New Hampshire Bar Association
About the Bar
For Members
For the Public
Legal Links
Online Store
Vendor Directory
NH Bar Foundation
Judicial Branch

Everything you need to purchase a court bond is just a click away.

NH Bar's Litigation Guidelines
New Hampshire Bar Association
Lawyer Referral Service Law Related Education NHBA CLE NHBA Insurance Agency
Member Login
Member Portal

Bar Journal - Spring 2008

Nonpublic Companies and the Post Sarbanes-Oxley Era



The American Competitiveness and Corporate Accountability Act of 2002, commonly known as the Sarbanes-Oxley Act ("the Act"), was signed into law on July 30, 2002. Passed in response to the corporate and accounting scandals of Enron, Arthur Anderson and others of 2001 and 2002, the law’s purpose is to rebuild public trust in America’s corporate sector. The law requires that publicly traded companies adhere to significant new governance standards that broaden board members’ roles in overseeing financial transactions and auditing procedures.

This Act created and defined the role of the Public Company Accounting Oversight Board (PCAOB). The PCAOB is a private-sector, nonprofit corporation created by the Act, to oversee the auditors of public companies in order to protect the interest of investors and further the public interest in the preparation of informative, fair and independent audit reports.

Application to Nonpublic Companies

While most provisions of Sarbanes-Oxley do not apply to private companies, as new corporate governance and accounting rules come into effect for public companies, the impact on private companies is becoming noticeable. The Act sets a higher standard that all businesses will be measured against, whether or not they are legally required to comply with such standards. Certain new and enhanced criminal penalties do apply to private businesses that have dealings with the federal government. In addition, private companies planning to go public may have to follow the Act's provisions relating to auditor independence in order to have their financial statements accepted when they file for an initial public offering.

The following are two provisions of the Act that apply to all organizations, not just publicly traded corporations.
• Whistleblower Protection Policy

Sarbanes-Oxley requires all organizations, including nonprofits, to establish a means to collect, retain, and resolve claims regarding accounting, internal accounting controls and auditing matters. The system must allow such concerns to be submitted anonymously. Sarbanes-Oxley provides significant protections to whistleblowers, and severe penalties to those who retaliate against them.

Why is this important? The 2006 Report to the Nation by the Association of Certified Fraud Examiners reported that U.S. organizations lose 5 percent of their annual revenues to fraud which would be the equivalent of $652 billion when applied to the estimated Gross Domestic Product for 2006. The report also stated that "occupational frauds are more likely to be detected by a tip than by other means such as internal audits, external audits or internal controls." The report also concludes from the cases reviewed that "organizations that had anonymous fraud hotlines suffered a median loss of $100,000, whereas organizations without hotlines had a median loss of $200,000."

• Document Retention Policy

Destruction of Documents:

In light of the shredding of documents that occurred at Enron, the purpose of this provision is to expand requirements related to destruction of documents, which have been narrowly interpreted in the past, and to close certain loopholes in the law. For example, "certain current provisions make it a crime to persuade another person to destroy documents, but not a crime to actually destroy the same documents yourself." Senate Report 107-146 for S. 2010.

Therefore, the Act contains new penalties for the alteration or destruction of documents. The provision creates new criminal penalties for a wide array of cases where a person destroys or creates evidence with the intent to obstruct an investigation or any matter that is within the jurisdiction of any federal agency or any bankruptcy court.

Retention of Audit and Review Records:

This provision results, in part, from the "apparent massive document destruction by Arthur Andersen, and the company's apparently misleading document retention policy, even in light of its prior SEC violations." Senate Report 107-146 for S. 2010. This provision, aimed directly at auditors, creates a new felony that applies to willful failure to preserve audit or review records of issuers. There are two parts to the provision; one that requires auditors to maintain workpapers for seven years from the end of the fiscal period in which the audit or review was concluded, and another that makes it a crime to willfully violate these rules.

Work product to be retained include: documents that form the basis of an audit or review, memoranda, correspondence, communications, and other documents and records (including electronic records) connected to an audit or review, which contain conclusions, opinions, analyses, or financial data relating to such an audit or review. Knowing and willful violation of these record retention rules can result in fines and/or imprisonment of up to 10 years.

Other Sarbanes-Oxley Provisions

The following information outlines some additional provisions of Sarbanes-Oxley and how they have translated into changes implemented by nonpublic companies. In these examples we look at the provision of the Act, the positive and negative impacts on nonpublic entities and their public auditors and what changes have been made to address the concerns raised in the Act.

Provision: Responsibility of Auditors

The Act requires lead and reviewing partners of the audit firm to rotate off the audit every five years and prohibits the auditing firm from providing any non-audit services to the company while providing auditing services. This provision also requires the auditing firm to report to the audit committee all critical accounting policies and practices used by the organization.
+ Positive impact on nonpublic entities and public accounting firms

• Opportunity for a fresh perspective from new audit partner

• Opportunity for public accounting firms to market value added services and quality service

• Promotes good communication between the corporation and the audit firm

• As large audit firms complied with this provision, the non-audit services were considered more profitable than audit work resulting in a "trickle-down" effect of audit work to mid-sized firms. In many cases, the corporations transitioned to mid-sized firms were given more attention and better service.

– Negative
impact on nonpublic entities and public accounting firms

• Corporations often interpret this requirement to mean that the audit firm must be changed every five years which have resulted in loss of audit clients for several public accounting firms. (Note: The U.S. Government Accountability Office conducted a study to determine the need for a mandatory rotation of public accounting firms and concluded that this was not the time to implement this requirement).

implemented as a result of the Provision

• Statement on Auditing Standards No. 114: The Auditor's Communication With Those Charged With Governance. This SAS requires the auditing firm to communicate key aspects of the audit and financial statements with the audit committee and management of an organization.

Provision: Certified Financial Statements

The chief executive and chief financial officers must certify the appropriateness of financial statements and that they fairly present the financial condition and operations of the company.
+ Positive impact on nonpublic entities and public accounting firms

• Emphasizes that the financial statements are "managements financial statements" and clarifies this responsibility

• Increases public confidence in the accuracy of financial reporting

– Negative impact on nonpublic entities and public accounting firms

• Some organizations are finding that their current governing board or chief executives lack the financial knowledge needed to fulfill this requirement

• Inability to fulfill this requirement results in new written communication which may ultimately be requested by funding sources and other regulatory agencies (required by SAS 112, see below).

Changes implemented as a result of the Provision

• Statement on Auditing Standards No. 112: Communicating Internal Control Related Matters Identified in an Audit was issued which requires written communication to the audit committee and management if accounting personnel are unable to prepare fully compliant audited financial statements under Generally Accepted Accounting Principles. This standard addresses all control deficiencies which rise to the level of a significant deficiency or material weakness.

• Recent changes to Form 990 for nonprofit entities includes a question as to whether the return was provided to the governing body for review before it was filed and will be asked to provide a description of this process.

Provision: Insider Transactions and Conflicts of Interest

This provision of the Act generally prohibits loans to any directors or executives of the company.
+ Positive impact on nonpublic entities and public accounting firms

• This provision brings additional attention to these types of transactions and provides more transparency for organizations and their investors.

– Negative impact on nonpublic entities and public accounting firms

• In order to comply with federal and state regulations, entities must maintain additional, substantive documentation to support these transactions and may be required to disclose or notify the public of the arrangement.

Changes implemented as a result of the Provision

• Recent changes to Form 990 for nonprofit entities include questions related to relationships between officers, trustees, directors and key employees; inquiry into loans to or from such members of the organization including development of Schedule L: Transactions with Interested Persons

• Note: The Charitable Trusts Unit of the New Hampshire Department of Justice already requires public notification and disclosure of certain related party transactions.

Provision: Disclosure

The Act requires a number of disclosures, including information on internal control mechanisms, corrections to past financial statements and material off balance sheet adjustments. The Act also requires companies to disclose information on material changes in the operations or financial situation of the company on a rapid and current basis.
+ Positive impact on nonpublic entities and public accounting firms

• The additional disclosures that may be required under this provision provide the readers of financial statements with important, complete information with which to make informed decisions.

• Additional disclosures, in particular off balance sheet adjustments, will provide further transparency of the company and will allow the financial statement readers to better evaluate risks associated with the company.

– Negative impact on nonpublic entities and public accounting firms

• Additional disclosure requirements result in even more knowledge that is required of the chief executive and chief financial officer (see Certified Financial Statement provision). The new statements referred to below require significant knowledge and expertise to properly implement which is an extremely high standard for many entities.

Changes implemented as a result of the Provision

• FIN46(R): Consolidation of Variable Interest Entities - This Interpretation is intended to achieve more consistent application of consolidation policies to improve comparability between enterprises engaged in similar activities. Including the assets, liabilities, and results of activities of related entities in consolidated financial statements will provide more complete information about the resources, obligations, risks, and opportunities of the consolidated enterprise.

• FIN48: Accounting for Uncertainty in Income Taxes - This Interpretation will result in increased relevance and comparability in financial reporting of income taxes because all tax positions accounted for in accordance with Statement 109 will be evaluated for recognition, de-recognition, and measurement using consistent criteria. The disclosure provisions of this Interpretation will provide more information about the uncertainty in income tax assets and liabilities.

• FAS123(R): Accounting for Share-Based Payments - This Statement requires entities to recognize the cost of employee services received in exchange for awards of equity instruments based on the grant-date fair value of those awards (with limited exceptions). Recognition of that compensation cost helps users of financial statements to better understand the economic transactions affecting an entity and to make better resource allocation decisions. Such information specifically will help users of financial statements understand the effect that share-based compensation transactions have on an entity's financial condition and results of operations. This Statement also will improve comparability by eliminating one of two different methods of accounting for share-based compensation transactions and thereby also will simplify existing U.S. GAAP. Eliminating different methods of accounting for the same transactions leads to improved comparability of financial statements because similar economic transactions will be accounted for similarly.

Provision: Management Assessment of Internal Controls

The Act requires management to evaluate and report on the effectiveness of the company's system of internal control. The SEC was directed to issue rules requiring each annual report to be accompanied by an internal control report. The report must affirm management's responsibility for establishing and maintaining an adequate system of internal control and financial reporting, and must contain an assessment of the effectiveness of that system. Registered accounting firms must attest to, and report on management's assessment of internal control as part of an audit.

+ Positive impact on nonpublic entities and public accounting firms

• Requires entities to focus on control deficiencies within their organization and identify "what can go wrong". This results in more effective controls and enhanced investor/consumer confidence.

• Requires public accounting firms to gain a better understanding of their audit clients and has resulted in more meaningful suggestions to improve internal controls along with more efficient risk-based audit work.

– Negative impact on nonpublic entities and public accounting firms

• Assessing internal control design along with implementing and monitoring control procedures in place is not a quick and easy process. This requires an ongoing commitment from all levels of an organization.

• Compliance with new auditing standards related to internal control has resulted in additional audit fees.

Changes implemented as a result of the Provision

• In March 2006, the AICPA ASB issued eight Statements on Auditing Standards 104-111 (SAS’s) that provide extensive guidance concerning the auditor's assessment of the risks of material misstatement in a financial statement audit, and the design and performance of audit procedures whose nature, timing, and extent are responsive to the assessed risks. Additionally, the SAS’s establish standards and provide guidance on planning and supervision, the nature of audit evidence, and evaluating whether the audit evidence obtained affords a reasonable basis for an opinion regarding the financial statements under audit. See additional discussion below.

New Audit Procedures Related to Internal Control

One of the most important best practices to come out of the Act is the performance of this risk assessment. The purpose of a risk assessment is to identify the major risks facing an organization and to rank those risks in terms of likelihood of occurrence and impact to the organization. With the advent of these new SAS's (commonly referred to as the "risk assessment standards," which are effective for audits of financial statements for periods beginning on or after 12/15/06), external auditors will be placing more scrutiny on this risk assessment and the resulting internal controls of all organizations, whether public, private, or nonprofit. One of the objectives under the risk assessment standards is to require external auditors to gain a better understanding of the organization and its environment, including its internal controls over financial reporting, to identify the risks of material misstatement in the financial statements and what the organization is doing to mitigate those risks.

In anticipation of these new audit standards entities should perform a risk assessment and focus on ways to improve their internal controls. Some ways management can contribute to internal control effectiveness are as follows:
• Identify and assess what can go wrong in preparing reliable financial information

• Determine how best to mitigate or control these risks, based on the magnitude or likelihood of the threat

• Monitor others in the performance of their control functions

• Set an appropriate "tone at the top" for employees to follow by displaying a proper attitude towards both financial reporting and internal controls

• Exercise proper oversight of the financial reporting process

Many companies are finding that the implementation of internal controls is a good opportunity to re-engineer their departments. The process of documenting the existing processes leads a company to see their strengths, weaknesses, and redundancies. In addition, the documentation created throughout the process serves as a good training manual for new employees, temporary help, or outside consultants. It is important to remember to consult with external auditors when preparing to document and test the control environment, as they may be able to provide additional guidance and suggestions


Kelli Boyle is a Certified Public Accountant. She is a Manager at Nathan Wechsler & Company, P.A., in Concord.

NHLAP: A confidential Independent Resource

Home | About the Bar | For Members | For the Public | Legal Links | Publications | Online Store
Lawyer Referral Service | Law-Related Education | NHBA•CLE | NHBA Insurance Agency | NHMCLE
Search | Calendar

New Hampshire Bar Association
2 Pillsbury Street, Suite 300, Concord NH 03301
phone: (603) 224-6942 fax: (603) 224-2910
© NH Bar Association Disclaimer