SEC Guidance On SOX Hailed By Insurers
Actions by a federal accounting regulator and a private sector overseer last week will reduce the cost of compliance with the controversial Section 404 of the Sarbanes-Oxley Act of 2002 by providing companies and their auditors with greater flexibility, several industry trade groups assert.
The new guidance from the Securities and Exchange Commission and the Public Company Accounting Oversight Board also shows the willingness of the agencies to be responsive to industry concerns about the cost of compliance with the provision as well as determining precisely how the agencies are interpreting the provision, the trade groups say.
At the same time, both bodies refused to support calls by powerful industry groups that the law should be repealed.
“It is clear to us that the internal control assessment and audit process has the potential to significantly improve the quality and reliability of financial reporting,” notes William J. McDonough, PCAOB chairman. “It is equally clear to us that the first round of internal control audits cost too much. Through the guidance we issue today, as well as our upcoming inspections, we are committed to seeing that AS No. 2 is implemented in a manner that captures the benefits of the process without unnecessary and unsustainable costs.”
Auditing Standard No. 2, which refers to the auditor’s attestation as an audit of internal control over financial reporting, is the standard auditors must use to satisfy their obligations under Section 404.
Mr. McDonough also says that the PCAOB and the SEC continue to work to “facilitate implementation” of Section 404 of SOX by the auditors of the smaller U.S. public companies and foreign companies, that, by SEC rule, need not comply with Section 404 until 2006.
Section 404 of the SOX and the SEC’s related implementing rules require certain companies to include in their annual reports filed with the SEC a report on management’s assessment of the effectiveness of those companies’ internal control over financial reporting.
Section 404 also requires these companies’ auditors to attest to and report on the internal control assessments made by management.
Effectively, staff guidance issued by the SEC and the policy statement by the PCAOB allows companies to comply with Sec 404 of Sarbanes-Oxley by creating a system that works best for their own specific organization.
Phillip Carson, senior counsel, financial reporting at the American Insurance Association, Washington, says he believes the new regulatory guidance “is positive for all companies subject to Sarbanes-Oxley.”
He explains that it was issued by the two agencies in response to an April 13 roundtable with industry. Mr. Carson says the benefit of the new guidance is that it addresses some of the issues that drive the cost of internal control audits, specifically the issue of audit scope. “It looks to the auditor to apply more judgment rather than rely simply on excessive transactions testing, which drives cost,” he says. “It emphasizes the need to develop the audit in terms of risk assessment, that is, focus on the higher risk areas, as opposed to making it apply equally to low risk areas as well.