Hundreds of companies have missed the deadline for complying with the most contentious provision of the Sarbanes-Oxley Act - section 404's auditing rules. Hundreds more, including dozens of small banking companies, have delisted their stocks or sold themselves to avoid complying.
Recognizing a problem, the Securities and Exchange Commission will host a roundtable Wednesday to give executives a chance to sound off. Among the speakers will be community bankers who plan to offer the SEC some ideas on how to reduce the burden.
The American Bankers Association has already asked the SEC to exempt more companies from the rules. Currently, companies with 500 or more shareholders are deemed public and must comply with Sarbanes-Oxley. The ABA has proposed raising that shareholder threshold to 1,500 or even 3,000.
The Independent Community Bankers of America has suggested that the SEC exempt banks with less than $1 billion of assets from the section 404 rules.
Another possibility: scaling back the documentation that external auditors require to prove that internal controls are valid. Bankers say auditors are requiring a formal written policy or a flow chart describing internal controls on nearly every procedure that affects the bottom line. It would be less burdensome if auditors used business ratios that banks routinely report - like loan delinquency trends and chargeoff rates - that depict how well their internal controls are actually working.
"Results speak louder than documentation," said Curtis L. Hage, the chairman and chief executive of the $848 million-asset HF Financial Corp. in Sioux Falls, S.D, who will represent America's Community Bankers at next week's forum.
"You can fabricate documents, but it's pretty hard to fabricate results," he said.
The three groups are urging the SEC to let banks meet the Sarbanes-Oxley auditing requirements by complying with the internal control and attestation requirements spelled out in the Federal Deposit Insurance Corp. Improvement Act. Under that 1991 law, external auditors must attest to the adequacy of a bank management's assessment of internal controls, but the external auditors do not have to conduct a separate audit. The rules apply to banks with $500 million or more of assets.
Under section 404, external auditors must independently verify that such procedures are adequate. And bankers claim that since the SEC's Public Company Accounting Oversight Board issued its Auditing Standard No. 2 in March of last year, external auditors have essentially ignored the analyses of internal auditors.
Though the accounting standard was issued to ensure external auditors are as independent as possible, bankers contend that a virtual replication of a bank's internal audit is not only unnecessary, but overly burdensome.
"Auditing costs at most banks have doubled, because they are having to pay for this duplicative work," Dennis Hild, ACB's vice president of accounting and financial management policy, said in an interview this week. "Most of the banks going through this process don't believe they are getting a benefit commensurate with the costs."
William J. Brunner, the chief financial officer of the $1.9 billion-asset First Indiana Corp. in Indianapolis, said that after the Public Company Accounting Oversight Board issued its accounting standard last year, external auditors stopped advising bank managers about how to best analyze their internal controls.
"I feel that businesses lose when we can't work through an issue with our accountants," said Mr. Brunner, who will represent the ABA at next week's forum. "I don't think accountants cross the line and lose their independence when they work cooperatively with their clients."
