Auditing and internal control requirement changes approved May 23 by the Securities and Exchange Commission are expected to ease some of the financial burdens associated with the Sarbanes-Oxley Act, but close scrutiny of travel-related expenditures is expected to continue.
SOX requires an end-to-end auditing process for travel expenses that may not change with the more relaxed auditing rules. Since travel is one of the largest controllable expenses for companies, the opportunity for fraud is greater. And because companies must defend the business purposes behind travel, meetings and "even meals in restaurants," technology that provides electronic receipts, booking records and detailed data reporting are in heavy demand, said Adam Weissenberg, U.S. managing partner of the tourism, hospitality and leisure practice for Deloitte & Touche LLP.
Passed by Congress five years ago this month, the Sarbanes-Oxley Act was designed to protect investors in the wake of corporate accounting malfeasance. But critics argue that the rules are confusing, burdensome and costly.
[PULL_1]Aimed at lowering the cost of compliance, SEC's changes should ease auditing standards for companies. The Public Company Accounting Oversight Board, a nonprofit group that oversees the audit industry, on May 24 also approved changes that are expected to lower the cost of SOX compliance. Instead of examining every transaction that is open for financial fraud, the new recommendations allow companies to conduct a risk assessment first and then target audits at the most likely areas of noncompliance.
Another change to SOX regulations proposed by the board would allow auditors to accept compliance data from third parties, rather than requiring auditors to conduct the entire process themselves. That would shorten audits from months to possibly weeks.
Philadelphia attorney Joshua Grimes, who has examined SOX compliance issues in the meetings and hospitality industries, said that in the years following the passage of Sarbanes-Oxley, companies "threw the kitchen sink" at compliance efforts. Without a clear idea of how the regulations would be enforced, companies attempted to protect themselves with blanket policies that were costly to administer. Contracts with travel vendors, for example, have become lengthy, forcing buyers and sellers to spend more time and expense ensuring they are in compliance with SOX regulations, he said.
Section 404 of SOX, the section impacted by SEC's approved changes, is considered the most important and onerous section of the regulations. It requires public companies to document internal controls and independent auditors to verify that those controls are effective. Corporate procurement departments, for example, are pressured to document how they select vendors and pay for services.
"When many people refer to Sarbanes-Oxley, they are in fact referring to Section 404, which sets forth new provisions related to internal controls over financial reporting for all U.S. public companies," said PCAOB chairman Mark Olson, in a prepared statement during the May board meeting.
Though the regulations were enacted to protect investors from corporate fraud, the board has been "driven by the need to identify changes that would preserve the important benefits of the standard and meet the statutory objectives of the act without resulting in the performance of unnecessary audits or procedures," Olson said.
The cost of SOX compliance audits in 2004 averaged 1.14 percent of total company revenue for firms with less than $75 million in market value, according to the Government Accountability Office. Large companies, with more than $1 billion in market value, on average spent only 0.13 percent of their revenue on SOX audits. The GAO in 2006 released a study that indicated SOX regulations, and the high costs of related audits, were contributing to a flood of companies going private. In 2001, 143 public companies went private. Three years later, that number had jumped to 245, with most of those conversions happening at small and medium-sized companies.
Olson said public companies that do begin compliance initiatives report that the strict controls are actually good for business. "I am encouraged by what I hear from Corporate America," Olson said. "The consistent feedback that I get from corporate board members and CEOs of accelerated filers is that they are better companies today due to internal control over financial reporting-but they continue to express concern about unnecessary burden."