For weeks the industry has been abuzz with speculation on how Sarbanes-Oxley section 404 requirements would be amended or changed after the Securities and Exchange Commission announced its recommendations today.
Though no final action will be taken until the public comment period has ended, Reuters reports that the commissioners unanimously agreed to seek public comment on making the requirements more risk-based. The Commission also recommended reducing the redundancy of external audits.
As one Commission spokesperson told Reuters, the new guidance would point to where a company should be, but not necessarily how it should get there. Allowing companies to take a more risk-based approach to internal controls will make section 404 scalable for smaller companies, the story says.