SOX Center

When the U.S. Securities and Exchange Commission moved last week to relax a provision of the Sarbanes-Oxley Act, it signalled the end to what could be called the Great Audit War.

Ever since U.S. lawmakers passed the corporate reforms in 2002, legal and financial executives have been waging a behind-the-scenes war with external auditors over the staggering costs and management burden stemming from what surely has been the largest corporate list-making exercise in history.

The culprit is a four paragraph passage in the now infamous Section 404 of Sarbanes-Oxley which requires thousands of U.S. and about 200 Canadian companies listed on American stock exchanges to “review and assess” the controls they have in place to detect financial reporting errors or fraud. The kicker is a requirement that outside auditors test and deliver an annual opinion about the effectiveness of the corporate safeguards.

With no guidance from the SEC about how to arrive at the annual opinion, the accounting police went, well, berserk demanding exhaustive tests and reports so auditors wouldn’t be liable if financial shenanigans were exposed.

globeinvestor: Bid adieu to the Great Audit War

The U.S. Securities and Exchange Commission approved new guidance on Wednesday to help companies comply with what critics say is a burdensome and costly provision of the Sarbanes-Oxley corporate reform law.

The agency, by a 5-0 vote, encouraged companies to take a more risk-based approach to complying with Section 404 of the legislation.

“Congress never intended that the 404 process should become inflexible, burdensome and wasteful,” SEC Chairman Christopher Cox said at the agency’s open meeting.

Section 404 requires companies to assess their internal controls over financial reporting. It also calls for external auditors to report on management’s assessment and on the controls themselves.

Corporations and business lobbyists have complained that Section 404 was too expensive and the SEC has conceded that, in some cases, overly cautious companies caused the law’s costs to exceed its benefits.

Yahoo!Finance: SEC adopts new guidance for Sarbanes-Oxley

The Securities and Exchange Commission on Wednesday threw its weight behind finalising fresh guidelines aimed at clarifying how companies and auditors should comply with the Sarbanes-Oxley law.

The move signals that work by the US authorities to ease the burden of compliance with the 2002 law is moving into its final stage three months after proposed revisions were first floated.

At issue is how the SEC’s new guidelines for company management on implementing the law’s Section 404 internal controls provisions can be more closely aligned with separate guidance for auditors issued by the Public Company Accounting Oversight Board (PCAOB).

There is also disagreement over the extent to which external auditors should rely on a company’s own reviews of its controls.

This is testing US regulators’ willingness to adopt a more flexible, “principles-based” approach to corporate controls than those prescribed under Sarbox.

FT.com: SEC pushes clearer Sarbox guidelines

Will companies and their auditors ever agree on how to test information technology systems for Sarbanes-Oxley compliance? The Institute of Internal Auditors hopes its new guidelines on IT controls will help.

Since companies began complying with the Sarbanes-Oxley Act, one common complaint about auditor scrutiny has been loud and clear: external auditors have spent too much time on technology systems that seem unrelated to financial statements.

It’s an issue that has been confusing for both sides. The problem: Information technology has an often indirect relationship with the final results in financial statements, and there’s little standard guidance to tell companies how to determine the strength and security of IT-specific internal controls.

CFO.com: A Truce in the Sarbox Tech War?