It is in no way saying that you are claiming to be a CPA and anyone taking your word at it. It is you claiming you are a CPA and providing your membership card and your state board identification number as well. This is an audit and you will still provide back up. You will NOT have to buy 3rd party software and hire specialists to prove you are a CPA.

That is just my opinion.

The benefit sought is accountability. True to Larry’s comment about enforcement of violations but where would the breakdown be in that example? The breakdown is in both the executive’s action and the PCAOB / SEC’s response. Does that mean we should just say, “Hey, no benefit here….no enforcement either. Guess we should just file 13 the whole concept.”

My contention as I mentioned earlier is this. Take away regulation of small public companies. Let’s see how long they can go without having prior period adjustments or violations from the SEC on the GAAP side. The real cause of GAAP issues or proper financial reporting stems from a “lack” of internal controls. As an investor, I am looking at the financial stability and promise (FIRST). The fact that I can look at the company’s disclosures and see that there were NO material weaknesses or deficiencies in the internal controls is only an added bonus. As I mentioned earlier as well, audit firms are not going to catch everything but the benefit is that “someone is looking.” Giving management the responsibility of telling the auditors that their internal controls are A.OK without verification (404(b)), is like me telling you at a job interview that I am a CPA and you just take my word for it.

Randal is dead on with respect to his historical perspective and the exposure to CEOs and CFOs, but I still have to ask “What is the hoped for benefit of making these small issuers jump through the 404(b) hoop?”

In my post in this space on October 19, SOX 404(b) -The Tar Baby and the SECI linked to a discussion of cost, as well as the SEC’s own survey wherein the unanimous opinion of the issuers polled was that 404 did nothing to enhance investor confidence.

Candidly having an auditor opine that management’s assertion that their internal control system has material weaknesses or significant deficiencies is accurate does nothing to forestall fraud.

So if not to reduce the risk of fraud, or increase investor confidence I ask “what is the benefit being sought, can it be achieved through this process, and does this potential benefit justify the cost?”

SOX 404b is the external auditor’s opinion requirement on Management’s assertions regarding the effectiveness of the internal control environment.

I believe the requirement date for Management to disclose it’s assertion on this dates back to FYE’s after 12/15/07. All SEC filing registrants since then have been required to provide this disclosure, and since that point are bound by the covenants of the SOX Act and Sec.404.

The missing piece is having the auditors agree or disagree on Management’s assertions via the annual audit.

So why are small company filers complaining?

Go read their SOX 404 assertion disclosures regarding evaluating the IC environment effectiveness, tracing back to 2007. My guess is you will find that Management has been complying with the disclosure requirements, with the CEO’s and CFO’s signing off on Sec. 302 and 906.

What are they afraid of? My guess is they really have done nothing or little to actually document, assess, and fix their IC. Those signing off should be worried. Back then economic times were different – how quickly things change. Now it’s a catch up situation, and they are pressed against the economic burden today.

Those that have taken the proper steps already have made the most significant financial investment to properly comply with SOX.404 compliance requirements and process in place. If so, they really should then have nothing to fear.

Ask yourself the question, would you like to be a sitting CEO or CFO that has signed off on SEC filings, but has no evidential substance to support this?

They only relief that would help smaller SEC filers would be to get fully exempted from the SOX.404 requirements. Just exempting 404b seems silly to me.

What surprises me? The current legislation that proposes exempting smaller filers from SOX.404 compliance requirements. I’m not sure if it’s everything or just the external audit 404b requirement. In either event, this bill was authored by a Republican.

Given the state of the economy and the events over the past 12-18 months, and having the Democratic party in control beating the more gov’t regulation drum, I didn’t think this could even get out of the committee, but it has. So who knows where this goes. Wonder what the Vegas over/under is on this passing?

This delay originally was because of the change from Audit Standard #2 to AS#5. From what I’ve seen, from the SEC filer perspective, the potential cost reduction really does not happen in the year#1 audit. The auditors need to create their audit baseline in year#1.

The external auditors are regulated by the PCAOB, they will make sure they comply with requirements. Don’t expect them to compromise on this, they have to CYA themselves -logically so.

AS#5 gives auditors the ability “rely” on the work of others. Also allows them to not have to retest areas that have not changed year over year. Example : Application controls with IT systems. Places emphasis on the Entity level environment and materiality, lack there would lead to deeper review at the process levels – logically so.

I’ve been doing SOX projects from the early days, ending up through 2007. From the consultant side, clearly the market has dried up since, really this all concerns the SEC and PCAOB sliding the audit date.

Times up.

There is a considerable amount of documented guideance from COSO and the Big firms – directed at the smaller company filers – taking into consideration AS#5 requirements and changes. These outline the requirements, really gives a roadmap of related risks and what should have been addressed. Good thing to follow, it’s what the auditor will do.

The main observation I would suggest to the smaller filer is to determine how important it is to continue being an SEC registrant. If they trade on one of the major exchanges or OTC, they are required to file with the SEC. If they only trade on the pink sheets, they can effectivety avoid the reporting and compliance requirements with the SEC. The downside is limiting the avenues for their stock to be traded.

If this is not an issue, it is an alternative. Example would be where the company’s stock is closely held, limited shareholders, not eventually looking for analyst coverage,.etc.

But if the company wants continued access to the capital markets, then the rules of the game are clear, and smaller filers have been given ample time to absorb the cost to comply – in my opinion.