Company Size and 404 Compliance

Company Size and 404 Compliance:

There are ''pronounced differences'' between larger and smaller companies regarding Section 404 of Sarbox, especially in defining the scope of the program and incorporating software applications, a survey finds.

Stephen Taub
CFO.com

How companies approach compliance with Section 404 of the Sarbanes-Oxley Act varies widely, depending upon the size of the company, a survey has found.

According to Parson Consulting, which surveyed 96 finance directors and financial controllers of U.S. public companies, there are 'pronounced differences' between larger and smaller companies, especially in defining the scope of the program and incorporating software applications. (Parson defines larger companies as those with a market capitalization of $1 billion or more, while smaller companies have a market cap ranging from $75 million to $1 billion.)

Take the issue of scope. Parsons found that 47.2 percent of larger companies reported taking a narrower approach to compliance — one that is focused primarily on financial reporting processes — compared with 27.3 percent of smaller companies. This is presumably due to the amount of time and resources required to address controls across the organization, according to Parsons. On the other hand, 41 percent of smaller companies are taking the broader approach of addressing operational as well as financial controls, compared with less than 28 percent of larger companies.

When asked what traditionally "nonfinancial" policies and procedures they believe will significantly impact financial reporting controls, survey respondents cited information systems (92.9 percent), risk management (73.8 percent), human resources (50 percent), supply-chain management (31 percent), and facility management (14.3 percent). "