Cherry-picking Sarbanes-Oxley: provisions that deserve a second look.EXECUTIVE SUMMARY * Private companies and charities aren't required to comply with the Sarbanes-Oxley Act See SOX. . But they can adopt some of its requirements as best practices. Cherry-picking the provisions that will help them the most means they can get maximum benefit at minimum cost. * Among the private entities that might want to voluntarily adopt the provisions of Sarbanes-Oxley are companies planning an IPO (Initial Public Offering) The first time a company offers shares of stock to the public. While not a computer term per se, many founders, employees and insiders of computer companies have found this acronym more exciting than any tech term they ever heard. and those that might merge with or be acquired by a public company within the next two or three years. Such companies might earn a premium for already being Sarbanes-Oxley compliant. * A number of Sarbanes-Oxley provisions also might make sense for other private companies or NPOs. For example, many private organizations are creating audit committees composed of outside directors or naming an audit committee financial expert. * A code of ethics Code of Ethics can refer to:
n. One who reveals wrongdoing within an organization to the public or to those in positions of authority: "The Pentagon's most famous whistleblower is . . provisions in place can help private companies and NPOs fight fraud. * While large public companies are required to establish and maintain internal controls over financial reporting, it isn't yet clear whether the benefits of doing so are worth the high cost for private organizations. ********** While public companies are required to comply with the Sarbanes-Oxley Act, privately held businesses and charitable organizations This article is about charitable organizations. For other uses of the word charity, see Charity. A charitable organization (also known as a charity) is an organization with charitable purposes only. generally are immune from the acts far-reaching provisions. Still, many such entities are finding that certain aspects of the act can benefit their overall operations and are cherry-picking those parts that will do them the most good. Here are some requirements of Sarbanes-Oxley that deserve a second look even from organizations that don't have to implement any of the act's provisions. THE WHO AND WHY What types of private entities might want to voluntarily adopt the Sarbanes-Oxley provisions that so many public companies have been struggling to implement? For companies that might soon go public, the voluntary aspect of adoption becomes almost mandatory. Companies planning an IPO within the next two to three years would be better off adopting Sarbanes-Oxley guidelines guidelines, n.pl a set of standards, criteria, or specifications to be used or followed in the performance of certain tasks. now rather than waiting until they go public, when they might face unknown costs and delays. Companies contemplating a merger or being acquired by a public company within the next few years also are prime candidates. If a private company owner's exit strategy is to prepare the company for eventual sale, one of the suitors might be a public company willing to pay a premium for an acquisition target that already is Sarbanes-Oxley compliant. Many not-for-profit organizations also are adopting some Sarbanes-Oxley provisions. In California, for example, the Nonprofit A corporation or an association that conducts business for the benefit of the general public without shareholders and without a profit motive. Nonprofits are also called not-for-profit corporations. Nonprofit corporations are created according to state law. Integrity Act of 2004 requires charitable organizations with over $2 million in gross revenues to have an audit committee, which also approves nonaudit services, and audited financial statements. The directors of these entities may themselves be officers of public companies who understand the benefits of stronger internal controls and some of the other requirements of Sarbanes-Oxley, and would like to see the NPOs they help preside pre·side intr.v. pre·sid·ed, pre·sid·ing, pre·sides 1. To hold the position of authority; act as chairperson or president. 2. To possess or exercise authority or control. 3. over comply voluntarily Companies with absentee One who has left, either temporarily or permanently, his or her domicile or usual place of residence or business. A person beyond the geographical borders of a state who has not authorized an agent to represent him or her in legal proceedings that may be commenced against him or her owners also might consider adopting certain parts of the act voluntarily to ensure the professional management is doing a good job. And finally, banks that extend loans or lines of credit to private companies are asking borrowers for more internal controls--like those found in Sarbanes-Oxley--before making loans. BEYOND CONTROLS Sarbanes-Oxley is more than just a requirement for stricter internal control audits. It includes other elements that affect overall corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. and audit relationships. In some instances even public companies are making changes that the act doesn't require but that stem from the new climate of corporate behavior. CPAs should encourage private companies and NPOs to look carefully at some or all of the actions described below that can potentially improve overall operations at relatively minimal cost. Audit committee membership. The act requires that all public company audit committee members be outside directors not employed by or associated with the company. Many private organizations are adopting similar rules to ensure the external auditors The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. have a conduit conduit /con·du·it/ (kon´doo-it) channel. ileal conduit the surgical anastomosis of the ureters to one end of a detached segment of ileum, the other end being used to form a stoma on the to the board outside of management. Audit committee "financial expert." Under Sarbanes-Oxley, at least one audit committee member must be a financial expert. While no specific qualifications are required, exhibit 1, at right, lists some that companies can consider when making such a designation. Private organizations should name at least one audit committee member as a financial expert who can question the auditors about various transactions and the handling of accounts in the financial statements and accompanying footnotes. Of course, this does not preclude pre·clude tr.v. pre·clud·ed, pre·clud·ing, pre·cludes 1. To make impossible, as by action taken in advance; prevent. See Synonyms at prevent. 2. other members from asking questions as well. Exhibit 1 Defining a "Financial Expert" Under Sarbanes-Oxley, to be considered a "financial expert," an individual-through education and experience as a public accountant or auditor or as a principal financial officer, comptroller or principal accounting officer of an issuer or from a position involving the performance of similar functions--must have * An understanding of generally accepted accounting principles and financial statements. * Experience in ** The preparation or auditing of financial statements of generally comparable issuers. ** The application of such principles in connection with the accounting for estimates, accruals and reserves. * Experience with internal accounting controls. * An understanding of audit committee functions. Audit committee compensation. The law makes no mention of compensation for audit committee members. However, studies show companies have begun to compensate these individuals at a slightly higher rate than regular board members, mainly due to the amount of outside work necessary to prepare for meetings with the board and with the auditors, as well as for the increased number and duration of meetings. Many organizations also are providing extra compensation for the committee chair because of the additional preparation work and the increased number of meetings with the CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. , CFO See Chief Financial Officer. and outside auditors. Audit committee funding. The law says public company audit committees must be funded sufficiently to allow them to perform their duties adequately. Private organizations should be aware their audit committees may require extra funding because of additional meetings or having to engage consultants to answer questions that are beyond the scope of the members' knowledge or to determine alternative accounting treatments. Companies should budget accordingly when they establish audit committees. Communications with auditors. The audit committee of any organization--public, private or charity--should be able to meet with both the external and internal auditors Internal auditor An employee of a company who analyzes the company's accounting records to that the company is following and complying with all regulations. separately from management to ask any necessary questions. These meetings may be distinct from regularly scheduled board meetings. Also, the external or internal auditor should be able to call a meeting whenever the attention of the audit committee or board is needed. Audit committee approval of nonaudit services. Under Sarbanes-Oxley any allowed nonaudit services that exceed 5% of total revenues paid by the issuer to the audit firm require audit committee approval. Some services require board approval no matter what they cost. Adopting such a policy in a private organization would help guarantee that management is not relying solely on one CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. firm to provide all financial services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. . Recent history has shown us this is not a good idea even where it is permitted. (See exhibit 2, below, for a partial listing of nonaudit services prohibited pro·hib·it tr.v. pro·hib·it·ed, pro·hib·it·ing, pro·hib·its 1. To forbid by authority: Smoking is prohibited in most theaters. See Synonyms at forbid. 2. by the act and exhibit 3, page 74, for services that require audit committee approval.) Exhibit 2 Prohibited Nonaudit Services Under Sarbanes-Oxley * Bookkeeping or other services related to the accounting records or financial statements of the audit client. * Financial information systems design and implementation. * Appraisal or valuation services. * Fairness opinions or contribution-in-kind reports. * Actuarial services. * Internal audit outsourcing services. * Management functions. * Human resources. * Broker/dealer, investment adviser or investment banking services. * Legal services. * Expert services unrelated to the audit. * Any other service the PCAOB determines, by regulation, is impermissible. Exhibit 3 Nonaudit Services Requiring Audit Committee Approval * Transfer pricing studies. * Cost segregation studies. * Tax-only valuations. * Comments on candidates for senior executive positions. * Tax ** Compliance ** Planning ** Advisory ** But not representation in court case * Lending tax staff for special projects. * Compensation packages. * ESOPs. * Requests for rulings. Code of ethics. A code of ethics is a great idea for any organization. It sets the tone at the top and explains what is expected of employees and associates in their behavior toward customers, suppliers, fellow employees, management and other stakeholders Stakeholders All parties that have an interest, financial or otherwise, in a firm-stockholders, creditors, bondholders, employees, customers, management, the community, and the government. . A significant number of private organizations are adopting ethic codes as a best practice. Whistle-blower provisions. Public companies haven't cornered the market on fraud; private companies and NPOs have their share as well. Any employee, customer or supplier who detects fraud or misrepresentation misrepresentation In law, any false or misleading expression of fact, usually with the intent to deceive or defraud. It most commonly occurs in insurance and real-estate contracts. False advertising may also constitute misrepresentation. within an organization should be able to follow the procedures the audit committee has established for the receipt, retention and treatment of such complaints. Many organizations outsource this function to maintain the whistle-blower's confidentiality, while the allegation The assertion, claim, declaration, or statement of a party to an action, setting out what he or she expects to prove. If the allegations in a plaintiff's complaint are insufficient to establish that the person's legal rights have been violated, the defendant can make a itself is referred to the audit committee for action. Use of outside advisers. The audit committee should not have to rely solely on the organization's legal counsel or internal consultants for advice. In fact, there may be instances where in-house counsel is part of any alleged misconduct MISCONDUCT. Unlawful behaviour by a person entrusted in any degree: with the administration of justice, by which the rights of the parties and the justice of the, case may have been affected. 2. . The act says public companies should provide the audit committee with funding for outside advisers, including legal counsel or consultants. Funding for similar resources would be a good idea for private companies as well. Management's responsibility for internal control over financial reporting. This is a major provision of the act, the section public companies are spending the most money on. It says management is responsible for establishing and maintaining an internal control structure and con ducting duct·ing n. 1. A duct or system of ducts. 2. Material for making ducts. a yearend assessment of the structure's effectiveness over financial reporting. For private organizations, the cost/ benefit relationship of adopting similar rules has not yet been proven. Accelerated filing public organizations must comply regardless of the benefits. Nonaccelerated public company filers (those with less than $75 million in capitalization capitalization n. 1) the act of counting anticipated earnings and expenses as capital assets (property, equipment, fixtures) for accounting purposes. 2) the amount of anticipated net earnings which hypothetically can be used for conversion into capital assets. ) still have time to comply--until fiscal years ending after July 15, 2007. However, both the SEC and PCAOB PCAOB Public Company Accounting Oversight Board are still considering extending the deadline or increasing the capitalization amount. So, unless your organization is one of those preparing for an IPO or merger, the jury is still out on whether the act's internal control rules are recommended best practices. Management certification of financial statements. Having the CEO and CFO sign off on the financial statements and footnotes is key for all organizations, public and private. Many charitable organizations are asking this of their management as well. By taking responsibility for the numbers, executives show their leadership and qualifications for the positions they hold. This step goes beyond the basic representation letter and has executives taking formal responsibility for the financial statements. Under Sarbanes-Oxley, public company executives can be held criminally liable for misrepresentations. For privately held companies privately held company A firm whose shares are held within a relatively small circle of owners and are not traded publicly. some other best practices that are not specifically part of Sarbanes-Oxley might include establishing an internal audit department or internal audit function or at least outsourcing (1) Contracting with outside consultants, software houses or service bureaus to perform systems analysis, programming and datacenter operations. Contrast with insourcing. See netsourcing, ASP, SSP and facilities management. internal audit to a specialist. Doing so might improve overall operations and provide additional benefits beyond the cost. The charter for many internal audit departments is no longer just helping the external auditors with their annual audit, but also helping management improve overall operations and controls. Outsourcing is a good idea for entities that may not need a full-time internal audit staff or do not have the resources to develop the necessary competencies internally. The outsourced staff can be expanded to meet seasonal or other needs, and, typically, its lower cost outweighs the benefits an internal audit function will bring. PICK AND CHOOSE Private organizations are in a unique position with regard to Sarbanes-Oxley; they can pick and choose those parts of the act that potentially offer the most benefit. At the same time they don't have to spend inordinate amounts of money to prepare for an auditor's assessments of internal controls, nor institute an elaborate system of controls to comply with the act. Instead, they can take a more reasonable cost/benefit approach and select those provisions and controls that might benefit their organization without incurring significant costs. This is an enviable en·vi·a·ble adj. So desirable as to arouse envy: "the enviable English quality of being able to be mute without unrest" Henry James. position to be in. Entities that aren't required to comply with Sarbanes-Oxley also should use some caution. Following the entire act's requirements can be time consuming and costly. And some provisions relate closely to others and shouldn't be adopted separately. CPAs should advise clients or employers as to which sections of the act might be best for their organizations and how to begin implementing them. While the list will vary from organization to organization, the result will be a stronger entity better able to deal with today's financial challenges. Voluntary Compliance In a January 2006 survey of the CEOs of "fast-growing" private companies, * 27% said their companies had adopted Sarbanes-Oxley best practices in areas such as governance and transparency. * 73% opposed any future federal or state regulations that would impose Sarbanes-Oxley provisions on entities other than public companies. * 67% of those considering going public said the cost of Sarbanes-Oxley compliance was a potential barrier. Source: PricewaterhouseCoopers, Trendsetter trend·set·ter n. One that initiates or popularizes a trend: "The Golden State, ever the trendsetter, reformed its property tax" New York. Barometer, www.barometersurveys.com. Private vs. Public Congress never intended the Sarbanes-Oxley Act to apply to nonpublic companies and nonprofit organizations Nonprofit Organization An association that is given tax-free status. Donations to a non-profit organization are often tax deductible as well. Notes: Examples of non-profit organizations are charities, hospitals and schools. . But a national study by Foley fo·ley n. 1. A technical process by which sounds are created or altered for use in a film, video, or other electronically produced work. 2. A person who creates or alters sounds using this process. & Lardner LLP LLP - Lower Layer Protocol . The Impact of Sarbanes-Oxley on Private & Nonprofit Companies, revealed that these entities continue to adopt provisions of the act as best practices. The study showed that while for-profit private companies have been consistently self-imposing Sarbanes-Oxley standards, nonprofit entities have been even more aggressive in adopting corporate governance reforms. Nonprofits are more likely to implement or plan to implement whistle-blower procedures, board approval of nonaudit services by auditors and restrictions on executive compensation, among other changes. Here are some other study findings: * Private companies tend to adopt the least expensive reforms, as opposed to more costly initiatives such as section 404 audits of internal controls. * Some 84% of private organizations responding to the survey believed corporate governance reform was "about right," an increase over the 78% who had responded that way in 2005. * Survey respondents In the context of marketing research, a representative sample drawn from a larger population of people from whom information is collected and used to develop or confirm marketing strategy. estimated an average annual price tag of $105,000 for corporate governance procedures, a 26% increase over their estimated costs before Congress enacted Sarbanes-Oxley. Foley & Lardner surveyed 56 private entities in January 2006--20 nonprofit organizations and 36 for-profit private companies. The full survey results are available at www. foley.com/2006privatestudy. Practical Tips * Recommend that companies planning an IPO within the next two to three years adopt Sarbanes-Oxley guidelines now rather than waiting until they go public-when they could face unknown costs and delays. * Remind organizations of all sizes, public or private, that adopting a code of ethics is a good idea. It sets the tone at the top and explains what is expected of employees and associates in their behavior toward others. * Advise private companies and NPOs that their boards of directors should have the ability and funding to consult with outside advisers on financial reporting and legal questions that may arise. Richard S Ri·chard , Joseph Henri Maurice Known as "Rocket." 1921-2000. Canadian hockey player. A right wing for the Montreal Canadiens (1942-1960), he led his team to eight Stanley Cup championships and was the first player to score 50 goals in a . Savich, CPA, PhD, is president of ABKO Consulting in Bermuda Dunes, Calif. He is also on the faculty of the accounting and finance department at California State University Enrollment  in San Bernardino San Bernardino, city, United StatesSan Bernardino (săn bûr'nədē`nō), city (1990 pop. 164,164), seat of San Bernardino co., S Calif., at the foot of the San Bernardino Mts.; inc. 1854. . His e-mail address See Internet address. e-mail address - electronic mail address is dicksavich@abko.com. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion