For those firms, “uncertainty has been the big problem to date,” says Mike Bromelkamp, a principal with Olsen Thielen Certified Public Accountants in St. Paul. Some of the uncertainty remains, as the SEC’s May announcement suggested that the commission would issue additional “guidance” that might affect some compliance issues for these nonaccelerated companies.
But Bromelkamp urges small companies not to wait for the SEC to dot the final “i” in its guidance. Nor should they hope for the deadline to be pushed back or gamble that the SEC will cave in to pressure to exempt them altogether. “I think the die has been cast” regarding SOX compliance for the under-$75 million group, he says. Those whose next fiscal years begin in December or early in 2007 “had better already have started work on it,” he says. “I’d tell a client, ‘You’d better be ready to comply, because the cost of noncompliance is too high’ . . . It’s not as if Sarbanes should be a surprise to anyone anymore, and the SEC would love to make an example of somebody.”
Start Work on What?
If you put the basics of Sarbanes-Oxley into a diagram,
Bromelkamp
says, it would show a series of explanations and assurances that
public
companies are required to provide with regard to their
financial
statements: “Here’s what we’re reporting, here’s how
we arrive at the
numbers,
here’s how we control and test our
system to make sure the
numbers are fair and
accurate—and if
they’re not, our
Accountants point to several factors that make SOX compliance a particular headache for smaller public companies. Most of those factors spring, directly or indirectly, from Section 404 of the legislation, which addresses the internal control structure that must be in place to ensure that financial reporting is accurate.
Other sections of SOX deal with executive accountability and timely reporting of significant changes in the financial standing of public companies. But Section 404 is problematic because it requires that a company document and test the internal control system it uses to ensure that no material weaknesses exist in the process of gathering and reporting its financial information. Then an independent auditor has to attest not just to the numbers but to the documentation, testing, and working of the control structure.
Testing attributes of a control structure is vastly more complicated than just testing the resulting financial numbers, says Erik Skie, a principal with accounting firm LarsonAllen in Minneapolis. For instance, did your company buy something from a vendor? “The issue isn’t just that you bought it and here’s what you paid,” he says. “You also may need to test attributes around the proper approval of the vendor. How do you know that somebody in inventory didn’t set up a fictitious vendor?”
What’s more, external auditors explain, you’re documenting, implementing, and testing the attributes of every major accounting process in your business. How do you handle and report on stock options? Taxes? Revenue accelerated into the next fiscal year? Ordinary revenue that comes in from different lines of your business?
« Previous Page 1 | 2 | 3 | 4 Next Page »
