March 29, 2013
Comment Letter to SEC proposed Rule 34-69030 Requirement for all NASDAQ listed companies to have an Internal Audit Function
I am the Chief Financial Officer of Electro Scientific Industries (NASDAQ ESIO) and would like to communicate my objections to the proposed requirement for all NASDAQ listed companies to have an internal audit function. ESI has a limited internal audit function, but has employed an out-sourced SOX and compliance review function for the past several years. This function reports directly to the Audit Committee of our Board of Directors and is primarily responsible for SOX compliance. The Audit Committee meets regularly with the external individual, reviews the annual audit and test plan, establishes the budget, receives and reviews their reports and meets with them separately from management on a regular basis. The firm is not our independent auditing firm, but has been reviewed by our audit firm and found to be independent and qualified to do this work, which in turn, has resulted in increased audit efficiency by our independent auditors.
My concern with the proposed rule is that it sets the scope of work for the internal audit organization to include providing management and the audit committee with ongoing assessments of the Companys risk management process and system of internal control. I believe the scope of the proposed rule is over-reaching and would likely require extensive reviews, audits, tests, documentation and effort, resulting in large scale costs to the company. ESI is under $250M in revenue and cannot absorb added costs. This is especially true when considerable effort and costs are already being directed at compliance with the new reporting for conflict minerals, other recent regulatory requirements in the wake of Dodd-Frank, and ongoing cost of compliance with the requirements of Sarbanes-Oxley (SOX).
In addition to the costs, I believe the proposed rule will change the flexibility of our Audit Committee to direct our internal audit activities performed both internally and externally. Currently, the bulk of this effort is focused on operational reviews and follow-up on issues raised as part of our normal audit process and which are value-added, as opposed to compliance. The proposed rule appears duplicative and costly, as it forces us to direct the effort at assessing controls and risk management, both items already reviewed by management and our board of directors under current SOX rules.
In summary, as a small NASDAQ company, adding a full internal audit function in addition to the independent compliance and SOX function would be a significant cost for which I do not see the benefit. We take internal controls and compliance very seriously, but also need to compete in a highly competitive global environment which is increasingly cost sensitive.
For the above noted reasons I believe that the proposed rule requiring an internal audit function and outlining its role should be withdrawn.
VP Administration CFO
Electro Scientific Industries