In 2019, 6.3% of SOX 404 auditor attestations disclosed ineffective internal controls over financial reporting (ICFR) – significantly less than the 38.8% of management assessments that disclosed ineffective ICFR. The consistent level – around 39% – since 2013 indicates that small companies face difficulties in their efforts to install adequate financial reporting systems and processes. Additionally, our latest analysis shows companies that leave this population and grow into accelerated filers tend to be better prepared than the non-accelerated filers as a whole.
Audit Analytics’ most recent report takes a closer look at trends in SOX 404 disclosures from 2004 to 2019. SOX 404 Disclosures: A Sixteen Year Review considers both auditor attestations and management-only assessments.
The Sarbanes-Oxley Act of 2002 was passed by Congress to better protect investors. Section 404 of this act (SOX 404) requires companies to review their internal controls over financial reporting and declare whether they are “effective” or “ineffective”. In other words, they must determine if their ICFR are adequate enough to produce financial statements that are accurate and complete. Smaller companies, or non-accelerated filers, are not required to file an auditor attestation; they are only required to file management’s assessment of the company’s ICFR.
Key highlights of this report include:
- History of Section 404 of Sarbanes-Oxley Act of 2002;
- Adverse auditor attestations regarding ICFR;
- Negative disclosures reported in first-time auditor attestations;
- Adverse management-only assessments regarding ICFR;
- Internal control issues undermining effectiveness of ICFR; and
- Accounting issues undermining effectiveness of ICFR.
For more information about Audit Analytics or this analysis, please contact us.
Interested in our content? Be sure to subscribe to receive our email notifications.