upon whichthe claim is based. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  12. 12. P a g e | 12‘‘(B) DISCLOSURE OF IDENTITY.—Prior to the payment of anaward, a whistleblower shall disclose the identity of the whistleblowerand provide such other information as the Commission may require,directly or through counsel for the whistleblower.‘‘(e) NO CONTRACT NECESSARY.—No contract with theCommission is necessary for any whistleblower to receive an awardunder subsection (b), unless otherwise required by the Commission byrule or regulation.‘‘(f) APPEALS.—Any determination made under this section, includingwhether, to whom, or in what amount to make awards, shall be in thediscretion of the Commission.Any such determination, except the determination of the amount of anaward if the award was made in accordance with subsection (b), may beappealed to the appropriate court of appeals of the United States notmore than 30 days after the determination is issued by the Commission.The court shall review the determination made by the Commission inaccordance with section 706 of title 5, United States Code.‘‘(g) INVESTOR PROTECTION FUND.—‘‘(1) FUND ESTABLISHED.—There is established in the Treasury ofthe United States a fund to be known as the ‘Securities and ExchangeCommission Investor Protection Fund’.‘‘(2) USE OF FUND.—The Fund shall be available to the Commission,without further appropriation or fiscal year limitation, for—‘‘(A) paying awards to whistleblowers as provided in subsection (b); and‘‘(B) funding the activities of the Inspector General of the Commissionunder section 4(i).‘‘(3) DEPOSITS AND CREDITS.— _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  13. 13. P a g e | 13‘‘(A) IN GENERAL.—There shall be deposited into or credited to theFund an amount equal to—‘‘(i) any monetary sanction collected by the Commission in any judicialor administrative action brought by the Commission under the securitieslaws that is not added to a disgorgement fund or other fund undersection 308 of the Sarbanes-Oxley Act of 2002 (15 U.S.C. 7246) orotherwise distributed to victims of a violation of the securities laws, orthe rules and regulations thereunder, underlying such action, unless thebalance of the Fund at the time the monetary sanction is collectedexceeds $300,000,000;‘‘(ii) any monetary sanction added to a disgorgement fund or other fundunder section 308 of the Sarbanes-Oxley Act of 2002 (15 U.S.C. 7246) thatis not distributed to the victims for whom the Fund was established,unless the balance of the disgorgement fund at the time thedetermination is made not to distribute the monetary sanction to suchvictims exceeds $200,000,000; and‘‘(iii) all income from investments made under paragraph (4).‘‘(B) ADDITIONAL AMOUNTS.—If the amounts deposited into orcredited to the Fund under subparagraph (A) are not sufficient to satisfyan award made under subsection (b), there shall be deposited into orcredited to the Fund an amount equal to the unsatisfied portion of theaward from any monetary sanction collected by the Commission in thecovered judicial or administrative action on which the award is based.‘‘(4) INVESTMENTS.—‘‘(A) AMOUNTS IN FUND MAY BE INVESTED.—The Commissionmay request the Secretary of the Treasury to invest the portion of theFund that is not, in the discretion of the Commission, required to meetthe current needs of the Fund.‘‘(B) ELIGIBLE INVESTMENTS.—Investments shall be made by theSecretary of the Treasury in obligations of the United States or _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  14. 14. P a g e | 14obligations that are guaranteed as to principal and interest by the UnitedStates, with maturities suitable to the needs of the Fund as determinedby the Commission on the record.‘‘(C) INTEREST AND PROCEEDS CREDITED.—The interest on,and the proceeds from the sale or redemption of, any obligations held inthe Fund shall be credited to the Fund.‘‘(5) REPORTS TO CONGRESS.—Not later than October 30 of eachfiscal year beginning after the date of enactment of this subsection, theCommission shall submit to the Committee on Banking, Housing, andUrban Affairs of the Senate, and the Committee on Financial Services ofthe House of Representatives a report on—‘‘(A) the whistleblower award program, established under this section,including—‘‘(i) a description of the number of awards granted; and‘‘(ii) the types of cases in which awards were granted during thepreceding fiscal year;‘‘(B) the balance of the Fund at the beginning of the preceding fiscalyear;‘‘(C) the amounts deposited into or credited to the Fund during thepreceding fiscal year;‘‘(D) the amount of earnings on investments made under paragraph (4)during the preceding fiscal year;‘‘(E) the amount paid from the Fund during the preceding fiscal year towhistleblowers pursuant to subsection (b);‘‘(F) the balance of the Fund at the end of the preceding fiscal year; and‘‘(G) a complete set of audited financial statements, including— _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  15. 15. P a g e | 15‘‘(i) a balance sheet;‘‘(ii) income statement; and‘‘(iii) cash flow analysis.‘‘(h) PROTECTION OF WHISTLEBLOWERS.—‘‘(1) PROHIBITION AGAINST RETALIATION.—‘‘(A) IN GENERAL.—No employer may discharge, demote, suspend,threaten, harass, directly or indirectly, or in any other mannerdiscriminate against, a whistleblower in the terms and conditions ofemployment because of any lawful act done by the whistleblower—‘‘(i) in providing information to the Commission in accordance with thissection;‘‘(ii) in initiating, testifying in, or assisting in any investigation orjudicial or administrative action of the Commission based upon orrelated to such information; or‘‘(iii) in making disclosures that are required or protected under theSarbanes-Oxley Act of 2002 (15 U.S.C. 7201 et seq.), the SecuritiesExchange Act of 1934 (15 U.S.C. 78a et seq.), including section 10A(m) ofsuch Act (15 U.S.C. 78f(m)), section 1513(e) of title 18, United StatesCode, and any other law, rule, or regulation subject to the jurisdiction ofthe Commission.‘‘(B) ENFORCEMENT.—‘‘(i) CAUSE OF ACTION.—An individual who alleges discharge orother discrimination in violation of subparagraph (A) may bring anaction under this subsection in the appropriate district court of theUnited States for the relief provided in subparagraph (C). _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  16. 16. P a g e | 16‘‘(ii) SUBPOENAS.—A subpoena requiring the attendance of a witnessat a trial or hearing conducted under this section may be served at anyplace in the United States.‘‘(iii) STATUTE OF LIMITATIONS.—‘‘(I) IN GENERAL.—An action under this subsection may not bebrought—‘‘(aa) more than 6 years after the date on which the violation ofsubparagraph (A) occurred; or‘‘(bb) more than 3 years after the date when facts material to the right ofaction are known or reasonably should have been known by theemployee alleging a violation of subparagraph (A).‘‘(II) REQUIRED ACTION WITHIN 10 YEARS.—Notwithstandingsubclause (I), an action under this subsection may not in anycircumstance be brought more than 10 years after the date on which theviolation occurs.‘‘(C) RELIEF.—Relief for an individual prevailing in an action broughtunder subparagraph (B) shall include—‘‘(i) reinstatement with the same seniority status that the individualwould have had, but for the discrimination;‘‘(ii) 2 times the amount of back pay otherwise owed to the individual,with interest; and‘‘(iii) compensation for litigation costs, expert witness fees, andreasonable attorneys’ fees.‘‘(2) CONFIDENTIALITY.—‘‘(A) IN GENERAL.—Except as provided in subparagraphs (B) and(C), the Commission and any officer or employee of the Commission _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  17. 17. P a g e | 17shall not disclose any information, including information provided by awhistleblower to the Commission, which could reasonably be expectedto reveal the identity of a whistleblower, except in accordance with theprovisions of section 552a of title 5, United States Code, unless and untilrequired to be disclosed to a defendant or respondent in connection witha public proceeding instituted by the Commission or any entitydescribed in subparagraph (C).For purposes of section 552 of title 5, United States Code, this paragraphshall be considered a statute described in subsection (b)(3)(B) of suchsection.‘‘(B) EXEMPTED STATUTE.—For purposes of section 552 of title 5,United States Code, this paragraph shall be considered a statutedescribed in subsection (b)(3)(B) of such section 552.‘‘(C) RULE OF CONSTRUCTION.—Nothing in this section isintended to limit, or shall be construed to limit, the ability of theAttorney General to present such evidence to a grand jury or to sharesuch evidence with potential witnesses or defendants in the course of anongoing criminal investigation.‘‘(D) AVAILABILITY TO GOVERNMENT AGENCIES.—‘‘(i) IN GENERAL.—Without the loss of its status as confidential in thehands of the Commission, all information referred to in subparagraph(A) may, in the discretion of the Commission, when determined by theCommission to be necessary to accomplish the purposes of this Act andto protect investors, be made available to—‘‘(I) the Attorney General of the United States;‘‘(II) an appropriate regulatory authority;‘‘(III) a self-regulatory organization; _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  18. 18. P a g e | 18‘‘(IV) a State attorney general in connection with any criminalinvestigation;‘‘(V) any appropriate State regulatory authority;‘‘(VI) the Public Company Accounting Oversight Board;‘‘(VII) a foreign securities authority; and‘‘(VIII) a foreign law enforcement authority.‘‘(ii) CONFIDENTIALITY.—‘‘(I) IN GENERAL.—Each of the entities described in subclauses (I)through (VI) of clause (i) shall maintain such information as confidentialin accordance with the requirements established under subparagraph(A).‘‘(II) FOREIGN AUTHORITIES.—Each of the entities described insubclauses (VII) and (VIII) of clause (i) shall maintain such informationin accordance with such assurances of confidentiality as the Commissiondetermines appropriate.‘‘(3) RIGHTS RETAINED.—Nothing in this section shall be deemed todiminish the rights, privileges, or remedies of any whistleblower underany Federal or State law, or under any collective bargaining agreement.‘‘(i) PROVISION OF FALSE INFORMATION.—A whistleblower shallnot be entitled to an award under this section if the whistleblower—‘‘(1) knowingly and willfully makes any false, fictitious, or fraudulentstatement or representation; or‘‘(2) uses any false writing or document knowing the writing ordocument contains any false, fictitious, or fraudulent statement or entry. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  19. 19. P a g e | 19‘‘(j) RULEMAKING AUTHORITY.—The Commission shall have theauthority to issue such rules and regulations as may be necessary orappropriate to implement the provisions of this section consistent withthe purposes of this section.’’.(b) PROTECTION FOR EMPLOYEES OF NATIONALLYRECOGNIZED STATISTICAL RATING ORGANIZATIONS.—Section 1514A(a) of title 18, United States Code, is amended—(1) by inserting ‘‘or nationally recognized statistical rating organization(as defined in section 3(a) of the Securities Exchange Act of 1934 (15U.S.C. 78c),’’ after ‘‘78o(d)),’’; and(2) by inserting ‘‘or nationally recognized statistical rating organization’’after ‘‘such company’’.(c) SECTION 1514A OF TITLE 18, UNITED STATES CODE.—(1) STATUTE OF LIMITATIONS; JURY TRIAL.—Section 1514A(b)(2)of title 18, United States Code, is amended—(A) in subparagraph (D)—(i) by striking ‘‘90’’ and inserting ‘‘180’’; and(ii) by striking the period at the end and inserting ‘‘, or after the date onwhich the employee became aware of the violation.’’; and(B) by adding at the end the following:‘‘(E) JURY TRIAL.—A party to an action brought under paragraph(1)(B) shall be entitled to trial by jury.’’.(2) PRIVATE SECURITIES LITIGATION WITNESSES;NONENFORCEABILITY; INFORMATION.—Section 1514A of title18, United States Code, is amended by adding at the end the following: _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  20. 20. P a g e | 20‘‘(e) NONENFORCEABILITY OF CERTAIN PROVISIONSWAIVING RIGHTS AND REMEDIES OR REQUIRINGARBITRATION OF DISPUTES.—‘‘(1) WAIVER OF RIGHTS AND REMEDIES.—The rights andremedies provided for in this section may not be waived by anyagreement, policy form, or condition of employment, including by apredispute arbitration agreement.‘‘(2) PREDISPUTE ARBITRATION AGREEMENTS.—No predisputearbitration agreement shall be valid or enforceable, if the agreementrequires arbitration of a dispute arising under this section.’’.(d) STUDY OF WHISTLEBLOWER PROTECTION PROGRAM.—(1) STUDY.—The Inspector General of the Commission shall conduct astudy of the whistleblower protections established under theamendments made by this section, including—(A) whether the final rules and regulation issued under the amendmentsmade by this section have made the whistleblower protection program(referred to in this subsection as the ‘‘program’’) clearly defined anduser-friendly;(B) whether the program is promoted on the website of the Commissionand has been widely publicized;(C) whether the Commission is prompt in—(i) responding to—(I) information provided by whistleblowers; and(II) applications for awards filed by whistleblowers;(ii) updating whistleblowers about the status of their applications; and _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  21. 21. P a g e | 21(iii) otherwise communicating with the interested parties;(D) whether the minimum and maximum reward levels are adequate toentice whistleblowers to come forward with information and whether thereward levels are so high as to encourage illegitimate whistleblowerclaims;(E) whether the appeals process has been unduly burdensome for theCommission;(F) whether the funding mechanism for the Investor Protection Fund isadequate;(G) whether, in the interest of protecting investors and identifying andpreventing fraud, it would be useful for Congress to considerempowering whistleblowers or other individuals, who have alreadyattempted to pursue the case through the Commission, to have a privateright of action to bring suit based on the facts of the same case, onbehalf of the Government and themselves, against persons who havecommittee securities fraud;(H)(i) whether the exemption under section 552(b)(3) of title 5 (knownas the Freedom of Information Act) established in section 21F(h)(2)(A)of the Securities Exchange Act of 1934, as added by this Act, aidswhistleblowers in disclosing information to the Commission;(ii) what impact the exemption described in clause (i) has had on theability of the public to access information about the regulation andenforcement by the Commission of securities; and(iii) any recommendations on whether the exemption described in clause(i) should remain in effect; and(I) such other matters as the Inspector General deems appropriate.(2) REPORT.—Not later than 30 months after the date of enactment ofthis Act, the Inspector General shall— _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  22. 22. P a g e | 22(A) submit a report on the findings of the study required underparagraph (1) to the Committee on Banking, Housing, and Urban Affairsof the Senate and the Committee on Financial Services of the House;and(B) make the report described in subparagraph (A) available to thepublic through publication of the report on the website of theCommission. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  23. 23. P a g e | 23The 12 most important definitions in the Sarbanes Oxley Act1. Appropriate state regulatory authorityIt means the State agency or other authority responsible for the licensureor other regulation of the practice of accounting in the State or Stateshaving jurisdiction over a registered public accounting firm or associatedperson thereof, with respect to the matter in question.2. AuditIt is an examination of the financial statements of any issuer by anindependent public accounting firm in accordance with the rules of theBoard or the Commission for the purpose of expressing an opinion onsuch statements.3. Audit committeeIt is:A. A committee (or equivalent body) established by and amongst theboard of directors of an issuer for the purpose of overseeing theaccounting and financial reporting processes of the issuer and audits ofthe financial statements of the issuer; andB. If no such committee exists with respect to an issuer, the entire boardof directors of the issuer.4. Audit reportIt means a document or other record:A. Prepared following an audit performed for purposes of compliance byan issuer with the requirements of the securities laws; andB. In which a public accounting firm either - - Sets forth the opinion of that firm regarding a financialstatement, report, or other document; or- Asserts that no such opinion can be expressed. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  24. 24. P a g e | 245. BoardIt means the Public Company Accounting Oversight Board establishedunder section 101.6. CommissionIt means the Securities and Exchange Commission (SEC).7. IssuerIt means an issuer (as defined in section 3 of the Securities ExchangeAct of 1934), the securities of which are registered under section 12 ofthat Act, or that is required to file reports under section 15(d), or thatfiles or has filed a registration statement that has not yet becomeeffective under the Securities Act of 1933, and that it has not withdrawn.8. Non-audit servicesIt means any professional services provided to an issuer by a registeredpublic accounting firm, other than those provided to an issuer inconnection with an audit or a review of the financial statements of anissuer.9. Person associated with a public accounting firmA. In general. The terms "person associated with a public accountingfirm" (or with a "registered public accounting firm") and "associatedperson of a public accounting firm" (or of a "registered publicaccounting firm") mean any individual proprietor, partner, shareholder,principal, accountant, or other professional employee of a publicaccounting firm, or any other independent contractor or entity that, inconnection with the preparation or issuance of any audit report-- - Shares in the profits of, or receives compensation in any otherform from, that firm; or - Participates as agent or otherwise on behalf of suchaccounting firm in any activity of that firm.B. Exemption authority. The Board may, by rule, exempt persons _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  25. 25. P a g e | 25engaged only in ministerial tasks from the definition in subparagraph(A), to the extent that the Board determines that any such exemption isconsistent with the purposes of this Act, the public interest, or theprotection of investors.10. Professional standardsIt means—A. Accounting principles that are--- Established by the standard setting body described in section19(b) of the Securities Act of 1933, as amended by this Act, orprescribed by the Commission under section 19(a) of that Act orsection 13(b) of the Securities Exchange Act of 1934; and- Relevant to audit reports for particular issuers, or dealt with in thequality control system of a particular registered public accountingfirm; andB. Auditing standards, standards for attestation engagements, qualitycontrol policies and procedures, ethical and competency standards, andindependence standards (including rules implementing title II) that theBoard or the Commission determines--- Relate to the preparation or issuance of audit reports for issuers;and- Are established or adopted by the Board under section 103(a), orare promulgated as rules of the Commission.11. Public accounting firmIt means:A. A proprietorship, partnership, incorporated association, corporation,limited liability company, limited liability partnership, or other legalentity that is engaged in the practice of public accounting or preparing _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  26. 26. P a g e | 26or issuing audit reports; andB. To the extent so designated by the rules of the Board, any associatedperson of any entity described in subparagraph (A).Registered public accounting firm is a public accounting firm registeredwith the Board in accordance with this Act.12. Rules of the boardIt means the bylaws and rules of the Board (as submitted to, andapproved, modified, or amended by the Commission, in accordance withsection 107), and those stated policies, practices, and interpretations ofthe Board that the Commission, by rule, may deem to be rules of theBoard, as necessary or appropriate in the public interest or for theprotection of investors. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  27. 27. P a g e | 27Dodd Frank Act, SEC. 989G.EXEMPTION FOR NONACCELERATED FILERS.(a) EXEMPTION.—Section 404 of the Sarbanes-Oxley Act of 2002 isamended by adding at the end the following:“(c) EXEMPTION FOR SMALLER ISSUERS.—Subsection (b) shallnot apply with respect to any audit report prepared for an issuer that isneither a “large accelerated filer” nor an “accelerated filer” as thoseterms are defined in Rule 12b–2 of the Commission (17 C.F.R. 240.12b–2).”(b) STUDY.—The Securities and Exchange Commission shall conduct astudy to determine how the Commission could reduce the burden ofcomplying with section 404(b) of the Sarbanes-Oxley Act of 2002 forcompanies whose market capitalization is between $75,000,000 and$250,000,000 for the relevant reporting period while maintaining investorprotections for such companies.The study shall also consider whether any such methods of reducing thecompliance burden or a complete exemption for such companies fromcompliance with such section would encourage companies to list onexchanges in the United States in their initial public offerings.Not later than 9 months after the date of the enactment of this subtitle,the Commission shall transmit a report of such study to Congress. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  28. 28. P a g e | 28Internal Controls, the Sarbanes Oxley Act and the Dodd FrankActEffective internal control over financial reporting is intended to providereasonable assurance about the reliability of a companys financialstatements and the process of preparation of those statements. Until thissummer, all this had to do with Section 404 of the Sarbanes-Oxley Act.After July 2010, we have to speak about "Section 404 of the Sarbanes-Oxley Act, as amended by the Dodd-Frank Act".It requires management of all companies to assess and report on theeffectiveness of the companys internal control over its financialreporting.The law also requires that independent auditors for larger companiesattest to managements disclosures about the effectiveness of thatinternal control.Under the amendments to Sarbanes Oxley by the Dodd-Frank Act,certain smaller companies, known as "non-accelerated filers," areexempted from the requirement for an external audit of internal controlover financial reporting.However, these smaller companies, which typically have common equityheld by non-insiders of less than $75 million, must still provide annuallymanagement’s assessment of internal controls.We use the term “non-accelerated filer” to refer to a reporting companythat does not meet the definition of either an “accelerated filer” or a“large accelerated filer” under Exchange Act Rule 12b-2.Under Exchange Act Rule 12b-2, an accelerated filer is an issuer that“had an aggregate worldwide market value of the voting and non-votingcommon equity held by its non-affiliates of $75 million or more, but lessthan $700 million, as of the last business day of the issuer’s most recentlycompleted second fiscal quarter. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  29. 29. P a g e | 29A large accelerated filer is an issuer that “had an aggregate worldwidemarket value of the voting and non-voting common equity held by itsnon-affiliates of $700 million or more, as of the last business day of theissuer’s most recently completed second fiscal quarter”.In addition, for both definitions, the issuer needs to have been subject toreporting requirements for at least twelve calendar months, have filed atleast one annual report, and not be eligible to use the requirements forsmaller reporting companies for its annual and quarterly reports.Securities and Exchange Commission, final rule.The Securities and Exchange Commission (“Commission”) is adoptingamendments to its rules and forms to conform them to Section 404(c) ofthe Sarbanes-Oxley Act of 2002 (the “Sarbanes-Oxley Act”), as added bySection 989G of the Dodd-Frank Wall Street Reform and ConsumerProtection Act (the “Dodd-Frank Act”).Section 404(c) provides that Section 404(b) of the Sarbanes-Oxley Actshall not apply with respect to any audit report prepared for an issuerthat is neither an accelerated filer nor a large accelerated filer as definedin Rule 12b-2 under the Securities Exchange Act of 1934 (the “ExchangeAct”).The Commission is adopting amendments to its rules and forms toconform them to new Section 404(c) of the Sarbanes-Oxley Act, as addedby Section 989G of the Dodd-Frank Act.Section 404(c) provides that Section 404(b) of the Sarbanes-Oxley Actshall not apply with respect to any audit report prepared for an issuerthat is neither an accelerated filer nor a large accelerated filer as definedin Rule 12b-29 under the Exchange Act.Prior to enactment of the Dodd-Frank Act, a non-accelerated filer wouldhave been required, under existing Commission rules, to include anattestation report of its registered public accounting firm on internal _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  30. 30. P a g e | 30control over financial reporting in the filer’s annual report filed with theCommission for fiscal years ending on or after June 15, 2010.[Consistent with Sections 404(a) and 404(b) of the Sarbanes-Oxley Act,on June 5, 2003, the Commission adopted initial amendments to its rulesand forms requiring companies, other than registered investmentcompanies, to include in their annual reports filed with the Commissiona report of management and an accompanying auditor’s attestationreport on the effectiveness of the company’s internal control overfinancial reporting.Subsequent to the adoption of those rules, the Commission postponedthe Section 404(b) auditor attestation requirement for non-acceleratedfilers, such that the auditor’s attestation report for these filers would havefirst been required for annual reports filed with the Commission for fiscalyears ending on or after June 15, 2010.The amendments in this Release will not affect the transition rulesapplicable for non-accelerated filers with fiscal years ending prior to June15, 2010.]To conform the Commission’s rules to Section 404(c) of the Sarbanes-Oxley Act, these amendments remove the requirement for a non-accelerated filer to include in its annual report an attestation report of thefiler’s registered public accounting firm.We are also adopting a conforming change to our rules concerningmanagement’s disclosure in the annual report regarding inclusion of anattestation report to provide that the disclosure only applies if anattestation report is included.Lastly, we are making a conforming change to Rule 2-02(f) of RegulationS-X to clarify that an auditor of a non-accelerated filer need not includein its audit report an assessment of the issuer’s internal control overfinancial reporting. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  31. 31. P a g e | 31All issuers, including non-accelerated filers, continue to be subject to therequirements of Section 404(a) of the Sarbanes-Oxley Act. Section 404(a)and its implementing rules require that an issuer’s annual report includea report of management on the issuer’s internal control over financialreporting.PROCEDURAL AND OTHER MATTERSUnder the Administrative Procedure Act, a notice of proposedrulemaking is not required when the agency, for good cause, finds thatnotice and public comment are impracticable, unnecessary, or contraryto the public interest.These amendments merely conform certain rules and forms to a newlyenacted statute, Section 404(c) of the Sarbanes-Oxley Act, as amendedby the Dodd-Frank Act, so the Commission finds that it is unnecessaryto publish notice of these amendments.These amendments revise the Commission’s rules and forms to makethem consistent with the internal control reporting requirements for non-accelerated filers in the Sarbanes-Oxley Act, as amended by the Dodd-Frank Act, and should therefore minimize potential confusion of issuersand investors.The Administrative Procedure Act also requires publication of a rule atleast 30 days before its effective date unless the agency finds otherwisefor good cause.The Commission is taking this action to implement the Dodd-Frank Act.Thus, any costs and benefits to the economy resulting from theseamendments are mandated by the Dodd-Frank Act. Section 23(a)(2) ofthe Exchange Act requires the Commission, in adopting rules under theExchange Act, to consider the competitive effects of such rules, if any,and to refrain from adopting a rule that would impose a burden oncompetition not necessary or appropriate in furtherance of the purposesof the Exchange Act. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  32. 32. P a g e | 32Section 3(f) of the Exchange Act requires the Commission, whenever itengages in rulemaking and must consider or determine if an action isnecessary or appropriate in the public interest, to consider if the actionwill promote efficiency, competition, and capital formation.We do not anticipate any competitive or capital formation effects fromthese amendments as they merely conform certain rules and forms tonew Section 404(c) of the Sarbanes-Oxley Act.We do not anticipate that these conforming amendments will imposeany costs, and they may promote efficiency by eliminating potentialconfusion that may otherwise result from a discrepancy between ourrules and the statute. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  33. 33. P a g e | 33OFFICE OF ECONOMIC ANALYSISUNITED STATES SECURITIES AND EXCHANGE COMMISSIONStudy of the Sarbanes-Oxley Act of 2002 Section 404Internal Control over Financial Reporting RequirementsExecutive SummaryThe Public Company Accounting Reform and Investor Protection Act,otherwise known as the Sarbanes-Oxley Act (the “Act”), was enacted inJuly 2002 after a series of high-profile corporate scandals involvingcompanies such as Enron and Worldcom.Section 404(a) of the Act requires management to assess and report onthe effectiveness of internal control over financial reporting (“ICFR”).Section 404(b) requires that an independent auditor attest tomanagement’s assessment of the effectiveness of those internal controls.Because the cost of complying with the requirements of Section 404 ofthe Act (“Section 404”) has been generally viewed as being unexpectedlyhigh, efforts to reduce the costs while retaining the effectiveness ofcompliance resulted in a series of reforms in 2007.This report presents an analysis of data from publicly traded companiescollected from an SEC-sponsored Web survey of financial executives ofcompanies with Section 404 experience conducted during December2008 and January 2009.The analysis of the survey data is designed to inform the Commissionand other interested parties as to whether changes occurring since 2007are having the intended effect of facilitating more cost-effective internalcontrols evaluations and audits, especially as they may apply to smallerreporting companies.The findings of the analysis relating to efficiency include evidence on thetotal and component compliance costs, the changes in costs over time, _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  34. 34. P a g e | 34and the factors that help to explain why costs are lower or higher forsome companies than for others.These findings include evidence of direct and indirect effects thatmanagement ascribes to Section 404 compliance, including evidence onintended benefits.The 2007 reforms that are the focus of this inquiry include the SEC’sJune 2007 Management Guidance and its order approving the PublicCompany Accounting Oversight Board’s (PCAOB) Accounting StandardNo. 5 (AS5) (collectively referred to as the “2007 reforms”).We are primarily interested in whether and how companies’ experiencewith Section 404(b) compliance changed following the reforms, yet thisreport also presents evidence on the implementation of both Section404(a) and Section 404(b).This reflects the interrelationship between the two requirements.The survey was open to all reporting companies with relevant experiencein complying with Section 404, recognizing that only large acceleratedfilers and accelerated filers are currently required to comply with bothSection 404(a) and Section 404(b) and, thus, have information on theoverall cost of compliance with these sections.These experienced filers that responded to the survey tend to have publicfloat in excess of $75 million, which is large compared to that of non-accelerated filers that are not yet required to comply with Section 404(b).The evidence on the experiences of larger companies may be useful inevaluating the extent to which additional improvements to theimplementation of Section 404(b) should be undertaken before itbecomes applicable to non-accelerated filers.Notwithstanding, it is important to highlight that the analysis in thisreport is not designed to provide compliance cost estimates for _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  35. 35. P a g e | 35companies that have yet to comply with the relevant requirements ofSection 404.The general conclusion from the analysis of survey data is thatcompliance costs vary with company size (increasing with size),compliance history (decreasing with increased compliance experience),and compliance regime (lower after the 2007 reforms).Larger companies tend to incur higher compliance costs in dollar terms(“absolute cost”), while smaller companies report higher costs as afraction of asset value (“scaled cost”).The evidence suggests that companies bear some fixed start-up costs ofcompliance that are not scalable. Some of these costs are recurring fixedcosts, while others are one-time start-up costs borne in the first years ofcompliance that tend to dissipate over time.For companies complying with both parts of Section 404, the cost ofcomplying with Section 404(b) is reportedly similar to the incrementalcost of complying with Section 404(a) alone.The resource requirements of Section 404(a) and Section 404(b)compliance are quite different, however.The Section 404(a) cost is borne through increased internal labor andoutside vendor expenses, while the Section 404(b) cost is experiencedprimarily through increased independent-auditor fees, according to thesurvey evidence.The evidence also indicates that there is an economically andstatistically significant reduction in Section 404 compliance costsfollowing the 2007 reforms.This reduction is most pronounced among larger companies.More than half of survey participants (henceforth also referred to as“respondents”) who answered explicit questions about the effects of the _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  36. 36. P a g e | 362007 reforms report that the reforms led to a decrease in compliancecosts, consistent with the objectives of the reform and the reported costreductions.Nearly all respondents indicated that they relied on the ManagementGuidance and, of those, a majority found it to be useful.As a result of the Management Guidance, there has been a shift of effortamong smaller companies toward evaluating the effectiveness of ICFRand away from the tasks of identifying risks to the company’s financialreporting and identifying controls that address identified risks.These respondents, however, had a less favorable response to a questionabout the SEC’s responsiveness to concerns about compliance costs.The Web survey also included questions about respondents’ perceptionsof other potential effects of Section 404 compliance, including potentialbeneficial effects. Respondents ascribe some beneficial effects to Section404 compliance.In particular, respondents were more likely to report direct benefits ofcompliance with Section 404 rules (i.e., improvements directly related toa company’s financial reporting process, such as the quality of thecompany’s ICFR), rather than indirect benefits of compliance (i.e.,improvements indirectly related to a company’s financial reportingprocess, such as the company’s ability to raise capital).Respondents from larger companies and Section 404(b) companies tendto regard Section 404 compliance more favorably than those from theircounterparts in almost every respect.Before turning to a more detailed outline of findings, it will be useful toprovide some background on the size and compliance categories of thecompanies that are the subject of the study. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  37. 37. P a g e | 37Throughout the analysis, respondents are partitioned based on the sizeof their company using the size thresholds that parallel the SEC’sreporting thresholds.Under SEC regulations— typically—non-accelerated filers have publicfloat of less than $75 million; accelerated filers have public float between$75 million and $700 million; and large accelerated filers have publicfloat of $700 million or more.The evidence on the costs and benefits of Section 404(b) compliance isalmost entirely from the last two groups, which are termed “large” and“medium/mid-sized” companies in this report, because “small”companies (with public float less than $75 million) were typically not yetrequired to comply with Section 404(b) at the time of the survey.Following previous research, in some instances, the analysis of smallercompanies focuses on those having a public float falling within a bandabove and below the $75 million threshold that distinguishes non-accelerated from accelerated filers.In addition, to separate the effects of Section 404(a) compliance fromthose of Section 404(b), when appropriate the analysis partitionscompanies that were compliant with both Sections 404(a) and 404(b) inthe relevant fiscal year (henceforth “Section 404(b) companies”) fromthose that are compliant with Section 404(a) only (henceforth “Section404(a)-only companies”).A more detailed presentation of findings as answers to the centralquestions of the report follows:Q1. How does the cost of complying with Section 404 vary acrosscompanies, and what factors influence a company’s compliance cost?The total cost of complying with Section 404 varies across companiesdepending on(1) The company’s size, _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  38. 38. P a g e | 38(2) Whether the company is complying with Section 404(a) only or alsowith Section 404(b),(3) The company’s experience in complying with Section 404(b), and(4) Whether compliance occurred before or after the 2007 reforms.Specifically, the absolute compliance cost in dollar terms tends toincrease with company size (measured by public float), but the costscaled by asset value tends to decline as company size increases.As one would expect, total compliance costs are typically larger forcompanies complying with Section 404(b) in addition to Section 404(a).Longer experience with Section 404(b) compliance, however, isassociated with a decrease in the typical reported costs (scaled bycompany assets).The cost of compliance tends to be lower after the 2007 reforms thanbefore and this decrease is most pronounced among larger companies.Q2. What is the observed trend in Section 404 compliance cost beforeand after the 2007 reforms?The Web survey collected response data on audit fees, outside vendorfees, non-labor costs, and internal labor hours. These cost componentswere aggregated using conservative assumptions in order to obtain adollar estimate of the total cost of compliance.The evidence generally indicates that the typical total compliance costshave decreased from the year prior compared to the one after the 2007reform and are expected to decrease further in the fiscal year in progressat the time of the survey.Among Section 404(b) companies, the mean total Section 404compliance cost drops significantly from $2.87 million pre-reform to _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  39. 39. P a g e | 39$2.33 million post-reform, representing a 19 percent decline in the totalcompliance cost.The compliance cost is expected to be lower still, with a mean cost of$2.03 million, representing a combined decline of 29 percent.When reporting compliance costs by size category, the mean totalcompliance cost decreases from $769,000 to $690,000 among filers withpublic float lower than $75 million, but this difference is not statisticallysignificant.The reduction in compliance costs is more pronounced among themedium and large companies that are already required to comply withSection 404(b).The medians reveal similar patterns for the typical company in oursample.The median total Section 404 compliance cost declines significantly from$1.19 million pre-reform to $1.04 million post-reform, a 13 percentdecline.The median expected cost for the fiscal year in progress is lower still, at$905,000, a combined decline of 24 percent relative to the pre-reformmedian cost.For non-accelerated filers, the median total compliance cost decreasedfrom $579,000 to $439,000, but, as with the means, the difference forthese companies is not statistically significant.When analyzing first-time compliance costs before and after the 2007reforms, the results are mixed and the mean decrease in total costs is notstatistically significant.In contrast, for companies in their second year of compliance withSection 404(b), both the mean and median compliance costs aresignificantly lower after the 2007 reforms than before. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  40. 40. P a g e | 40Meanwhile, among Section 404(a)-only companies, the mean total costalso decreased from $425,000 pre-reform to $336,000 post-reform, but thedifference is not statistically significant, and the median cost actuallyincreased from $111,000 to $162,000.Both the mean and the median, however, are expected to decrease forthe fiscal year in progress at the time of the survey.Q3. How do the component costs of complying with Section 404compare, and how have they changed since the 2007 reforms?For Section 404(b) compliant companies, the largest cost component isinternal labor costs— which can comprise more than 50 percent of thetotal compliance cost—followed by the estimated portion of total auditfees attributed to ICFR (404(b) audit fees), outside vendor fees, and non-labor cost.In general, every component cost declines after the reforms compared tothe year before, and is projected to decline further in the fiscal year inprogress.The most notable changes in the cost components between pre-reformand post-reform are observed in the outside vendor fees and the percentof the total audit fees attributable to ICFR.The mean outside vendor fee decreases by 29 percent from $438,000 pre-reform to $311,000. The median outside vendor fee decreases by 10percent from $100,000 to $90,000.Both differences are statistically significant, and the outside vendor feesare expected to decrease significantly to a mean cost of $222,000 andmedian cost of $55,000 in the fiscal year in progress at the time of thesurvey.The mean portion of the audit fee that respondents attributed to theICFR audit also decreases significantly by 21 percent from $821,000 to$652,000. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  41. 41. P a g e | 41This decline is expected to continue.Similarly, the median audit fee decreases by 13 percent from $358,000 to$311,000 and is expected to decrease to $275,000.Q4. What are the benefits of complying with Section 404, as reported bycompany executives, and how do they compare against the costs ofcompliance?The survey asked the respondents to comment on the impact of Section404 compliance on twelve characteristics relating to internal governanceand investor confidence, of which six were considered direct effects ofcompliance and the remaining six indirect effects of compliance.The respondents recognized Section 404 compliance as having a positiveimpact on various dimensions of the financial reporting process, butwere less inclined to recognize these improvements as affecting thecompanies’ dealings with other capital market participants.Furthermore, in an optional section of the survey, respondents providedtheir assessment of the cost-benefit trade-off of Section 404 compliance.The majority of respondents to this section perceive the trade-off to benegative to varying degrees.This perceived trade-off is more favorable among larger companies and,independently of size, improved following the 2007 reforms.Among the characteristics that are most widely reported benefiting fromSection 404 compliance is:- The quality of the respondent company’s internal control structure (73 percent)- The audit committee’s confidence in the company’s ICFR (71 percent) _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  42. 42. P a g e | 42- The quality of the company’s financial reporting (49 percent)- The company’s ability to prevent and detect fraud (48 percent)- The respondent’s confidence in the financial reports of other companies complying with Section 404 (40 percent).The majority of respondents recognize no effect of Section 404compliance on: the company’s ability to raise capital, investorconfidence in the company’s financial reports, the company’s overallfirm value, and the liquidity of the company’s common stock.Finally, the perceived effect of Section 404 compliance on the efficiencyof the operating and financial reporting processes and the timeliness ofthe company’s financial statement audit varies widely:While a majority of respondents perceive no effect on these dimensions,non-trivial portions of respondents recognize a negative effect—that is, areduction in the efficiency of the operating and financial reportingprocesses and/or the timeliness of financial statement audit.In the cross-section, larger companies were more likely to ascribepositive direct and indirect effects to Section 404 compliance than weresmaller companies.Q5. What are the reported benefits of Section 404 compliance from theperspective of financial statement users?In order to obtain a more complete picture of the effects of Section 404implementation, staff members from the SEC’s Office of the ChiefAccountant conducted separate in-depth phone interviews of a sample of30 users of financial statements—including lenders, securities analysts,credit rating agencies, and other investors.Although the sample is admittedly smaller than that of issuersparticipating in the survey, the evidence gathered is useful because it _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  43. 43. P a g e | 43provides the perspective of financial statement users on the effects ofSection 404 compliance.In general, financial statement users regard ICFR disclosures to bebeneficial and indicated that Section 404(a) and Section 404(b)compliance has had a positive impact on their confidence in thecompanies’ financial reports.The users generally indicate that Section 404 compliance leadsmanagement to better understand financial reporting risks, put in placeappropriate controls to address financial reporting risks, and addressinternal control deficiencies in a more timely fashion than in the absenceof the disclosure requirement.Although, users offer divergent opinions regarding the extent to whichdisclosures of material weakness affect their decision-making process,most agree that severe weaknesses that could take years to remediate arelikely to negatively affect their decision-making.Users tend not to perceive the benefits of Section 404 compliance to varywith the size of the reporting company.Instead, many indicate that these benefits depend on a company’scomplexity and industry affiliation.At the same time, the users agree that variations in compliancerequirements based on complexity and/or industry would likely beimpractical.Finally, most users indicate that the benefits they perceive from Section404 compliance have not changed substantially over time.This is an important finding since it indicates that the 2007 reforms,while intended to reduce certain duplicative efforts in conducting theevaluation of ICFR, did not at the same time change financial statementusers’ perception of the effectiveness of Section 404. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  44. 44. P a g e | 44Regarding the Section 404(b) requirement, the general consensus is thatthe auditor’s report on ICFR required under Section 404(b) provides anincremental benefit beyond the management’s report because manyrespondents perceive the audit requirement to provide necessarydiscipline to the reporting process.Although some users express the concern that ICFR evaluation maydivert management’s attention from other important areas of theirbusinesses, these respondents continued to believe that strong ICFR isnecessary and that financial statements need to be of high quality andreliable.Most users interviewed indicate that the process of compliance withSection 404 has become more efficient since the initial implementationin 2004 due to:(i) Reduction in the level of documentation,(ii) Improved communications between auditors and management,(iii) Increased use of professional judgment in scoping and testing,(iv) More focus on higher risk areas, and(v) Streamlining of audits subsequent to the first-time effort required bySection 404 compliance.Q6. In what ways have the Commission’s 2007 reforms affected thecompanies’ procedures of complying with Section 404?Nearly all respondents who completed an optional section of the surveyrequesting feedback on management’s Section 404(a) experienceresponded that they used Management Guidance and found it to beuseful. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  45. 45. P a g e | 45Those who responded indicate that both Management Guidance andAuditing Standard No. 5 have helped reduce the total cost ofcompliance, for companies in every size category.The respondents also indicate on average that Auditing Standard No. 5resulted in a small decrease in the time it takes to complete theindependent audit of ICFR.The perceived impact of AS5, however, varies with the size of thecompany and its experience with Section 404(b) compliance.Specifically, the perceived impact of AS5 on the time it takes to completethe independent audit of ICFR is significantly smaller among small filersand among companies with no previous experience with Section 404(b)compliance.When asked to compare the changes in activities associated withmanagement’s evaluation of ICFR, the respondents indicate a slightdecrease on average from pre-reform to post-reform in the number ofrisks subject to testing, the number of controls tested, but a slightincrease in the level of documentation, the use of management’sinteraction with controls as evidence, reliance on evidence gained fromself-assessment, and reliance on evidence from direct testing.Like much of the previous results, the responses varied significantlydepending on the respondents’ size.While smaller companies typically report an increase in everycomponent, the changes reported by medium and large filers are nothomogenous.Interestingly, however, the evidence suggests that the complianceprocess across companies of different size has become morehomogenous following the 2007 reforms.Finally, the survey evidence indicates that companies are increasinglystructuring their evaluations of ICFR with the intent of allowing the _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  46. 46. P a g e | 46independent auditor to rely on their internal work, which is consistentwith one of the goals of the 2007 reforms through Auditing Standard No.5.Some caveats about the analysis of Web survey data on Section 404implementationThere are a number of caveats to consider when interpreting theevidence presented in this study, some of which are due to the inherentnature of survey data, while others are the result of the particular contextin which the Section 404 survey takes place.First, most, if not all, analyses of survey data are affected to variousdegrees by the following potential difficulties:• Self-Selection Bias (i.e., Non-response Bias):Participation in survey research is generally voluntary.The process by which survey participants “select” to participate in asurvey can bias the inference based on survey data, if the participants’(self-) selection process is such that particular segments of thepopulation are systematically over- or under-represented.We conduct extensive analyses to test for the presence and the potentialseverity of the problem, particularly by investigating the extent to whichkey characteristics of the sample of respondents to the survey coincide ordiverge from those of the list of companies identified as the targetpopulation.We find that respondent companies are representative of the initial list ofpublic companies identified for this study, particularly among Section404(b) companies or within company size groups.We also find that the typical responses of voluntary participants in thesurvey are not significantly different from those of a randomly selected, _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  47. 47. P a g e | 47stratified sample of companies that were the target of follow-up efforts toinduce their participation.Overall, the evidence is consistent with the notion that the voluntarynature of the participation introduces no bias in the responses, at leastrelative to the separate treatment group where part of the decision toparticipate is a result of the follow-up effort.• Response Bias:If there are no penalties for misrepresentation and survey participantshave systematic incentives to be less than fully truthful, inference basedon survey data (or any other self-reported information that meets thosecriteria) may not be accurate.A similar problem arises when survey questions are designed to elicit theparticipant’s subjective perceptions on a particular subject and theparticipants’ views are systematically biased.The portion of survey data that we could independently verify (i.e., auditfees) indicates that the participants’ representations do not deviatesubstantially from what is reported in official SEC filings.Aside from this exercise, it is virtually impossible to assess the extent towhich the remaining survey data may not be accurate.The nature of the survey questions varies, with some questions focusingon quantifiable items (e.g., internal labor hours) and others ondirectional perceptions (e.g., assessment of the effect of Section 404 onthe quality of ICFR) and others still on directional/ordinal perceptions(e.g., assessment of the effect of AS5 on the amount of time it takes tocomplete the independent audit under Section 404(b)).The common element, however, is that these data cannot beindependently verified, either because companies are do not keep aseparate record of the figures provided (e.g., costs) or because the _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  48. 48. P a g e | 48information provided is based on the respondents’ perceptions which bytheir very nature are not verifiable.The analysis in this report provides a characterization of companies’experiences with Section 404 compliance that is based on surveyparticipants’ representations of their experiences.Other caveats are specific to the analysis presented in this report, as theydepend on the nature and timing of the survey.In particular:1. The number of respondents from Section 404(b) companies that arenon-accelerated filers and have usable data is relatively small —approximately 100 companies versus over 1,600 accelerated filers in themost recently completed fiscal year —and there are reasons to believethe experience of these companies may not extend to other non-accelerated filers that are yet to comply with Section 404(b).Specifically, non-accelerated Section 404(b) companies that participatedin the survey are either voluntary compliers or have been required tocomply in the past as accelerated filers and must continue to do sobecause their float has not dropped below $50 million since.To the extent that these factors affect companies’ experience withSection 404(b) compliance, one should be careful when extrapolating theresults to non-accelerated filers that are yet to comply.2. Non-accelerated filers were required to start complying with Section404(a) at the end of 2007—after the reforms.Yet, a number of non-accelerated filers responding to the survey reportedbearing Section 404 compliance costs prior to the reform.These respondents were contacted after the survey was closed to inquireabout the nature of the information provided. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  49. 49. P a g e | 49These respondents indicated that their company began complying withSection 404 requirements prior to the Commission’s publicannouncement that the compliance deadline had been extended and,thus, they viewed the resulting pre-reform costs reported in the survey asappropriately ascribed to Section 404(a) compliance.The analysis of non-accelerated filers’ experience prior to the reformsshould be interpreted with the caveat in mind that it may not berepresentative of what the typical non-accelerated filer would haveexperienced.3. The characteristics of the internal governance structure and financialreporting process are likely to be important determinants of thecompanies’ compliance experiences, including costs and benefits andthe nature of the audit services they obtain under Section 404(b).To the extent that accelerated and non-accelerated filers displaysignificant differences in these dimensions, it may not be appropriate toextrapolate the analysis of accelerated filers to non-accelerated filers.4. All the cost figures presented in this analysis are based on surveyrespondents’ characterization of the resources devoted to Section 404compliance.As such, the general caveats above apply. Moreover, there are someaspects specific to our analysis:a. All estimates presented in this report are based on non-auditednumbers based on the respondents’ perception provided in the survey.Moreover, the nature of the estimates is limited by the scope of thesurvey.b. There are reasons to question the ability of respondents to provide anaccurate breakdown of audit fees into Section 404(b) fees versus financialstatement audit fees. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  50. 50. P a g e | 50Auditors interviewed by the SEC’s OCA staff highlight this difficulty onthe basis that, for Section 404(b) companies, the two audits areintegrated and audit firms do not typically provide a breakdown of thefees.Based on conversations with issuers, however, it seems routine for themto request and obtain audit fee quotes that account for the incrementalauditor’s work under Section 404(b) requirements before the companybegins complying with this section of the Act.Thus, it is possible that respondents’ attribution of audit fees to Section404(b) may be inaccurate, to the extent that they are based on quotesprovided by auditors upon first-time compliance with this section andthat such a breakdown does not apply in subsequent years of compliancec. It is important to note that the estimates of internal labor costspresented in this report are based on an assumption about a reasonablehourly rate.The rate adopted for internal labor is $121 per hour, consistent with therate quoted as of September, 2008 for a junior accountant cited in areport on salaries prepared by the Securities Industry and FinancialMarkets Association (SIFMA), to which the Commission frequentlyrefers in its rulemakings.This is at the low end of cost estimates that are provided in the SIFMAreport for accounting and related services, and above the rate of$50/hour (or $100,000 for 2000 hours) that is assumed in a series ofFinancial Executives International (“FEI”) reports of survey findingsrelating to the costs of compliance with Section 404 that date back to2005.Although our assumed rate is within the range of reasonable estimatesfor evaluating the overall costs of compliance, it is not intended for usein estimating the cost to an individual company. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  51. 51. P a g e | 51We have provided information sufficient for determining how theinternal labor costs are affected by changes in the hourly rate—e.g.,doubling (halving) the rate to $242 ($60.5) per hour doubles (halves) theassociated labor costs— and by changes in internal labor hours, each ofwhich may vary across companies.d. Coates (2007), among others, highlights that implementation of theSarbanes-Oxley Act “created new incentives for firms to spend money oninternal controls” even where companies were required to invest suchresources under the previous regulatory regime.This observation is particularly relevant in the context of Section 404implementation.In particular, Section 13(b)(2) of the Exchange Act requires companiesto maintain effective ICFR, while Section 404 requires management toreport on the effectiveness of ICFR.By this reasoning, it is conceivable that Section 404 may have givenissuers incentives to spend more resources to meet the requirements ofthe Exchange Act, causing companies to bear “deferred maintenance”expenses to bring ICFR into compliance with those requirements.It is possible that survey participants include these costs in theirassessment of the incremental costs due to Section 404 compliance.Whether this is the correct measure of the incremental costs of Section404 compliance depends on the objective of the analysis.For example, issuers were required to be in compliance with Section13(b)(2) of the Exchange Act prior to SOX, so the ICFR maintenancecosts might not seem pertinent.From this perspective, Section 404 cost estimates that include the ICFRmaintenance expenses overestimate the cost of compliance with Section404—by including more than just the cost of reviewing ICFR andpreparing the mandated disclosures. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  52. 52. P a g e | 52 Alternatively, if the argument above is correct, in the sense thatcompanies systematically shirk in complying with the Exchange Actrequirements absent SOX, then the incremental economic cost ofSection 404 compliance should include the aforementioned maintenanceexpenses that would not be borne absent Section 404.Similarly, it is worth noting that a parallel logic applies to the benefits ofSection 404 compliance.That is, from an economic perspective, the incremental benefits ofSection 404 include the improvements in ICFR resulting from thedeferred maintenance that would not have occurred absent the newdisclosure requirements of Section 404.5. Participants in the survey provided their perceptions of the effects ofSection 404 compliance, both on the financial reporting process and theircompany’s interaction with capital market participants.The following caveats should be kept in mind for this part of theanalysis:a. The assessment of the benefits is qualitative in nature, given theintrinsic difficulty of quantifying the benefits of Section 404 compliancein monetary terms, and not directly comparable to the cost estimatesprovided by the same respondents.b. In addition to lack of comparability with cost estimates, the analysisof the survey responses about the benefits of compliance may be subjectto response bias.In particular, the response bias would seem to be especially relevantwhen participants provide their assessment of how Section 404compliance affects subjects outside the corporation (e.g., investors’confidence in the company’s reports).The resulting analysis may be biased if the respondents’ perception ortheir representation of those perceptions is biased. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  53. 53. P a g e | 53With this caveat in mind, the staff of the SEC’s Office of the ChiefAccountant (OCA) conducted in-depth interviews with individualsrepresenting a variety of external users of financial statements to gathertheir views on the effects of Section 404.This effort complements the analysis of the views expressed by thecompanies participating in the survey, in combination providing abroader and more complete assessment of the effects of Section 404 oncapital market participants.6. In various parts of the survey, the participants provided informationabout their experience with Section 404 compliance over several years:the most recently completed fiscal year; the fiscal year prior to that, andthe fiscal year in progress at the time of the survey.While responses referring to the participants’ past experience reflectevents that are certain, responses for the fiscal year in progress at thetime of the survey result in estimates and perceptions that areintrinsically less precise, due to the inherent uncertainty about futureevents.To study all 139 pages of the report:www.sec.gov/news/studies/2009/sox-404_study.pdf _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  54. 54. P a g e | 54A very interesting letterDear Chairman Dodd and Ranking Member Shelby:We are writing to urge you in the course of your efforts to reform thefinancial sector to resist efforts to weaken protections for investors in theSarbanes-Oxley Act of 2002 (SOX).Specifically, we oppose exempting smaller public companies fromcompliance with Section 404(b) of the Act.Further, we are troubled by evidence of a proposal to roll back to anarbitrary market capitalization point strengthened internal controlsrequirements for larger companies that are already in compliance withthe provision.As you know, Section 404(b) requires an independent audit of a publiccompany’s assessment of its internal controls.If Congress agrees to a permanent 404(b) waiver for smaller companies,there may be little independent scrutiny of financial reporting safeguardsat half of all listed companies nationwide.Compliance Week has reported that, “as much as non-accelerated filersdenounce the burden of Section 404(b) compliance, they’re stillconfronted with one stubborn counter-argument: fraud happens.”The publication went on to note that numerous studies indicate thatsmall companies are particularly vulnerable to fraud.A congressionally-mandated study by the Securities and ExchangeCommission (SEC) has found that Section 404 provides benefits that arevaluable regardless of a public company’s size.Reporting requirement reforms, including the Public CompanyAccounting Oversight Board’s adoption of Audit Standard No. 5 and the _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  55. 55. P a g e | 55SEC’s management guidance, are reflective of the real-world lessonslearned since the law’s enactment.The result has been a decline in compliance costs of approximately 30percent.Reporting under Section 404 provides investors with meaningfulinformation regarding a public company’s internal control over financialreporting (ICFR).In addition, we believe that the required independent audit ofmanagement’s assessment of the effectiveness of ICFR, as required bySOX Section 404(b), has been integral to the achievement of theintended objectives of ICFR reporting under SOX Section 404.As important, the SEC’s study determined that investors and otherfinancial statement users “regard ICFR disclosures to be beneficial andindicated that Section 404(a) and Section 404(b) compliance has had apositive impact on their confidence in the companies’ financial reports.The users generally indicate that Section 404 compliance leadsmanagement to better understand financial reporting risks, put in placeappropriate controls to address financial reporting risks, and addressinternal control deficiencies in a more timely fashion than in the absenceof the disclosure requirement.”Investor confidence in public companies’ financial reports is imperativeto the successful operation of our capital markets.As such, it only makes sense to apply the benefits of Section 404(b) toinvestors to public companies of all sizes, even those that have not yethad to comply.This is especially meaningful in view of the fact small companies aremore likely to issue earnings restatements. In fact, a November 2009study by Audit Analytics suggests that companies that have not yet hadauditors review their internal control reports have a restatement rate that _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com
  56. 56. P a g e | 56is 46 percent higher than larger public companies, despite claiming theyhave effective controls.Moreover, a 2009 analysis of restatements of small companies by GlassLewis for the Ohio Public Employees Retirement System found acorrelation between internal control problems and poor stockperformance.The analysis revealed the large costs incurred by investors in the form ofcontinued stock underperformance of small companies with deficientinternal controls.There is no compelling or credible reason to create a dual class system ofinvestor protection in the United States. By waiving Section 404(b)compliance for all but the largest public companies, however, Congresssets us on a path to do just that.We urge you maintain the benefits of Section 404 to investors in allpublic companies. _________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA) www.sarbanes-oxley-association.com

×