SEC Proposes Risk-Based Analysis of Financial Controls
The Securities and Exchange Commission (SEC) voted unanimously on Wednesday to allow public companies subject to the requirements of Sarbanes-Oxley (SOX) to evaluate the design of only those financial controls that might carry the risk of having a material impact on financial statements. The proposed rule would make compliance less burdensome for smaller companies that will be required to issue financial statements under the law next year.
Regulators also proposed that managers would not have to consult with external auditors to determine the risks inherent in their internal controls but could rely on their own judgment, the Los Angeles Times reports.
"We are proposing this interpretative guidance to help management make their evaluation process more efficient and cost-effective," said SEC Chairman Christopher Cox, according to the Agency’s release. "In the absence of guidance, management has looked to the PCAOB's auditing standard to conduct their evaluations, which is not what was intended. With this guidance, management will be able to scale and tailor their evaluation procedures to fit their facts and circumstances, and investors will benefit from reduced compliance costs.”
The proposed guidance is principles-based guidance that is organized around two important principles, the SEC statement says:
- First, management should evaluate the design of the controls that it has implemented to determine whether there is a reasonable possibility that a material misstatement in the financial statements would not be prevented or detected in a timely manner. This principle promotes efficiency by allowing management to focus on those controls that are needed to prevent or detect material misstatement in the financial statements.
- Second, management should gather and analyze evidence about the operation of the controls being evaluated based on its assessment of the risk associated with those control. The principle allows management to align the nature and extent of its evaluation procedures with those areas of financial reporting that pose the greatest risks to reliable financial reporting.
“Companies of all sizes and complexities will be able to conduct their evaluations more effectively and efficiently by following the proposed guidance,” SEC Chairman Christopher Cox said, according to the New York Times. “As smaller companies have less complex internal control systems than larger companies, this approach enables smaller companies, in particular, to scale and tailor their evaluation methods and procedures to fit their own facts and circumstances.”
"There was never anything wrong with the principles of 404," SEC Commissioner Roel Campos said, Inc.com reports. "What we need to work on is implementation."
Jim Greenwood, president of Biotechnology Industry Organization, a Washington-based trade group, called the proposed guidelines a welcome development, Inc.com says. "Our companies typically have limited cash flow and revenue," Greenwood said in a statement. He said funds that should be re-invested in smaller companies are instead "spent complying with these overly imposing regulations."
The SEC statement concluded that its proposed amendments were intended to clarify the auditor reporting requirement in a consistent manner with the anticipated proposed new auditing standard. The Public Companies Accounting Oversight Board (PCAOB) is expected to release a new auditing standard that “would supersede Auditing Standard No. 2, the Board's existing auditing standard on internal control over financial reporting.” The PCAOB is expected to release their new standard at its meeting on December 19.
Both the proposed guidance on principles and the new auditing standard will be open for public comment for two months.