Section 404 requires a company to include in its annual reports a report by management on the company's internal control over financial reporting and an accompanying auditor's report.
The Commission extended the original Section 404 compliance dates for all issuers in February. Under the latest extension, a company that is not required to file its annual and quarterly reports on an accelerated basis (non-accelerated filer) and a foreign private issuer filing its annual reports on Form 20-F or 40-F, must begin to comply with the internal control over financial reporting requirements for its first fiscal year ending on or after 15 July 2006. This is a one-year extension from the previously established compliance date for non-accelerated filers and foreign private issuers. The Commission has similarly extended the compliance date for these companies relating to requirements regarding evaluation of internal control over financial reporting and management certification requirements.
SEC chief accountant Donald Nicolaisen said, "The Section 404 requirements are among the most important parts of the Sarbanes-Oxley Act, and I encourage public companies to devote the necessary resources to make sure those requirements are implemented effectively. I don't underestimate the effort this will require for smaller companies and foreign private issuers, but this extension will provide additional time for those issuers to take a good hard look at their internal controls, as the Act contemplates."
The Commission considered the particular challenges facing foreign private issuers in deciding to grant this extension. Many foreign companies are facing regulatory and reporting challenges in addition to internal control reporting, as companies incorporated in an EU member state are required to prepare their financial statements for 2005 in accordance with new International Financial Reporting Standards.
Mike Adlem, UK managing director, Protiviti, said UK based companies will now have sufficient time to properly and thoroughly identify and document key financial processes, risks and controls. "Most importantly, this provides companies with additional remediation time. Controls that are weak, not working, or non-existent can be identified, implemented, remediated and re-tested appropriately."