Why should private companies implement Sarbanes-Oxley? While public companies must comply with provisions of the Sarbanes-Oxley Act, that's not the case for private companies. Financial Executives Research Foundation (FERF) looks at whether private companies are complying anyway--voluntarily.Publicly held companies are now reporting on the effectiveness of their internal controls over financial reporting, as required by the Sarbanes-Oxley Act See SOX. of 2002. They have expended ex·pend tr.v. ex·pend·ed, ex·pend·ing, ex·pends 1. To lay out; spend: expending tax revenues on government operations. See Synonyms at spend. 2. considerable time and effort to document and test their internal controls, and have paid their auditors significant sums to test these controls. Some companies have had to disclose material weaknesses that must now be remediated. At the state level, some legislators, regulators and other elected or appointed officials are now seeking to duplicate or extend the provisions of the Act to privately held companies privately held company A firm whose shares are held within a relatively small circle of owners and are not traded publicly. and their auditors. While some measures may have merit, and could be supported, other measures may be overreaching Exploiting a situation through Fraud or Unconscionable conduct. . Financial Executives Research Foundation (FERF FERF Financial Executives Research Foundation FERF Far End Reporting Failure FERF Far End Receive Failure ) polled senior finance executives at private companies to assess their thinking on complying. While not all agree on the merits on the merits adj. referring to a judgment, decision or ruling of a court based upon the facts presented in evidence and the law applied to that evidence. A judge decides a case "on the merits" when he/she bases the decision on the fundamental issues and considers of compliance, featured here are interviews with executives from three private companies who are in agreement, but for different reasons. The Software Developer "We think that it is good business to have good processes," says Patrick Mulloy, Director of Finance for Hyland Software Inc. Hyland is a privately owned developer of enterprise content management software that allows companies to automate their business processes, such as storing and retrieving documents like images of bank checks. Hyland, which has been profitable for 26 consecutive quarters, is owned by employees, friends and family, and has no institutional investors Institutional Investor A non-bank person or organization that trades securities in large enough share quantities or dollar amounts that they qualify for preferential treatment and lower commissions. . Its approximately 200 employees with stock options hope to have a "liquidity event" sometime in the future. To do this, the company would have to go public, or at least be acquired, which will then require it to comply with Sarbanes-Oxley. "With about $50 million in annual revenues, we are going through the awkward teenage years of corporate development, but we are ready to grow," concedes Mulloy. He says the company decided it was time to document its processes, and he hired an accountant to document the firm's business and financial processes, just like larger public companies have been doing for the past year or so. Although Hyland does not yet have an internal audit function to report to its audit committee, this individual will rotate into that function. Hyland decided that this process was so important that it assigned a software developer and a product manager to create new documentation software (OnBase SOX (1) (Schema for Object-oriented XML) An XML schema developed by Veo Systems and Muzino Communications, which was submitted to the W3C. SOX is based on DTD, but adds data typing and reuse mechanisms. Solution), which it now markets to existing customers. This software allows companies to document their processes with standard word processing word processing, use of a computer program or a dedicated hardware and software package to write, edit, format, and print a document. Text is most commonly entered using a keyboard similar to a typewriter's, although handwritten input (see pen-based computer) and and then route the documentation to a central repository. The software will track who reviews the documentation, and provides reminders when it should be reviewed and updated, either quarterly or annually. The Service Organization Marvin F. Poer & Co. also found a business-related reason to document its business processes. The largest privately held property tax consulting business in the U.S., Poer was founded in 1964, and now has almost 200 employees in 15 offices around the country. Poer provides property tax consulting services Noun 1. consulting service - service provided by a professional advisor (e.g., a lawyer or doctor or CPA etc.) service - work done by one person or group that benefits another; "budget separately for goods and services" , such as filing personal property taxes and issuing tax payments on behalf of clients. It also provides fixed-asset management services and cost-segregation services. Poer has no plans to go public, but decided to document its internal controls so it could provide its clients with a Statement on Auditing Standards (SAS (1) (SAS Institute Inc., Cary, NC, www.sas.com) A software company that specializes in data warehousing and decision support software based on the SAS System. Founded in 1976, SAS is one of the world's largest privately held software companies. See SAS System. ) No. 70 report. SAS 70 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants With over 330,525 CPA members (in August 2006), the American Institute of Certified Public Accountants (AICPA) is the largest professional organization of Certified Public Accountants (CPAs) in the United States of America. (AICPA AICPA See American Institute of Certified Public Accountants (AICPA). ). The AICPA says a SAS 70 audit or service auditor's examination "is widely recognized because it represents that a service organization has been through an in-depth audit of their control activities, which generally include controls over information technology and related processes." A formal report including the auditor's opinion ("Service Auditor's Report Auditor's Report Recorded in the annual report, the auditor's report tests to see that a corporation's financial statements comply with GAAP. This is sometimes referred to as the clean opinion. Notes: Most auditor's reports consist of three paragraphs. ") is issued to the service organization at the conclusion of a SAS 70 examination. "Our clients need a comfort level to comply with Sarbanes-Oxley Section 404," says Kathryn McBride, vice president, finance for Poer. "SAS 70 is an old statement getting a new life, thanks to Section 404." Prior to 404, clients didn't request SAS 70 reports. The first step in a SAS 70 report is to document a company's controls. Poer focused on documenting the controls for the processes directly related to services to be included in the SAS 70 report. McBride says it used existing staff, avoiding additional salary cost, although workloads increased. The only added cost was the outside auditor fee to test the controls and issue the report. "We understood our processes and controls, so our challenge was to document them precisely so that our clients and their auditors were given a clear and accurate description," says McBride. Though the costs were immaterial Not essential or necessary; not important or pertinent; not decisive; of no substantial consequence; without weight; of no material significance. immaterial adj. to Poer's total cost structure, the benefits are very significant. McBride says, "The biggest benefit is to satisfy our clients' needs, but we think that we have also improved our existing internal controls." The U.S. Subsidiary Companies outside the U.S. also are dealing with Sarbanes-Oxley and internal controls. "The costs of internal control documentation are relatively minor compared to the risk of losing millions," says Andreas Rothe, CFO See Chief Financial Officer. of Hapag-Lloyd (America) Inc., a U.S. subsidiary of TUI AG TUI AG (Touristik Union International) (ISIN: DE000TUAG000) is a German based company. Until 2001 it was an industrial and transportation company named Preussag AG, which in the mid-1990s decided to reinvent itself as a tourism, shipping, and logistics company. . TUI AG is publicly traded in Germany, but is not listed in the U.S., so it is not required to comply with the Act. Hapag-Lloyd (America) provides international liner shipping transportation, with services to Asia, Europe and Latin America Latin America, the Spanish-speaking, Portuguese-speaking, and French-speaking countries (except Canada) of North America, South America, Central America, and the West Indies. and is part of the global Hapag-Lloyd Container Line. Hapag has revenues of almost $900 million annually in North America North America, third largest continent (1990 est. pop. 365,000,000), c.9,400,000 sq mi (24,346,000 sq km), the northern of the two continents of the Western Hemisphere. alone, and that income has to be carefully allocated to cover rail, truck and vessel costs. "If you are not careful, you can easily miss some of those costs," says Rothe. He notes that a competitor recently had to make a $40 million earnings restatement Restatement A revision in a company's earlier financial statements. Notes: The need for restating financial figures can result from fraud, misrepresentation, or a simple clerical error. because it did not properly accrue To increase; to augment; to come to by way of increase; to be added as an increase, profit, or damage. Acquired; falling due; made or executed; matured; occurred; received; vested; was created; was incurred. some of its expenses, most likely due to a lack of proper financial reporting controls. Even though a U.S. subsidiary of a foreign company not registered with the Securities and Exchange Commission (SEC) is not required to comply with the Act, Rothe decided that some compliance did make good business sense. Last year, using the Internal Control Integrated Framework of the Committee of Sponsoring Organizations (COSO COSO Committee of Sponsoring Organizations of the Treadway Commission COSO Church of Spiral Oak COSO Corporate South COSO Class of Service Override COSO Combat Oriented Supply Operations (USAF) ), he began the process of documenting Hapag's internal controls by reviewing its existing procedures and controls. In doing, so, he found that a lot of the processes were not documented. Rothe's documentation has been recognized by senior management at its parent, and similar activities will now be done on a global basis by the parent and all the subsidiaries globally. The Survey Results Not all financial executives at privately held companies are as enthusiastic as the three quoted above about implementing many provisions of Sarbanes-Oxley. Results from a recent survey of private-company financial executives (conducted via PrivateNet, FEI's online newsletter for private companies) showed that, although most are familiar with the Act's provisions, they do not necessarily think that it should be the benchmark for private companies, and they are very selective about which provisions they will implement. Of the 161 executives who responded to the survey, 92 percent were either very familiar (20 percent) or somewhat familiar (72 percent) with Sarbanes-Oxley provisions. Almost 60 percent either disagreed (41 percent) or strongly disagreed (18 percent) that the Act should be the benchmark for private company corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. . Of these, 80 percent had been in a corporate financial management position for more than 10 years, and 90 percent were over 40 years of age. Survey participants were given a list of corporate governance practices required by the Act and were asked whether or not they planned to implement any of these practices. Responses to some of the practices are shown in Figure 1. Unlike the three companies described above, certification of internal control systems was not too popular among survey participants, with only 12 percent having already certified See certification. them and another 22 percent considering certification. This apparent lack of enthusiasm might be explained by the minimal perceived benefits of implementation. Survey participants were given a list of potential benefits that could accrue to private companies that voluntarily adopted Sarbanes-Oxley provisions, and were asked whether they agreed with each. The responses, shown in Figure 2, indicate that most respondents agreed that private company adopters would better position themselves for going public in the future, but did not agree that adopters would gain such "bottom-line" benefits as lower insurance costs or a lower cost of borrowing. Ironically, it is these types of quantitative benefits that the business press frequently promotes as possible justification for voluntary implementation of Sarbanes-Oxley by private companies. Regardless of company size or ownership structure, documenting and testing internal controls requires significant time and effort, and, thus, represents a significant expense. As with all other business initiatives, the expected costs are always weighed against the potential benefits before proceeding. There has to be an acceptable cost/benefit ratio. So, to the question: Will privately-held companies voluntarily implement the provisions of Sarbanes-Oxley? They will, but only if there is a clear business reason, and only if there are quantifiable benefits. The companies profiled in this article found good business reasons to document and test internal controls. Many other companies have yet to make that decision. Figure 1 Is your company establishing: Yes Considering No A code of conduct? 44% 25% 31% An independent audit committee? 42% 10% 48% CEO certifications of financials? 42% 9% 48% A policy on loans to officers? 39% 10% 51% An internal audit function? 28% 13% 59% A more thorough MD & A in the annual report 15% 21% 64% Formal certifications of the internal control systems? 12% 22% 66% Figure 2 Private companies that voluntarily adopt Sarbanes-Oxley provisions can better Strongly Disagree or position themselves for: Agree Agree No Opinion Taking the company public in the future 48% 44% 8% Enhancing credibility with stakeholders 13% 48% 39% Enhancing relationships with stakeholders 11% 40% 49% Major financing options 9% 54% 37% Establishing stronger business credit 6% 44% 50% A lower cost of insurance 4% 25% 71% Lower costs of borrowing 4% 17% 79% Source: Questionnaire to online readers of PrivateNet, a publication of Financial Executives Research Foundation (FERF). Ronald O. Reed, Ph.D., CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. (Ronald.Reed@unco.edu) is Chair and Professor of Accounting at the Monfort College of Business at the University of Northern Colorado  It has been suggested that this article or section be merged with and ()University of Northern Colorado (Northern Colorado) , William M. Sinnett (bsinnett@fei.org) is Manager of Research for Financial Executives Research Foundation (FERF), Thomas Buchman, Ph.D., is Associate Professor of Accounting at the University of Colorado University of Colorado may refer to:
|
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion