Section 404 Assignment 1807

  • I was recently assigned a report pertaining to section 404 of the SOX and am looking for a little help with it. The ‘situation’ this assignment gives is that I am to be advising a senator whether to be in favor of or against this sections provisions and have to outline the arguments supporting both.
    I’m relatively new to the accounting world, but from what i’ve come across thus far I know that this section deals with management’s assessment of internal controls. I know I can obviously browse the web to find both sides of the argument, but I was just interested to see what you guys would suggest as good and bad about this section.
    Any help/input is greatly appreciated. Thanks.

  • Getting over my inital reaction which is ‘Lord help us if this is how lawmakers get to their decisions’ I’ll give you my two cents on s404.

    1. There is nothing in Section 404 that is at all objectionable. It is a short passage whcih requires a) management to report on internal control and b) the auditors to provide an opinion on that report.
      Read s404 below and ask yourself what is there really to object to.
      (a) RULES REQUIRED- The Commission shall prescribe rules requiring each annual report required by section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m or 78o(d)) to contain an internal control report, which shall–
      (1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and
      (2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.
      (b) INTERNAL CONTROL EVALUATION AND REPORTING- With respect to the internal control assessment required by subsection (a), each registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this subsection shall be made in accordance with standards for attestation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement.
    2. The execution of s404 is, mostly, in the past for the majority of Companies. The costs of compliance are very front loaded and there would be limited benefit in repealing or modifying it now.
    3. The execution of SOX has been problematic for a variety of reasons and legislating does not solve any of them.
    4. The US made a HUGE step of deploying a principles based piece of legislation this makes peole uncertain because they don’t have checklists to fall back on, however given time this is a better position to be in. Normally the response in the past has been to implement rules based legislation which tends to get more and more complex over time - just look at your tax code as an example - without solving anything.

  • i agree with Denis, and, inprinciple, i have no objections to SOX.
    If I had the opporutnity to change part of it, however, it would be AS2:
    There is a definite need for clarification and more concrete terms and definitions in order to operate anc comply effectively.
    For example, I have seen what is determined as a control deficiency and/ or weakness, together with what suffices as evidence can vary sginficantly between the organisation, the external audit team, and the BIG 4. The minimum sample size required to satisfy an external auditor also varies from firm to firm.
    In addtion, I have been told by a Partner in the Big 4, that the PCAOB perform review practices that conflict with what they preach. For the past 2 years they have reported that management are over-testing and have implemented too many controls as key. Yet, when they review ext audit files, they criticise the auditors and management of having not done enough (apparently they test in detail because their commission is based on how many errors they can find).
    I don’t know if any of the PCAOB guidance falls into the scope of your assignment - but if it does, I would recommend that AS 2 be revised. I know that this has been raised by the PCAOB themselves in the past, but they are very slow to issue any change.

  • Hi and welcome to the forums 🙂
    After getting a good laugh out of Denis’ initial reaction 😉 🙂 – I also see a need for SOX 404 to provide IT controls on financial systems, that complement the overall set of SOX related financial controls. Most financial systems today are highly automated and thus to leave out IT related best practices and standards would be taking a step back in safeguarding against potential fraudulant activity (a key goal of SOX).
    However, as feedback to the legislators, some of the SOX regulations could be potentially improved to eliminate ambiguities. I think many of us have ‘seen it all’ when it comes to situations folks want to control (e.g., from USD.50 pens, to retaining video surveliance footage, to forcing folks to manually fill out forms, to wasting enormous amounts of paper).
    All of these examples are due to misinterpretation and lack of examples in the standards. While SOX must be written for a wide range of industries, perhaps some clearer guidelines with good generic examples could make this extra burden a little lighter for all us 🙂

  • As it was early pointed out, the ‘problem’ with ‘404’ is the interpretation of it by the auditors, management, and other parties.
    But to propose abandoning the desired outcome, renewed confidence in financial information reported by US registered companies, is a hard sell regardless of the means by which SOX is or might be modified.
    In short, is the value of investors’ perception worth this investment? Most investors probably don’t care about the burden put on companies…they just want written and other assurances that their investments are reasonably safe…from this perspective, SOX seems like a relatively cheap investment for all the talk.

  • To the Honorable Senator, First Last,
    An excerpt from a Q-and-A conducted with Lynn Turner is below. Mr. Turner was Chief Accountant for the U.S. Securities and Exchange Commission (SEC) from July 1998 through August 2001. I think the following question and his reply captures the essence of the SOX value proposition:
    Q: So despite all of the complaints, is Sarbanes-Oxley just the price of doing business today if you’re going to do it the right way?
    A: I think so. In November, BusinessWeek ran an article saying that companies are spending an average of USD3 million and 30,000 hours to comply with Sarbanes-Oxley. It would be wrong to refute that. But there was also a much higher price to the corporate greed and the impact it had not only on investors, but on the economy and people in general.
    So if it costs the U.S. USD10-20 billion to implement SOX, that’s a drop in the bucket compared to the USD7 trillion decline in the market cap that we had after Enron, WorldCom, and others. That is a phenomenal cost that is directly attributable to investors’ trust in those corporate executives. And it’s an unfortunate painting of the many corporate executives and employees who are honest, straightforward, and frank.
    For anyone interested, the entire Q-and-A may be found at:

  • I found this article in my early morning reading that ties into these discussions.
    Please add www and paste this long URL into your browser
    Making a strong case for Sarbanes-Oxley{CC754E7A-0E62-4639-ABE8-774FE77C9CEF}-and-column=Herb Greenberg
    Think Sarbanes Oxley should be scrapped or watered down? If so, you haven’t spent any time lately with white collar criminals like Sam Antar, the former chief financial officer of Crazy Eddie, the famous (or is that infamous?) now-defunct New York electronics retailer that also happened to be one of the most famous of all stock frauds.

  • It should be noted here that despite all the strong cases made for Sarbanes Oxley that some in the SEC have the ‘personal opinion’ that Sarbanes Oxley would not in fact have prevented Enron’s Fraud.
    Please note that when stating this, these SEC members always advise that this is their ‘personal opinion’ and NOT the opinion of the SEC.

  • SOx was not necessarily put in place to PREVENT fraud. Sometimes that’s just not possible.
    The Enron case is also particularly complex. There was no single action or fraud that caused the company to collapse, in fact there were many things that happened that were ‘wrong’. There are a number of things which probably would have been prevented by SOx, not least the potential compromising of Andersen through audit and consulting work.
    What SOx does do is put personal accountability on the directors for the finaical reporting of the company. I am convinced Enron Directors would have had second thoughts on a great many things had there been a SOx Act in place. And if not they would have found themselves in jail a lot sooner.

Log in to reply