April 3, 2006
To: Advisory Committee Members
I am a CPA with over 12 years of public accounting experience with one of big 4s and over 15 years of industry experience as CFO with private and public companies. The following are my views on the proposal exempting small cap public companies from compliance with Sarbanes-Oxley Act of 2002 (SOX):
I. Has SOX been an effective legislation and improved financial reporting for public companies?
I believe there is no doubt in minds of parties interested in SOX implementation (i.e. Investors, SEC, management and external auditors of public companies) that SOX implementation has been a very important legislation, which forced public companies and their auditors to pay careful attention to the importance of internal controls in order to improve confidence and reliance on financial reports. I have personally witnessed that a number of small cap companies were able to avoid significant financial statement reinstatements/misstatements by remediaiting material internal control weaknesses uncovered during SOX implementation. I am sure there are many examples like these that we do not hear about them.
The small cap companies are more prunes to existence of errors in their financial reporting process than larger cap public companies due to their limited resources and higher influence of top executives over the financial reporting process of such companies.
Any effort by SEC to nullify the effect of this legislation is a misguided public policy and should be avoided.
II. Can SEC have a discriminatory policy toward protecting investors?
SEC should follow and implement the spirit of Sarbanes-Oxley Act of 2002 (SOX) and not to go against the legislation approved by both Congress and the Senate after many public hearings.
There is no logic in differentiating investors in large cap versus small cap companies. SEC is to protect all investors and not discriminating certain groups of investors versus others. I believe investors in small cap companies deserve the same level of protection as offered to large cap companies
The question is that why SEC is even willing to consider a discriminatory proposal of only protecting investors in large cap public companies and not investors in small cap companies. Under the current proposal exempting approximately 80% of the public companies is like indicating, it is okay for small cap companies:
Have inadequate internal controls
Report erroneous /fraudulent financial statements
Spend huge amount of money in litigation costs and paying damages in a class action suits
Have many reinstatement of their financial statements
Cause their valuations drop due to investors lack of confidence in their financial reports as a result of restatements.
III. Cost of SOX Implementation
The Issue of costs whether from large or small cap companies needs to be looked at it from many perspectives, which can be summarized as follows:
a) Risk Driven Implementation Approach
Recent recommended PCAOB approach to focus on key risk areas (i.e. top down risk assessment) will, over time, reduce the cost of compliance with Section 404. Management of the company and its external auditors should work together to accomplish this. The key to this approach is for the management and the external auditors to reach an agreement on the key risk areas. The audit committee and management of the company must play an active role ensuring the focus of section 404 compliance is on key risk areas to reduce the cost of section 404 compliance and in turn the audit fee. If the companies and their external auditors adopt this approach properly, we will expect to see significant reduction in Section 404 compliance cost for smaller companies.
b)Proper Execution of Risk Driven SOX Implementation.
If the Risk Driven Implementation Approach is properly executed, the cost of SOX implementation for small companies will definitely be substantially lower than current levels. These companies have far less significant risk areas. In some cases it may be impractical to have effective internal controls due to limited personnel inhibiting the company from instituting proper segregation of duties. In such cases, a disclosure in the public filing that due to scope limitation/inability that the company cannot implement a proper internal control system should be an acceptable disclosure to SEC.
c)Litigation Cots versus SOX Implementation Cost for Small Cap Companies:
The cost of compliance to small companies should be measured against investors potential losses due to reinstatement of financial results of the Small Cap companies. The market cap losses of investors in small companies due to reinstatements have been many times more than the cost of compliance with Section 404 of SOX. Investors have lost millions of the value of their portfolio companies defendiing these litigations as a result of poor internal controls of the small cap companies. Strong internal controls, for sure, will reduce the number of material errors in financial statements and reinstatements and in turn cost of defending litigations.
IV. Will the cost of SOX Implementation go down if SEC exempts the small Cap Companies?
The auditing firms now after first phase of SOX implementation learned that they couldnt ignore the importance of evaluation of internal controls in their audit approach. This has now become an integral part of their annual audits. If SEC exempts the small companies from compliance with SOX, such companies still are expected to pay substantial portion of the cost of SOX implementation in audit fees. Please bear in mind that without management assessment of the internal controls, such evaluation will be performed by auditing firms that will be a lot more costly than the assessment performed by the management. SOX Act of 2002 has forced auditing firms to go back to the auditing standards that they were using 20 years ago. Based my own personal auditing experience, the Evaluation of Internal Controls was an initial phase of audit approach in the past. Based on the strength of the internal controls we used to decide on the level of validation audit approach. We all now leaned that without proper assessment of internal controls, we cannot perform an effective audit detecting material errors and misstatements in financial statements.