U.S. Securities & Exchange Commission
SEC Seal
Home | Previous Page
U.S. Securities and Exchange Commission



Washington, D.C., Oct. 26, 2005 - The Committee of Sponsoring Organizations of the Treadway Commission (COSO) today published for comment new guidance on the use of its framework to address the needs of smaller businesses in fulfilling the requirements of Section 404 of the Sarbanes-Oxley Act.

Donald T. Nicolaisen, Chief Accountant, U.S. Securities and Exchange Commission, said,

"I believe this guidance is an important step forward in helping smaller businesses understand and apply COSO's internal control framework in connection with implementing Section 404 of the Sarbanes-Oxley Act. I am grateful to COSO for the efforts they expended over the past year to develop this guidance, and I am supportive of their process. COSO and its Advisory Task Force put an extraordinary amount of effort into researching the issues and drafting the document. I look forward to the exposure period, as I believe the comments received by COSO will provide new ideas and useful examples that potentially will further improve the document.

"Section 404 is too important not to get right, but getting it right requires both effective and efficient implementation. The staff will continue to monitor and assess the effects of the internal control reporting rules on smaller public companies."

Alan Beller, Director of the Division of Corporation Finance, added,

"COSO should be commended for preparing this guidance and exposing it for public comment. The approach they have taken, when finalized, may help not only smaller businesses, but organizations of all sizes, better understand and apply COSO's 1992 Framework."

In adopting its rules with respect to Section 404, the Commission specified that management must base its evaluation of the effectiveness of the company's internal control over financial reporting on a suitable, recognized control framework that is established by a body or group that has followed due-process procedures, including the broad distribution of the framework for public comment. In its rule-making release on June 5, 2003, the Commission acknowledged that the original COSO framework satisfies that criteria. The COSO internal control framework has been widely used by management and auditors in fulfilling the requirements of Section 404.

Concerns have been expressed that existing internal control frameworks are not appropriately tailored to a small business control environment and that, as a result, the costs and burdens of internal control assessments may fall disproportionately on smaller businesses. Due to these concerns, SEC staff encouraged COSO to develop guidance on the use of their framework to address the needs of smaller businesses.

The COSO Board created an Advisory Task Force to assist in the development of this guidance, consisting of approximately twenty members with a variety of experience in smaller businesses. Input was also obtained from financial officers and senior management of smaller businesses, regulators, investors, external auditors, internal auditors, consultants, lawyers and academicians.

COSO's guidance, entitled Guidance for Smaller Public Companies Reporting on Internal Control Over Financial Reporting, is available at www.coso.org. Comments should be directed to COSO through its website by Dec. 31, 2005.

# # #

Additional Information Regarding Section 404 and the Activities of the Commission

Over the past several months, the Commission staff has sought feedback and input on the implementation of Section 404. On April 13, 2005, the Commission held a roundtable to discuss implementation efforts and, in connection with the roundtable, sought written feedback from registrants, auditors and others on their experiences in implementing the Section 404 internal control reporting requirements. As a result of this feedback, on May 16, 2005, the Commission released a Statement on Implementation of Internal Control Reporting Requirements to address issues that arose during the first year of experience with the implementation of Section 404.

Also, the Commission established an Advisory Committee on Smaller Public Companies to examine, among other things, the effect of the internal control provisions on smaller public companies. The work of the Advisory Committee is still underway. Consistent with an Advisory Committee recommendation, and in part due to anticipation of the release of the new COSO guidance, the Commission on Sept. 21, 2005, decided to postpone the compliance date for filing internal control reports by companies not designated as accelerated filers to fiscal years ending on or after July 15, 2007.

Separately, the Commission is asking for additional input from the public to assist in its ongoing consideration of Section 404 in the context of smaller public companies. Refer to Release Nos. 33-8618; 34-52492; file nos. S7-40-02; S7-06-03, Management's Report on Internal Control over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports of Companies that are not Accelerated Filers. Comments in connection with these releases are due to the Commission on Oct. 31, 2005.


Modified: 10/26/2005