SEC clarifies SOX guidance

The US Securities and Exchange Commission (SEC) makes good on long-promised new guidance for Sarbanes-Oxley.

The US Securities and Exchange Commission (SEC) has unanimously approved new guidelines for Section 404 of the Sarbanes-Oxley Act (SOX) that are designed to help public companies better assess the strength of their internal controls over financial reporting and thus ease the costs of complying with the 2002 law, especially for small to medium sized businesses (SMBs).

More on Sarbanes-Oxley
Sarbanes-Oxley defeat blow for SMBs 

SEC to small companies on SOX: Not off the hook

SOX deadline extended for the smallest public companies

The long-promised new guidelines make good on testimony from SEC Chairman Christopher Cox before the Senate last month. Cox had said that the nation's regulatory body indeed felt the pain inflicted by Section 404, particularly on SMBs, and acknowledged its requirements as laid out had proved "too expensive for everyone."

"Congress never intended that the 404 process should become inflexible, burdensome and wasteful. The objective of Section 404 is to provide meaningful disclosure to investors about the effectiveness of a company's internal controls systems, without creating unnecessary compliance burdens or wasting shareholder resources," Cox said in a statement yesterday.

SOX was initially passed as a protection for investors in the wake of the financial wrongdoing at Enron Corp. and other corporate scandals. It has come under fire by businesses groups for costing far more than anticipated and undercutting the ability of American corporations to compete in the world markets. Some firms have had to make costly IT upgrades to achieve compliance. 

Section 404, considered the most onerous requirement, says publicly traded companies must show their internal financial controls are accurate and must have an auditor sign off on management's assessment. The meager guidance on 404 from the SEC prompted many companies to err on the expensive side of caution, creating a thriving cottage industry for auditors and consultants who were happy to oblige.

The new guidance, which applies to companies of all sizes, was spurred by this year's deadline requiring smaller public companies to also comply with the law. Companies with a market value of less than $75 million had been given more time to comply with the law.

John W. White, director of the SEC's division of corporation finance, said yesterday that the new guidelines "reduce uncertainty about what constitutes a reusable approach to management's evaluation." Yet they're flexible enough so companies don't have to jettison the "procedures and tools" they've developed to serve the company and its investors, he added.

The Public Company Accounting Oversight Board (PCAOB), the SEC's partner in compliance, is expected to vote today on new rules for auditors that are intended to help companies take a top-down approach to SOX, rather than the costly laundry list approach of recent years.

Let us know what you think about the story; email: Linda Tucci, Senior News Writer

Read more on IT risk management