Now that the wait for the 404(b) reprieve is over, it appears that a new trend is emerging to investigate 404(a) statements more closely, as expressed in recent articles on investor and auditor sentiment regarding the legislative change. We are hearing from auditors directly that they will be applying more scrutiny to 404(a) statements made by their clients in their financial reports, to ensure that there is a real basis for self-certification. The newly aggressive SEC and DOJ are expanding personnel and focusing on Corporate Governance and the role of Audit Committees, Directors and Company Officers in Compliance and Financial reporting.
Section 404(a) includes many of the same requirements that 404(b) sought to examine:
- The annual assessment must be performed by both a Competent and Objective party per SEC guidelines.
- Companies must still include a certification by the Chief Executive Officer and Chief Accounting Officer that they tested financial controls as part of annual yearly 10K statements.
- The establishment and documentation of internal controls around financial reporting and the systems used to produce financial reports (this includes IT-related controls).
- Testing of these internal controls to prove that they are in place and functioning as specified.
- Attestation (Section 302) by executive management that all controls are in place and have been tested as working.
- Compliance with this legislation since 2007 (which means you should have been doing this, per existing law, for the last 3 years already).
While many wonder if the “self-certification” aspect lets the auditors off the hook, it may become a new yardstick by which external auditors will evaluate annual financial reports, and hence many of the same questions asked during a 404(b) audit will still apply. If auditors cannot find basis for these certifications, it may open up a new area of investigation that could inevitably lead to the same type of scrutiny (and cost) applied to a 404(b) implementation engagement.
We believe that companies would be well-served by being prepared for these types of inquiries from both their investing public and their external audit partners.