Nailing Down the Cost of 404

Small businesses are paying an average of $78,000 a year to comply with the internal-control provisions of Sarbanes-Oxley, a new study claims.

Ever since companies began the daunting task of complying with Section 404 of the Sarbanes-Oxley Act in 2003, the question of how much it costs has been ripe for debate.

The Securities and Exchange Commission didn’t do much to clear things up when, that first year, it estimated the internal work would cost publicly traded companies an average of $91,000. Being an average, that figure didn’t apply to any company in particular, and when the actual expenses associated with Section 404 started rolling in, many companies ridiculed it as grossly understated.

And yet the $91,000 number came to attain an iconic status in the world of finance — including among small-business advocates, who have cited it in their calls to give small companies extensions in complying with 404 and for changes to the law itself. Last year, Nydia Velazquez, chair of the House Committee on Small Business, repeatedly asked the SEC to provide hard estimates on the cost of complying with 404.

Now, a consultancy specializing in Sarbox compliance for small companies believes it has a much better idea of how much 404 compliance does cost.

According to Worcester, Massachusetts-based Lord & Benoit, total first-year costs for complying with 404 currently average $53,724 for non-accelerated filers — those with market capitalizations below $75 million.

That figure is based on empirical data from just 29 small companies that have put together their 404 management reports. Lord & Benoit also used research pulled from SEC filings and audit-fee data by Audit Analytics to show that when the second portion of 404 — called 404(b), or the auditor attestation report — takes effect it will, on average, cost the smaller companies an additional $24,750.

However, the accuracy of projected 404(b) cost could be suspect. It is based on the audit fees of about 5,500 accelerated filers, and it does not incorporate the effects of the Public Company Accounting Oversight Board’s new auditing standard for internal controls. Approved last year, Auditing Standards No. 5 encourages auditors to take a top-down, risk-based approach and aims to bring down the cost of internal-control audits. Under AS5, auditors no longer have to audit management’s assessment process, but rather the controls themselves.

There may still be a while to go before AS5 is put to the test for small companies. If SEC chairman Christopher Cox makes good on his word to propose a delay on 404(b), companies can defer that added expense for two years. Under Cox’s plan, small filers’ management internal-control reports will not be audited until fiscal years beginning in 2009. In the meantime, most non-accelerated filers have already formally assessed their internal controls to comply with 404(a).

Lord & Benoit president Bob Benoit suggests his research could help government officials address the many requests for solid cost figures for 404. Cox has said the SEC will conduct a cost-benefit study for small companies and publish the results this summer.

In Benoit’s view, the SEC’s management guidance released last year could also reap savings for large companies even though they have been complying with 404 for the past few years. They could save 30 to 50 percent if they adopted the SEC’s guidance to focus only on areas of materiality and to feel comfortable using more professional judgment. According to Benoit, the accelerated filers haven’t revisited how they put their management reports together. “Sometimes people are uncomfortable with change and continue to do things the old way,” he told CFO.com.

Discuss

Your email address will not be published. Required fields are marked *