Subject: File No. PCAOB-2004-03
From: Gayle Graham

April 20, 2004

We are a small community bank which is already heavily regulated, audited, and examined. We are examined by our state regulators and/or FDIC every 18 months. FDIC visits us separately for compliance exams and CRA exams. Additionally, we are audited by Fed annually. We have internal auditors in our bank continually performing audits of operations, lending, and compliance. Each quarter our independent auditors review and sign off our 10Qs and annually our 10K. The independent auditors perform an annual audit of our financials. And now SOX 404. I can tell you, our SEC attorney and our independent auditors are rubbing their fee-hands together just waiting for the billing they can do. Consulting groups are coming out of the woodwork to help us through the SOX 404 requirements.
SOX 404 is being used as a scare tactic to receive a clean opinion letter. Common sense is not being applied. We are put into the mix to businesses and industries that have never had audit committees or regulation.
I understand the purpose of SOX, but as an already highly regulated industry, it is difficult to understand and justify the expenditures to duplicate what is already being done. We need some relief. Give us credit for the regulatory base we have already.