Is non-compliance the way forward? 155



  • I understand your frustration: but quite simply… it’s the law.
    SOX isn’t an optional extra. It isn’t a ‘nice to have’. It’s legislation, with specific requirements and deadlines. If you refuse to comply, you are breaking this law, and are subject to the consequences that follow. Do you want to take that risk?



  • Interesting thought. I believe that the law requires management to document their understanding of processes and make an assertion as to the effectiveness of internal controls. Are you still in compliance with the law if your assertion is that they are not effective or if you do not have enough evidence to make that assertion?
    I think that Wall Street will be the deciding factor and that it will ultimately be that this is a permanent change in how we do business. It would take all companies listed on a major exchange to rebel against the requirements for anything to happen. If only a few rebel, then they will likely be punished in the marketplace as their stock plummets (who will want to invest in a company who cannot or will not guarantee that they have adequate internal controls in place?).
    What I do think will change is that the public accounting firms will ease up a bit on the level of documentation that they think companies need in order to get happy with the effectiveness of controls. I think that your auditor is trying to be conservative as to fee increases. While we will see increases in fees, I don’t expect them to be as large as you have indicated.



  • Non compliance is a good indicator that your controls are weak, but it only indicates the potential for fraud not the actual behavior. I think that the shareholders will place a significant portion of their confidence in this process even though we all know if there is something to hide you can always hide it for some duration. Shareholders are looking for assurance, and they have really lost the ability to receive that assurance from the previous means of auditing, so the SEC stepped it up a notch. I do firmly believe this will have a grave impact on the stock market for companies who choose or fail compliance, but it has yet to be decided what will constitute an adverse opinion. You may have deficiencies, but they may not constitute a material weakness therefore not giving your company and adverse opinion from the externals. While I realize that the overall cost of SOX has been substantial for most companies, you are failing to realize the benefits this process can provide for you. You have now established a great COSO foundation, expand upon it to assist in creating a more effective and efficient company by beginning the ERM process.



  • Thanks for your comments everyone.
    I would take issue with the comment that non-compliance means that you have weak controls. In all the man-weeks that we have spent on this project we have not altered one control materially. The controls were all there, they were just not docujented in a way that would satisfy our auditors.
    Speaking of auditors, we have had our first bill for theit preliminary SOX audit. It would seem that our audit costs will not double this year, they will triple. How can such costs be justified? If SOX is meant to be protecting shareholder interest it seems a bit strange to be taking huge chunks of the profits out of the company and into the pockets of auditors.



  • I certainly agree 100%. It’s interesting that the legislation is laregly a statement about our lack of confidence in the Public Accounting community and their ability / desire to detect issues. As a result, public companies are getting the privilege of pumping more money into their coffers.%0AI’ve always felt the problem is that outside auditors are not in any way ‘independent’. As long as the client’s fees are paying the bills, how could they be. What we really need is a fiduciary fund set up that publicly held companies pay into. The auditors would be federal employees (like IRS auditors) and would be responsible to the SEC. No longer would I have to sit in a meeting with an audit partner (who drove up in a Porsche and a custom made suit) and have him say ‘it’s wrong, but…’.



  • Hi All:
    Every body has great points to say.
    Let us admit that the burden of Sarbanes - as a legislation- is not going to go away any time soon. As pointed out by some of my peers - rebelion is not an option.
    This is not like a beach tag fees imposed a by a small seashore city council. This is a serious issue with SEC and Wall Street
    However - one thing I totally agree is the outrageous fees that is charged by Internal Audit and External Audit Consultants. Typically they are in the range of USD250/hr (USD50/hr - Travel Cost) and Above.
    Most of the cost incurred today - go towards - Internal Audit Function( Process Documentation Narratives, Flows etc, Risk Control Matrices etc,.) and then the remainder is External Audit fees. External Fees - ( Time spent at for Client’s Sarbanes Assertions) would greatly fluctuate - as how reliable and documented is client’s Internal Control environment. I mean if you have a poorly managed internal audit environment - your external audit teams has less confidence in your environment- may need to spend lot more time in arriving to assertions stage- and finally after al that - may force you to make Internal Control- disclosures - even worst- maternal defeciencies.
    To grapple with the above scenario;
    What I have been noticing in the industry - -------is that smart organizations are developing their own internal audit departments - consisting of 3 to 4 senrior auditors- say hire folks on FTE basis from Big4 or other Risk Consulting backgrounds.
    These internal teams at the fraction of the cost - would develop the documentation that is required for Sarbanes - closely monitor the quarterly reporting. They work very closely with Business owners, Sr.Mgmt and External Auditors. With external auditors - you have some body qualified to defend your itnernal setup …this shall boost the confidence for external auditors - and if neccessary challenge the external auditor’s time and findings.
    Obviously this is some thing that is happening and I am sure all of witness many more scenarios - how clients are adpting to the ever growing challenges.



  • While I agree wholeheartedly that direct non-compliance is not an option, compliance is going to force a lot of small cap companies to evaluate their need to be public and be compliant. If you’re not public, and have no public debt, there is nothing to be compliant with.



  • Mvedula’s comments seem spot on.
    I’d like to add that I think SOX will change the focus of audit from external to internal. A smart company will get a good internal team in place and make sure the controls work. Then they can force the external audit fees down by reducing the amount of work external auditors need to do.
    External audit should be able to perform ‘systems’ rather than ‘transactions’ audits, a more cost effective approach, and should be able to leverage off the SOX work for general audit. Ultimately for well controlled companies, they could see a reduction in audit fees because of the change in approach.
    I believe our external auditors were given the instruction to leverage off SOX this year (big cost saving for them) and quoted fees on that basis. They then found that we were still struggling to get some controls operational and had to change their approach. Of course they should have known this from the outset - but they won’t admit that they screwed up.



  • You are all talking about the fees to be paid to the external auditors, and yes I agree that this is a good opportunity for them to increase their profits. But what do you think of the risks that this companies will take if one of the firms they certify do a fraud ?
    😞 sorry if my english level is not good enough to express my thoughts



  • Yes, the external Auditors use this opportunity to raise the audit fees. And they argument with the add. sox work. But because of our part of the sox work the can reduce there effort related to the usual work around the anual financial closing. So our net increase of audit fees will hopefully something around 25 - 30%.%0AJust not becoming compliant is a interessting thought. Just recently AXA filed their 20F with a whole bunch of material weaknesses disclosed. And the market didn’t even react on it. The shares didn’t move a cent. So I believe it’s not a market question. It’s all about how the PCAOB and the SEC will react on that. Because we’re are a foreign listed company the worst thing which could happen would the withdrawal of our shares from the NYSE. Domestic US Companys will also face legal charges.%0AI just wait to see somebody volounteering… ;o)



  • but to my organisation SOX is just a waste of time and of money.
    Maybe your organisation needs to think about what it is trying to achieve.
    If you do not have a decent system of internal control and complying with SOx gets you one then that is almost certainly NOT a waste of time and money.
    If you already have a good system of internal control then SOx shouldn’t be such a big problem - believe it or not there are some companies out there that need to do almost nothing to comply.
    In terms of the wider question - is non-compliance the way forward? Then the answer is probably not. Companies tend to be listed on the Stock Exchange for a good reason, now there may be some foreign companies that choose to delist their secondary listing from NYSE and there may be smaller public companies that do so as well - but these will defintiely be in the minority.
    For companies that remain listed non-compliance carries heavy penalties, so probably not a great option. Complying but disclosing that there is inadequate internal control will proably be penalised by the market - so again not a great option.



  • Very, Very interesting discussion in here.
    Every Company really should have been in compliance in the beginning, even if they were just utilizing ‘best practices’. Documentation would have been the biggest hoop. Non-Compliance is not an option. All the ‘kids’ just couldn’t seem to be able to play together, so mom and dad set new rules. Shareholders want and will get assurances that there is not any fraud within the company they hold ‘stock’ in and management will assert that the controls are adequate. This came about because the ‘big guys’ lied and said ‘we are making money’ when they were not. The executives are not the ones that suffer, with large retirement and severance packages, the shareholders and public suffer the lie.
    Your costs will increase only because you have not come into compliance this year or do not understand what ‘your auditors’ internal or ecxternal are doing. In my this current project, I strongly suggested the previous consulting firm be backcharged for all our fees. This consulting firm had led this company down a path that almost create a failed external audit. I came on board with a new team and we straightened it all out in a very short amount of time. If the company had any understanding of the process at all they would have know what was wrong.
    It is up to management to understand the process, requirements and costs to enable any company to comply and not go broke doing it. After this year your companies should be maintaining not increasing costs.
    Your biggest costs were getting into compliance. How could the cost double or triple if you have become compliant and should be on a maintain level. Every company should re-org the internal audit organization to include an IT side, this will keep costs down dramatically.
    Management pushing back on external auditing firms will help keep costs down, some of them demand to much of a firm to be compliant and it is up to management to make the argument against it. They are playing it conservative as they too have to attest to the controls within the firm and will be held accountable. They also are going through a peer review of the process they use.
    From a Business Continuity book:
    ‘An auditor is the person who comes in after the war is over and bayonets the wounded.’



  • Why did the auditor cross the road?
    Because he did it last year. :oops:



  • I think that you have a key point Plaire1, when you say that some auditors are demanding too much of a firm to be compliant. Our auditors said that they had no evidence of freview controls, and therefore they couldn’t test them. When replying to Group on this point I asked whether the auditors would like video tape evidence of the Financial Director reviewing information.
    You are also quite correct when you say that documentation is the biggest problem. Someone else suggested that we should examine what we are trying to achieve. We we certainly are not trying to achieve good internal controls, because we already have them. The auditors have examined our internal controls for years and have always been satisfied with them. As I have said before, our intermnal controls have changed little, but it’s the documentation and the formalisation of authorisation processes that are the major burden for us. You must remember that we are a GBP15m turnover subsidiary, so we don’t have an internal audit department, we don’t have layers of supervisors who can sign off other people’s reconciliations. SOX is indeed a reaction to the ‘big boys’ not being honest, but if you are a ‘small boy’ the compliance process, at least as perceived by our auditors, is financially crippling and of very little benefit.
    Denis - I like it :lol:



  • Why did the auditor cross the road?
    Cause he was stuck to the back of the chicken 😄



  • You must remember that we are a GBP15m turnover subsidiary

    Has your parent Company considered the materiality of your operation? If you are not material to the results overall there is an argument that you don’t have to do anything. Or alternatively that you do not need to look at the full range of business processes.
    I have certainly been involved in projects where entire countries were excluded from scope on grounds of materiality.



  • Very true. That is where the argumentation from your management to the external auditors takes place. The auditors can ‘request’ items, management has to take a stand, to reflect efforts in compliance, and reflect the controls are effective.
    Fortunately our external audit team does take into consideration the size of the entity they are auditing adn reflect on the in accepting primary and secondary controls. Some external auditiors will not accept secondary controls.
    PCAOB has a very clear, maybe the only clear reflection on this area of managements ‘efforts’ to comply and if your management can sufficiently document the efforts to comply, the ecternal auditors ‘opinions’ need to reflect it.



  • This is very interesting conversation… I think I have a rather unique insight, just leaving public accounting as one of those ‘external auditors’ and joining an internal audit team for a public company… first, I read a comment about the external auditors looking at a company’s controls every year… the controls we look at for a financial statement audit doesn’t even hit the tip of the iceberg as to what is required under 404. That comparison can’t even be made and it really does show the lack of understanding as to the level of detail really underneath an external audit. All of the complaints about fees are very ironic to me… as one of the biggest complaints from the external audit side ( from some of the lower level employees… the ones that DO the work) is that there is NEVER enough time in the budget…the budget can’t be expanded, because the client will flip out over the increase in fees. I can guarantee you that the ones doing the work earn every penny … there were many nights I worked until 1:00…4:00 in the morning. And yes… if you don’t have it documented that you didn’t perform a control…it wasn’t performed, we didn’t make the rule up…it’s just the way it is. One firm went completely under… a lot of people lost their jobs, their retirement… the people of Enron and the people of Andersen. Believe me, everyone internal and external is tired…



  • Why did the auditor cross the road?
    Because he did it last year. :oops:
    No, because his ‘MasterSOXer’ manager didn’t train him any better and micromanaged him to the point of not being able to use his own judgment.



  • They’re crossing the road because of missing key controls… 😄
    If I look at the fee’s they charged us up to know, they’re getting close to becoming a siginificant item in our balance sheet.


Log in to reply