Now that Sarbanes-Oxley (SOX) is five years old, FEI is interested to hear from members about its impact (if any) on private companies.
- Has your company experienced increased pressure from board members or auditors to initiate SOX-like changes?
- Are lenders, venture capitalists, or insurers particularly interested in internal controls certification?
- Has Sarbanes-Oxley benefited your company in any way?
Bill Sinnett (firstname.lastname@example.org )
Although we are privately held, our audit committee considered an internal-control audit (similar to a 404 audit) the “best practice”. Accordingly, we have made an assertion on our internal controls supporting financial reporting and have been audited by Deloitte (under AT501 guidelines) for the last three years. The process has definitely benefited the company in reducing risk, providing confidence to financial-statement users (including banks) and improving the quality of earnings.
Jack Larch (JLarch@ProLiance.com )
Although I believe there has been little direct impact or any interest in SOX-like efforts, indirectly there is a greater consciousness and expectation of accountability for financial reporting and internal controls. Outside board members, especially those who serve or are connected to public companies, have a greater awareness of reporting risks and are better equipped to ask the right questions. Whether as a result of SOX or perhaps corporate scandals, there is also less willingness to let potential corporate governance problems go unaddressed. Our lenders and insurers have exhibited no difference in approach with regards to SOX.
Don Munchrath (email@example.com )
As a medium-sized, privately owned manufacturer with relatively low debt levels, we have had no pressure by our board, auditors, or lenders in certifying internal controls. We have voluntarily implemented a few Sarbox items, which I think have benefited us in terms of improved controls and the “tone at the top”.
Robert Fetterman (firstname.lastname@example.org )
The bigger question is the impact on the audit process. There are two potentially problematic scenarios. First, the auditors could say that the company should do x, y, and z if it wants to be able to claim SOX compliance. I am aware of private companies whose boards want to be able to state this for business purposes, such as potentially going public, for public-relations purposes, and so on.
In the second scenario, the auditors may adopt, because of SOX and the Public Company Accounting Oversight Board (PCAOB), certain audit-process methodologies that require the company to do more work internally, in order to satisfy the auditor's audit computer program documentation requirements. For example, because the Big 4 use computers in their audit approach to document their decision-making/support processes, their methodology is a “one size fits all”. An example of this is FIN 46R documentation, wherein the auditors go through the process of answering a whole bunch of questions to document that an entity does not have to be consolidated, when only one fact is relevant: There is a carve-out when the entity is an individual. The same goes for their controls review, which is largely based on PCAOB/SEC/SOX rules.
For private companies, the key problem is the indirect impact, not the direct impact, which is where the cost is. Unfortunately, the benefactors of SOX have been the Chinese and the European – the Chinese, as SOX raises costs that American companies must bear, and the Europeans and others from a capital-market perspective.
As a sidebar, my position is, and always has been, to allow companies to decide whether to comply or not, and let their shareholders decide by holding or selling their stocks. SOX addresses a business risk related to financial reporting and control. If a company chooses to adopt a certain risk posture, as they do for a myriad of other business risks, why not let the shareholders decide?
Bill Koch (Bill.Koch@ddiworld.com )
Our annual audit is required by our asset-based lender. In our case, SOX doubled our audit fees, with no associated benefits whatsoever. Unfortunately, we made an auditor change from regional CPA to KPMG in 2002, and they were already talking SOX cost increases when they began the audit. For us, these past four audit years have been difficult because KPMG has a “small box” they audit through, and it’s all dictated by SEC public-company requirements and their fear of being sued. In short, our local KPMG could not structure a more limited audit scope tailored for a private company because the entire audit was driven by SEC public company audit requirements. Small companies are going to pay for this audit overload and overhead.
Carlton B. Rader (CarlR@clloydjohnson.com )
We’re a private company backed by venture capital. We’ve monitored SOX, but that’s it. The venture capitalist’s interest is limited to making sure that SOX compliance would not affect an IPO. Since one has a period prior to filing to work on it and also a grace period after, we have done little so far. As a matter of logistics, we also deferred any action until we had completed new systems earlier this year, as SOXing the old systems was a pointless activity (Quickbooks, etc.).
The bottom line, though, is that SOX adds no value to a private company. The board of directors, like the management team, believes that the controls necessary to run the business are what’s important. We’ve never had an audit adjustment, and the score sheet generally has only small items on it (most of which we find ourselves, not the auditors). At this point, therefore, SOX is a discussion item for the audit committee only.
Nicholas C. White (email@example.com )
Our board understands that it is impractical for a private company to fully comply with SOX. Their concern is that we understand our risks and the steps to achieve compliance as part of a plan to be IPO-ready. We have had no pressure from lenders or insurers, or from any other external sources, to obtain anything other than our annual audit
Bob McCarthy (firstname.lastname@example.org )
We have seen no impact from SOX, and we see little value in SOX.
Mark Green (MGreen@ksea.com )
Our board members recommended that we add an internal-auditor position to help with our accounting department's workload at year-end and to perform internal-audit functions during the remainder of the year. Otherwise, there has been little impact.
Our company has not had any added pressure from our board or auditors, nor have our lenders and insurers expressed interest in internal-control certification. The only impact has been higher audit fees.
Ed Odmark - Ultrafryer Systems, Inc. (email@example.com )
We have had no comments about SOX from banks, insurers or any other parties. Auditors grumble about the requirements for more documentation, and costs go up accordingly.
Doug Jones (Doug_Jones@Keybuild.com )
I am the audit-committee chair of a private company. We are considering an IPO and are working to implement SOX. Most of the controls we are implementing are desirable, regardless of SOX considerations. The potential need to comply with SOX has given us the sense of urgency to go ahead with these improvements.
Having said this, I am not looking forward to the increase in audit fees. We are currently remediating deficiencies and have not yet had testing by the auditors. We may be in the honeymoon period, with unpleasant surprises yet to come as to fees and our assessment of controls.