Compliance Blog

Upcoming meetings on June 12th and 13th by the Standing Advisory Group (SAG) of the Public Accounting Oversight Board (PCAOB) suggest that there will be some rapid recommendations made in the coming weeks concerning:

• Refining Audit Standard 2 (Internal Control Audit) to encourage (some would like to see the word - "direct") audit firms to take a top-down approach to auditing internal controls over financial reporting. This may mean refining the language associated with using company-level control audits as a broad indicator of the quality of controls at the process-level.
• The value of the auditor's involvement in management's assessment of internal controls. The thinking is that an auditor's review of management's assessment can provide a preliminary assessment of how extensively the auditor will need to conduct its own audit of internal controls. Kind of like using a canary in a coal mine to indicate "problems". Oops, the canary just dropped dead. Come on audit team! We are out of here!

The fun just keeps rolling.

Click here for more information on the upcoming meeting on June 12th and June 13th in Washington.

If you are looking for the market leading product to streamline your internal control project and processes and SOX 404 compliance then please go to www.issuescentral.com to learn more about the Compliance Playbook(TM). If you are a Canadian-based filer looking to comply with SOX 404 or MI 52-109, please visit www.compliancepartner.ca to learn about Compliance Partner(TM).

Wow, force to forfeit $21 billion US in reparations and must spend ten years in jail, I hope it was worth it! The Daewoo founder, Kim Woo-choong was found guilty today on numerous charges. Corporate fraud is everywhere.

No country is exempt! Arrogance at the top of some companies is astounding. With some CEO's they begin to believe they can do anything and that the company's money is their money. Unreal.

What motivates people who are already so wealthy they cannot spend all of their wealth in their lifetimes to commit such acts? It makes all of us skeptical of corporate behavior. And this is not right because the majority of CEO's around the world are most likely honest.

An excerpt from an article is here:
" Daewoo Group founder jailed, faces billions in reparations
Last Updated Tue, 30 May 2006 11:44:52 EDT

The man who rose from a salesman to become an icon of South Korea's industrial success will spend a decade in jail and forfeit $21 billion US for his financial crimes, a Seoul court ruled Tuesday.

Kim Woo-choong leaves the court in Seoul after being sentenced. He was found guilty of accounting fraud, illegal financing, embezzlement, breach of trust and diverting money out of South Korea. (Yonhap, Ahn Jung-hwan/AP)

Kim Woo-choong, 70, founded and built the Daewoo Group into Korea's second-largest conglomerate, with interests in auto manufacturing, finance, electronics, telecommunications, construction and other businesses."

Click here for the complete article.

It seems that if the work your company is doing affects national security or national defense, then the Director of National Intelligence can exempt your company from SEC 1933/34 and the supporting provisions of the Foreign Corrupt Practices Act of 1977. Interesting way to get an exemption. One has to wonder where else this will lead and will be applied.

Excerpt of an interview by Dawn Kopecki from BusinessWeek with Kai Ryssdal , Host of MarketWatch:
"The President just delegated authority to John Negroponte that allows him to exempt any publicly traded corporation that is working on national defense issues or national security issues from the reporting and accounting requirements under the 1934 Securities and Exchange Act. It's basically the rules and regulations that require companies to keep accurate records, acurate books, accurate accounting ... and then disclose those projects and that information to investors."

Click here for the complete interview with the Director of National Intelligence.

If your company does not work DOD or cannot claim national security concerns and has to comply with Sarbanes-Oxley, then see www.issuescentral.com to learn more about the Compliance Playbook(tm).

The long awaited verdicts are in folks. Kenneth AKA "I Know Nothing" Lay and Jeffrey "It was Fastow's Fault" Skilling have been convicted by a jury of their peers. No wait. Ladies and Gentlemen these are not their peers. This would be impossible.

How could any of us be compared to "the smartest guy in the room" Skilling or "no nothing" Lay. They were found guilty even without the benefit of Sarbanes-Oxley (which was implemented after their fraud was perpetrated). It has been against the law to lie and deceive investors since, maybe 1933!

These guys are an example of what many people have unfortunately come to believe are "average business people". Fortunately, these Enron execs are the exception not the rule in business.

But those of us in business needed this conviction to reaffirm that this behavior is not acceptable and not the norm. The unprecedented arrogance had to be punished.

The Sarbanes-Oxley Act of 2002 which they are blamed for is an important piece of legislation that lets the average investor out there know that this behavior is not acceptable. Good companies would do well not to whine too much about SOX. Just do the work, benefit from it and move on to making money.

Thanks to the Enron trial Jury. Good job!

"Jury: Enron CEOs Lay, Skilling found guilty of fraud
Last Update: 12:12 PM ET May 25, 2006


HOUSTON (MarketWatch)-- A jury on Thursday found Enron founder and former CEO Kenneth Lay guilty on all six counts of fraud and conspiracy charges while former CEO Jeffrey Skilling was found guilty on all securities fraud counts but acquitted of insider trading charges." From Marketwatch.com

If your company needs to rapidly and cost effectively comply with Sarbanes-Oxley or MI-52-109, see www.issuescentral.com to learn more about the Compliance Playbook(tm) and www.compliancepartner.ca to learn more about Compliance Partner(tm).

A good laugh can get you through the day. (Note: Laughing during your internal control audit is strictly verboeten and an indication of a personal control deficiency).

I found this a little while ago on Broc Romanek's blog (CorporateCounsel.net). Very funny. I'll bet you don't get poetry like this on markets with lower compliance standards!

Ode To A Fraud: A Humorous Take On SOX

From Scott Cohen of Compliance Week:

'Twas the night before Christmas and most of the hires were back in their houses, in front of their fires. All toasty inside as Northeasterlies blew, naïve of my plan, yes, they hadn’t a clue.

And as the lights sparkled and as their kids knelt to open their toys (or their Hanukkah gelt) and gifts were exchanged—here a train, there a jewel— and meals were devoured with dribble and drool, I sat in my office, cast under a pall, and patiently waited and watched the snow fall. The lights had been dimmed and computers were down, the hallways were barren—there wasn’t a sound.

Except for old Jasperhams, typically juiced, who handled recycling the reams we produced, had chosen that moment to tidy about. I gently persuaded him: Get the hell out.

So through empty hallways as I did maraud, I knew that the time had arrived for my fraud! How perfect an eve of deceiving, I beamed, a night for my swindle, my racket, my scheme!

Constructed in summer and fostered in fall, ‘Twas daring, audacious ... the nerve and the gall! A plan based on timing, by my own admission, advanced by the exodus from the Commission.

Yes, SEC veterans, bailing, they flew, On Goldschmid! On Cutler! On Donaldson, too! With turnover rampant, and chaos set in, at last my deception, my scam, could begin!

My goal was pure evil, a dastardly deed, a scandalous racket inspired by greed. ‘Twas really quite simple, but one that still shocks: to undermine every provision of SOX.

Yes Sarbanes and Oxley, so feeble and dense, who doled legislation that lacked common sense; the thoughtless decrees that you morons inscribed would soon in their whole be defaced and defiled!

I started out slowly, with SOX 301: by snipping the lines on the phones, oh, what fun! Thus blowers of whistles had no tool to sort our audit committee their whining report.

I then took my pen to our corporate codeof suitable conduct (good God, what a load!), deleted decrees that the board said: “Obey,” and wrote down, “Just do what you want, it’s okay!”

Then freed of restrictions I rolled up my sleeves and tackled more regulatory pet peeves. For certification of SOX 302, I crossed out my named and signed, “Winnie the Pooh.”

Pro forma financials all settled with GAAP, I quickly unwound and made tricky to map. For “plain English” filings (which I cannot speak) I crafted disclosures in Yiddish and Greek.

“Good God, this is simple!” I cried of my prank (I guess that it’s my MBA I should thank!). So SOX 404, let us dent you as well: I’ll simply erase key controls from Excel.

I then found some insider rules to evade: A pension fund blackout within which to trade. The “two-business day” rule was next to ignore: I waited a fortnight to file my Form 4.

For bookkeeping rules that are overly stringent, (off-balance sheet deals and arrangements contingent) I structured some entities, all of them fake, ensuring transparency now was opaque.

And measures impacting resources and risk were moved from my hard drive to some floppy disk unreadable by any modern machine: derivative instruments ... ne’er to be seen!

Now SOX 407 was easy to shirk, I breached that directive without any work: Our “financial expert” knows nothing, dear Cox, his audit skills can’t fill a cereal box!

And then my attention did finally turnto those who created my awful heartburn: My trusted accountants, my partners, my friends, whose counsel and leadership gave me the bends.

So SOX 303: You be damned, I decreed! and swiftly began to coerce and mislead, manipulate, obfuscate (hey, it’s a waltz!) let’s bribe, threat, and document things rude and false!

To frame my dear auditor, this was quite grand: I gave him some non-audit work that was banned. ‘Cause, hey, how much profit must they really earn? Why, I oughtta give them a “going concern.”

And wanting my auditor’s fall guaranteed, the rules of the dreaded PCAOB must be disobeyed (they are way too damn stringent): more tax shelters, please, and commissions contingent!

And last on my list: Why my lawyers, I’ll call! Confess everything, force a noisy withdrawal, then phone all our analysts, give them a plea of non-public facts that defy Reg. FD.

And looking back over the rules I had breached, I smiled to myself ... I had finally reached the goal to which my Christmas Eve had aspired: Defying the rules that old Sarbox required.

Oh relish this moment, ye governance punks, Like feisty Nell Minow and Bob A.G. Monks, and Yerger and those who prod corporates with wit, like Lally, Anne Simpson and Millstein and Pitt.

And governance “raters” who think you’re so blessed, like proxy advisors (that’s you, ISS), Glass Lewis and Moody’s, get back in your den, I’ve just undermined the whole ICGN!

And as I strolled, grinning, outside in the lot, I never did grasp the one thing I’d forgot: That back in the office, and this was quite sloppy, I’d dropped on the floor my diskette that was floppy.

And Jasperhams, damn you, old man! How you dare conspired to capture my disk unaware, and transfer to counsel a thorough report that caused all the lawsuits that led to the court.

And though I claimed innocence (how I did plead!) the jury said, “guilty,” the judge then agreed, and though I had fainted and mustered some tears, the sentencing judge gave me two hundred years.

And that’s why this winter—this cold, cold wet day— I’m not on my yacht with my Klee and Monet, but stuck in a cell wearing dirty striped shorts, with Ebbers, Kozlowsi, Lay, Rigas and Swartz.

And thus, my dear friends, lies a lesson of risk: That bastards like Jasperhams may find your disk. So trust me: the law is a thing you can’t duck. So Sarbanes and Oxley: I guess I’m the schmuck.

Maybe there is help on the way on AS#2. This could be some good news about some more risk based approach for companies.

PCAOB Announces Plan to Improve Internal Control Rules

Washington (May 18, 2006) - The Public Company Accounting Oversight Board announced a four-point plan to improve auditors' implementation of the internal control reporting provisions of the Sarbanes-Oxley Act.

"During the past year, we have heard nearly unanimous agreement that effective controls of a public company's system of financial reporting protect investors," said acting PCAOB chairman Bill Gradison, in a statement. "We have also heard, however, that some refinements to the existing requirements would reduce the costs associated with internal control reporting while maintaining the benefits to investors." ...

The four initiatives outlined by the PCAOB include:

• Making amendments to Auditing Standard No. 2, which calls for an audit of internal controls to be held in conjunction with an audit of financial statements. The board said that it will consider amendments ensuring that auditors' focus remains on areas that pose higher risk of fraud or material error.
• Reinforcing the need for auditor efficiency during PCAOB inspections, a point already announced by the PCAOB in early May.
• Creating better guidance and education for auditors of small companies.
• Continuing PCAOB forums on auditing in the small business environment. Eight of the forums, which are attended by auditors, directors and financial officers of smaller public companies, are planned for 2006.

For the complete article, click here.

For information on how your company can effectively comply with Sarbanes-Oxley Section 404 for MI 52-109, see www.issuescentral.com to learn more about the Compliance Playbook(tm).

Did anyone say that internal controls over financial reporting was boring? Hah! Two major events happened today:

1. Proposed Bill in Congress - "To reduce the burdens of the implementation of section 404 of the Sarbanes-Oxley Act of 2002." This bill (also known as the "COMPETE Act (S. 1020)") is sponsored by a collection of Republicans and a lone Democrat. Their objective according to a number of sources is to get this bill passed in 2007 once both Senator Sarbanes and Congressman Oxley retire in late 2006 and are not in their influential positions on various Banking and Finance committees.

Key pieces of the proposed bill are:

• Exemption from Section 404 altogether (although you could volunteer) if you are one of the following: 1) market capitalization of less then $700 million, or 2) Annual revenue of less than $ 125 million, or 3) have fewer than 1,500 beneficial shareholders, or 4) have been subject to Section 14 (a) and 15(d) of the Securities Act of 1934 for a period of less than 12 months, or 5) the issuer has not filed, or is not required to file, and annual report under 13 (a) or 15 (d) of the Securities Act of 1934
• Random Audits - Basically after the first year of external auditor reviews, 10% of all filers above the exempted ones listed above would have to go through a random external auditor attestation of 404 each year moving forward. (Wow! Kind of like winning the lottery. Just more work. I wonder how you would negotiate audit fees under these circumstances!)
• Standards - Clearer definition as to what the terms "reasonable", "significant", and "sufficient" mean in the context of internal control over financial reporting
• British Accounting System Study - The SEC and PCAOB will be asked to study and compare Section 404 and the "principle-based" Turnbull Guidance under the securities laws of Great Britain (Note: only apply to LSE-listed, not to AIM listings). This proposed report would be due within one year of the passing of this proposed Act. (Note: The Brits are probably running scared at this point. This blogger has done some research on the effects of Turnbull and there is nominal evidence documented, and minimal statistics, by the Turnbull group to support its effectivity or to what extent external auditors take issue with internal controls over LSE-based issuers. Does anyone disagree or have facts to the contrary? Please tell me.)

2. SEC and PCAOB Announcements - Several hours later today both the SEC and PCAOB made the following announcements - click here:

• Guidance for companies with respect to management's assessment of internal controls over financial reporting (Section 404 (a)) will consider the following: 1) Concept Release on Management's assessment and the review by the External Auditor, and 2) Consideration of additional guidance from COSO in particular to help smaller companies with 404 (a), and 3) Consideration of the need to issue additional guidance to management on the undertaking of a more risk-based, top-down approach to evaluating internal controls over financial reporting (thus potentially reducing some of the perceived non-value added process-level activities)
• Revision to Audit Standard 2 - The PCAOB announced today that it would: 1) seek to ensure that auditors undertake more integrated audits and that they focus more on areas of materiality, and 2) incorporate key areas of the guidance issued on May 16, 2005 formally into AS2 thus reducing some of the Jekyll and Hyde behavior (described in a blog entry last week) currently associated with review of internal controls, and 3) revisit and clarify, what, if any role, the external auditor should have in evaluating the company's process for evaluating the effectiveness of internal controls over financial reporting (note: the "externals" would still have to conduct their own review of the effectiveness of ICFR)
• SEC Oversight of PCAOB Inspection Program - Basically the SEC inspectors will inspect the PCAOB inspectors inspections of the audit community. (Note: I guess the pendulum had to swing back against the auditors).
• Extension of Compliance for Non-Accelerated Filers - If your market cap is $ 75 million or less (check the SEC calculation/effectivity dates) then they are now proposing that you will have to provide your Management assessment and certification of internal controls over financial reporting ( Section 404 (a)) for fiscal years beginning on or after December 16, 2006. The happy news for those of you who do not like Section 404 (b), the external auditors attestation of internal controls, is that there is no formal date for phasing the auditors work back-in. However, it appears that the SEC will consider the above items before re-implementing the external auditor attestation. In this fashion the legislation seems quiet similar to the proposed Canadian rules on the same topic found in CSA notice 52-313.

So, what does today mean if you are a publicly-traded firm governed by SEC rules?. My best guess is as follows:

1. Politics is in the air - 2006 is an election year. There is a fair amount of posturing all around. Things can change.
2. Management of smaller filers are still going to have to sign-off on internal controls over financial reporting - Think about it. Section 302 already goes part of the way on internal controls and CEO/CFO certifications. If the business community resists the management report portion of 404, you might start to wonder as to the validity of 302 certifications. Big can of worms! Even bigger Pandora's box.
3. Some smaller filers have bought a little bit of time - If your fiscal year-end as a smaller filer is between July 31st and November 30th you gained a few months. Everyone else is in the same shape as before. Everyone (which means about 5900 companies according to the SEC) is still going to have to file a management report and certification on internal control starting with those that have fiscal year ends of Dec 31, 2007 (the bulk of the group which will experience no timing change).
4. External auditor attestation - Potentially it will be streamlined for all filers by improving AS 2 and that portion of the auditor's work that evaluates management's evaluation of internal controls over financial reporting could be eliminated. Too early to tell.
5. Get on with business - The fact that the SEC is responding so quickly to the Proposed Bill is a sign that Smaller companies in particular should take note of. Internal controls are here to stay. Take the public's money and you will have to meet a common compliance standard.

Good night and good compliance.

Having been through the ramp-up to SOX and already into their Year 2 audits, larger company CEOs don't see SOX as an issue. The learning curve has kicked in. Smaller CEO/CFOs take notice. The following article was posted on CNET News - Blog: Processors and Systems by Michael Kanellos.

Quit complaining about Sarbanes-Oxley, says National CEO. Education the problem

May 10, 2006 4:47 PM PDT

There are three things that never fail to make executives complain in Silicon Valley: commuting, the state of public school system, and Sarbanes-Oxley.
It's time to scratch that last one off the list, said Brian Halla, CEO of National Semiconductor. The first year of complying with the bill was difficult--National spent $7 million and consumed 68,000 hours in work complying with it.
Four years later, compliance only takes about a quarter of the effort. "It was only 25 percent of the slog this year for us," he said.
John Daane, CEO of Altera, concurred. "I don't see it as a significant problem that is hampering our industry," he said.
Instead, the two, who are the front men for the Semiconductor Industry Association this year, say the biggest problem U.S. companies face is creeping ignorance. The U.S. school system isn't emphasizing science and math and allows students to opt into easy grading subjects. This is killing the tech industry.
"We've made it to easy to avoid hard," said Halla. "K-12 is currently broken so the pipeline is gone."
Further, universities are under funded and foreign students may stop coming here for college, the two said. PhDs who graduate here have trouble staying in the states.

- End of Blog by Michael Kanellos -

To both affordably strengthen and streamline your company's internal controls over financial reporting, and Sarbanes-Oxley compliance, please go to http://www.issuescentral.com/ to learn more about the Compliance Playbook(TM). If you are a Canadian-based company needing to comply with SOX, or MI 52-109, please go to http://www.compliancepartner.ca/ to learn more about Compliance Partner(TM).

Today's meeting at the SEC had a little something for everyone. Benefits. Costs. More guidance. Not so fast, we already have enough Guidance. More principles. The flight of the U.S. IPO. Big versus Small registrants. The Big 4 and Oligopoly pricing. Litigation. And more. Eight hours of internal controls opera as anyone would attest.

Hey don't blame me. Lie down until the feeling goes away.

In any event, a star cast of panel members, SEC and PCAOB staffers and Chairman Cox covered five broad topics generally based on the experience of accelerated filers in Year 2 of their 404 activities, but also covering the concerns of smaller registrants (most of whom have not yet undertaken their first 404 audits).

Here is the brief overview of the key themes covered during the meeting:

Theme 1: Section 404 - Cost versus Benefit

It all depends on perspective on this one. Everyone wants to see improvements on the ratio of costs to benefits (more on where the cost reductions might come from later in this blog entry).

Accelerated filers generally felt that costs had leveled off and that benefits were significant and real. They are generally taking more of a risk-based approach and streamlining the number of controls.

Investors (i.e. Calpers) and rating services (i.e. Moody's) were more enthusiastic about the benefits and acknowledged that SOX had helped significantly with rebuilding investor confidence (although Sections 302/906 need lots of credit also) and is one of the causes (secondary) for lower cost of capital for well run businesses.

The audit firms highlighted recent studies indicating real cost reductions for 404 clients, as well as improved and integrated audit procedures at the audit firms that help to keep a lid on costs.

Panel members representing smaller firms were negative about the economic effects of SOX 404. They were united in supporting the recent recommendations made by the Advisory Committee on Small Business (click here to go the SEC website for their report) with respect to either an exemption or partial exemption from SOX 404 based on market cap/revenue criteria.

Theme 2: Improved Guidance

Two paths emerged in this area.

Auditors. The discussion was that the PCAOB should incorporate the May 16, 2005 guidance (see previous blog entry below: Hey! Have you seen my Guidance?) into Audit Standard 2. Ideally, this would not be done for 2006 reporting said many of the panel members, so as not to change existing 404 activities underway, but would kick-in during 2007 audits. This would provide a more consistent, and "friendly" approach to the external auditors testing of a registrant's controls, reliance on the work of others, and risk-based/top down methodology. As it is now, AS 2 brings out the real conservative in an engagement partner. Auditors remember what happened to Arthur Andersen, and many panel members felt that improved guidance to the auditors could streamline the process. Cleaning up the meaning of "material weakness" as described in AS2 seems like a good place to start. It is like debating the number of angels on the head of a pin.

Management. To-date management hasn't had lots of direction from the SEC in terms of practical guidance on internal controls. The default has been to ask the External Auditor, who then turns to AS 2 and then turns back to management and says, "What are you looking at?". Some fine commentary was made about management teams needing to take their own path with respect to internal control reviews. It is their business to run after all. Many panel members were looking for more practical guidance and examples from the SEC with respect to emphasis on entity-level controls versus process-level controls (top down/risk-based approach); cycling of testing to reduce costs; and, better direction on IT controls. It appeared during the discussion that Chairman Cox is looking to COSO for much of this guidance particularly for smaller companies where the compliance burden is greater given more limited resources.

Theme 3: Smaller Companies and Section 404

The meeting was supposed to focus on larger filers and their second year 404 experiences, but the voices of smaller filers were heard also. A CEO of a smaller bio-tech firm and a CFO of an electronics firms supported the recommendations of the Small Business Advisory Committee - mentioned above. Most other panel members want the issue of small business to go away and for the SEC to just get on with implementing 404 for smaller businesses with perhaps some basic streamlining. The aforementioned CFO (Alex Davern) woke the meeting up by declaring that he was annoyed by the "tremendous amount of polite discussion" during the meeting and that the SEC "deserves a failing grade for implementation of 404." He backed up his criticisms by reminding everyone that the SEC had predicted that the average cost for implementing SOX would be in the range of $90,000. Hey, what's a zero between friends! In the case of many small companies it could be a good portion of their income for the year.

Other panel members were less sympathetic. Nick Cyprus of COSO said "if you can't play the public game, don't take the public's money." Perhaps one audit committee member (J. Michael Cook) said it best when he said that the SEC needs to make a decision on the small business front ASAP and "It (404 for small business) needs to come off the front page."

We will be hearing more on this topic in the coming weeks as there remain about 5900 companies to file their first year 404 reports and the majority are waiting to see what the SEC recommends. If I were a small filer, I wouldn't bet on a reprieve. The current 404 timeline calls for smaller filers to hand in their reports beginning with those that have fiscal y/e after July 15, 2007.

Theme 4: Section 404 and the Competitiveness of U.S. Capital Markets

Much was made of the number of IPOs in the last 18 months that have not been launched on U.S. markets. The AIM market in London and the Hong Kong exchange were mentioned as being able to attract larger IPOs looking for cash - but not compliance. Some discussion was had about superior returns on U.S. markets, higher U.S. trading multiples, and foreign markets will follow U.S. trends, etc.

On another note, the CFO of NASDAQ was at the meeting today. He must have been amused about the discussion of London and AIM. NASDAQ just increased its ownership of the LSE to about 24%. Smart move. You get them leaving home and then coming back.

Theme 5: The Road Ahead

Chairman COX finished the meeting quickly saying that:

• 404 has produced significant benefits and costs
• Both the SEC and PCAOB will consider action based on the feedback received to-date
• The SEC will consider the Small Business Advisory Committee's recommendations

My guess about what the SEC will do. No major changes in the future. Investors generally like the legislation and that is what started the whole process in the first place. The learning curve will reduce costs and improve efficiencies. The PCAOB will knock some heads in the audit community and take down some names. A couple of tweaks, and small companies will be treated generally like big filers. Time to move on.

Wow. Sitting in on today's SEC roundtable on "Second-year experiences with Internal Control Reporting and Auditing Provisions" (i.e. Section 404 of the Sarbanes-Oxley Act of 2002) you get the feeling everyone needs "guidance." I'm not talking about guidance counseling, but that is a thought. 83 times the term "guidance" was used primarily with respect to improving the real gap that exists between Audit Standard 2 (used by the audit community as the touchstone for their internal control audit processes) and the May 16, 2005 "guidance" issued by the PCAOB and the SEC with respect to using more judgement, increasing reliance on management's testing work, and more emphasis on top down/risk-based audits. An undercurrent sentiment is that the audit firms are, or have been put, into a bit of a Jekyll and Hyde situation where the "May 16th guidance" (which has not been incorporated into AS2) should improve the efficiency and cost of the audits (the Jekyll part), is being trumped by more stringent and costly behavior (the Hyde part) when it actually comes to the audit.

Today's panel members were largely in agreement that not only should the May 16th guidance be incorporated into AS2, but also that management needs its own ... (wait for it!) guidance for undertaking its assessment of internal controls over financial reporting.

Check our next blog posting later today for a quick overview of the day's discussion and other highlights.

I came across the following article at CFO.com (404 Makes IPO: Mission Impossible) - Click here.

One of the gentlemen quoted outlines how his company decided not to go public to primarily avoid costs associated with Sarbanes-Oxley (particularly Section 404), but has now put the business in harm's way to help buyout an initial investor. I appreciate the frustration of Mr. Broderick with respect to the disproportionate cost burden that SOX places on smaller companies. Hopefully the SEC/PCAOB will come up with some sensible streamlining of 404 to maintain and enhance investor confidence in a more affordable manner. However, smaller company investors are not well served by avoiding the legislation. Avoidance may actually be "penny wise", but longer-term "pound foolish" as Mr. Broderick's business is now drained of cash, has increased debt, and in his own words has more limited growth prospects. Sounds like a recipe to stay small. The reality is that going public has always been a greater strain (pre and post Sarbanes-Oxley) on smaller businesses as there is a compliance cost "barrier-to-entry". If you take the public's money you are going to pay the price. In the example mentioned in the CFO.com article, it looks like a hefty price is being paid by not going public.

To both affordably strengthen and streamline your company's internal controls over financial reporting, and Sarbanes-Oxley compliance, please go to http://www.issuescentral.com/ to learn more about the Compliance Playbook(TM). If you are a Canadian-based company needing to comply with SOX, or MI 52-109, please go to http://www.compliancepartner.ca/ to learn more about Compliance Partner(TM).

With the upcoming May 10th SEC roundtable on SOX 404 Year 2 experiences you just know that the audit firms are going to be under the microscope to improve the efficiency (i.e. - reduce cost) of their SOX 404 related audits.

Click here to read the latest statement from the PCAOB published by Reuters.

To both strengthen and streamline your company's internal controls over financial reporting, and Sarbanes-Oxley compliance, please go to www.issuescentral.com to learn more about the Compliance Playbook(TM). If you are a Canadian-based company needing to comply with SOX, or MI 52-109, please go to www.compliancepartner.ca to learn more about Compliance Partner(TM).