The SEC announced on May 17, 2006 that it plans to take several steps to improve the implementation of the internal control rules under section 404 of the Sarbanes-Oxley Act of 2002. The steps will be aimed at helping companies—particularly smaller companies—and their auditors implement a more cost-effective, risk-based approach to compliance. The announcement follows a public roundtable on internal control hosted by the SEC and the Public Company Accounting Oversight Board on May 10, 2006. For a summary of the roundtable discussions, see our client memo no. 2006-9, SEC and PCAOB Host Public Roundtable on Internal Control, which is available on our website, under Publications.

The SEC’s announcement promises "a brief further postponement of the section 404 requirements for the smallest company filers, although ultimately all public companies will be required to comply with the internal control reporting requirements." This settles an outstanding question about whether any exemptions would be granted for smaller companies, which are finding implementation of the internal control rules, and the associated audit fees, extremely burdensome. An SEC advisory committee recently completed a comprehensive report that recommended exemptions for smaller companies, but the SEC has apparently rejected that recommendation.

The actions that the SEC expects to take include the following:

  • extending the deadline for compliance with the internal control rules for companies whose public float is less than $75 million or who have been reporting with the SEC for less than one year (the new deadline is not yet known);
  • issuing additional guidance for management on how to complete internal control assessments in a cost-effective manner, and scaling the guidance for smaller companies;
  • working with the PCAOB to revise its auditing standard to (i) further promote risk-based auditing, and (ii) clarify how auditors should participate in management’s assessment of internal control; and
  • overseeing the PCAOB’s inspection program to help ensure that auditors are using cost-effective, risk-based approaches to their audits.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.