Small Company Relief?

Lawyers for public companies are anticipating some form of regulatory relief from Sarbanes-Oxley following a report from an advisory committee of the Securities and Exchange Commission.

The report, expected to be issued by the Advisory Committee on Smaller Public Companies by the end of April, addresses “internal controls” mandated under federal law to ensure the accuracy of financial accounting and reporting. Critics argue that the controls have imposed disproportionate costs and staffing burdens on small issuers.

Brad B. Arbuckle of Michigan-based Miller Canfield Paddock & Stone asserted that so-called Section 404 internal audit controls are “the most troublesome aspect of Sarbanes because they’re very expensive to implement and totally inflexible” toward smaller companies. Companies under $70 million in market value generally enjoy a temporary exemption [from Section 404] but that is set to expire this year.

Lawyers noted that some small clients are paying hundreds of thousands of dollars to gear up for full-scale Sarbanes compliance.

“I have a client with a market cap of $11 million who just paid $1 million in [compliance] costs,” said Brinkley Dickerson of Troutman Sanders in Atlanta. “For them that is two years of earnings and 10 percent of their market value just to comply with [Sarbanes].”

John J. Concannon III of Boston-based Bingham McCutchen explained that Congress rushed through a “one-size-fits-all” solution with Sarbanes-Oxley because they couldn’t risk protracted debates over tailored responses during Enron-sized scandals.

“Something is likely to be done to grant some relief for small issuers,” Concannon speculated. But he is quick to add that the five SEC commissioners have shown no affinity for any complete or permanent exemptions.

Dickerson agreed, adding that “the SEC doesn’t want the heat from any fraud or bankruptcy scandal” resulting from any deregulation.

The most likely form of relief is some sort of postponement in compliance obligations for small issuers, according to Benjamin G. Lombard of Reinhart Boerner Van Deuren in Milwaukee.

“For other companies that are 404 compliant now, a step backward seems unlikely,” Lombard said.

But even a delay of a few years could be a big help, according to Steve Nevers, the director of internal audit and controls for Jefferson Wells, a global provider of professional services, including compliance and audit. Initial compliance costs were high, in part, because many people were unfamiliar with the requirements for reports first due in 2004, Nevers said.

Costs dropped in the second year, he noted, and “will continue dropping as auditors get more experienced in implementing and testing controls.”

The SEC’s advisory committee studied a range of issues surrounding Sarbanes-Oxley compliance, including: the effects on public or private capital decisions; the effects on small company valuations; the possible flight to foreign capital markets; and the relative costs and benefits for stockholders.

See sidebar on “Issues Examined by the SEC” and go to www.sec.gov/info/smallbus/acspc.shtml for extensive information and public comments.

The committee took comments from a wide range of groups, including institutional investors, accountants and trade groups, which ranged from urging “no change” to existing rules to urging exemptions for smaller companies or narrowed third-party testing of required controls.

A Host of Problems

By statute, both management (the CEO and CFO) and independent auditors must attest to the sufficiency of “internal controls” designed to prevent and detect financial accounting errors.

Dickerson said the problem at the outset was “nobody knew what ‘internal controls’ meant.”

The Committee of Sponsoring Organizations (known as COSO) was the only group of institutions that had tried to define “internal controls” – in 1992 – in the context of the Foreign Corrupt Practices Act (FCPA) for deterring foreign business bribes, Dickerson said.

More than a decade later, Sarbanes-Oxley created the Public Accounting Oversight Board (PAOB) to regulate auditing standards. The board expanded on COSO interpretations, leading to an auditing system of checks and balances for everything – from purchasing to payroll, from inventory control to information technology.

“The auditors went to town on [standards] for testing internal controls,” said Dickerson, adding that “the documentation and examination requirements were so excessive nobody could pass all of them [initially].”

Nevers added: “The discipline of documentation and evidencing [the sufficiency] of internal controls is the hardest thing for small companies.”

He explained that owner-managers of small enterprises are more informally involved in prevention and detection of financial mistakes, and as a result they have fewer formal systems of control.

Integrated software systems for controlling payroll, purchasing, inventory and revenue can automatically set up many controls (like requiring different people for approval and payment of purchase orders) and make them operate consistently, Nevers said. “Humans never do the same thing the same way twice, but machines – at least in theory – always do.”

But the problem for small companies, he observed, is that they can’t afford the systems.

Another burden for small companies, he said, is a strain on staffing accounting groups. Management and staff “have a lot to do in planning, documentation, evaluation, testing and remediation of internal controls,” Nevers noted.

Concannon observed that large companies have spent as much as $80 million in compliance without adverse competitive affects. But smaller companies – stuck with spending at least $400,000 – may lose a significant portion or all of their earnings, according to Concannon. Often, “the cost is disproportionate to the benefit for most small companies,” he said.

Particularly thorny issues surround IT systems, according to Dickerson. He noted that independent testing by auditors must prove that “accounting programs work as designed, access is properly limited on a ‘need to know’ basis, and program tampering can’t [escape detection].”

Furthermore, auditors who charge clients with “material weaknesses” or “significant deficiencies” can sink a small company stock.

Lombard recalled instances where clients suffered “material weakness” charges only because generally accepted accounting principles (GAAP) had changed during the year of audit or an employee did something wrong that could not have been prevented.

Lombard said clients complain about the result, but auditing firms respond that “we’re getting letters from [PAOB] saying we’re not strict enough.” That problem is compounded by the fact that small company managers can’t explain their unique systems to auditors without jeopardizing the required “independence” of the auditors.

That means the cost of getting an auditor familiar with company systems can be so prohibitive that switching accounting firms becomes a hardship, Arbuckle added.

The result is that some small companies are “going dark” by delisting their stock, or going private, though lawyers point out that there is no empirical evidence as to just how often this is happening, or if it is truly caused by Section 404 compliance.

But Concannon, whose firm has a London office, said the London AIM market is unquestionably pitching some small companies and has captured at least a few.

Possible Solutions

While lawyers agreed a general sentiment exists that changes need to be made, they suggested there is little chance the SEC will grant any complete or permanent relief from Section 404 compliance.

“You have to believe that at some point in time every public company will be required to do a public company audit [because any] permanent exemptions would be too controversial,” said Lombard.

Based on public pressures and past statements of the SEC commissioners, experts predicted the most likely relief for small companies would be: