Earlier this month, the Securities and Exchange Commission approved one last Sarbanes-Oxley 404(b) compliance deadline delay for small public companies. Since the Commission just finished its cost-benefit analysis of Sarbanes-Oxley compliance for SMBs, members decided the October to December period was not enough time for those subject to the auditor attestation requirements for the first time to get ready. (I would take issue with that, considering those companies have benefitted from several compliance deadline delays, but it's a moot point.)
The new deadline is June 15, 2010. And lest companies still scrambling to be ready bank on another extension later, Chair Mary Schapiro has explicity said, "[T]here will be no further Commission extensions."
Obviously, the study didn't find anything that convinced the SEC that SMBs should be exempt from Sarbox compliance, but what did that cost-benefit analysis reveal, exactly? CFO.com's Sarah Johnson quotes the report like this:
Although larger companies incur higher compliance costs, smaller companies incur higher scaled costs (i.e., relative to their assets) on average.
Most everyone expected that. What they didn't expect, Johnson says, is that companies' in-house compliance costs are greater than their audit or consultancy costs. On average, the SEC found companies expect to pay $1.2 million in internal controls costs and $583,753 for audits of those internal controls.
Generally, the commission concluded that the benefits of Sarbanes-Oxley compliance outweigh the costs, but as Johnson noted, "only 40 percent of respondents thought Sarbox boosted their confidence in other companies' financial reports, and most said 404 hasn't raised investor confidence..."