Should Smaller Public Companies be Exempted from Complying with SOX Section 404(b)? ABSTACT On July 21, 2010 the Dodd-Frank Wall Street Reform and Consumer Protection Act provided the non-accelerated public companies (those with a market capital below $75 million) a permanent exemption from complying with the Sarbanes-Oxley (SOX) Section 404(b). The Section 404(b) would have required these smaller companies to do what larger companies over the $75 million market cap are currently doing; requiring an external auditor to audit their internal controls over financial reporting.
However, what may seem like a huge win for the smaller companies who long have complained about the cost out weighing the benefits of complying with the standard, does not appear that way to everyone. INTRODUCTION Sarbanes-Oxley (SOX) Act Section’s 404 (a) and (b) were created to help restore the public’s trust in what public companies are reporting in their financial statements, as well as the opinions on the reports that the auditors are providing on the financial statements.
SOX 404(a) implies that managements of public companies assess and report on whether their internal controls over financial reporting (ICFR) are effective (United States Securities and Exchange Commission [SEC], 2009); in order to ensure that those requirements in Section 404(a) are being met, public companies are required to have an external auditor attest to management’s assessment over the ICFR (SEC, 2009). While SOX 404(a) is required by all public companies, Section 404(b) was required only by large companies (those with a market cap greater that $75 million).
The outcries from the small public companies were answered by numerous extensions on the compliance of SOX 404(b). This was in order to give these companies more time to get their internal controls in place for external auditors to attest to them. Finally, on July 21, 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) was passed. The Dodd-Frank Act provided permanent exemption from complying with the SOX 404(b) for non- accelerated public companies (those with a market capital below $75 million) (Dodd-Frank Wall Street Reform, 2010, pg. 83). As a result of this Act, another issue surfaced as to why permanently exempt the smaller companies from SOX 404(b). All public companies, to include smaller public companies, should be held to the same standards and be subject to the rules under SOX 404(b). Instead of permanently exempted them, the SEC should have came up with a way to make it more cost effective to comply. This paper will address arguments from both sides of the Dodd-Frank Act, and why smaller firms should be required to comply with SOX 404(b).
ANALYSIS The permanent exemption comes as a relief for the small public companies as complying with SOX 404(a) has been very expensive and time consuming. By adding to the cost associated with complying with SOX 404(b), it would be more than they would be able to handle. A study conducted by Financial Executives International, showed that the cost of complying with SOX for those public companies whose market cap was under $100 million was approximately $824,000 compared to $1. million for those who market cap is between $100 million to $500 million, at the time the article was written (Wolkoff, 2005). Furthermore, Wolkoff (2005) goes on to say that at the AMEX median, the median revenue for its companies are $57 million, which means that for these companies to comply with SOX 404(b) it would cost close to 1. 5% of its median revenue(Wolkoff, 2005). Specifically, Wolkoff states that this could “severely” have a negative impact on these companies operating margins and “in many cases to near zero — and depleting funds available for a reinvestment” (Wolkoff, 2005, pg. ). In addition, resources that could be used for other more important business needs would be diverted to costly “tedious documentation requirements”, and would not be worth the benefits derived (Garrett 2009, pg. 1). Even after the creation of Auditing Standard No. 5 (AS5), a study done by George Washington University, found that the decrease that larger public companies found with the relief provided from AS5 was not the case for smaller public companies (Garrett, 2009).
Furthermore, NASDAQ research showed that based on revenue percentage it would cost 11 times more for smaller companies than larger companies to comply with SOX 404 (b), which creates an “unfair competitive advantage for larger companies” (Garrett, 2009 pg. 1-2). Not to mention that these smaller companies believe that the cost associated with SOX 404(b) far outweighs the benefits of compliance (Wolkoff, 2005).
On the other hand, opponent’s of the Dobb-Frank Act believes that despite the George Washington University and NASDAQ studies, SOX 404 costs are still expected to go down and that the reduction is not only due to the implementation of AS5, but because of other factors. For instance, the cost of complying with SOX 404 is expected to continue to go down as companies continue to implement and document effective controls and move into the “maintenance phase of monitoring and reporting” (How Potential Changes in Small-Company, 2006, pg. 7).
As this relates to SOX 404(b), this could also mean that once the external auditors have completed their first audit of the company’s internal controls and improvements are made based on the outcome of the audit, audit fees should go down because the audits will become easier since any ineffective internal controls should have been or is being addressed. Another SOX 404(b) obstacle that proponents of the Dobb-Frank Act believed threatened the small companies was that the Securities Exchange Commission (SEC) was trying to take a “one size fits all” approach.
Meaning, the SEC was trying to use the same standards for both large and small companies when regulating corporate governance. Proponents felt that this was unfeasible because larger companies were in a better financial position to handle the expense for consultant and external audit fees that came with the SOX 404 regulations. For example, an increased auditing bill to $500 thousand for a company who has a $10 billion market cap would not have the same effect on a company with a market cap of $100 million (Wolkoff, 2005).
Conversely, an analysis done by CRA International for the Big Four, reported that audit fees did not make up the majority of the cost associated with SOX 404. Specifically, the smaller of the larger companies that had to comply with all sections of SOX 404 (i. e. , those with market caps between $75 and $700 million); 35% of those costs were related to audit cost (How Potential Changes in Small-Company, 2006) as it relates to SOX 404(b). Additionally, those companies with a market cap over $700 million, only 26% were related to audit cost (How Potential Changes in Small-Company, 2006).
Although the compliance with SOX 404(b) was implemented to restore investor’s confidence, Wolkoff (2005) states that in doing so caused a deterrent in the number of small firms that would go public both domestically and overseas. The Amex has seen the impact as the number of small companies that have delisted from the Exchange has increased (Wolkoff, 2005), and those that would have joined decided not to, which reduces the number of initial public offerings in the United States.
The SOX Act, specifically, Sections 404(a) and (b), didn’t take into account that large companies have a more complex business structure, which makes for more complex accounting practices (Wolkoff, 2005). For example, the segregation of duties obstacles that many smaller companies are faced with and do not have the resources to fix this control problem. According to Wolkoff (2005), the SEC should have taken that into consideration the “market cap” or “minimal revenue” that a company generates and apply different standards accordingly (pg. 1).
Another point that proponents of the Dobb-Frank Act made was that scandals like Enron are least likely to happen in smaller public companies. The reasoning behind this is that smaller companies are not normally out to cheat themselves. This is because these smaller companies are usually run by the people that founded the companies or closely related (Wolkoff, 2005). However, by requiring smaller public companies to comply with SOX 404(b), will not only ensure that they are in compliance with SOX 404(a), but it will also help these companies by uncovering inefficiencies in some processes.
This in turn will help the companies because it will “…makes fraud harder to commit and easier to detect” (Aguilar, 2010, pg. 33). Especially since smaller companies are in a better position and at greater risk for committing fraud and accounting manipulations (Aguilar, 2010). Furthermore, who is to say those smaller companies’ investors do not deserve the same level of confidence and “financial reporting safeguards” that larger public companies’ investors are receiving (Solnik, 2010).
In addition, studies have shown a correlation between “weak internal controls and poorer earnings relative to effective internal controls” (Hamilton, J. , 2009). In time of a declining economy, the temptations for fraudulent reporting is increased and by having smaller companies comply with SOX 404(b) serves as a deterrent for those temptations (Hamilton, J. , 2009). Lastly, smaller public companies feel that they have already spent a lot of money just to be in compliance with SOX 404(a), and do not feel the need to be monitored by external auditors.
This is because they feel that are capable of monitoring, finding, and remediating deficiencies through internal audits (Solnik, 2010). However, as previously mentioned, SOX 404(b) was not only put in place to ensure that public companies were in compliance with SOX 404(a), but to also have it attested by an independent auditor. This not only helps restore investor’s confidence, but also provides the public companies beneficial information as to whether or not they have proper controls in place and/or additional controls are needed.
Moreover, small companies may be putting themselves at risk especially, if the investors penalized them for not meeting the “transparency norms” that is projected by external auditors (Silverstein, 2008 pg. 26). Especially since there are approximately 7,300 smaller public companies, which accounts for 65% of the overall public companies (Hamilton, J. 2009). CONCLUSION While there are good cases made from both sides of the Dobb-Frank Act, permanently exempted smaller companies doesn’t solve the issue of ensuring compliance with SOX 404(a) is being followed.
More importantly, it doesn’t provide the smaller public investors with the same confidences as large public investors as to whether or not the proper controls are in place, and/or whether the controls are effective. By having external auditors attest to ICFR it will provide the smaller companies’ investors the same boost of confidences as its larger counterparts. Instead of permanent exemption, other means should be looked at in order to make it to where it is cost effective to comply with SOX 404(b).
Also, as recommended by the Key Advisory Committee, “[e]xempt some smaller public companies entirely from SOX 404 reporting requirements, but add stricter corporate governance requirements for those companies” (How Potential Changes in Small-Company, 2006, pg. 6). That way we will not have to wait until another scandal is made public to scramble and make these changes; as the old saying goes, “It’s not if, but when”. REFERENCES Aguilar, M. (2010, May). Small filers struggle with internal controls over fraud. Compliance Week, 7(76), 33,74.
Retrieved from ABI/INFORM Trade & Industry. Dodd-Frank Wall Street Reform and Consumer Protection Act. Conference Report to Accompany H. R. 4173. House of Representative , 111th Cong. 583 (2010). Garrett, S. 2009. Garrett introduces SOX exemption for small businesses, Press release, Oct. 8,2009. Hamilton, J. (2009, June). Section 404 works and is important for small companies, Aguilar feels. SEC Filings Insight,1,4. Retrieved from ABI/INFORM Global. How potential changes in small-company SOX regulations could affect your firm. (2006, February).
Accounting Office Management & Administration Report, 06(2), 1,6+. Retrieved from ABI/INFORM Trade & Industry Silverstein, M. (2008, December). (Sarbanes-Oxley Revisited:) The Good, the Bad, the Lessons. New Jersey Business, 54(12), 26. Retrieved from ABI/INFORM Dateline Solnik, C. (2010, July). Small companies push to gain permanent exemption from Sarbanes-Oxley requirement Silverstein nts. Long Island Business News. Retrieved from ABI/INFORM Dateline. United States Securities and Exchange Commission, Office of Economic Analysis. 2009). Study of the Sarbanes-Oxley Act of 2002 Section 404 Internal Control over Financial Reporting Requirements. Retrieved from http://www. sec. gov/news/studies/2009/sox-404_study. pdf Whitehouse, T. (2009, April). SOX 404 Compliance Improves for All but the Small. Compliance Week, 6(63), 42-43. Retrieved from ABI/INFORM Trade & Industry. Wolkoff, N. L (2005, August). Sarbanes-Oxley Is a Curse for Small-Cap Companies. Wall Street Journal (Eastern Edition), p. A. 13. Retrieved from ABI/INFORM Global.