SEC Eases Audit Requirements for Smaller Companies
It takes a lot to break through the coronavirus-centric news cycle, but this development in the world of financial regulation does the trick. Last week, the Securities and Exchange Commission adopted changes that will cut back on auditor attestation requirements for smaller publicly traded companies. The move is being couched as an effort to promote innovation, but it also raises concerns about our ability to trust financial reporting going forward.
To understand what’s happening, let’s go back to another chaotic period in U.S. history: the early 2000s. After a rash of accounting scandals at high-flying companies like Enron and WorldCom, lawmakers set about creating corporate compliance rules intended to restore the public’s faith in financial reporting and securities regulation. They included a requirement that outside auditors annually attest to the integrity of companies’ internal control over financial reporting, or “ICFR” in compliance parlance.
Under the latest changes adopted by the SEC, that requirement is off for reporting companies with less than $100 million in annual revenue in their most recent fiscal year. (For the more statutorily inclined, we’re talking about Section 404(b) of the Sarbanes-Oxley Act of 2002.) The move will reduce “unnecessary burdens and compliance costs for certain smaller issuers while maintaining investor protections,” according to the Commission.
In laying out the case for the amendments, which we saw coming almost a year ago, SEC Chairman Jay Clayton pointed out that the changes would apply to a tiny fraction of companies in the public markets “for whom the cost of unnecessary regulation is most acute.” The amendments will benefit approximately 375 companies, according to an analysis of SEC filing statistics.
SEC Commissioner Hester Peirce, another key proponent, tied her support for the amendments (at least in part) to the ongoing COVID-19 pandemic. “A company trying to develop a vaccine for a fast-spreading virus, something that is now on all of our minds, will be able to pour resources and—importantly—management’s time and attention into that effort rather than into obtaining an internal controls audit,” she noted in a statement explaining her vote in favor of the changes.
When you put it that way, it’s not hard to imagine public backing for such a proposal. The new rule applies to a wide variety of businesses, though, not just biotechnology companies or drug manufacturers. Roughly 19% of the annual reports filed with the SEC in 2019 came from smaller reporting companies, according to data from the Intelligize platform. Moreover, these smaller companies produce their fair share of accounting errors and lax ICFR practices.
So, are the potential savings for smaller companies worth taking a chance on compromising the public’s faith in financial reporting? Allison Herren Lee, another SEC commissioner, portrayed the rule changes as being the latest decision by the Commission that “may not give adequate consideration to the views of investors on certain issues.” As the lone dissenting vote against the changes, she’s skeptical about the tradeoff.
“Financial reporting is only as reliable as the controls in place to ensure its accuracy, thus internal controls over financial reporting form what we have called ‘the first line of defense in detecting and preventing material errors or fraud in financial reporting,’” Lee said. “Today’s rule diminishes the role of the gatekeeper—the auditor—in that first line of defense, thereby increasing the risk to investors of unreliable financial reporting.”