Yesterday, the SEC announced enforcement proceedings against four companies that were unable to get their acts together when it came to internal control over financial reporting. Lots of companies encounter ICFR issues & disclose material weaknesses every year, so should they all be worried about the Division of Enforcement knocking at their door?
My guess is probably not – because the targets of these proceedings were a pretty unique group. As this excerpt from the SEC’s press release explains, to say that they all had longstanding ICFR issues is a huge understatement:
The Securities and Exchange Commission today announced settled charges against four public companies for failing to maintain internal control over financial reporting (ICFR) for seven to 10 consecutive annual reporting periods. Two of the charged companies also failed to complete the required evaluation of the effectiveness of ICFR for two consecutive annual reporting periods.
According to the SEC’s orders, year after year, the four companies disclosed material weaknesses in ICFR involving certain high-risk areas of their financial statement presentation. As discussed in the SEC orders, each of the four companies took months, or years, to remediate their material weaknesses after being contacted by the SEC staff. One of the companies is still in the process of remediating its material weaknesses.
One of the big lessons here is that it’s not enough to disclose your internal controls problems – you’ve got to fix them. The press release quotes Associate Director of Enforcement Melissa Hodgman as saying that companies “cannot hide behind disclosures as a way to meet their ICFR obligations. Disclosure of material weaknesses is not enough without meaningful remediation.”
Each of the four companies agreed to a cease and desist order & the payment of civil penalties. In addition, the group’s medalist – which disclosed a material weakness in ICFR each year for an entire decade(!) – was required to retain an independent consultant to ensure remediation of material weaknesses, including those involving related party transactions.
SOX 404: Maybe You Hate It, But Investors Don’t
Okay, the example of the “Gang of 4” in today’s lead blog notwithstanding, I confess that I’m still not a big fan of Sarbanes-Oxley’s Section 404. I guess I’m one of those people who think that it’s led to a lot of unproductive corporate navel gazing, and that this outweighs its merits.
Based on my experience, there seem to be a lot of other “404 haters” out there among my fellow lawyers. But I’m afraid a constituency a lot more important than us may have a different opinion about Section 404’s internal controls reporting mandate. According to this CFO.com article, a new study claims that investors like internal controls reporting quite a bit. The study cites investor reaction to decisions to opt-out of internal control audits for newly-acquired companies in support of its claim:
Looking at the impact of a rule that enables companies for one year to opt out of IC audits for newly acquired firms, the paper reveals a significant drop in the acquirer’s stock on the day the opt-out becomes public with the issuance of the acquiring company’s annual report.
Depending on how this decline is calculated, one-day abnormal stock returns compared with opt-in companies can be as much as 44 basis points, according to the study authors, Robert Carnes of the University of Florida, Dane Christensen of the University of Oregon, and Phillip Lamoreaux of Arizona State University.
…[T]hey found the stock-price dip occasioned by opting out of internal controls audits becomes more pronounced the greater the size of the acquired entity relative to the size of the acquirer, as would be expected if investors value an auditor’s internal control assurance. The professors also found a more negative effect for acquisitions in the first half of a buyer’s fiscal year, suggesting that opting out becomes more suspect to investors the more time acquirers have to integrate the two companies’ finances.
A big reason for investors’ negative reaction to an opt-out decision is that – as I’ve previously blogged – it frequently proves to be a red flag portending future restatements.
Transcript: “The Latest – Your Upcoming Proxy Disclosures”
We’ve posted the transcript for our recent CompensationStandards.com webcast: “The Latest – Your Upcoming Proxy Disclosures.”
– John Jenkins