For several years, the Securities and Exchange Commission (SEC) has pushed back the compliance deadline for smaller public companies (companies with less than $75 million in public float) with the accounting rules of Section 404 of the
Then earlier this month, SEC Chairman Christopher Cox offered small businesses a Christmas present. Never mind 2008 compliance, he said. Let's push it to 2009.
"My first thought was, this isn't even worth a Gartner prediction," said French Caldwell, research vice president at Gartner Inc. in Stamford, Conn. "2008 is an election year. Who couldn't predict this? Giving small businesses a break on Sarbanes-Oxley at this time? We've known this was coming for a long time."
With the economy shaky and many members of Congress facing re-election in 2008, Caldwell said the federal government is looking to avoid any controversy over the costs small businesses would incur from compliance.
"I think this is essentially a move that gets them beyond the election, and gets them a little bit of cover to come out with some additional rules that make it a little easier on small businesses," Caldwell said. "They're not going to have this blow up in their faces in an election year."
Liza Warner, internal audit and controls solutions director at Jefferson Wells International Inc., said the SEC "has been getting a lot of pressure from various parties. For smaller companies to comply with Section 404 of Sarbanes-Oxley is very expensive. With the SEC creating additional guidance for compliance they have been proposing and providing since midyear, they rightfully have to give smaller companies time to absorb to those changes." Milwaukee-based Jefferson Wells is a professional services company that specializes in internal audit and controls, finance and accounting, tax, operations and technology risk management.
Warner said the cost of SOX compliance for smaller businesses varies, but she estimated that it can range from $100,000 to several hundred thousand dollars. Much of these are first-year costs, according to Warner. Once a company has its internal controls in place, the costs will go down as companies focus their compliance spending on audits.
U.S. Rep Nydia Vel´zquez, chairwoman of the House Small Business Committee, recently published a report that claimed small businesses could spend up to 3% of their net income complying with Sarbanes-Oxley.
"This is not the SEC's fault," Caldwell said of the compliance costs small businesses are facing. "It's the auditors' faults. The auditors have never sat down and said, 'Here is the standard by which we are going to do the audits [for small public companies].' They've never done it. It borders on near negligence."
Caldwell said the country's leading auditing firms should take this newest deadline extension as an opportunity to mitigate this "negligence."
In the meantime, there are steps CIOs at small public companies can take during this latest extension. They should get their change management and application development processes documented and tested. They should also tighten up their identity management and access management processes and ensure a segregation of duties for financial applications, Caldwell said.
He added that many CIOs at small companies are on top of this. And compliance isn't as tough as one would think.
"I've talked to a lot of small businesses who are really starting to get a handle on this,' Caldwell aid. "They're financial services are simpler. They're not distributed all over the world."
Let us know what you think about the story; email: Shamus McGillicuddy, News Writer.