Sarbanes Oxley Ebook

Page |1

_________________________________________________
Sarbanes Oxley Compliance Professionals Association (SOXCPA)
www.sarbanes-oxley-association.com

Page |2

Contents

1. Dodd Frank Act and Whistleblower Protection: Sarbanes Oxley on
Steroids - Page 5

2. Dodd Frank Act, Section 922: Whistleblower Protection - Page 8

3. The 12 most important definitions in the Sarbanes Oxley Act - Page 23

4. Dodd Frank Act, SEC. 989G: Exemption for Non accelerated filers -
Page 27

5. Internal Controls, the Sarbanes Oxley Act and the Dodd Frank Act -
Page 28

6. Study and Recommendations on Section 404(b) of the Sarbanes -
Oxley Act of 2002 For Issuers With Public Float Between $75 and $250
Million - Page 33

7. A very interesting letter - Page 54

8. Auditing Standards Related to the Auditor's Assessment of, and
Response to, Risk (AS No. 8 through 15) - Page 57

9. Oversight of the U.S. Securities and Exchange Commission:
Evaluating Present Reforms and Future Challenges by Chairman Mary
L. Schapiro - Page 59

10. The PCAOB passes the Adequacy Assessment of the European
Union - Page 69

11. Public Company Accounting Oversight Board (PCAOB)
Interesting parts from the Strategic Plan (2009 - 2013) - Page 71

12. Sarbanes Oxley jobs and careers in 2011 - Page 98

13. What is "internal control over financial reporting"? - Page 102
_________________________________________________

Page |3

14. What is "Off-Balance Sheet Arrangement"? – Page 105

15. PCAOB Enters into Cooperative Agreement with United Kingdom
Audit Regulator - Page 110

16. Congressional Oversight Panel, Examining the Consequences of
Mortgage Irregularities for Financial Stability and Foreclosure
Mitigation, and the PCAOB Staff Audit Practice Alert NO. 7 -
Page 112

17. PCAOB staff audit practice Alert No 7 - Page 118

18. PCAOB Issues Concept Release on Auditor's Reporting Model -
Page 128

19. SEC Proposes Rules Requiring Listing Standards for
Compensation Committees and Compensation Consultant - Page 130

20. The Statement on Standards for Attestation Engagements (SSAE)
No. 16 - Page 135

21. PCAOB Issues Concept Release on Auditor Independence and Audit
Firm Rotation - Page 143

22. Joint Press Release - U. S. Securities and Exchange Commission,
China Securities Regulatory Commission, Chinese Ministry of Finance -
Page 145

23. Updated Information on PCAOB International Inspections - Page
148

24. Opening Remarks, Daniel L. Goelzer, Board Member
PCAOB Roundtable , Sept. 15, 2011, Washington, DC - Page 156

25. The Auditor's Reporting Model, James R. Doty, Chairman
PCAOB Roundtable, Sept. 15, 2011 - Washington, DC - Page 158

_________________________________________________

Page |4

26. Case Study: UBS - Page 160

27. COSO Internal Control - Integrated Framework Update Project
Frequently Asked Questions (September 2011) - Page 169

28. The role of the Board of Directors in Enron’s Collapse - Page 173

29. PCAOB Enters Into Cooperative Agreement with Dubai - Page 201

30. U.S. Securities and Exchange Commission, Annual Report on the
Dodd Frank Whistleblower Program, Fiscal Year 2011 - Page 203

31. Whistleblower Incentive Awards Made During Fiscal Year 2011 -
Page 212

32. The 1st Circuit ruled that employees of private contractors
working for public companies are not entitled to whistleblower
protections under the Sarbanes-Oxley Act - Page 227

33. Public Company Accounting Oversight Board, Reflections on the
State of the Audit Profession, Jay D. Hanson - Page 233

34. Remarks (at the Practicing Law Institute’s SEC Speaks) by
Chairman Mary L. Schapiro, U.S. Securities and Exchange
Commission, Washington D.C., Feb. 24, 2012 - Page 244

35. Unreasonably Feeble” Opening Statement of Commissioner Scott D.
O’Malia Regarding Open Meeting on One Final Rule and One Proposed
Rule February 23, 2012 - Page 262

_________________________________________________

Page |5

The Sarbanes Oxley Act after the enactment of the Dodd Frank
Act

Dodd Frank Act and Whistleblower Protection: Sarbanes Oxley
on Steroids.
For months we read in blogs and some newspapers that the Sarbanes
Oxley Act is dead, or that it is not important any more, as there are other
laws and regulations that matter.

Well, they are dead wrong.

The Sarbanes Oxley Act has become much more important. It is a fact.

The two most important reasons for that are:

1. The new US financial regulatory reform, the Dodd Frank Act, amends
some sections of the Sarbanes Oxley Act. SOX is part of the new
regulatory reform. They did not delete the SOX provisions, they have
made them more strict and clever.

For example, whistleblowers now have a monetary incentive to report
matters to the SEC (they may be entitled to as much as 10 percent to 30
percent of the monetary sanctions imposed).

Management should clearly explain to all employees the importance of
prompt reporting of violations.

Public companies should do much more for complaints submitted to
audit committees or employee hotlines to address areas of potential
concern.

The Dodd-Frank Act also provides an employee with remedies against
the employer that has violated the whistleblower provisions of the Dodd-
Frank Act.

_________________________________________________

Page |6

These remedies include reinstatement with the same seniority status that
the individual would have had, two times the amount of back pay
otherwise owed to the individual, with interest, and even compensation
for litigation costs, expert witness fees, and reasonable attorneys’ fees.

Does it look like the end of Sarbanes Oxley? No, it is Sarbanes Oxley on
steroids.

According to the Dodd Frank Act, no employer may discharge, demote,
suspend, threaten, harass, directly or indirectly, or in any other manner
discriminate against, a whistleblower in the terms and conditions of
employment because of any lawful act done by the whistleblower:

- In providing information to the SEC in accordance with the provisions
of the Dodd-Frank Act;

- In initiating, testifying in, or assisting in any investigation or judicial or
administrative action of the Commission based upon or related to such
information; or

- In making disclosures that are required or protected under the
Sarbanes-Oxley Act, the Securities Exchange Act and any other law, rule,
or regulation subject to the jurisdiction of the SEC.

2. The US Supreme Court denied putting the Public Company
Accounting Oversight Board (PCAOB) out of business, and now the
PCAOB, with its role clear and well understood, has decided to
announce new and stricter risk assessment standards.

Sarbanes Oxley becomes more strict and mature.

The PCAOB imposes more sanctions on accounting firms and managers
that don’t adequately supervise their staff.

The suite of risk assessment standards, Auditing Standards No. 8
through No. 15, sets forth requirements that enhance the effectiveness of

_________________________________________________

Page |7

the auditor's assessment of, and response to, the risks of material
misstatement in the financial statements.

The risk assessment standards address audit procedures performed
throughout the audit, from the initial planning stages through the
evaluation of the audit results.

"These new standards are a significant step in promoting sophisticated
risk assessment in audits and minimizing the risk that the auditor will
fail to detect material misstatements," said PCAOB Acting Chairman
Daniel L. Goelzer.

"Identifying risks, and properly planning and performing the audit to
address those risks, is essential to promoting investor confidence in
audited financial statements."

_________________________________________________

Page |8

Dodd Frank Act, Section 922: Whistleblower Protection

(a) IN GENERAL.—The Securities Exchange Act of 1934 (15 U.S.C. 78a
et seq.) is amended by inserting after section 21E the following:

‘‘SEC. 21F. SECURITIES WHISTLEBLOWER INCENTIVES AND
PROTECTION.

‘‘(a) DEFINITIONS.—In this section the following definitions shall
apply:

‘‘(1) COVERED JUDICIAL OR ADMINISTRATIVE ACTION.—The
term ‘covered judicial or administrative action’ means any judicial or
administrative action brought by the Commission under the securities
laws that results in monetary sanctions exceeding $1,000,000.

‘‘(2) FUND.—The term ‘Fund’ means the Securities and Exchange
Commission Investor Protection Fund.

‘‘(3) ORIGINAL INFORMATION.—The term ‘original information’
means information that—

‘‘(A) is derived from the independent knowledge or analysis of a
whistleblower;

‘‘(B) is not known to the Commission from any other source, unless the
whistleblower is the original source of the information; and

‘‘(C) is not exclusively derived from an allegation made in a judicial or
administrative hearing, in a governmental report, hearing, audit, or
investigation, or from the news media, unless the whistleblower is a
source of the information.

‘‘(4) MONETARY SANCTIONS.—The term ‘monetary sanctions’,
when used with respect to any judicial or administrative action, means—

_________________________________________________

Page |9

‘‘(A) any monies, including penalties, disgorgement, and interest,
ordered to be paid; and

‘‘(B) any monies deposited into a disgorgement fund or other fund
pursuant to section 308(b) of the Sarbanes- Oxley Act of 2002 (15 U.S.C.
7246(b)), as a result of such action or any settlement of such action.

‘‘(5) RELATED ACTION.—The term ‘related action’, when used with
respect to any judicial or administrative action brought by the
Commission under the securities laws, means any judicial or
administrative action brought by an entity described in subclauses (I)
through (IV) of subsection (h)(2)(D)(i) that is based upon the original
information provided by a whistleblower pursuant to subsection (a) that
led to the successful enforcement of the Commission action.

‘‘(6) WHISTLEBLOWER.—The term ‘whistleblower’ means any
individual who provides, or 2 or more individuals acting jointly who
provide, information relating to a violation of the securities laws to the
Commission, in a manner established, by rule or regulation, by the
Commission.

‘‘(b) AWARDS.—

‘‘(1) IN GENERAL.—In any covered judicial or administrative action,
or related action, the Commission, under regulations prescribed by the
Commission and subject to subsection (c), shall pay an award or awards
to 1 or more whistleblowers who voluntarily provided original
information to the Commission that led to the successful enforcement of
the covered judicial or administrative action, or related action, in an
aggregate amount equal to—

‘‘(A) not less than 10 percent, in total, of what has been collected of the
monetary sanctions imposed in the action or related actions; and

‘‘(B) not more than 30 percent, in total, of what has been collected of the
monetary sanctions imposed in the action or related actions.

_________________________________________________

P a g e | 10

‘‘(2) PAYMENT OF AWARDS.—Any amount paid under paragraph (1)
shall be paid from the Fund.

‘‘(c) DETERMINATION OF AMOUNT OF AWARD; DENIAL OF
AWARD.—

‘‘(1) DETERMINATION OF AMOUNT OF AWARD.—

‘‘(A) DISCRETION.—The determination of the amount of an award
made under subsection (b) shall be in the discretion of the Commission.

‘‘(B) CRITERIA.—In determining the amount of an award made under
subsection (b), the Commission—‘‘(i) shall take into consideration—

‘‘(I) the significance of the information provided by the whistleblower to
the success of the covered judicial or administrative action;

‘‘(II) the degree of assistance provided by the whistleblower and any
legal representative of the whistleblower in a covered judicial or
administrative action;

‘‘(III) the programmatic interest of the Commission in deterring
violations of the securities laws by making awards to whistleblowers who
provide information that lead to the successful enforcement of such laws;
and

‘‘(IV) such additional relevant factors as the Commission may establish
by rule or regulation; and

‘‘(ii) shall not take into consideration the balance of the Fund.

‘‘(2) DENIAL OF AWARD.—No award under subsection (b) shall be
made—

‘‘(A) to any whistleblower who is, or was at the time the whistleblower
acquired the original information submitted to the Commission, a
member, officer, or employee of—

_________________________________________________

P a g e | 11

‘‘(i) an appropriate regulatory agency;

‘‘(ii) the Department of Justice;

‘‘(iii) a self-regulatory organization;

‘‘(iv) the Public Company Accounting Oversight Board; or

‘‘(v) a law enforcement organization;

‘‘(B) to any whistleblower who is convicted of a criminal violation related
to the judicial or administrative action for which the whistleblower
otherwise could receive an award under this section;

‘‘(C) to any whistleblower who gains the information through the
performance of an audit of financial statements required under the
securities laws and for whom such submission would be contrary to the
requirements of section 10A of the Securities Exchange Act of 1934 (15
U.S.C. 78j–1); or

‘‘(D) to any whistleblower who fails to submit information to the
Commission in such form as the Commission may, by rule, require.

‘‘(d) REPRESENTATION.—

‘‘(1) PERMITTED REPRESENTATION.—Any whistleblower who
makes a claim for an award under subsection (b) may be represented by
counsel.

‘‘(2) REQUIRED REPRESENTATION.—

‘‘(A) IN GENERAL.—Any whistleblower who anonymously makes a
claim for an award under subsection (b) shall be represented by counsel
if the whistleblower anonymously submits the information upon which
the claim is based.

_________________________________________________

P a g e | 12

‘‘(B) DISCLOSURE OF IDENTITY.—Prior to the payment of an
award, a whistleblower shall disclose the identity of the whistleblower
and provide such other information as the Commission may require,
directly or through counsel for the whistleblower.

‘‘(e) NO CONTRACT NECESSARY.—No contract with the
Commission is necessary for any whistleblower to receive an award
under subsection (b), unless otherwise required by the Commission by
rule or regulation.

‘‘(f) APPEALS.—Any determination made under this section, including
whether, to whom, or in what amount to make awards, shall be in the
discretion of the Commission.

Any such determination, except the determination of the amount of an
award if the award was made in accordance with subsection (b), may be
appealed to the appropriate court of appeals of the United States not
more than 30 days after the determination is issued by the Commission.

The court shall review the determination made by the Commission in
accordance with section 706 of title 5, United States Code.

‘‘(g) INVESTOR PROTECTION FUND.—

‘‘(1) FUND ESTABLISHED.—There is established in the Treasury of
the United States a fund to be known as the ‘Securities and Exchange
Commission Investor Protection Fund’.

‘‘(2) USE OF FUND.—The Fund shall be available to the Commission,
without further appropriation or fiscal year limitation, for—

‘‘(A) paying awards to whistleblowers as provided in subsection (b); and

‘‘(B) funding the activities of the Inspector General of the Commission
under section 4(i).

‘‘(3) DEPOSITS AND CREDITS.—

_________________________________________________

P a g e | 13

‘‘(A) IN GENERAL.—There shall be deposited into or credited to the
Fund an amount equal to—

‘‘(i) any monetary sanction collected by the Commission in any judicial
or administrative action brought by the Commission under the securities
laws that is not added to a disgorgement fund or other fund under
section 308 of the Sarbanes-Oxley Act of 2002 (15 U.S.C. 7246) or
otherwise distributed to victims of a violation of the securities laws, or
the rules and regulations thereunder, underlying such action, unless the
balance of the Fund at the time the monetary sanction is collected
exceeds $300,000,000;

‘‘(ii) any monetary sanction added to a disgorgement fund or other fund
under section 308 of the Sarbanes-Oxley Act of 2002 (15 U.S.C. 7246) that
is not distributed to the victims for whom the Fund was established,
unless the balance of the disgorgement fund at the time the
determination is made not to distribute the monetary sanction to such
victims exceeds $200,000,000; and

‘‘(iii) all income from investments made under paragraph (4).

‘‘(B) ADDITIONAL AMOUNTS.—If the amounts deposited into or
credited to the Fund under subparagraph (A) are not sufficient to satisfy
an award made under subsection (b), there shall be deposited into or
credited to the Fund an amount equal to the unsatisfied portion of the
award from any monetary sanction collected by the Commission in the
covered judicial or administrative action on which the award is based.

‘‘(4) INVESTMENTS.—

‘‘(A) AMOUNTS IN FUND MAY BE INVESTED.—The Commission
may request the Secretary of the Treasury to invest the portion of the
Fund that is not, in the discretion of the Commission, required to meet
the current needs of the Fund.

‘‘(B) ELIGIBLE INVESTMENTS.—Investments shall be made by the
Secretary of the Treasury in obligations of the United States or

_________________________________________________

P a g e | 14

obligations that are guaranteed as to principal and interest by the United
States, with maturities suitable to the needs of the Fund as determined
by the Commission on the record.

‘‘(C) INTEREST AND PROCEEDS CREDITED.—The interest on,
and the proceeds from the sale or redemption of, any obligations held in
the Fund shall be credited to the Fund.

‘‘(5) REPORTS TO CONGRESS.—Not later than October 30 of each
fiscal year beginning after the date of enactment of this subsection, the
Commission shall submit to the Committee on Banking, Housing, and
Urban Affairs of the Senate, and the Committee on Financial Services of
the House of Representatives a report on—

‘‘(A) the whistleblower award program, established under this section,
including—

‘‘(i) a description of the number of awards granted; and

‘‘(ii) the types of cases in which awards were granted during the
preceding fiscal year;

‘‘(B) the balance of the Fund at the beginning of the preceding fiscal
year;

‘‘(C) the amounts deposited into or credited to the Fund during the
preceding fiscal year;

‘‘(D) the amount of earnings on investments made under paragraph (4)
during the preceding fiscal year;

‘‘(E) the amount paid from the Fund during the preceding fiscal year to
whistleblowers pursuant to subsection (b);

‘‘(F) the balance of the Fund at the end of the preceding fiscal year; and

‘‘(G) a complete set of audited financial statements, including—

_________________________________________________

P a g e | 15

‘‘(i) a balance sheet;

‘‘(ii) income statement; and

‘‘(iii) cash flow analysis.

‘‘(h) PROTECTION OF WHISTLEBLOWERS.—

‘‘(1) PROHIBITION AGAINST RETALIATION.—

‘‘(A) IN GENERAL.—No employer may discharge, demote, suspend,
threaten, harass, directly or indirectly, or in any other manner
discriminate against, a whistleblower in the terms and conditions of
employment because of any lawful act done by the whistleblower—

‘‘(i) in providing information to the Commission in accordance with this
section;

‘‘(ii) in initiating, testifying in, or assisting in any investigation or
judicial or administrative action of the Commission based upon or
related to such information; or

‘‘(iii) in making disclosures that are required or protected under the
Sarbanes-Oxley Act of 2002 (15 U.S.C. 7201 et seq.), the Securities
Exchange Act of 1934 (15 U.S.C. 78a et seq.), including section 10A(m) of
such Act (15 U.S.C. 78f(m)), section 1513(e) of title 18, United States
Code, and any other law, rule, or regulation subject to the jurisdiction of
the Commission.

‘‘(B) ENFORCEMENT.—

‘‘(i) CAUSE OF ACTION.—An individual who alleges discharge or
other discrimination in violation of subparagraph (A) may bring an
action under this subsection in the appropriate district court of the
United States for the relief provided in subparagraph (C).

_________________________________________________

P a g e | 16

‘‘(ii) SUBPOENAS.—A subpoena requiring the attendance of a witness
at a trial or hearing conducted under this section may be served at any
place in the United States.

‘‘(iii) STATUTE OF LIMITATIONS.—

‘‘(I) IN GENERAL.—An action under this subsection may not be
brought—

‘‘(aa) more than 6 years after the date on which the violation of
subparagraph (A) occurred; or

‘‘(bb) more than 3 years after the date when facts material to the right of
action are known or reasonably should have been known by the
employee alleging a violation of subparagraph (A).

‘‘(II) REQUIRED ACTION WITHIN 10 YEARS.—Notwithstanding
subclause (I), an action under this subsection may not in any
circumstance be brought more than 10 years after the date on which the
violation occurs.

‘‘(C) RELIEF.—Relief for an individual prevailing in an action brought
under subparagraph (B) shall include—

‘‘(i) reinstatement with the same seniority status that the individual
would have had, but for the discrimination;

‘‘(ii) 2 times the amount of back pay otherwise owed to the individual,
with interest; and

‘‘(iii) compensation for litigation costs, expert witness fees, and
reasonable attorneys’ fees.

‘‘(2) CONFIDENTIALITY.—

‘‘(A) IN GENERAL.—Except as provided in subparagraphs (B) and
(C), the Commission and any officer or employee of the Commission

_________________________________________________

P a g e | 17

shall not disclose any information, including information provided by a
whistleblower to the Commission, which could reasonably be expected
to reveal the identity of a whistleblower, except in accordance with the
provisions of section 552a of title 5, United States Code, unless and until
required to be disclosed to a defendant or respondent in connection with
a public proceeding instituted by the Commission or any entity
described in subparagraph (C).

For purposes of section 552 of title 5, United States Code, this paragraph
shall be considered a statute described in subsection (b)(3)(B) of such
section.

‘‘(B) EXEMPTED STATUTE.—For purposes of section 552 of title 5,
United States Code, this paragraph shall be considered a statute
described in subsection (b)(3)(B) of such section 552.

‘‘(C) RULE OF CONSTRUCTION.—Nothing in this section is
intended to limit, or shall be construed to limit, the ability of the
Attorney General to present such evidence to a grand jury or to share
such evidence with potential witnesses or defendants in the course of an
ongoing criminal investigation.

‘‘(D) AVAILABILITY TO GOVERNMENT AGENCIES.—

‘‘(i) IN GENERAL.—Without the loss of its status as confidential in the
hands of the Commission, all information referred to in subparagraph
(A) may, in the discretion of the Commission, when determined by the
Commission to be necessary to accomplish the purposes of this Act and
to protect investors, be made available to—

‘‘(I) the Attorney General of the United States;

‘‘(II) an appropriate regulatory authority;

‘‘(III) a self-regulatory organization;

_________________________________________________

P a g e | 18

‘‘(IV) a State attorney general in connection with any criminal
investigation;

‘‘(V) any appropriate State regulatory authority;

‘‘(VI) the Public Company Accounting Oversight Board;

‘‘(VII) a foreign securities authority; and

‘‘(VIII) a foreign law enforcement authority.

‘‘(ii) CONFIDENTIALITY.—

‘‘(I) IN GENERAL.—Each of the entities described in subclauses (I)
through (VI) of clause (i) shall maintain such information as confidential
in accordance with the requirements established under subparagraph
(A).

‘‘(II) FOREIGN AUTHORITIES.—Each of the entities described in
subclauses (VII) and (VIII) of clause (i) shall maintain such information
in accordance with such assurances of confidentiality as the Commission
determines appropriate.

‘‘(3) RIGHTS RETAINED.—Nothing in this section shall be deemed to
diminish the rights, privileges, or remedies of any whistleblower under
any Federal or State law, or under any collective bargaining agreement.

‘‘(i) PROVISION OF FALSE INFORMATION.—A whistleblower shall
not be entitled to an award under this section if the whistleblower—

‘‘(1) knowingly and willfully makes any false, fictitious, or fraudulent
statement or representation; or

‘‘(2) uses any false writing or document knowing the writing or
document contains any false, fictitious, or fraudulent statement or entry.

_________________________________________________

P a g e | 19

‘‘(j) RULEMAKING AUTHORITY.—The Commission shall have the
authority to issue such rules and regulations as may be necessary or
appropriate to implement the provisions of this section consistent with
the purposes of this section.’’.

(b) PROTECTION FOR EMPLOYEES OF NATIONALLY
RECOGNIZED STATISTICAL RATING ORGANIZATIONS.—
Section 1514A(a) of title 18, United States Code, is amended—

(1) by inserting ‘‘or nationally recognized statistical rating organization
(as defined in section 3(a) of the Securities Exchange Act of 1934 (15
U.S.C. 78c),’’ after ‘‘78o(d)),’’; and

(2) by inserting ‘‘or nationally recognized statistical rating organization’’
after ‘‘such company’’.

(c) SECTION 1514A OF TITLE 18, UNITED STATES CODE.—

(1) STATUTE OF LIMITATIONS; JURY TRIAL.—Section 1514A(b)(2)
of title 18, United States Code, is amended—

(A) in subparagraph (D)—

(i) by striking ‘‘90’’ and inserting ‘‘180’’; and

(ii) by striking the period at the end and inserting ‘‘, or after the date on
which the employee became aware of the violation.’’; and

(B) by adding at the end the following:

‘‘(E) JURY TRIAL.—A party to an action brought under paragraph
(1)(B) shall be entitled to trial by jury.’’.

(2) PRIVATE SECURITIES LITIGATION WITNESSES;
NONENFORCEABILITY; INFORMATION.—Section 1514A of title
18, United States Code, is amended by adding at the end the following:

_________________________________________________

P a g e | 20

‘‘(e) NONENFORCEABILITY OF CERTAIN PROVISIONS
WAIVING RIGHTS AND REMEDIES OR REQUIRING
ARBITRATION OF DISPUTES.—

‘‘(1) WAIVER OF RIGHTS AND REMEDIES.—The rights and
remedies provided for in this section may not be waived by any
agreement, policy form, or condition of employment, including by a
predispute arbitration agreement.

‘‘(2) PREDISPUTE ARBITRATION AGREEMENTS.—No predispute
arbitration agreement shall be valid or enforceable, if the agreement
requires arbitration of a dispute arising under this section.’’.

(d) STUDY OF WHISTLEBLOWER PROTECTION PROGRAM.—

(1) STUDY.—The Inspector General of the Commission shall conduct a
study of the whistleblower protections established under the
amendments made by this section, including—

(A) whether the final rules and regulation issued under the amendments
made by this section have made the whistleblower protection program
(referred to in this subsection as the ‘‘program’’) clearly defined and
user-friendly;

(B) whether the program is promoted on the website of the Commission
and has been widely publicized;

(C) whether the Commission is prompt in—

(i) responding to—

(I) information provided by whistleblowers; and

(II) applications for awards filed by whistleblowers;

(ii) updating whistleblowers about the status of their applications; and

_________________________________________________

P a g e | 21

(iii) otherwise communicating with the interested parties;

(D) whether the minimum and maximum reward levels are adequate to
entice whistleblowers to come forward with information and whether the
reward levels are so high as to encourage illegitimate whistleblower
claims;

(E) whether the appeals process has been unduly burdensome for the
Commission;

(F) whether the funding mechanism for the Investor Protection Fund is
adequate;

(G) whether, in the interest of protecting investors and identifying and
preventing fraud, it would be useful for Congress to consider
empowering whistleblowers or other individuals, who have already
attempted to pursue the case through the Commission, to have a private
right of action to bring suit based on the facts of the same case, on
behalf of the Government and themselves, against persons who have
committee securities fraud;

(H)(i) whether the exemption under section 552(b)(3) of title 5 (known
as the Freedom of Information Act) established in section 21F(h)(2)(A)
of the Securities Exchange Act of 1934, as added by this Act, aids
whistleblowers in disclosing information to the Commission;

(ii) what impact the exemption described in clause (i) has had on the
ability of the public to access information about the regulation and
enforcement by the Commission of securities; and

(iii) any recommendations on whether the exemption described in clause
(i) should remain in effect; and

(I) such other matters as the Inspector General deems appropriate.

(2) REPORT.—Not later than 30 months after the date of enactment of
this Act, the Inspector General shall—

_________________________________________________

P a g e | 22

(A) submit a report on the findings of the study required under
paragraph (1) to the Committee on Banking, Housing, and Urban Affairs
of the Senate and the Committee on Financial Services of the House;
and

(B) make the report described in subparagraph (A) available to the
public through publication of the report on the website of the
Commission.

_________________________________________________

P a g e | 23

The 12 most important definitions in the Sarbanes Oxley Act

1. Appropriate state regulatory authority
It means the State agency or other authority responsible for the licensure
or other regulation of the practice of accounting in the State or States
having jurisdiction over a registered public accounting firm or associated
person thereof, with respect to the matter in question.

2. Audit
It is an examination of the financial statements of any issuer by an
independent public accounting firm in accordance with the rules of the
Board or the Commission for the purpose of expressing an opinion on
such statements.

3. Audit committee
It is:

A. A committee (or equivalent body) established by and amongst the
board of directors of an issuer for the purpose of overseeing the
accounting and financial reporting processes of the issuer and audits of
the financial statements of the issuer; and

B. If no such committee exists with respect to an issuer, the entire board
of directors of the issuer.

4. Audit report
It means a document or other record:

A. Prepared following an audit performed for purposes of compliance by
an issuer with the requirements of the securities laws; and

B. In which a public accounting firm either -

- Sets forth the opinion of that firm regarding a financial
statement, report, or other document; or

- Asserts that no such opinion can be expressed.
_________________________________________________

P a g e | 24

5. Board
It means the Public Company Accounting Oversight Board established
under section 101.

6. Commission
It means the Securities and Exchange Commission (SEC).

7. Issuer
It means an issuer (as defined in section 3 of the Securities Exchange
Act of 1934), the securities of which are registered under section 12 of
that Act, or that is required to file reports under section 15(d), or that
files or has filed a registration statement that has not yet become
effective under the Securities Act of 1933, and that it has not withdrawn.

8. Non-audit services
It means any professional services provided to an issuer by a registered
public accounting firm, other than those provided to an issuer in
connection with an audit or a review of the financial statements of an
issuer.

9. Person associated with a public accounting firm

A. In general. The terms "person associated with a public accounting
firm" (or with a "registered public accounting firm") and "associated
person of a public accounting firm" (or of a "registered public
accounting firm") mean any individual proprietor, partner, shareholder,
principal, accountant, or other professional employee of a public
accounting firm, or any other independent contractor or entity that, in
connection with the preparation or issuance of any audit report--

- Shares in the profits of, or receives compensation in any other
form from, that firm; or

- Participates as agent or otherwise on behalf of such
accounting firm in any activity of that firm.

B. Exemption authority. The Board may, by rule, exempt persons

_________________________________________________

P a g e | 25

engaged only in ministerial tasks from the definition in subparagraph
(A), to the extent that the Board determines that any such exemption is
consistent with the purposes of this Act, the public interest, or the
protection of investors.

10. Professional standards
It means—

A. Accounting principles that are--

- Established by the standard setting body described in section
19(b) of the Securities Act of 1933, as amended by this Act, or
prescribed by the Commission under section 19(a) of that Act or
section 13(b) of the Securities Exchange Act of 1934; and

- Relevant to audit reports for particular issuers, or dealt with in the
quality control system of a particular registered public accounting
firm; and

B. Auditing standards, standards for attestation engagements, quality
control policies and procedures, ethical and competency standards, and
independence standards (including rules implementing title II) that the
Board or the Commission determines--

- Relate to the preparation or issuance of audit reports for issuers;
and

- Are established or adopted by the Board under section 103(a), or
are promulgated as rules of the Commission.

11. Public accounting firm

It means:

A. A proprietorship, partnership, incorporated association, corporation,
limited liability company, limited liability partnership, or other legal
entity that is engaged in the practice of public accounting or preparing

_________________________________________________

P a g e | 26

or issuing audit reports; and

B. To the extent so designated by the rules of the Board, any associated
person of any entity described in subparagraph (A).

Registered public accounting firm is a public accounting firm registered
with the Board in accordance with this Act.

12. Rules of the board

It means the bylaws and rules of the Board (as submitted to, and
approved, modified, or amended by the Commission, in accordance with
section 107), and those stated policies, practices, and interpretations of
the Board that the Commission, by rule, may deem to be rules of the
Board, as necessary or appropriate in the public interest or for the
protection of investors.

_________________________________________________

P a g e | 27

Dodd Frank Act, SEC. 989G.
EXEMPTION FOR NONACCELERATED FILERS.

(a) EXEMPTION.—Section 404 of the Sarbanes-Oxley Act of 2002 is
amended by adding at the end the following:

“(c) EXEMPTION FOR SMALLER ISSUERS.—Subsection (b) shall
not apply with respect to any audit report prepared for an issuer that is
neither a “large accelerated filer” nor an “accelerated filer” as those
terms are defined in Rule 12b–2 of the Commission (17 C.F.R. 240.12b–
2).”

(b) STUDY.—The Securities and Exchange Commission shall conduct a
study to determine how the Commission could reduce the burden of
complying with section 404(b) of the Sarbanes-Oxley Act of 2002 for
companies whose market capitalization is between $75,000,000 and
$250,000,000 for the relevant reporting period while maintaining investor
protections for such companies.

The study shall also consider whether any such methods of reducing the
compliance burden or a complete exemption for such companies from
compliance with such section would encourage companies to list on
exchanges in the United States in their initial public offerings.

Not later than 9 months after the date of the enactment of this subtitle,
the Commission shall transmit a report of such study to Congress.

_________________________________________________

P a g e | 28

Internal Controls, the Sarbanes Oxley Act and the Dodd Frank
Act

Effective internal control over financial reporting is intended to provide
reasonable assurance about the reliability of a company's financial
statements and the process of preparation of those statements. Until this
summer, all this had to do with Section 404 of the Sarbanes-Oxley Act.

After July 2010, we have to speak about "Section 404 of the Sarbanes-
Oxley Act, as amended by the Dodd-Frank Act".

It requires management of all companies to assess and report on the
effectiveness of the company's internal control over its financial
reporting.

The law also requires that independent auditors for larger companies
attest to management's disclosures about the effectiveness of that
internal control.

Under the amendments to Sarbanes Oxley by the Dodd-Frank Act,
certain smaller companies, known as "non-accelerated filers," are
exempted from the requirement for an external audit of internal control
over financial reporting.

However, these smaller companies, which typically have common equity
held by non-insiders of less than $75 million, must still provide annually
management’s assessment of internal controls.

We use the term “non-accelerated filer” to refer to a reporting company
that does not meet the definition of either an “accelerated filer” or a
“large accelerated filer” under Exchange Act Rule 12b-2.

Under Exchange Act Rule 12b-2, an accelerated filer is an issuer that
“had an aggregate worldwide market value of the voting and non-voting
common equity held by its non-affiliates of $75 million or more, but less
than $700 million, as of the last business day of the issuer’s most recently
completed second fiscal quarter.
_________________________________________________

P a g e | 29

A large accelerated filer is an issuer that “had an aggregate worldwide
market value of the voting and non-voting common equity held by its
non-affiliates of $700 million or more, as of the last business day of the
issuer’s most recently completed second fiscal quarter”.

In addition, for both definitions, the issuer needs to have been subject to
reporting requirements for at least twelve calendar months, have filed at
least one annual report, and not be eligible to use the requirements for
smaller reporting companies for its annual and quarterly reports.

Securities and Exchange Commission, final rule.

The Securities and Exchange Commission (“Commission”) is adopting
amendments to its rules and forms to conform them to Section 404(c) of
the Sarbanes-Oxley Act of 2002 (the “Sarbanes-Oxley Act”), as added by
Section 989G of the Dodd-Frank Wall Street Reform and Consumer
Protection Act (the “Dodd-Frank Act”).

Section 404(c) provides that Section 404(b) of the Sarbanes-Oxley Act
shall not apply with respect to any audit report prepared for an issuer
that is neither an accelerated filer nor a large accelerated filer as defined
in Rule 12b-2 under the Securities Exchange Act of 1934 (the “Exchange
Act”).

The Commission is adopting amendments to its rules and forms to
conform them to new Section 404(c) of the Sarbanes-Oxley Act, as added
by Section 989G of the Dodd-Frank Act.

Section 404(c) provides that Section 404(b) of the Sarbanes-Oxley Act
shall not apply with respect to any audit report prepared for an issuer
that is neither an accelerated filer nor a large accelerated filer as defined
in Rule 12b-29 under the Exchange Act.

Prior to enactment of the Dodd-Frank Act, a non-accelerated filer would
have been required, under existing Commission rules, to include an
attestation report of its registered public accounting firm on internal

_________________________________________________

P a g e | 30

control over financial reporting in the filer’s annual report filed with the
Commission for fiscal years ending on or after June 15, 2010.

[Consistent with Sections 404(a) and 404(b) of the Sarbanes-Oxley Act,
on June 5, 2003, the Commission adopted initial amendments to its rules
and forms requiring companies, other than registered investment
companies, to include in their annual reports filed with the Commission
a report of management and an accompanying auditor’s attestation
report on the effectiveness of the company’s internal control over
financial reporting.

Subsequent to the adoption of those rules, the Commission postponed
the Section 404(b) auditor attestation requirement for non-accelerated
filers, such that the auditor’s attestation report for these filers would have
first been required for annual reports filed with the Commission for fiscal
years ending on or after June 15, 2010.

The amendments in this Release will not affect the transition rules
applicable for non-accelerated filers with fiscal years ending prior to June
15, 2010.]

To conform the Commission’s rules to Section 404(c) of the Sarbanes-
Oxley Act, these amendments remove the requirement for a non-
accelerated filer to include in its annual report an attestation report of the
filer’s registered public accounting firm.

We are also adopting a conforming change to our rules concerning
management’s disclosure in the annual report regarding inclusion of an
attestation report to provide that the disclosure only applies if an
attestation report is included.

Lastly, we are making a conforming change to Rule 2-02(f) of Regulation
S-X to clarify that an auditor of a non-accelerated filer need not include
in its audit report an assessment of the issuer’s internal control over
financial reporting.

_________________________________________________

P a g e | 31

All issuers, including non-accelerated filers, continue to be subject to the
requirements of Section 404(a) of the Sarbanes-Oxley Act. Section 404(a)
and its implementing rules require that an issuer’s annual report include
a report of management on the issuer’s internal control over financial
reporting.

PROCEDURAL AND OTHER MATTERS

Under the Administrative Procedure Act, a notice of proposed
rulemaking is not required when the agency, for good cause, finds that
notice and public comment are impracticable, unnecessary, or contrary
to the public interest.

These amendments merely conform certain rules and forms to a newly
enacted statute, Section 404(c) of the Sarbanes-Oxley Act, as amended
by the Dodd-Frank Act, so the Commission finds that it is unnecessary
to publish notice of these amendments.

These amendments revise the Commission’s rules and forms to make
them consistent with the internal control reporting requirements for non-
accelerated filers in the Sarbanes-Oxley Act, as amended by the Dodd-
Frank Act, and should therefore minimize potential confusion of issuers
and investors.

The Administrative Procedure Act also requires publication of a rule at
least 30 days before its effective date unless the agency finds otherwise
for good cause.

The Commission is taking this action to implement the Dodd-Frank Act.

Thus, any costs and benefits to the economy resulting from these
amendments are mandated by the Dodd-Frank Act. Section 23(a)(2) of
the Exchange Act requires the Commission, in adopting rules under the
Exchange Act, to consider the competitive effects of such rules, if any,
and to refrain from adopting a rule that would impose a burden on
competition not necessary or appropriate in furtherance of the purposes
of the Exchange Act.

_________________________________________________

P a g e | 32

Section 3(f) of the Exchange Act requires the Commission, whenever it
engages in rulemaking and must consider or determine if an action is
necessary or appropriate in the public interest, to consider if the action
will promote efficiency, competition, and capital formation.

We do not anticipate any competitive or capital formation effects from
these amendments as they merely conform certain rules and forms to
new Section 404(c) of the Sarbanes-Oxley Act.

We do not anticipate that these conforming amendments will impose
any costs, and they may promote efficiency by eliminating potential
confusion that may otherwise result from a discrepancy between our
rules and the statute.

_________________________________________________

P a g e | 33

OFFICE OF ECONOMIC ANALYSIS
UNITED STATES SECURITIES AND EXCHANGE COMMISSION
Study of the Sarbanes-Oxley Act of 2002 Section 404
Internal Control over Financial Reporting Requirements
Executive Summary

The Public Company Accounting Reform and Investor Protection Act,
otherwise known as the Sarbanes-Oxley Act (the “Act”), was enacted in
July 2002 after a series of high-profile corporate scandals involving
companies such as Enron and Worldcom.

Section 404(a) of the Act requires management to assess and report on
the effectiveness of internal control over financial reporting (“ICFR”).

Section 404(b) requires that an independent auditor attest to
management’s assessment of the effectiveness of those internal controls.

Because the cost of complying with the requirements of Section 404 of
the Act (“Section 404”) has been generally viewed as being unexpectedly
high, efforts to reduce the costs while retaining the effectiveness of
compliance resulted in a series of reforms in 2007.

This report presents an analysis of data from publicly traded companies
collected from an SEC-sponsored Web survey of financial executives of
companies with Section 404 experience conducted during December
2008 and January 2009.

The analysis of the survey data is designed to inform the Commission
and other interested parties as to whether changes occurring since 2007
are having the intended effect of facilitating more cost-effective internal
controls evaluations and audits, especially as they may apply to smaller
reporting companies.

The findings of the analysis relating to efficiency include evidence on the
total and component compliance costs, the changes in costs over time,

_________________________________________________

P a g e | 34

and the factors that help to explain why costs are lower or higher for
some companies than for others.

These findings include evidence of direct and indirect effects that
management ascribes to Section 404 compliance, including evidence on
intended benefits.

The 2007 reforms that are the focus of this inquiry include the SEC’s
June 2007 Management Guidance and its order approving the Public
Company Accounting Oversight Board’s (PCAOB) Accounting Standard
No. 5 (AS5) (collectively referred to as the “2007 reforms”).

We are primarily interested in whether and how companies’ experience
with Section 404(b) compliance changed following the reforms, yet this
report also presents evidence on the implementation of both Section
404(a) and Section 404(b).

This reflects the interrelationship between the two requirements.

The survey was open to all reporting companies with relevant experience
in complying with Section 404, recognizing that only large accelerated
filers and accelerated filers are currently required to comply with both
Section 404(a) and Section 404(b) and, thus, have information on the
overall cost of compliance with these sections.

These experienced filers that responded to the survey tend to have public
float in excess of $75 million, which is large compared to that of non-
accelerated filers that are not yet required to comply with Section 404(b).

The evidence on the experiences of larger companies may be useful in
evaluating the extent to which additional improvements to the
implementation of Section 404(b) should be undertaken before it
becomes applicable to non-accelerated filers.

Notwithstanding, it is important to highlight that the analysis in this
report is not designed to provide compliance cost estimates for

_________________________________________________

P a g e | 35

companies that have yet to comply with the relevant requirements of
Section 404.

The general conclusion from the analysis of survey data is that
compliance costs vary with company size (increasing with size),
compliance history (decreasing with increased compliance experience),
and compliance regime (lower after the 2007 reforms).

Larger companies tend to incur higher compliance costs in dollar terms
(“absolute cost”), while smaller companies report higher costs as a
fraction of asset value (“scaled cost”).

The evidence suggests that companies bear some fixed start-up costs of
compliance that are not scalable. Some of these costs are recurring fixed
costs, while others are one-time start-up costs borne in the first years of
compliance that tend to dissipate over time.

For companies complying with both parts of Section 404, the cost of
complying with Section 404(b) is reportedly similar to the incremental
cost of complying with Section 404(a) alone.

The resource requirements of Section 404(a) and Section 404(b)
compliance are quite different, however.

The Section 404(a) cost is borne through increased internal labor and
outside vendor expenses, while the Section 404(b) cost is experienced
primarily through increased independent-auditor fees, according to the
survey evidence.

The evidence also indicates that there is an economically and
statistically significant reduction in Section 404 compliance costs
following the 2007 reforms.

This reduction is most pronounced among larger companies.

More than half of survey participants (henceforth also referred to as
“respondents”) who answered explicit questions about the effects of the

_________________________________________________

P a g e | 36

2007 reforms report that the reforms led to a decrease in compliance
costs, consistent with the objectives of the reform and the reported cost
reductions.

Nearly all respondents indicated that they relied on the Management
Guidance and, of those, a majority found it to be useful.

As a result of the Management Guidance, there has been a shift of effort
among smaller companies toward evaluating the effectiveness of ICFR
and away from the tasks of identifying risks to the company’s financial
reporting and identifying controls that address identified risks.

These respondents, however, had a less favorable response to a question
about the SEC’s responsiveness to concerns about compliance costs.

The Web survey also included questions about respondents’ perceptions
of other potential effects of Section 404 compliance, including potential
beneficial effects. Respondents ascribe some beneficial effects to Section
404 compliance.

In particular, respondents were more likely to report direct benefits of
compliance with Section 404 rules (i.e., improvements directly related to
a company’s financial reporting process, such as the quality of the
company’s ICFR), rather than indirect benefits of compliance (i.e.,
improvements indirectly related to a company’s financial reporting
process, such as the company’s ability to raise capital).

Respondents from larger companies and Section 404(b) companies tend
to regard Section 404 compliance more favorably than those from their
counterparts in almost every respect.

Before turning to a more detailed outline of findings, it will be useful to
provide some background on the size and compliance categories of the
companies that are the subject of the study.

_________________________________________________

P a g e | 37

Throughout the analysis, respondents are partitioned based on the size
of their company using the size thresholds that parallel the SEC’s
reporting thresholds.

Under SEC regulations— typically—non-accelerated filers have public
float of less than $75 million; accelerated filers have public float between
$75 million and $700 million; and large accelerated filers have public
float of $700 million or more.

The evidence on the costs and benefits of Section 404(b) compliance is
almost entirely from the last two groups, which are termed “large” and
“medium/mid-sized” companies in this report, because “small”
companies (with public float less than $75 million) were typically not yet
required to comply with Section 404(b) at the time of the survey.

Following previous research, in some instances, the analysis of smaller
companies focuses on those having a public float falling within a band
above and below the $75 million threshold that distinguishes non-
accelerated from accelerated filers.

In addition, to separate the effects of Section 404(a) compliance from
those of Section 404(b), when appropriate the analysis partitions
companies that were compliant with both Sections 404(a) and 404(b) in
the relevant fiscal year (henceforth “Section 404(b) companies”) from
those that are compliant with Section 404(a) only (henceforth “Section
404(a)-only companies”).

A more detailed presentation of findings as answers to the central
questions of the report follows:

Q1. How does the cost of complying with Section 404 vary across
companies, and what factors influence a company’s compliance cost?

The total cost of complying with Section 404 varies across companies
depending on

(1) The company’s size,

_________________________________________________

P a g e | 38

(2) Whether the company is complying with Section 404(a) only or also
with Section 404(b),

(3) The company’s experience in complying with Section 404(b), and

(4) Whether compliance occurred before or after the 2007 reforms.

Specifically, the absolute compliance cost in dollar terms tends to
increase with company size (measured by public float), but the cost
scaled by asset value tends to decline as company size increases.

As one would expect, total compliance costs are typically larger for
companies complying with Section 404(b) in addition to Section 404(a).

Longer experience with Section 404(b) compliance, however, is
associated with a decrease in the typical reported costs (scaled by
company assets).

The cost of compliance tends to be lower after the 2007 reforms than
before and this decrease is most pronounced among larger companies.

Q2. What is the observed trend in Section 404 compliance cost before
and after the 2007 reforms?

The Web survey collected response data on audit fees, outside vendor
fees, non-labor costs, and internal labor hours. These cost components
were aggregated using conservative assumptions in order to obtain a
dollar estimate of the total cost of compliance.

The evidence generally indicates that the typical total compliance costs
have decreased from the year prior compared to the one after the 2007
reform and are expected to decrease further in the fiscal year in progress
at the time of the survey.

Among Section 404(b) companies, the mean total Section 404
compliance cost drops significantly from $2.87 million pre-reform to

_________________________________________________

P a g e | 39

$2.33 million post-reform, representing a 19 percent decline in the total
compliance cost.

The compliance cost is expected to be lower still, with a mean cost of
$2.03 million, representing a combined decline of 29 percent.

When reporting compliance costs by size category, the mean total
compliance cost decreases from $769,000 to $690,000 among filers with
public float lower than $75 million, but this difference is not statistically
significant.

The reduction in compliance costs is more pronounced among the
medium and large companies that are already required to comply with
Section 404(b).

The medians reveal similar patterns for the typical company in our
sample.

The median total Section 404 compliance cost declines significantly from
$1.19 million pre-reform to $1.04 million post-reform, a 13 percent
decline.

The median expected cost for the fiscal year in progress is lower still, at
$905,000, a combined decline of 24 percent relative to the pre-reform
median cost.

For non-accelerated filers, the median total compliance cost decreased
from $579,000 to $439,000, but, as with the means, the difference for
these companies is not statistically significant.

When analyzing first-time compliance costs before and after the 2007
reforms, the results are mixed and the mean decrease in total costs is not
statistically significant.

In contrast, for companies in their second year of compliance with
Section 404(b), both the mean and median compliance costs are
significantly lower after the 2007 reforms than before.

_________________________________________________

P a g e | 40

Meanwhile, among Section 404(a)-only companies, the mean total cost
also decreased from $425,000 pre-reform to $336,000 post-reform, but the
difference is not statistically significant, and the median cost actually
increased from $111,000 to $162,000.

Both the mean and the median, however, are expected to decrease for
the fiscal year in progress at the time of the survey.

Q3. How do the component costs of complying with Section 404
compare, and how have they changed since the 2007 reforms?

For Section 404(b) compliant companies, the largest cost component is
internal labor costs— which can comprise more than 50 percent of the
total compliance cost—followed by the estimated portion of total audit
fees attributed to ICFR (404(b) audit fees), outside vendor fees, and non-
labor cost.

In general, every component cost declines after the reforms compared to
the year before, and is projected to decline further in the fiscal year in
progress.

The most notable changes in the cost components between pre-reform
and post-reform are observed in the outside vendor fees and the percent
of the total audit fees attributable to ICFR.

The mean outside vendor fee decreases by 29 percent from $438,000 pre-
reform to $311,000. The median outside vendor fee decreases by 10
percent from $100,000 to $90,000.

Both differences are statistically significant, and the outside vendor fees
are expected to decrease significantly to a mean cost of $222,000 and
median cost of $55,000 in the fiscal year in progress at the time of the
survey.

The mean portion of the audit fee that respondents attributed to the
ICFR audit also decreases significantly by 21 percent from $821,000 to
$652,000.

_________________________________________________

P a g e | 41

This decline is expected to continue.

Similarly, the median audit fee decreases by 13 percent from $358,000 to
$311,000 and is expected to decrease to $275,000.

Q4. What are the benefits of complying with Section 404, as reported by
company executives, and how do they compare against the costs of
compliance?

The survey asked the respondents to comment on the impact of Section
404 compliance on twelve characteristics relating to internal governance
and investor confidence, of which six were considered direct effects of
compliance and the remaining six indirect effects of compliance.

The respondents recognized Section 404 compliance as having a positive
impact on various dimensions of the financial reporting process, but
were less inclined to recognize these improvements as affecting the
companies’ dealings with other capital market participants.

Furthermore, in an optional section of the survey, respondents provided
their assessment of the cost-benefit trade-off of Section 404 compliance.

The majority of respondents to this section perceive the trade-off to be
negative to varying degrees.

This perceived trade-off is more favorable among larger companies and,
independently of size, improved following the 2007 reforms.

Among the characteristics that are most widely reported benefiting from
Section 404 compliance is:

- The quality of the respondent company’s internal control structure
(73 percent)

- The audit committee’s confidence in the company’s ICFR (71
percent)

_________________________________________________

P a g e | 42

- The quality of the company’s financial reporting (49 percent)

- The company’s ability to prevent and detect fraud (48 percent)

- The respondent’s confidence in the financial reports of other
companies complying with Section 404 (40 percent).

The majority of respondents recognize no effect of Section 404
compliance on: the company’s ability to raise capital, investor
confidence in the company’s financial reports, the company’s overall
firm value, and the liquidity of the company’s common stock.

Finally, the perceived effect of Section 404 compliance on the efficiency
of the operating and financial reporting processes and the timeliness of
the company’s financial statement audit varies widely:

While a majority of respondents perceive no effect on these dimensions,
non-trivial portions of respondents recognize a negative effect—that is, a
reduction in the efficiency of the operating and financial reporting
processes and/or the timeliness of financial statement audit.

In the cross-section, larger companies were more likely to ascribe
positive direct and indirect effects to Section 404 compliance than were
smaller companies.

Q5. What are the reported benefits of Section 404 compliance from the
perspective of financial statement users?

In order to obtain a more complete picture of the effects of Section 404
implementation, staff members from the SEC’s Office of the Chief
Accountant conducted separate in-depth phone interviews of a sample of
30 users of financial statements—including lenders, securities analysts,
credit rating agencies, and other investors.

Although the sample is admittedly smaller than that of issuers
participating in the survey, the evidence gathered is useful because it

_________________________________________________

P a g e | 43

provides the perspective of financial statement users on the effects of
Section 404 compliance.

In general, financial statement users regard ICFR disclosures to be
beneficial and indicated that Section 404(a) and Section 404(b)
compliance has had a positive impact on their confidence in the
companies’ financial reports.

The users generally indicate that Section 404 compliance leads
management to better understand financial reporting risks, put in place
appropriate controls to address financial reporting risks, and address
internal control deficiencies in a more timely fashion than in the absence
of the disclosure requirement.

Although, users offer divergent opinions regarding the extent to which
disclosures of material weakness affect their decision-making process,
most agree that severe weaknesses that could take years to remediate are
likely to negatively affect their decision-making.

Users tend not to perceive the benefits of Section 404 compliance to vary
with the size of the reporting company.

Instead, many indicate that these benefits depend on a company’s
complexity and industry affiliation.

At the same time, the users agree that variations in compliance
requirements based on complexity and/or industry would likely be
impractical.

Finally, most users indicate that the benefits they perceive from Section
404 compliance have not changed substantially over time.

This is an important finding since it indicates that the 2007 reforms,
while intended to reduce certain duplicative efforts in conducting the
evaluation of ICFR, did not at the same time change financial statement
users’ perception of the effectiveness of Section 404.

_________________________________________________

P a g e | 44

Regarding the Section 404(b) requirement, the general consensus is that
the auditor’s report on ICFR required under Section 404(b) provides an
incremental benefit beyond the management’s report because many
respondents perceive the audit requirement to provide necessary
discipline to the reporting process.

Although some users express the concern that ICFR evaluation may
divert management’s attention from other important areas of their
businesses, these respondents continued to believe that strong ICFR is
necessary and that financial statements need to be of high quality and
reliable.

Most users interviewed indicate that the process of compliance with
Section 404 has become more efficient since the initial implementation
in 2004 due to:

(i) Reduction in the level of documentation,

(ii) Improved communications between auditors and management,

(iii) Increased use of professional judgment in scoping and testing,

(iv) More focus on higher risk areas, and

(v) Streamlining of audits subsequent to the first-time effort required by

Q6. In what ways have the Commission’s 2007 reforms affected the
companies’ procedures of complying with Section 404?

Nearly all respondents who completed an optional section of the survey
requesting feedback on management’s Section 404(a) experience
responded that they used Management Guidance and found it to be
useful.

_________________________________________________

P a g e | 45

Those who responded indicate that both Management Guidance and
Auditing Standard No. 5 have helped reduce the total cost of
compliance, for companies in every size category.

The respondents also indicate on average that Auditing Standard No. 5
resulted in a small decrease in the time it takes to complete the
independent audit of ICFR.

The perceived impact of AS5, however, varies with the size of the
company and its experience with Section 404(b) compliance.

Specifically, the perceived impact of AS5 on the time it takes to complete
the independent audit of ICFR is significantly smaller among small filers
and among companies with no previous experience with Section 404(b)
compliance.

When asked to compare the changes in activities associated with
management’s evaluation of ICFR, the respondents indicate a slight
decrease on average from pre-reform to post-reform in the number of
risks subject to testing, the number of controls tested, but a slight
increase in the level of documentation, the use of management’s
interaction with controls as evidence, reliance on evidence gained from
self-assessment, and reliance on evidence from direct testing.

Like much of the previous results, the responses varied significantly
depending on the respondents’ size.

While smaller companies typically report an increase in every
component, the changes reported by medium and large filers are not
homogenous.

Interestingly, however, the evidence suggests that the compliance
process across companies of different size has become more
homogenous following the 2007 reforms.

Finally, the survey evidence indicates that companies are increasingly
structuring their evaluations of ICFR with the intent of allowing the

_________________________________________________

P a g e | 46

independent auditor to rely on their internal work, which is consistent
with one of the goals of the 2007 reforms through Auditing Standard No.
5.

Some caveats about the analysis of Web survey data on Section 404
implementation

There are a number of caveats to consider when interpreting the
evidence presented in this study, some of which are due to the inherent
nature of survey data, while others are the result of the particular context
in which the Section 404 survey takes place.

First, most, if not all, analyses of survey data are affected to various
degrees by the following potential difficulties:

• Self-Selection Bias (i.e., Non-response Bias):

Participation in survey research is generally voluntary.

The process by which survey participants “select” to participate in a
survey can bias the inference based on survey data, if the participants’
(self-) selection process is such that particular segments of the
population are systematically over- or under-represented.

We conduct extensive analyses to test for the presence and the potential
severity of the problem, particularly by investigating the extent to which
key characteristics of the sample of respondents to the survey coincide or
diverge from those of the list of companies identified as the target
population.

We find that respondent companies are representative of the initial list of
public companies identified for this study, particularly among Section
404(b) companies or within company size groups.

We also find that the typical responses of voluntary participants in the
survey are not significantly different from those of a randomly selected,

_________________________________________________

P a g e | 47

stratified sample of companies that were the target of follow-up efforts to
induce their participation.

Overall, the evidence is consistent with the notion that the voluntary
nature of the participation introduces no bias in the responses, at least
relative to the separate treatment group where part of the decision to
participate is a result of the follow-up effort.

• Response Bias:

If there are no penalties for misrepresentation and survey participants
have systematic incentives to be less than fully truthful, inference based
on survey data (or any other self-reported information that meets those
criteria) may not be accurate.

A similar problem arises when survey questions are designed to elicit the
participant’s subjective perceptions on a particular subject and the
participants’ views are systematically biased.

The portion of survey data that we could independently verify (i.e., audit
fees) indicates that the participants’ representations do not deviate
substantially from what is reported in official SEC filings.

Aside from this exercise, it is virtually impossible to assess the extent to
which the remaining survey data may not be accurate.

The nature of the survey questions varies, with some questions focusing
on quantifiable items (e.g., internal labor hours) and others on
directional perceptions (e.g., assessment of the effect of Section 404 on
the quality of ICFR) and others still on directional/ordinal perceptions
(e.g., assessment of the effect of AS5 on the amount of time it takes to
complete the independent audit under Section 404(b)).

The common element, however, is that these data cannot be
independently verified, either because companies are do not keep a
separate record of the figures provided (e.g., costs) or because the

_________________________________________________

P a g e | 48

information provided is based on the respondents’ perceptions which by
their very nature are not verifiable.

The analysis in this report provides a characterization of companies’
experiences with Section 404 compliance that is based on survey
participants’ representations of their experiences.

Other caveats are specific to the analysis presented in this report, as they
depend on the nature and timing of the survey.

In particular:

1. The number of respondents from Section 404(b) companies that are
non-accelerated filers and have usable data is relatively small —
approximately 100 companies versus over 1,600 accelerated filers in the
most recently completed fiscal year —and there are reasons to believe
the experience of these companies may not extend to other non-
accelerated filers that are yet to comply with Section 404(b).

Specifically, non-accelerated Section 404(b) companies that participated
in the survey are either voluntary compliers or have been required to
comply in the past as accelerated filers and must continue to do so
because their float has not dropped below $50 million since.

To the extent that these factors affect companies’ experience with
Section 404(b) compliance, one should be careful when extrapolating the
results to non-accelerated filers that are yet to comply.

2. Non-accelerated filers were required to start complying with Section
404(a) at the end of 2007—after the reforms.

Yet, a number of non-accelerated filers responding to the survey reported
bearing Section 404 compliance costs prior to the reform.

These respondents were contacted after the survey was closed to inquire
about the nature of the information provided.

_________________________________________________

P a g e | 49

These respondents indicated that their company began complying with
Section 404 requirements prior to the Commission’s public
announcement that the compliance deadline had been extended and,
thus, they viewed the resulting pre-reform costs reported in the survey as
appropriately ascribed to Section 404(a) compliance.

The analysis of non-accelerated filers’ experience prior to the reforms
should be interpreted with the caveat in mind that it may not be
representative of what the typical non-accelerated filer would have
experienced.

3. The characteristics of the internal governance structure and financial
reporting process are likely to be important determinants of the
companies’ compliance experiences, including costs and benefits and
the nature of the audit services they obtain under Section 404(b).

To the extent that accelerated and non-accelerated filers display
significant differences in these dimensions, it may not be appropriate to
extrapolate the analysis of accelerated filers to non-accelerated filers.

4. All the cost figures presented in this analysis are based on survey
respondents’ characterization of the resources devoted to Section 404
compliance.

As such, the general caveats above apply. Moreover, there are some
aspects specific to our analysis:

a. All estimates presented in this report are based on non-audited
numbers based on the respondents’ perception provided in the survey.

Moreover, the nature of the estimates is limited by the scope of the
survey.

b. There are reasons to question the ability of respondents to provide an
accurate breakdown of audit fees into Section 404(b) fees versus financial
statement audit fees.

_________________________________________________

P a g e | 50

Auditors interviewed by the SEC’s OCA staff highlight this difficulty on
the basis that, for Section 404(b) companies, the two audits are
integrated and audit firms do not typically provide a breakdown of the
fees.

Based on conversations with issuers, however, it seems routine for them
to request and obtain audit fee quotes that account for the incremental
auditor’s work under Section 404(b) requirements before the company
begins complying with this section of the Act.

Thus, it is possible that respondents’ attribution of audit fees to Section
404(b) may be inaccurate, to the extent that they are based on quotes
provided by auditors upon first-time compliance with this section and
that such a breakdown does not apply in subsequent years of compliance

c. It is important to note that the estimates of internal labor costs
presented in this report are based on an assumption about a reasonable
hourly rate.

The rate adopted for internal labor is $121 per hour, consistent with the
rate quoted as of September, 2008 for a junior accountant cited in a
report on salaries prepared by the Securities Industry and Financial
Markets Association (SIFMA), to which the Commission frequently
refers in its rulemakings.

This is at the low end of cost estimates that are provided in the SIFMA
report for accounting and related services, and above the rate of
$50/hour (or $100,000 for 2000 hours) that is assumed in a series of
Financial Executives International (“FEI”) reports of survey findings
relating to the costs of compliance with Section 404 that date back to
2005.

Although our assumed rate is within the range of reasonable estimates
for evaluating the overall costs of compliance, it is not intended for use
in estimating the cost to an individual company.

_________________________________________________

P a g e | 51

We have provided information sufficient for determining how the
internal labor costs are affected by changes in the hourly rate—e.g.,
doubling (halving) the rate to $242 ($60.5) per hour doubles (halves) the
associated labor costs— and by changes in internal labor hours, each of
which may vary across companies.

d. Coates (2007), among others, highlights that implementation of the
Sarbanes-Oxley Act “created new incentives for firms to spend money on
internal controls” even where companies were required to invest such
resources under the previous regulatory regime.

This observation is particularly relevant in the context of Section 404
implementation.

In particular, Section 13(b)(2) of the Exchange Act requires companies
to maintain effective ICFR, while Section 404 requires management to
report on the effectiveness of ICFR.

By this reasoning, it is conceivable that Section 404 may have given
issuers incentives to spend more resources to meet the requirements of
the Exchange Act, causing companies to bear “deferred maintenance”
expenses to bring ICFR into compliance with those requirements.

It is possible that survey participants include these costs in their
assessment of the incremental costs due to Section 404 compliance.

Whether this is the correct measure of the incremental costs of Section
404 compliance depends on the objective of the analysis.

For example, issuers were required to be in compliance with Section
13(b)(2) of the Exchange Act prior to SOX, so the ICFR maintenance
costs might not seem pertinent.

From this perspective, Section 404 cost estimates that include the ICFR
maintenance expenses overestimate the cost of compliance with Section
404—by including more than just the cost of reviewing ICFR and
preparing the mandated disclosures.

_________________________________________________

P a g e | 52

Alternatively, if the argument above is correct, in the sense that
companies systematically shirk in complying with the Exchange Act
requirements absent SOX, then the incremental economic cost of
Section 404 compliance should include the aforementioned maintenance
expenses that would not be borne absent Section 404.

Similarly, it is worth noting that a parallel logic applies to the benefits of

That is, from an economic perspective, the incremental benefits of
Section 404 include the improvements in ICFR resulting from the
deferred maintenance that would not have occurred absent the new
disclosure requirements of Section 404.

5. Participants in the survey provided their perceptions of the effects of
Section 404 compliance, both on the financial reporting process and their
company’s interaction with capital market participants.

The following caveats should be kept in mind for this part of the
analysis:

a. The assessment of the benefits is qualitative in nature, given the
intrinsic difficulty of quantifying the benefits of Section 404 compliance
in monetary terms, and not directly comparable to the cost estimates
provided by the same respondents.

b. In addition to lack of comparability with cost estimates, the analysis
of the survey responses about the benefits of compliance may be subject
to response bias.

In particular, the response bias would seem to be especially relevant
when participants provide their assessment of how Section 404
compliance affects subjects outside the corporation (e.g., investors’
confidence in the company’s reports).

The resulting analysis may be biased if the respondents’ perception or
their representation of those perceptions is biased.

_________________________________________________

P a g e | 53

With this caveat in mind, the staff of the SEC’s Office of the Chief
Accountant (OCA) conducted in-depth interviews with individuals
representing a variety of external users of financial statements to gather
their views on the effects of Section 404.

This effort complements the analysis of the views expressed by the
companies participating in the survey, in combination providing a
broader and more complete assessment of the effects of Section 404 on
capital market participants.

6. In various parts of the survey, the participants provided information
about their experience with Section 404 compliance over several years:
the most recently completed fiscal year; the fiscal year prior to that, and
the fiscal year in progress at the time of the survey.

While responses referring to the participants’ past experience reflect
events that are certain, responses for the fiscal year in progress at the
time of the survey result in estimates and perceptions that are
intrinsically less precise, due to the inherent uncertainty about future
events.

To study all 139 pages of the report:
www.sec.gov/news/studies/2009/sox-404_study.pdf

_________________________________________________

P a g e | 54

A very interesting letter

Dear Chairman Dodd and Ranking Member Shelby:

We are writing to urge you in the course of your efforts to reform the
financial sector to resist efforts to weaken protections for investors in the
Sarbanes-Oxley Act of 2002 (SOX).

Specifically, we oppose exempting smaller public companies from
compliance with Section 404(b) of the Act.

Further, we are troubled by evidence of a proposal to roll back to an
arbitrary market capitalization point strengthened internal controls
requirements for larger companies that are already in compliance with
the provision.

As you know, Section 404(b) requires an independent audit of a public
company’s assessment of its internal controls.

If Congress agrees to a permanent 404(b) waiver for smaller companies,
there may be little independent scrutiny of financial reporting safeguards
at half of all listed companies nationwide.

Compliance Week has reported that, “as much as non-accelerated filers
denounce the burden of Section 404(b) compliance, they’re still
confronted with one stubborn counter-argument: fraud happens.”

The publication went on to note that numerous studies indicate that
small companies are particularly vulnerable to fraud.

A congressionally-mandated study by the Securities and Exchange
Commission (SEC) has found that Section 404 provides benefits that are
valuable regardless of a public company’s size.

Reporting requirement reforms, including the Public Company
Accounting Oversight Board’s adoption of Audit Standard No. 5 and the

_________________________________________________

P a g e | 55

SEC’s management guidance, are reflective of the real-world lessons
learned since the law’s enactment.

The result has been a decline in compliance costs of approximately 30
percent.

Reporting under Section 404 provides investors with meaningful
information regarding a public company’s internal control over financial
reporting (ICFR).

In addition, we believe that the required independent audit of
management’s assessment of the effectiveness of ICFR, as required by
SOX Section 404(b), has been integral to the achievement of the
intended objectives of ICFR reporting under SOX Section 404.

As important, the SEC’s study determined that investors and other
financial statement users “regard ICFR disclosures to be beneficial and
indicated that Section 404(a) and Section 404(b) compliance has had a
positive impact on their confidence in the companies’ financial reports.

The users generally indicate that Section 404 compliance leads
management to better understand financial reporting risks, put in place
appropriate controls to address financial reporting risks, and address
internal control deficiencies in a more timely fashion than in the absence
of the disclosure requirement.”

Investor confidence in public companies’ financial reports is imperative
to the successful operation of our capital markets.

As such, it only makes sense to apply the benefits of Section 404(b) to
investors to public companies of all sizes, even those that have not yet
had to comply.

This is especially meaningful in view of the fact small companies are
more likely to issue earnings restatements. In fact, a November 2009
study by Audit Analytics suggests that companies that have not yet had
auditors review their internal control reports have a restatement rate that

_________________________________________________

P a g e | 56

is 46 percent higher than larger public companies, despite claiming they
have effective controls.

Moreover, a 2009 analysis of restatements of small companies by Glass
Lewis for the Ohio Public Employees Retirement System found a
correlation between internal control problems and poor stock
performance.

The analysis revealed the large costs incurred by investors in the form of
continued stock underperformance of small companies with deficient
internal controls.

There is no compelling or credible reason to create a dual class system of
investor protection in the United States. By waiving Section 404(b)
compliance for all but the largest public companies, however, Congress
sets us on a path to do just that.

We urge you maintain the benefits of Section 404 to investors in all
public companies.

_________________________________________________

P a g e | 57

Auditing Standards Related to the Auditor's Assessment of, and
Response to, Risk (AS No. 8 through 15)

Auditing Standard 8 (AS No. 8) - Audit Risk.

This standard discusses the auditor's consideration of audit risk in an
audit of financial statements as part of an integrated audit or an audit of
financial statements only.

It describes the components of audit risk and the auditor's
responsibilities for reducing audit risk to an appropriately low level in
order to obtain reasonable assurance that the financial statements are
free of material misstatement.

Auditing Standard 9 (AS No. 9) - Audit Planning.

This standard establishes requirements regarding planning an audit,
including assessing matters that are important to the audit, and
establishing an appropriate audit strategy and audit plan.

Auditing Standard 10 (AS No. 10) - Supervision of the Audit
Engagement.

This standard sets forth requirements for supervision of the audit
engagement, including, in particular, supervising the work of
engagement team members.

It applies to the engagement partner and to other engagement team
members who assist the engagement partner with supervision.

Auditing Standard 11 (AS No. 11) - Consideration of Materiality
in Planning and Performing an Audit.
This standard describes the auditor's responsibilities for consideration of
materiality in planning and performing an audit.

_________________________________________________

P a g e | 58

Auditing Standard 12 (AS No. 12) - Identifying and Assessing
Risks of Material Misstatement.

This standard establishes requirements regarding the process of
identifying and assessing risks of material misstatement of the financial
statements.

The risk assessment process discussed in the standard includes
information-gathering procedures to identify risks and an analysis of the
identified risks.

Auditing Standard 13 (AS No. 13) - The Auditor's Responses to
the Risks of Material Misstatement.

This standard establishes requirements for responding to the risks of
material misstatement in financial statements through the general
conduct of the audit and performing audit procedures regarding
significant accounts and disclosures.

Auditing Standard 14 (AS No. 14) - Evaluating Audit Results.

This standard establishes requirements regarding the auditor's
evaluation of audit results and determination of whether the auditor has
obtained sufficient appropriate audit evidence.

The evaluation process set forth in this standard includes, among other
things, evaluation of misstatements identified during the audit; the
overall presentation of the financial statements, including disclosures;
and the potential for management bias in the financial statements.

Auditing Standard 15 (AS No. 15) - Audit Evidence.

This standard explains what constitutes audit evidence and establishes
requirements for designing and performing audit procedures to obtain
sufficient appropriate audit evidence to support the opinion expressed in
the auditor's report.

_________________________________________________

Sarbanes Oxley Ebook

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Andere mochten auch

Andere mochten auch (6)

Ähnlich wie Sarbanes Oxley Ebook

Ähnlich wie Sarbanes Oxley Ebook (20)

Mehr von Compliance LLC

Mehr von Compliance LLC (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Sarbanes Oxley Ebook