Gordon Smith over at Conglomerate is ragging on the SEC for dragging its heels on expensing stock options, presumably at the behest of Silicon Valley, and on the accounting profession for “whining” about Section 404.
Now I’m normally a big fan of Gordon’s, but in this case I take very deep (possibly chasmic) exceptions.
As for stock options – yes Silicon Valley's complaining. But they have a point, as I’ve said before, e.g., here and here.
And as for Section 404, here I line up with Prof B’s recent TCS. I’ve posted several times, e.g., here and here, on the manifest problems with this provision, which may end up being one of the worst disasters in the history of securities regulation.
Gordon quotes the SEC’s summary description of an internal control system and asks, “Is this too much to ask?”
Yes.
Finally, it’s curious that Gordon would blame the SEC and the accounting profession. The accountants I’ve heard seem to love this massive new source of business. It’s reporting firms themselves, particularly smaller ones, that are being killed. And in this particular case the SEC is the good guy, trying to do its best to control the damage that Congress did almost three years in an ill-advised regulatory panic.
Basically, I think Gordon needs to address in more detail the criticisms of Sarbox and options expensing and not simply express impatience with the victims of regulation who refuse to climb peacefully on the regulatory bandwagon.
Update
Gordon (scroll to the bottom of his post) and Steve both respond. Steve's with me. Gordon criticizes accountants for balking at giving "reasonable assurance" about internal controls, and notes that Section 404 must be onto something because companies are finding problems in their 404 reviews.
Well of course they are, and if they looked harder they would find more problems, and if the company goes down the tubes any decent trial lawyer would find still more, in hindsight. So no wonder accountants don't want to provide "assurances." But this doesn't mean, as I've said in several prior posts (see my Sarbanes-Oxley archive), that the costs and risks that Section 404 imposes outweigh disclosure benefits, or that such a rule should be imposed at the federal level.
In my opinion, the main problem with the internal control regulation in Sox 404 is the implementation, not the law itself.
The SEC has written a very elaborate rule to define the exact meaning and scope of internal control (86 pages). The PCAOB has written a auditing standard of 161 pages, to describe the activities the auditors have to perform to evaluate the effectiveness of internal controls.
Gordon says "Is this too much to ask?"
Yes it is.
First: All this leads to much more work for a company. It must maintain detailed and auditable evidential matter, including documentation, to provide reasonable support for management's assessment of the effectiveness of the company's internal control over financial reporting.
Nearly all of the necessary documentation has to written from scratch, following the new internal control guidelines.
Second: the auditor has to perform much more work in order to audit the implementation of the requirements (60% of normal audit hours).
Third: The documentation has to be maintained and updated for every change in the business internal environment.
All this leads to a massive effort, and a lot of expenses for the companies involved.
Posted by: Ruud Pruijm | April 14, 2005 at 03:13 AM