From: James J. Finn
ACSPC Comments 1/13/06 I have been working as a Financial /Accounting professional and CFO during the past 30 plus years; in addition, I have been consulting in SOX compliance for the past 18 months at various public companies of different sizes, and would like to share some of my observations resulting from hands-on work in this area. I am aware that you are discussing the issue of establishing a category of mid-range public companies (up to $250 million in annual sales), and exempting them from the external auditor attestation requirements of Sarbanes Oxley Sect. 404. I believe this is an outstanding recommendation for the following reasons:
The argument that these Mid-Range companies need internal controls the most, is correct, however, this reality actually supports this exemption since it will allow the freedom to create higher levels of control automation using systems that can result in more reliable controls, and make human overrides and fraud less likely – or at least more obvious since the transactions could be separated before processing. These automated controls can be developed because the environment is not one of strict adherence under a deadline, but, rather, an environment of developing what fits the company - within a time frame sufficient for capital investment and employee training in procedures. This development effort may not be as robust if a company is merely trying to conform to an outside auditors standard. If this exemption can not be implemented without going back to the Legislature, I think the PCAOB or SEC can provide companies with a right to defer external attestation for 2 years as long as they provide a project or program status report that shows significant movement in the direction of compliant internal controls. This status report would be provided with each years request for the exception (filed with PCAOB??). James J. Finn |