Sen. Christopher Dodd (D-Conn.) has introduced his long-awaited regulatory reform bill, and it does not include a proposal to exempt small public companies from an audit of their internal controls under Sarbanes-Oxley 404(b).
Neil Goldenberg
Under the current SEC rules, small public companies are subject to the audit of internal controls for the first time in years endi
ng on or after June 15, 2010. While there were previous efforts in Congress to exempt these companies permanently, the exclusion of such a proposal in the Dodd bill makes it less likely.
Furthermore, Congressional concerns over the new regulations over financial institutions and derivatives trading have overshadowed any concerns over SOX 404(b). It can be expected that the June 15 deadline will come before the Dodd bill is finalized in Congress.
It would be risky for companies becoming subject to the requirement to ignore its pending arrival. Management should have open discussions with their auditors about the scope of their work. Specific technical requirements, such as controls in information technology and technical financial reporting, require expertise not always inherent in smaller companies, so the services of a specialist may be required. Additionally, auditors will be taking a closer look at management’s documentation and assessment, as it may be used in part by the auditors and defray some costs if properly aligned.
Overall, these efforts may be a challenge for companies to address in the limited time left. Now that most fiscal year companies are completing their annual reports, this is the best time to consider these internal controls over financial reporting audit issues.
Neil Goldenberg, CPA, CIA is the partner-in-charge of the technology assurance and advisory services practice at Eisner LLP.