IT’S POSITIVE that the Securities and Exchange Commission is holding a roundtable discussion on Section 404 of the Sarbanes-Oxley Act in April. Chairman Bill Donaldson is signaling that the SEC may agree to relax or extend Section 404 compliance for smaller companies and perhaps for non-U.S. companies€¦quot;without changing the law.
We think CEOs should seize this opportunity to start pressing for a revision to Sarbox itself, primarily Section 404, which requires companies to have “appropriate controls” over virtually every internal process. That has resulted in a huge waste of time and effort, not to mention money.
Of course, in the current political climate, no one wants to be seen as trying to undermine a law that was anti-fraud and anti-crime. But there is precedent for arguing that many times when a major law is enacted in a hurry, corrective action may be appropriately taken to refine it. The Securities Act of 1933, for example, enacted to cope with the aftermath of the 1929 financial collapse, was followed by the Securities Exchange Act, which among other things established the SEC.
The key problem with 404 is that it is too vague and open-ended. There is far too much room for subjective interpretation of “appropriate controls” or “material weaknesses.” And there doesn’t seem to be a limit as to how far 404 compliance goes. Even human resource and software development functions are being sucked into the 404 auditing morass.
Clearly, the SEC is beginning to listen to CEO concerns. Now is the time to push for deeper change.