The U.S. Securities and Exchange Commission wants to continue to be vague about compliance with Section 404 of the Sarbanes-Oxley Act.[@@]
SEC officials say they are skeptical even of companies’ own efforts to comply with the tough new financial reporting law by developing and following clear-cut guidelines for testing and reporting on their companies’ internal controls.
Too many companies have been using a “mechanistic, check-the-box” system to evaluate themselves rather than using a risk-based approach, officials write in a new report based on recent SOX roundtable discussion.
“An assessment of internal control that is too formulaic and/or so detailed as to not allow for a focus on risk may not fulfill the underlying purpose of the requirements,” officials write.
Because of the SEC’s concern about a formulaic approach to monitoring internal controls, the SEC has decided against giving any specific advice about how to comply with SOX 404.