Use Section 404 deadline extensions to your advantage
If you’re a publicly traded manufacturer with annual revenues of less than $75 million per year, the Securities and Exchange Commission (SEC) has good news: You don’t have to incorporate management reports or auditors’ attestations into your internal controls over financial reporting until at least December 2007.
And thanks to the Public Company Accounting Oversight Board (PCAOB) adoption of Auditing Standard No. 5, your auditor has more flexibility to use professional judgment in deciding how to test your internal controls.
Better yet, the Sarbanes-Oxley Act’s (SOX’s) Section 404 reporting requirements may be less burdensome when the time comes — which is with the first financial report issued for fiscal years that end on or after Dec. 15, 2007. Sec. 404 requires publicly traded businesses to detail the internal financial controls they’ve established to fight fraud, including any problems that have been fixed.
Extended deadlines
Because Sec. 404 reports are expensive and time consuming to produce, many companies have chosen to launch initial public offerings (IPOs) outside the United States to avoid the costs. Recognizing that the reporting requirements likely are to be even more onerous for smaller companies, the SEC has extended the compliance deadline for management reports on internal controls until fiscal years ending on or after Dec. 15, 2007.
Auditors’ attestations of the reports won’t be required until fiscal years ending on or after Dec. 15, 2008. Both management and auditors’ reports were originally required for fiscal years ending on or after July 5, 2007.
Auditing Standard No. 5
In May, the SEC and the PCAOB finalized changes to the requirements themselves. The new Auditing Standard No. 5, which replaces Auditing Standard No. 2, allows auditors to focus on areas of greatest risk for internal control failures.
In addition, auditors have greater leeway in addressing areas of lower risk and can scale their audits to fit the size and complexity of any company. The standard can be used immediately.
The changes could be significant for your company. Although the SEC estimated before SOX was enacted that businesses would spend about $91,000 to comply, a Manufacturers Alliance survey last year found the actual costs ran up to 10 times that estimate.
The difference is due in part to a lack of specific guidance for auditors in Sec. 404, which caused auditors to err on the side of caution in deciding what needed to be validated.
Develop Sec. 404 financial reporting
Now that the SEC has extended the compliance deadline, use the extra time to review your experience with ISO certification to find cost-saving practices that you may already have in place. Many manufacturers, for example, already have implemented strict change-control procedures to ensure their key operating procedures remain intact and accurate.
If you’re one of them, you may be able to apply the same techniques to your financial reporting. Doing so can help you save on not only initial Sec. 404 compliance costs, but also the cost of staying compliant in succeeding years.
You’ll need to develop documentation, implement procedures and train your staff, just as you did for ISO certification. But, as with ISO, after Sec. 404 compliance activities are ingrained in your day-to-day processes, you’ll find you can better identify and track problems, develop and implement solutions, and ensure the problems have been resolved.
And, in exploring opportunities to improve your financial reporting, you may identify opportunities for business improvements, as well.
Learn and prepare
If you’re willing to look more broadly at your manufacturing company while you’re examining how to comply with Sec. 404, you may decide that centralized purchasing or an upgraded computer system will save you significant amounts of money.
Better yet, as you improve business processes, you may reduce the cost of SOX compliance. And best of all, the SEC has given you at least another five months to prepare.
Sidebar: Newly public companies benefit, too
In addition to easing the Sarbanes-Oxley Section 404 reporting compliance pain for smaller manufacturers (see main article), the Securities and Exchange Commission (SEC) has announced some breathing room for newly public companies.
Acknowledging that taking a company public is enough work for any executive team, the SEC will defer Sec. 404 requirements so newly public companies may prepare their first annual reports without also having to comply with Sec. 404. These companies have until they file their second annual reports to comply — though they may choose to meet Sec. 404 requirements in their first year of business if they desire.
The SEC hopes the transition period will end private companies’ practice of timing their public offerings to allow maximum time before compliance is required, rather than timing them to raise capital.
In either event, companies that go public must include a disclosure in their first annual reports stating that management and auditor attestation isn’t required. That may, the SEC says, allay any potential investors’ concerns with an initial lack of transparency.
For more information about our services to inventory based businesses,
Contact: Mark Walker, Partner, Director of Inventory Based Businesses Practice at 817.882.7724.
The articles in this newsletter are general in nature and are not a substitute for accounting, legal, or other professional services. We assume no liability for the reader's reliance on this information. Before implementing any of the ideas contained in this publication, consult a professional advisor to determine whether they apply to your unique circumstances.