Sarbanes-Oxley Section 404: What's on the agenda?
Tensions are running high in the world of Sarbanes-Oxley Section 404, with a flurry of activity in the last couple of months, spurring lots of lively discussion and debate amongst the many interested parties. Comments have come from a variety of sources, including the landmark May 10th SEC/ PCAOB roundtable on second-year experiences and various government and independent research reports. Furthermore May 17th saw the announcement by the PCAOB and SEC separately of a series of actions to address issues raised. The tricky cost/benefit equation remains firmly centre stage. A further source of stress is the question of clarity versus subjectivity or regulation versus judgment i.e. how much more regulation should the SEC and PCAOB provide? The latitude of judgment currently required to implement the legislation is proving problematical. This is not surprising given the prescriptive rules-based regulatory environment to which the US is accustomed.
My aim in writing this article is to cut through the volume of material that has emerged over recent months and distil the key high level themes which are dominating the Section 404 agenda. The table at the end of the article provides a summary of what I believe to be the main events and research reports that have been issued in April and May of this year. Each adds new information and different perspectives, the majority of which were brought together at the May 10th SEC/PCAOB eight hour roundtable discussion. In what follows I provide a discussion of the key high level themes identified under 3 broad headings:
Benefits of S404 - including the market perspective
With regard to the effect on the markets, the prevailing view is that Sarbanes-Oxley has made a significant contribution to restoring investor confidence. Panelists at the May 10th Roundtable (‘panelists’) cited lower cost of capital and higher stock price multiples as tangible proof of the benefits afforded to issuers and their shareholders - of course there are many factors that affect the price of stocks, and cause and effect questions remain. There is, however, some concern about the long term effect on the US capital markets of the new requirements, with recent studies indicating that foreign companies are choosing to access the U.S capital market through secondary, private placements offerings.
Is the market using S404 data?
In terms of market reaction to individual S404 disclosures, investment analysts have been pretty silent. However their view should ultimately be reflected in the share price and Lord & Benoit have conducted some interesting research on the share price performance of nearly 2,481 S404 filers. The study compared the average share price performance for three categories of filers during the first two years of implementation with the following results:
The Lord & Benoit Report: Do the Benefits of 404 Exceed the Cost? * Clean S404 assessment = "effective controls"; Adverse 404 assessment = "ineffective controls"
Whilst there are the usual cause and effect questions, the results show that average stock prices increased at a higher rate for companies that has consistently reported good internal controls compared to those that either corrected their internal controls or remain unimproved. The results also indicate that lost confidence can be recovered quickly. This is consistent with Moody’s approach (discussed below), which is concerned with pervasive and ongoing problems when considering company downgrades.
Moody’s treats ‘delinquent’ (i.e. late) filers as if they had reported a material weakness and generally finds that these companies meet all three of the above rating action criteria.
But Moody’s raises a fundamental point regarding the usefulness of disclosures and the S404 process in general, expressing concern that too many material weakness disclosures were being made at the same time that errors or restatements were being announced, thus acting as lagging rather than leading indicators and undermining their usefulness to users of financial statements. Moody’s reports that out of 74 companies reporting material weaknesses in the current year, only 4 companies did not experience a prior reporting error (note figures relate to companies that Moody’s rates as opposed to all filers).
‘We can only hope that underneath the radar screen of public reporting is genuine improvement in controls that will prevent future errors from occurring’, (Moody’s, May 2006)
Costs, costs, costs'.and efficiencies?
Experience to date and opportunities for further efficiencies
Savings have come from a variety of sources, including elimination of one time start-up costs (e.g. lower costs to document controls and less effort to remediate controls), learning curve effects and additional regulatory guidance. Companies and auditors are now acutely aware that the scope of controls identified for testing as well as the testing approach taken are key drivers of the ongoing cost of compliance.
Everyone seems to have found the May 2005 guidance issued by the PCAOB very helpful in this regard (top down risk-based approach) and companies reported testing a significantly lower number of key controls in Year 2, with further room for rationalisation. The CRA Survey reports a c.20% reduction in key controls tested by auditors in Year 2 versus Year 1. Requests for further guidance in this area have been heard by the PCAOB and the SEC and both have included same in their respective action plans.
The common themes emerging with respect to opportunities for efficiencies are:
Results of cost surveys and panelists views clearly indicate that the burden of compliance is proportionately greater for smaller companies. There is some support for providing smaller companies broad exemption from the internal control reporting requirements (Ernst & Young disagrees), however the SEC’s 17th release makes clear that there will be no exemption forthcoming (‘ultimately all public companies will be required to comply’, - SEC, 17th May) . Additional guidance is clearly needed for smaller public companies and both the PCAOB and SEC have indicated that they will provide guidance to management/auditors of smaller companies (the SEC will assess the need following a review of the guidance being developed by COSO in this regard).
‘Careful what you ask for!’ is a phrase now commonly used in the context of S404 guidance/regulation, so it will be interesting to see the form and nature of the new guidance (the PCAOB is planning to revise Auditing Standard No. 2 as well as issue additional guidance). But in the meantime, at this side of the Atlantic, Foreign Private Issuers are focused on getting through Year 1. If it is any comfort, the three words I have heard used repeatedly in connection with Year 1 efforts are ‘difficult’, ‘challenging’ and ‘struggle’, so if that is how you are feeling, you are not alone!
The world of S404 is moving at rapid pace, with benefits being realised and cost efficiencies being achieved. But I believe that to truly bring the cost/ benefit equation into balance companies need to move beyond the compliance model and move to an integrated governance model, using S404 and other initiatives to truly manage risk from a single consistent view.
For key s404 events and releases in April and May 2006, click here
Elaine Brownlee is a manager in Ernst & Young’s Business Risk Services practice.
The material in this article is provided for general information purposes only and does not constitute professional advice. It is necessarily in a condensed form. Readers are advised to seek professional advice with regard to their particular factual situation before taking any decision or course of action.
© Copyright 2006 Ernst & Young