April 15, 2005
Issues Central Goes to Washington: Commentary on Internal Controls Review Meetings April 13
Washington, DC – April 14, 2005: Issues Central staff attend SEC Internal Control Roundtable Meetings – Meeting Highlights and Commentary
Management of Issues Central, Inc., developers of the Sarbanes-Oxley Compliance Playbook™, attended two critical meetings of the Securities and Exchange Commission (SEC) in Washington on April 12 and April 13, 2005.
SEC Advisory Committee on Small Business - Meeting # 1
(April 12, 2005 – Washington – SEC HQ - William O. Douglas Room)
This was the first organizational meeting for the Small Business advisory committee. The SEC established this committee to examine the impact of the Sarbanes-Oxley Act and other aspects of the federal securities laws on smaller companies.
Observations arising from this meeting:
The committee mandate is very broad covering not only internal control issues (i.e. – Section 404 of the Sarbanes-Oxley Act of 2002), but also capital formation, securities matters and accounting treatment for smaller companies.
A very strong group of committee members with a thirteen (13) month agenda must formulate key recommendations within six (6) months for review and potential implementation.
Mention was made of not only the US markets, but also of issuers on the Canadian exchanges. The Canadian context was related to barriers to entry with respect to capital formation and securities laws.
The SEC is concerned with the impact of recent compliance regulations on smaller business as the feeling is that these same enterprises are the engine of the economy and costs of compliance will be excessive for smaller companies.
Four major subcommittees were formed and the number one item on each agenda was the definition of “smaller” as this designation may form the basis for differential treatment with respect to various pieces of SEC activities.
A common complaint from issuers and financiers was that they are not able to engage the Big 4 audit firms because of perceived risks and excessive demand for their services from larger firms. As an observation, Big 4 accounting firm attendance at this meeting was minimal.
Mentioned in the meeting was work underway by The Committee of Sponsoring Organizations of the Treadway Commission (COSO) with respect to an internal control framework for smaller firms. This will be published for comments during the summer of 2005.
Various discussions focused around the excessive costs of Section 404 compliance and the challenges that will be faced by smaller filers over the coming year.
The committee will be holding meetings every two months over the next year and will be soliciting public opinion on its recommendations.
All participants were committed to finding effective ways to ensure that smaller companies could meet legislated objectives but in a more cost effective and efficient manner.
Stay tuned to the SEC website for developments with respect to the work of this committee (http://www.sec.gov/).
Issue Central, Inc. – Our Preliminary Conclusions: The SEC is open to ways to help smaller companies but no one should expect any legislation changes with respect to Section 404 of SOA. However, it would be reasonable to anticipate some rule changes or clarifications with respect to how internal controls might be better implemented at lower cost. Some initial thoughts include recommendations that internal controls may be more risk-based and testing examples might be developed to facilitate greater economy without sacrificing audit quality.
SEC Roundtable on the Implementation of Internal Control Reporting Provisions
(April 13, 2005 – SEC HQ – William O. Douglas Room)
This meeting drew a large crowd and was held to review the experience to-date from larger “issuers”, auditors and regulators with respect to the implementation of Section 404 (Internal Controls) of the Sarbanes-Oxley Act of 2002 (SOA).
Participants in this meeting included the SEC; the Public Accounting Oversight Board (PCAOB); major audit firms; large to mid size public filers; large and small investors; various associations; other government authorities; as well as media from all around the world.
Lineups started early for the Roundtable
Observations arising from the Roundtable were:
· Major topics covered during the roundtable were: Experiences from Year 1; Reporting to the Public; Planning and Design; Documentation and Testing of Internal Controls; The use of Judgement in Communications and Conclusions; and, Next Steps.
· The larger investors (i.e. – CALPERS) had a strong sense that Section 404 has already begun to provide more significant benefits to the markets as investors are more confident in financial reporting. This type of confidence will be a contributing factor to lower cost of capital for issuers.
· Management teams observed that generally improvements had been made to their financial reporting that would not have occurred without SOA and Section 404.
· Underlining the difficult circumstances faced by issuers was that while the PCAOB had provided the PCAOB Audit Standard # 2 (AS2) rule to the auditing community with respect to documentation and testing of internal controls. In these rules, judgement in the areas of reliance on management’s documentation and testing was allowed, but not implemented in general by external auditors. Panel members mentioned that this may have been driven by fear of litigation, as well as “revenue enhancement”.
· Issuers on the other have not enjoyed similar rules from the SEC. There was not a consensus from issuers or the SEC as to whether additional rules would be helpful. Issuers were then held to an ultra-conservative interpretation of the AS 2 Standard. This has led to what one Panel member described as Duplication – not Attestation, and the associated increase in external auditing costs.
· To underline the extremely conservative approach with respect to their interpretation of AS2, it was mentioned by several large filers that there auditors had moved their reviews to cover the documentation and testing of 96%-97% of balance sheet and income statement accounts.
· The general consensus was that a risk-based approach for review during Year 2 and beyond would be more appropriate and cost-effective.
· Too much time in Year 1 was spent by large filers on low risk, mundane transactions and processes, instead of high-risk processes and entity-level controls.
· Considerable time was spent discussing “material weaknesses”. It was concluded that not all material weaknesses were created equal.
· The SEC reached a conclusion that there were no problems with the rules related to Section 404, but that implementation issues were driving up costs.
· The PCAOB committed to providing more clarity for AS 2 by May 16th.
· It was acknowledged by most roundtable members that increased tension and distance in the relationship between an issuer and their external auditor had dramatically increased compliance costs. A negative consequence of this is that complex accounting transactions, where advice of external auditors is required, is not available at all or on a timely basis, protracting transaction closings and increasing the complexity in getting the best methods to handle transactions. This is especially true in mergers and acquisitions where transactions may be complex and the best and brightest minds are needed to complete the transaction.
· There was some thought that second year experiences will be more instructive for everyone since the steep learning curve of year 1 will be over. The panel members observed that this “settling in” would help naturally sort out many of the year 1 costs. There were quotes that external audit costs might decrease by as much as 46% in year 2 of the implementation of Section 404.
· There was a representative from the UK from the Turnbull Commission. This is the UK’s internal control framework. The framework is principle-based and is no more than fifteen pages. It is judgment based and is much different from the Section 404 rules based approach. The UK is currently reviewing their framework. There is not much chance that the UK will adopt more of a rules-based approach. The two camps are very far apart on approach. This leads to much discomfort in Europe over standards in the US which are very prescriptive rather than principle based.
· A representative from the American Electronics Association, who represents smaller manufacturers, estimated that Section 404 costs may run 2.5% of revenue versus .1% of revenue for companies exceeding $5 billion. This was cited to lend credence to the concern about changes to rules and/or guidance for smaller companies.
· A key observation of the panel was the sense that many audit firms do not have the depth to be able to deal effectively with IT Controls, both at a general level and application specific level. In addition, several issuers felt that stable IT systems should not be the subject of detailed examination and testing and that the associated audit costs was money poorly spent.
· The overall costs and benefits were reviewed and discussed in depth. It was generally concluded that the benefits of Section 404 are significant, but more clarity for external auditors around the implementation of auditing internal controls would drive the costs down more appropriately.
· External audit firms said they were going to work on relying more on internal audit and management’s documentation and testing in year 2 as well as try to integrate the Section 404 and Section 302 audits. This should cut cost and decrease disruption to issuers.
· Many panelists indicated that not enough time was spent properly scoping their projects and setting standards prior to diving in. This increased the cost and amount of time spent in accomplishing their projects. Most accelerated filers did not purchase technology to assist their projects but now are purchasing technology to assist in managing documentation, testing and tracking deficiencies.
· A major highlight for many attendees were comments made by the Chairman of the PCAOB relating to upcoming PCAOB inspections of audit firm activities with respect to AS2 interpretation, etc. William McDonough foresees a "severe conversation" with accountants who engage in too much testing of their clients' internal-controls reports. It was noted and hoped that the outcome of this process and related guidance to external audit firms would lead to reduced audit costs, greater reliance on the work of management and internal audit, and improved overall communication.
· For more information on the activities of the SEC’s Roundtable on the Implementation of Internal Control Reporting Provisions please go to http://www.sec.gov/ .
Issue Central, Inc. – Our Preliminary Conclusions: Smaller issuers can learn from the experiences of the larger filers as follows: 1) Put more time into early planning of your Year 1 404 project and don’t procrastinate; 2) Scope your Year 1 project carefully as this will influence time and cost, and 3) Get agreement from your external auditor on a risk-based approach so that low risk areas are not over documented and over tested, and 4) Don’t be surprised if your external auditor is more formal and circumspect in dealing with your internal control activities. Additional decisions and trends to look forward to by June 30, 2005 include: 1) clarification from the PCAOB on how external auditors are performing 404/302 reviews and 2) potential recommendations that greater reliance by the external auditor be placed on internal audit and management’s assessment of internal control.
Additional information:
For more information on the observations and perspectives of the Issues Central team please call Charley Best, Vice President at 416.977.1496 ext 112, or e-mail: charleybest@issuescentral.com .
For more information on Issues Central, Inc. and the Sarbanes-Oxley Compliance Playbook™, geared to the compliance efforts of mid to emerging public filers, please call 1.800.410.6681 or go to http://www.issuescentral.com/ .
Management of Issues Central, Inc., developers of the Sarbanes-Oxley Compliance Playbook™, attended two critical meetings of the Securities and Exchange Commission (SEC) in Washington on April 12 and April 13, 2005.
SEC Advisory Committee on Small Business - Meeting # 1
(April 12, 2005 – Washington – SEC HQ - William O. Douglas Room)
This was the first organizational meeting for the Small Business advisory committee. The SEC established this committee to examine the impact of the Sarbanes-Oxley Act and other aspects of the federal securities laws on smaller companies.
Observations arising from this meeting:
The committee mandate is very broad covering not only internal control issues (i.e. – Section 404 of the Sarbanes-Oxley Act of 2002), but also capital formation, securities matters and accounting treatment for smaller companies.
A very strong group of committee members with a thirteen (13) month agenda must formulate key recommendations within six (6) months for review and potential implementation.
Mention was made of not only the US markets, but also of issuers on the Canadian exchanges. The Canadian context was related to barriers to entry with respect to capital formation and securities laws.
The SEC is concerned with the impact of recent compliance regulations on smaller business as the feeling is that these same enterprises are the engine of the economy and costs of compliance will be excessive for smaller companies.
Four major subcommittees were formed and the number one item on each agenda was the definition of “smaller” as this designation may form the basis for differential treatment with respect to various pieces of SEC activities.
A common complaint from issuers and financiers was that they are not able to engage the Big 4 audit firms because of perceived risks and excessive demand for their services from larger firms. As an observation, Big 4 accounting firm attendance at this meeting was minimal.
Mentioned in the meeting was work underway by The Committee of Sponsoring Organizations of the Treadway Commission (COSO) with respect to an internal control framework for smaller firms. This will be published for comments during the summer of 2005.
Various discussions focused around the excessive costs of Section 404 compliance and the challenges that will be faced by smaller filers over the coming year.
The committee will be holding meetings every two months over the next year and will be soliciting public opinion on its recommendations.
All participants were committed to finding effective ways to ensure that smaller companies could meet legislated objectives but in a more cost effective and efficient manner.
Stay tuned to the SEC website for developments with respect to the work of this committee (http://www.sec.gov/).
Issue Central, Inc. – Our Preliminary Conclusions: The SEC is open to ways to help smaller companies but no one should expect any legislation changes with respect to Section 404 of SOA. However, it would be reasonable to anticipate some rule changes or clarifications with respect to how internal controls might be better implemented at lower cost. Some initial thoughts include recommendations that internal controls may be more risk-based and testing examples might be developed to facilitate greater economy without sacrificing audit quality.
SEC Roundtable on the Implementation of Internal Control Reporting Provisions
(April 13, 2005 – SEC HQ – William O. Douglas Room)
This meeting drew a large crowd and was held to review the experience to-date from larger “issuers”, auditors and regulators with respect to the implementation of Section 404 (Internal Controls) of the Sarbanes-Oxley Act of 2002 (SOA).
Participants in this meeting included the SEC; the Public Accounting Oversight Board (PCAOB); major audit firms; large to mid size public filers; large and small investors; various associations; other government authorities; as well as media from all around the world.
Lineups started early for the Roundtable
Observations arising from the Roundtable were:
· Major topics covered during the roundtable were: Experiences from Year 1; Reporting to the Public; Planning and Design; Documentation and Testing of Internal Controls; The use of Judgement in Communications and Conclusions; and, Next Steps.
· The larger investors (i.e. – CALPERS) had a strong sense that Section 404 has already begun to provide more significant benefits to the markets as investors are more confident in financial reporting. This type of confidence will be a contributing factor to lower cost of capital for issuers.
· Management teams observed that generally improvements had been made to their financial reporting that would not have occurred without SOA and Section 404.
· Underlining the difficult circumstances faced by issuers was that while the PCAOB had provided the PCAOB Audit Standard # 2 (AS2) rule to the auditing community with respect to documentation and testing of internal controls. In these rules, judgement in the areas of reliance on management’s documentation and testing was allowed, but not implemented in general by external auditors. Panel members mentioned that this may have been driven by fear of litigation, as well as “revenue enhancement”.
· Issuers on the other have not enjoyed similar rules from the SEC. There was not a consensus from issuers or the SEC as to whether additional rules would be helpful. Issuers were then held to an ultra-conservative interpretation of the AS 2 Standard. This has led to what one Panel member described as Duplication – not Attestation, and the associated increase in external auditing costs.
· To underline the extremely conservative approach with respect to their interpretation of AS2, it was mentioned by several large filers that there auditors had moved their reviews to cover the documentation and testing of 96%-97% of balance sheet and income statement accounts.
· The general consensus was that a risk-based approach for review during Year 2 and beyond would be more appropriate and cost-effective.
· Too much time in Year 1 was spent by large filers on low risk, mundane transactions and processes, instead of high-risk processes and entity-level controls.
· Considerable time was spent discussing “material weaknesses”. It was concluded that not all material weaknesses were created equal.
· The SEC reached a conclusion that there were no problems with the rules related to Section 404, but that implementation issues were driving up costs.
· The PCAOB committed to providing more clarity for AS 2 by May 16th.
· It was acknowledged by most roundtable members that increased tension and distance in the relationship between an issuer and their external auditor had dramatically increased compliance costs. A negative consequence of this is that complex accounting transactions, where advice of external auditors is required, is not available at all or on a timely basis, protracting transaction closings and increasing the complexity in getting the best methods to handle transactions. This is especially true in mergers and acquisitions where transactions may be complex and the best and brightest minds are needed to complete the transaction.
· There was some thought that second year experiences will be more instructive for everyone since the steep learning curve of year 1 will be over. The panel members observed that this “settling in” would help naturally sort out many of the year 1 costs. There were quotes that external audit costs might decrease by as much as 46% in year 2 of the implementation of Section 404.
· There was a representative from the UK from the Turnbull Commission. This is the UK’s internal control framework. The framework is principle-based and is no more than fifteen pages. It is judgment based and is much different from the Section 404 rules based approach. The UK is currently reviewing their framework. There is not much chance that the UK will adopt more of a rules-based approach. The two camps are very far apart on approach. This leads to much discomfort in Europe over standards in the US which are very prescriptive rather than principle based.
· A representative from the American Electronics Association, who represents smaller manufacturers, estimated that Section 404 costs may run 2.5% of revenue versus .1% of revenue for companies exceeding $5 billion. This was cited to lend credence to the concern about changes to rules and/or guidance for smaller companies.
· A key observation of the panel was the sense that many audit firms do not have the depth to be able to deal effectively with IT Controls, both at a general level and application specific level. In addition, several issuers felt that stable IT systems should not be the subject of detailed examination and testing and that the associated audit costs was money poorly spent.
· The overall costs and benefits were reviewed and discussed in depth. It was generally concluded that the benefits of Section 404 are significant, but more clarity for external auditors around the implementation of auditing internal controls would drive the costs down more appropriately.
· External audit firms said they were going to work on relying more on internal audit and management’s documentation and testing in year 2 as well as try to integrate the Section 404 and Section 302 audits. This should cut cost and decrease disruption to issuers.
· Many panelists indicated that not enough time was spent properly scoping their projects and setting standards prior to diving in. This increased the cost and amount of time spent in accomplishing their projects. Most accelerated filers did not purchase technology to assist their projects but now are purchasing technology to assist in managing documentation, testing and tracking deficiencies.
· A major highlight for many attendees were comments made by the Chairman of the PCAOB relating to upcoming PCAOB inspections of audit firm activities with respect to AS2 interpretation, etc. William McDonough foresees a "severe conversation" with accountants who engage in too much testing of their clients' internal-controls reports. It was noted and hoped that the outcome of this process and related guidance to external audit firms would lead to reduced audit costs, greater reliance on the work of management and internal audit, and improved overall communication.
· For more information on the activities of the SEC’s Roundtable on the Implementation of Internal Control Reporting Provisions please go to http://www.sec.gov/ .
Issue Central, Inc. – Our Preliminary Conclusions: Smaller issuers can learn from the experiences of the larger filers as follows: 1) Put more time into early planning of your Year 1 404 project and don’t procrastinate; 2) Scope your Year 1 project carefully as this will influence time and cost, and 3) Get agreement from your external auditor on a risk-based approach so that low risk areas are not over documented and over tested, and 4) Don’t be surprised if your external auditor is more formal and circumspect in dealing with your internal control activities. Additional decisions and trends to look forward to by June 30, 2005 include: 1) clarification from the PCAOB on how external auditors are performing 404/302 reviews and 2) potential recommendations that greater reliance by the external auditor be placed on internal audit and management’s assessment of internal control.
Additional information:
For more information on the observations and perspectives of the Issues Central team please call Charley Best, Vice President at 416.977.1496 ext 112, or e-mail: charleybest@issuescentral.com .
For more information on Issues Central, Inc. and the Sarbanes-Oxley Compliance Playbook™, geared to the compliance efforts of mid to emerging public filers, please call 1.800.410.6681 or go to http://www.issuescentral.com/ .
