Sarbox Delay Doesn't Mean 'Take It Easy'

Lora Bentley

Smaller companies may be able to breathe a little easier now that they don't have to worry about external auditors checking out their internal controls until 2009. However, the delay doesn't mean they should sit back and do nothing.


Small Business Times writer William Gienke says small public companies should take advantage of the extra year the Securities and Exchange Commission has given them to fine-tune their internal controls and make sure their assessments are accurate before subjecting them to third-party scrutiny.


Moreover, he says that even private companies and non-profit organizations will benefit from the lessons small businesses learn as they come into compliance with Sarbanes-Oxley. What has been regulated for public companies is simply good business for others.

Add Comment      Leave a comment on this blog post
Feb 28, 2008 10:13 AM Richard Archer Richard Archer  says:
Unfortunately, if experience is any indicator, "sit back and do nothing" is exactly what many small companies will do. That is likely to be especially true if the management of the companies believes that delaying compliance work could continue to result in a large number of companies not being close to compliance as the deadline looms, thus pressuring the SEC to grant additional compliance extensions. That tactic has worked for multiple extensions so far, even though an approach for compliance relief was first introduced for smaller public companies in April-June 2006 with the release of COSO for Smaller Public Companies and the SEC's response to its smaller company advisory group which began the promotion of a risk-based compliance approach for smaller companies, rather than the extensive, big audit firm driven AS2 approach. If companies had begun implementing a planned, coordinated, staged compliance approach at that time, they would have been able to meet the previous smaller company compliance deadline of December 2007 for first SOX audit, instead of continuing to press for more and more delays. So, a very small minority of companies will begin a very cost effective, planned, staged compliance program. Most of the others will wait. If the SEC doesn't then grant further extensions, those companies will scream about the high cost of intensive, short time-frame compliance efforts and SOX critics will use those cost experiences to further gut investor protection objectives of controls system compliance regs. But just as for large companies, much of the cost of SOX compliance will not be caused by SOX, but by the companies delays in implementing compliance efforts and catching up on years of neglect of their systems of internal control. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.