|
|
Get Four
|  | SEPTEMBER 20, 2004
By Amey Stone Hardly Ready for Sarbanes-Oxley It's crunch time for U.S. companies to vouch that their internal controls meet the new higher standard. Many won't make it Inside the sleek office towers of Corporate America, far from the façade that most businesses present to outsiders, publicly traded companies are racing against the clock. Their task: To comply with some of the most far-reaching federal regulatory changes they've ever faced -- and to do so before yearend. Many execs find their stomachs churning. Section 404 of the Sarbanes-Oxley Act, which passed in July, 2002, in the wake of major corporate scandals, requires that management of any large public company that ends its fiscal year on Nov. 15, 2004, or later, assess its internal controls over financial reporting. These are the nitty gritty of procedures that govern actions such as issuing checks and recording sales. Then, companies must hire independent auditors to "attest" to the accuracy of management's report. Both management's and auditors' assessment must make it into the annual report for 2004. "It's a fire drill," says John Hagerty, an analyst at AMR Research in Boston. Companies have spent much of the last 18 months racing to comply with the 404 deadline, which has already been extended twice. The Securities & Exchange Commission has indicated the deadline is unlikely to be pushed back again (see BW Online, 9/20/04, "Coping with the Compliance Crunch"). "CUEING UP A STORY." Even with the deadline delayed twice, many companies likely will be forced to admit to deficiencies in their internal controls -- mainly because they don't have time to fix all the problems that are cropping up before the end of their fiscal years. Auditors estimate that they'll report shortcomings at 10% to 20% of public companies. "There are some problems," says Lynn Edelson, a partner at accounting firm PricewaterhouseCoopers. "Do I think it's massive? No, I don't. But there will definitely be some companies that get an adverse opinion on their internal-control environment." Edelson notes that timetables for getting the job done are slipping, and these issues are "causing some concern at the board level." Already this year, more than 300 companies have admitted in SEC filings to some weaknesses in their internal controls, according to newsletter Compliance Week, which tracks such disclosures. In August alone, 96 outfits reported problems -- and the monthly number has been rising steadily all year. "It appears that companies are cueing up a story," perhaps in anticipation that they'll need to report internal-control deficiencies in their annual reports, says Scott Cohen, editor of Compliance Week, who notes that recent disclosures include detailed plans to fix the problems that are uncovered. "The market hates surprises, and companies are trying to avoid surprises." FIRST-YEAR MERCY. At stake is the company's market value, reputation with investors and regulators, and possible exposure to lawsuits. Although Hagerty doesn't expect companies to actually miss the SEC's filing deadline, if they report weaknesses, essentially they'll be signaling the public that their financial statements may be inaccurate. Then, if the stock price goes down because of financial error, plaintiffs can argue that a company should have had stronger internal controls in place. If companies miss the deadline altogether -- perhaps because they didn't give auditors enough time to complete their testing -- technically they would be noncompliant with SEC rules. Given the possible repercussions, SEC officials promise some leniency this first year as deficiencies crop up. Why are companies finding complying with Section 404 so difficult? Partly because they're at a stage in the process where their own internal testing, as well as their auditors' testing (which comes after they've officially asserted that controls are in order), is turning up more problems than expected. A survey of large multinational companies released in late July by PricewaterhouseCoopers found that 79% said they still had to make improvements to processes -- including financial reporting, auditing, computer controls, and security controls -- to comply with Section 404. "SMALL IMPERFECTIONS." In their defense, companies complain that the scope of the requirements has widened since Sarbanes-Oxley first passed, and that guidelines for auditors, which were issued only last March, are more demanding than they expected. Initially, companies thought they had to improve controls only in finance departments. Now they're finding they must beef up controls in operations and info-tech departments as well, explains Hagerty. "We're looking at everything from payroll to accounts receivable," says Dan Churay, general counsel of trucking company Yellow Roadway (YELL ). "Auditors are being very conservative, which is forcing people to remediate very small imperfections that might never have been a problem. These aren't the sorts of things the law was intended to grab at." Time is already running out for fixing problems. For some checks performed at the end of the month, auditors require that any fixes be in place for two months. For companies on a calendar year, "that leaves them until Nov. 30 to fix a problem they find now," says Tim Welu, chief executive of Paisley Consulting in Cakto, Minn.
|
| Continued on next page>> | 1 | 2 |
 Copyright 2004, by The McGraw-Hill Companies Inc. All rights reserved.Terms of Use | Privacy Notice |
Printer-Friendly Version
