Is your business exempt from Sarbanes-Oxley (SOX) external audit review? If so, that exemption may actually cost your business as much as it saves, according to a recent study published in late June by notable academic institutions.
The study, led by academics at the University of Washington and Georgetown University, found that while exemption from SOX auditing can benefit businesses financially — by way of avoiding steep audit fees — it can also cause businesses to incur even costlier expenses from misreporting, including:
- Lower operating performance due to non-remediation
- Market values that fail to reflect a firm’s underlying internal control status
What is the SOX Act?
The Sarbanes-Oxley (SOX) Act was passed by U.S. Congress in 2002 to help curb fraudulent accounting activity by corporations.
More specifically, provision 404(a) of the SOX Act requires organizations to establish internal accounting controls and reporting methods, while section 404(b) requires external auditor oversight of firms’ internal control over financial reporting
Companies with less than $75 million in market capitalizations have been permanently exempt from 404(b) since 2010, thanks to the Dodd Frank Act — a reprieve small businesses were granted for fear they wouldn’t be able to shoulder the burden of costs associated with compliance.
SOX Compliance and the Cost of Exemption
However, the burden of compliance might be one worth shouldering, according to the study, which is entitled The benefits and costs of Sarbanes-Oxley Section 404(b) exemption: Evidence from small firms’ internal control disclosures. The study was based on a sample of more than 5,300 exempt organizations and annual observations from 2007 to 2014.
It certainly confirms that audit fees are no small expense — with audit fee savings amounting to an estimated aggregate of $388 million for those exempt firms evaluated during the seven-year analysis. Still, the study found the cost of 404(b) exemption to be much greater than the savings.
From 2007 to 2014, the study’s sample firms lost out on tremendous potential future earnings — estimated at $856 million in aggregate — because they didn’t properly remediate their internal controls. Further, they experienced an additional $935 million in delayed aggregate market value because of untimely internal control disclosure.
Ultimately, the study determined, “Section 404(b) exemption is costly to the extent that it results in firms’ failure to discover or disclose ineffective internal controls (e.g., misreporting).” The two main losses that stem from misreporting — as mentioned above — include lower operating performance due to non-remediation and market values that fail to reflect a firm’s underlying internal control status.
Technology Solutions and SOX Compliance
In conclusion, the consequential misreporting that occurs because of either non-compliance or a lack of oversight with accounting controls and reporting methods can be costly. These costs of course don’t even account for the penalties and fines incurred by the larger organizations that do actually have to comply with SOX 404(b).
For this reason, larger companies turned to technology for help when the requirements were put in place. In fact, the SOX Act generated a huge increase in the provision of software to support the requirements of the act — costly and cumbersome software that is now antiquated and can’t support the evolving nature of the requirements or companies’ changing needs.
However, in the last several years, new SaaS technology has been developed to help address internal accounting controls and reporting methods–proving to be quicker, more secure and more effective, with reduced internal support required. Even risk management technology can now integrate solutions for resolving such issues.
This means the technology is accessible to large and small organizations, alike — regardless of whether SOX 404(b) compliance is required or not — and at a fraction of the costs that stem from misreporting.
If You Do Get Audited
If your company is subject to SOX compliance or other external audit requirements — or just engages external auditors as a cost of doing business — then you might experience an increased level of scrutiny from your auditors during the remainder of 2017.
That’s because a multitude of audit firms will be under increased scrutiny themselves as the Public Company Accounting Oversight Board (PCAOB) announced in late August it intends to review 195 registered auditors of public companies and other issuers in 2017 around a few key focus areas. The nature and extent of the PCAOB inspection findings continue to significantly influence how the audit industry executes and how companies design and operate internal controls.
The key areas of focus for 2017 PCAOB reviews include:
- Audit areas where inspectors have identified deficiencies in the past, such as assessing and responding to risks of material misstatement
- Audit areas affected by recent economic developments, including the high rate of merger and acquisition activity and fluctuations in oil and natural gas prices
- Financial reporting areas that require significant judgment, including going concern considerations and income tax disclosures
- An audit firm’s compliance with new transparency rules (Form AP)
- Preparation for new accounting standards for revenue recognition and lease accounting
- Work by other auditors on multinational audits
- The auditor’s use of information technology, particularly software audit tools
- The audit firm’s system of quality control
Whether your company is subject to external audits by choice or necessity, you’re no stranger to the always evolving regulations, compliance standards and audit requirements that can send your compliance and audit process into a tailspin. Knowing what your auditors are looking for, however, can help alleviate that stress.
Are you interested in learning more about how risk management technology can solve your SOX compliance or audit woes? Read more about Riskonnect’s Sarbanes-Oxley SOX solution.