SEC to small companies on SOX: Not off the hook

By Linda Tucci, Senior News Writer 18 May 2006 | SearchCIO.com

IT news and analysis for CIOs Digg This!     StumbleUpon     Del.icio.us

The high cost of complying with SOX, and in particular Section 404, the part of the law requiring companies to prove the adequacy of their internal controls, has provoked bitter complaints from companies of all sizes, but especially from smaller companies.

A small-business advisory panel, appointed by the SEC last year to study the problem, recommended last month that the SEC exempt the smallest public companies from Section 404 altogether. The panel also advised letting companies with a market value of less than $787 off the hook from hiring auditors to sign off on these control systems.

The proposals drew sharply mixed reviews, winning praise from small business advocates and condemnation from former chairmen of the SEC, as well as compliance experts.

More on compliance Ways to cut SEC compliance costs Opinions split on new SOX proposal

In rejecting the recommendations of its panel, the SEC issued a strong endorsement for the Sarbanes-Oxley law. The act was passed in the wake of the corporate fraud and accounting scandals at Enron Corp. and other companies that lost millions of dollars for shareholders and lined the pockets of some top executives.

The commission did, however, acknowledge that its vague guidance on the SOX rules and the overzealousness of the Public Company Accounting Oversight Board (PCAOB), which has led to the enrichment of many accounting firms and consultants, needs fixing.

SEC Chairman Christopher Cox said in a statement May 17: "By providing practical guidance to companies, by working with the Public Company Accounting Oversight Board on their forthcoming revised standard for auditors, and by examining how the PCAOB inspection process is succeeding in increasing the efficiency and cost-effectiveness of the audit process, we will take a giant step toward 'getting it right' when it comes to Section 404 compliance."

The commission did cut the smallest public companies a break of sorts, granting a five-month reprieve on implementing Section 404, so that they could take advantage of the new guidance from the SEC and PCAOB revisions. Smaller companies will have to report on their internal controls beginning next year.

Let us know what you think about the story; e-mail: Linda Tucci, Senior News Writer

Tags: Compliance strategies and best practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Compliance strategies and best practices Email archiving solutions and strategies for enterprise CIOs Miscues abounded in Boston email retention policy, practices Health care security, HIPAA compliance on deck for CIOs in Obama era Enterprise risk management solutions for CIOs Addressing compliance requirements in cloud computing contracts Avoiding gotchas of security tools and global data privacy laws Information security and IT governance guides for CIOs CIO turns to identity and access management to solve business problem Log management tool, SIM boxes combine to form security architecture Economic downturn hits IT budgets

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary GRC (governance, risk management and compliance) software  (SearchCIO.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary