Thursday, September 29, 2005
Has the Purpose of Sarbanes Oxley Been Forgotten?
Companies need to resign themselves to the fact that Sarbanes-Oxley, as a concept, is here to stay! I believe that compliance with Sarbanes-Oxley should be done for all companies that accept invested capital, not just public companies and certainly not just large market capitalization companies. Risks are not discriminatory and can impact companies regardless of size or industry.
There has been a great deal of focus on cost, but much of the cost associated with compliance with Sarbanes-Oxley is due to companies not having an updated documented system of internal control in place, a compliance requirement that certainly preceded Sarbanes-Oxley.
In my opinion, companies became lax in keeping the documentation updated when the auditors moved to a risk-based audit approach that did not rely on controls. Now companies are scrambling to get their controls documented. Even though the risk of smaller public companies is minimal in terms of the capital markets (per the SEC), it certainly is not minimal to the individual investor who fuels the growth of these companies through invested capital. They should have the same comfort level as large company investors.
posted by Brian Moran @ 8:32 AM