Most public companies will not have to comply with financial reporting requirements set by Sarbanes-Oxley (SOX) for at least one more year, because of a deadline extension granted Friday by the Securities and Exchange Commission (SEC).
The deadline extension means smaller public companies must provide a management assessment of internal controls over financial reporting in annual reports for fiscal years ending 15 December 2007 or later.
The previous deadline was 15 July 2007, a date by which smaller companies were also expected to have an auditor attest to the management assessment of the effectiveness of internal controls. This auditor attestation requirement was extended until reports are filed for fiscal years ending 15 December 2008 or later.
The SOX law, which is intended to prevent corporate scandals like the Enron debacle, began applying to large public companies near the end of 2004. Smaller public companies, defined as those with less than $75 million (£38m) of stock in the hands of public investors, have been granted several deadline extensions because the SEC has not yet interpreted how the rules should apply to them.
SEC reports say there are 7,402 smaller public companies that make up 78.5% of the total number of public companies nationwide.
The five-month extension of the management assessment deadline will have little practical impact since most companies set 31 December as the end of the fiscal year, and would not have had to comply until the end of 2007 anyway, said John Hagerty, an industry analyst for AMR Research.
"They're giving some relief to the real early ones," such as companies whose fiscal year ends 31 July, "but not wholesale relief," Hagerty said.
Already, though, the SEC is talking about granting a further extension of both the December 2007 and December 2008 deadlines that were announced Friday. If the agency does not issue guidance to companies in time to help them meet those deadlines, SEC officials will consider extending them again, the agency said.
Last week's action came two days after the SEC announced that it intends to issue guidelines to ease reporting burdens for small companies, who have complained about the cost of implementing SOX.
The larger companies who complied with the act in 2004 did a top-to-bottom documentation and control exercise that treated all aspects of their businesses in the same way, even if they had different impacts on the accuracy of financial reporting, Hagerty said.
SEC officials said this week they intend to allow management to focus primarily on the areas that pose the greatest risk of leading to errors in financial reporting.
"The proposed guidance provides management significant flexibility in determining the required level of documentation needed to support the assessment," Zoe-Vonna Palmrose, the SEC's deputy chief accountant for professional practice, said during the agency's meeting last Wednesday.
SOX is supposed to make sure companies prepare reliable financial statements and bring information about material weaknesses into public view. Section 404 of the act, the most controversial portion, mandates testing for integrity and ethical behaviour, IT controls related to financial reporting, whistleblower programs, anti-fraud provisions, audit committee effectiveness, and other requirements.
Palmrose said that next week the Public Company Accounting Oversight Board (PCAOB), an entity created by Sarbanes-Oxley, is expected to propose lifting a requirement that auditors evaluate the efficacy of methods and procedures management uses to evaluate internal controls.
The combination of SEC and PCAOB actions this month is expected to make it easier to comply with SOX requirements, says Grace Hinchnan, senior vice president of Financial Executives International, an association for CFOs and other finance professionals.
"We feel as if they have done a lot to address our basic concerns," she says.
But the SEC has made similar proposals before and not followed through with final guidelines to help smaller public companies understand what they are required to do, says Bob Benoit of US consultancy Lord & Benoit, which helps companies comply with Sarbanes-Oxley.
"The SEC has failed in one sense in that they never issued any guidelines on how to do this," Benoit said. "I don't think they're going to come out with anything significant."