Is non-compliance the way forward? 155



  • Hi All:
    Every body has great points to say.
    Let us admit that the burden of Sarbanes - as a legislation- is not going to go away any time soon. As pointed out by some of my peers - rebelion is not an option.
    This is not like a beach tag fees imposed a by a small seashore city council. This is a serious issue with SEC and Wall Street
    However - one thing I totally agree is the outrageous fees that is charged by Internal Audit and External Audit Consultants. Typically they are in the range of USD250/hr (USD50/hr - Travel Cost) and Above.
    Most of the cost incurred today - go towards - Internal Audit Function( Process Documentation Narratives, Flows etc, Risk Control Matrices etc,.) and then the remainder is External Audit fees. External Fees - ( Time spent at for Client’s Sarbanes Assertions) would greatly fluctuate - as how reliable and documented is client’s Internal Control environment. I mean if you have a poorly managed internal audit environment - your external audit teams has less confidence in your environment- may need to spend lot more time in arriving to assertions stage- and finally after al that - may force you to make Internal Control- disclosures - even worst- maternal defeciencies.
    To grapple with the above scenario;
    What I have been noticing in the industry - -------is that smart organizations are developing their own internal audit departments - consisting of 3 to 4 senrior auditors- say hire folks on FTE basis from Big4 or other Risk Consulting backgrounds.
    These internal teams at the fraction of the cost - would develop the documentation that is required for Sarbanes - closely monitor the quarterly reporting. They work very closely with Business owners, Sr.Mgmt and External Auditors. With external auditors - you have some body qualified to defend your itnernal setup …this shall boost the confidence for external auditors - and if neccessary challenge the external auditor’s time and findings.
    Obviously this is some thing that is happening and I am sure all of witness many more scenarios - how clients are adpting to the ever growing challenges.



  • While I agree wholeheartedly that direct non-compliance is not an option, compliance is going to force a lot of small cap companies to evaluate their need to be public and be compliant. If you’re not public, and have no public debt, there is nothing to be compliant with.



  • Mvedula’s comments seem spot on.
    I’d like to add that I think SOX will change the focus of audit from external to internal. A smart company will get a good internal team in place and make sure the controls work. Then they can force the external audit fees down by reducing the amount of work external auditors need to do.
    External audit should be able to perform ‘systems’ rather than ‘transactions’ audits, a more cost effective approach, and should be able to leverage off the SOX work for general audit. Ultimately for well controlled companies, they could see a reduction in audit fees because of the change in approach.
    I believe our external auditors were given the instruction to leverage off SOX this year (big cost saving for them) and quoted fees on that basis. They then found that we were still struggling to get some controls operational and had to change their approach. Of course they should have known this from the outset - but they won’t admit that they screwed up.



  • You are all talking about the fees to be paid to the external auditors, and yes I agree that this is a good opportunity for them to increase their profits. But what do you think of the risks that this companies will take if one of the firms they certify do a fraud ?
    😞 sorry if my english level is not good enough to express my thoughts



  • Yes, the external Auditors use this opportunity to raise the audit fees. And they argument with the add. sox work. But because of our part of the sox work the can reduce there effort related to the usual work around the anual financial closing. So our net increase of audit fees will hopefully something around 25 - 30%.%0AJust not becoming compliant is a interessting thought. Just recently AXA filed their 20F with a whole bunch of material weaknesses disclosed. And the market didn’t even react on it. The shares didn’t move a cent. So I believe it’s not a market question. It’s all about how the PCAOB and the SEC will react on that. Because we’re are a foreign listed company the worst thing which could happen would the withdrawal of our shares from the NYSE. Domestic US Companys will also face legal charges.%0AI just wait to see somebody volounteering… ;o)



  • but to my organisation SOX is just a waste of time and of money.
    Maybe your organisation needs to think about what it is trying to achieve.
    If you do not have a decent system of internal control and complying with SOx gets you one then that is almost certainly NOT a waste of time and money.
    If you already have a good system of internal control then SOx shouldn’t be such a big problem - believe it or not there are some companies out there that need to do almost nothing to comply.
    In terms of the wider question - is non-compliance the way forward? Then the answer is probably not. Companies tend to be listed on the Stock Exchange for a good reason, now there may be some foreign companies that choose to delist their secondary listing from NYSE and there may be smaller public companies that do so as well - but these will defintiely be in the minority.
    For companies that remain listed non-compliance carries heavy penalties, so probably not a great option. Complying but disclosing that there is inadequate internal control will proably be penalised by the market - so again not a great option.



  • Very, Very interesting discussion in here.
    Every Company really should have been in compliance in the beginning, even if they were just utilizing ‘best practices’. Documentation would have been the biggest hoop. Non-Compliance is not an option. All the ‘kids’ just couldn’t seem to be able to play together, so mom and dad set new rules. Shareholders want and will get assurances that there is not any fraud within the company they hold ‘stock’ in and management will assert that the controls are adequate. This came about because the ‘big guys’ lied and said ‘we are making money’ when they were not. The executives are not the ones that suffer, with large retirement and severance packages, the shareholders and public suffer the lie.
    Your costs will increase only because you have not come into compliance this year or do not understand what ‘your auditors’ internal or ecxternal are doing. In my this current project, I strongly suggested the previous consulting firm be backcharged for all our fees. This consulting firm had led this company down a path that almost create a failed external audit. I came on board with a new team and we straightened it all out in a very short amount of time. If the company had any understanding of the process at all they would have know what was wrong.
    It is up to management to understand the process, requirements and costs to enable any company to comply and not go broke doing it. After this year your companies should be maintaining not increasing costs.
    Your biggest costs were getting into compliance. How could the cost double or triple if you have become compliant and should be on a maintain level. Every company should re-org the internal audit organization to include an IT side, this will keep costs down dramatically.
    Management pushing back on external auditing firms will help keep costs down, some of them demand to much of a firm to be compliant and it is up to management to make the argument against it. They are playing it conservative as they too have to attest to the controls within the firm and will be held accountable. They also are going through a peer review of the process they use.
    From a Business Continuity book:
    ‘An auditor is the person who comes in after the war is over and bayonets the wounded.’



  • Why did the auditor cross the road?
    Because he did it last year. :oops:



  • I think that you have a key point Plaire1, when you say that some auditors are demanding too much of a firm to be compliant. Our auditors said that they had no evidence of freview controls, and therefore they couldn’t test them. When replying to Group on this point I asked whether the auditors would like video tape evidence of the Financial Director reviewing information.
    You are also quite correct when you say that documentation is the biggest problem. Someone else suggested that we should examine what we are trying to achieve. We we certainly are not trying to achieve good internal controls, because we already have them. The auditors have examined our internal controls for years and have always been satisfied with them. As I have said before, our intermnal controls have changed little, but it’s the documentation and the formalisation of authorisation processes that are the major burden for us. You must remember that we are a GBP15m turnover subsidiary, so we don’t have an internal audit department, we don’t have layers of supervisors who can sign off other people’s reconciliations. SOX is indeed a reaction to the ‘big boys’ not being honest, but if you are a ‘small boy’ the compliance process, at least as perceived by our auditors, is financially crippling and of very little benefit.
    Denis - I like it :lol:



  • Why did the auditor cross the road?
    Cause he was stuck to the back of the chicken 😄



  • You must remember that we are a GBP15m turnover subsidiary

    Has your parent Company considered the materiality of your operation? If you are not material to the results overall there is an argument that you don’t have to do anything. Or alternatively that you do not need to look at the full range of business processes.
    I have certainly been involved in projects where entire countries were excluded from scope on grounds of materiality.



  • Very true. That is where the argumentation from your management to the external auditors takes place. The auditors can ‘request’ items, management has to take a stand, to reflect efforts in compliance, and reflect the controls are effective.
    Fortunately our external audit team does take into consideration the size of the entity they are auditing adn reflect on the in accepting primary and secondary controls. Some external auditiors will not accept secondary controls.
    PCAOB has a very clear, maybe the only clear reflection on this area of managements ‘efforts’ to comply and if your management can sufficiently document the efforts to comply, the ecternal auditors ‘opinions’ need to reflect it.



  • This is very interesting conversation… I think I have a rather unique insight, just leaving public accounting as one of those ‘external auditors’ and joining an internal audit team for a public company… first, I read a comment about the external auditors looking at a company’s controls every year… the controls we look at for a financial statement audit doesn’t even hit the tip of the iceberg as to what is required under 404. That comparison can’t even be made and it really does show the lack of understanding as to the level of detail really underneath an external audit. All of the complaints about fees are very ironic to me… as one of the biggest complaints from the external audit side ( from some of the lower level employees… the ones that DO the work) is that there is NEVER enough time in the budget…the budget can’t be expanded, because the client will flip out over the increase in fees. I can guarantee you that the ones doing the work earn every penny … there were many nights I worked until 1:00…4:00 in the morning. And yes… if you don’t have it documented that you didn’t perform a control…it wasn’t performed, we didn’t make the rule up…it’s just the way it is. One firm went completely under… a lot of people lost their jobs, their retirement… the people of Enron and the people of Andersen. Believe me, everyone internal and external is tired…



  • Why did the auditor cross the road?
    Because he did it last year. :oops:
    No, because his ‘MasterSOXer’ manager didn’t train him any better and micromanaged him to the point of not being able to use his own judgment.



  • They’re crossing the road because of missing key controls… 😄
    If I look at the fee’s they charged us up to know, they’re getting close to becoming a siginificant item in our balance sheet.



  • I do understand your concerns and issues. But like any other state or government requirement/regualtion. Its the LAW…
    If you don’t believe me, tell your external account firm that you do not wish to participate in Sarbanes Oxley Compliance. LOL
    Jeff Cunningham



  • Allow me to throw a wrench in the works.
    the Act does not require adherence to the PCAOB AS2. There is NO guidance for management. Therefore all these hoops that external auditors want management to jump through (less than a remote liklihood -c’mon.) are silly. The act is reasonable, the PCAOB is psycho.
    Management under 404 need only do two things:

    1. state that management is responsible for an adequate control structure
    2. assess the effectiveness of the control structure
      No mention of COSO, CobiT light, assertions, etc. Management under the act can come up with any reasonable method for assessing the effectiveness of internal controls. The auditors however are held to the standards of a board because they could not be trusted to manage themselves. How we got to the point where management must comply with PCAOB rules, I don’t know… oh wait, our auditors held the ‘if you don’t do it our way we won’t sign’ gun to our heads.
      What is required by the act is ok… the mess that the PCAOB made of interepreting the act… wow, someone’s trying to justify their position 😉
      Just my ‘unbiased’ opinion.
      Chris.


  • Chris you are right - from a certain point of view. However, your auditor does need to follow AS2 and your auditor needs to attest on whether management’s assertion is valid.
    Your approach may result in 404 compliance BUT you’ll get a qualified audit.



  • Our company just certified by the Big4 firm with an unqualified opinion but it’d been a long and hard road to get this result. Both the external and internal auditors as well as the company accountants put in tremendous efforts and endless hours and we are all exhausted. Bottom line is if you can not stand the heat, get out the stock exchange, SOX is law and there is no room for negotiations. BTW, the audit fee in 2004 trebled due to the SOX work.



  • Thank you all for your insights! Pardon me for being late, but I am doing research on SOX compliance, and this conversation raises some very challenging issues.

    On one hand, SOX compliance is there to protect the shareholders, and having controls in place benefits the bottom line. On the other hand, does non-compliance automatically mean there is wrongdoing, or do prohibitive costs create a necessity for essentially ethical people to find an alternative?

    • Are smaller reporting companies, start-ups, etc., subject to the same sophisticated controls as a company as large as Apple?
    • What are the ramifications of non-compliance? Are there penalties involved, or merely the hold up of audit sign-off until in compliance?
    • Is “going private” a means of avoiding the scrutiny and oversight placed upon public companies, or just a means of avoiding the costs? Our audit fees are already exorbitant, and just the thought of increased cost makes my head pound.

    Your feedback is greatly appreciated!


Log in to reply