During my 23 years of accounting experience (more than half of which have been involved in working with small life sciences clients, primarily biotech firms) I have witnessed many changes in cost and manpower issues. Most recently, I have seen the increased burden of cost and manpower imposed by Section 404 of Sarbanes-Oxley on these small companies.
Many small biotech companies which are not accelerated filers have deferred doing any testing to meet the requirements of Sarbanes-Oxley under the assumption there would be some deferral of the implementation date, as well as the hope that many smaller companies would be exempt entirely from its requirements. There was also the prospect that there would be more literature giving additional guidance on which companies could base their audit and attestation of their internal financial controls. Keep in mind that for most biotech companies monitoring their cash burn is the most critical factor.
In a recent New York Times article (February 11, 2007), a statement from Ernst & Young is included to the effect that: "Only 54 of 342 publicly traded American biotech companies were profitable in 2006." The article goes on to say, "biotech companies often aim at harder-to-conquer diseases and use more experimental technologies, further complicating their quests."
Therefore, careful monitoring and analysis of where cash is spent is something these companies focus on daily, which they discuss with senior management and get Board approval. That in itself provides them with a strong control system over cash expenditures without unnecessary formal documentation of internal controls in place. The point is that a company that may not be adhering strictly to the demands of Accounting Standards 2 (AS2) or the COSO requirements may at the same time have sufficient control within its own cash management system since every dime is being watched. So how do we convert this practice into acceptable procedures and policies?
What Relief Has Thus Far Been Granted?
The SEC has granted some relief in terms of the times when smaller public companies will have to comply with the requirements of Section 404. In August 2006, the SEC issued a release in response to an earlier recommendation from the SEC Advisory Committee on Smaller Companies affecting smaller companies, newly listed public companies and foreign public issuers extending compliance dates for small (non-accelerated), newly listed public companies and foreign companies. Originally, companies were supposed to have been complying with Section 404 (as implemented by Accounting Standard 2) for the past two or three years (however only smaller companies with a market capitalization under $75 million have been exempt to date.)
Non-accelerated smaller companies may now extend the date for filing a report by management assessing the effect of the company's internal financial controls to fiscal years ending after December 15, 2007. The release also extends the date by which non-accelerated small company filers must begin to comply with the Section 404 (b) requirement to provide an auditor's attestation report on internal controls over financial reporting in a company's annual report. This deadline will be moved to the first annual report for a fiscal year ending on or after December 15, 2008. In other words, the release for extensions would result in all non-accelerated filers being required to file management's assessment in their first year of compliance, while the requirement that the company's auditors would not be required to report on the effectiveness of internal controls over financial reporting until one year after management completes its initial assessment.
The industry, the PCAOB and the SEC have been undertaking a process by which they are looking at the effort and cost as well as the desired outcome of Section 404 reporting and other Sarbanes requirements over internal controls. They are making a genuine effort to facilitate reporting requirements for smaller companies. They are examining Accounting Standard 2 adopted early in the SOX's history as guidance for implementing Section 404, questioning its applicability to auditing smaller companies. The groups are looking at Auditing Standard No 5 ("AS 5") as a more appropriate standard for auditing smaller companies.
They are also looking at the effect COSO (Committee of Sponsoring Organizations of the Treadway Commission) is having as a benchmarking tool for corporate governance. For over 20 some years this rule of governance has been the hallmark of good governance for large corporations. It defines internal controls as "a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: (1) effectiveness and efficiency of operations; (2) reliability of financial reporting; and (3) compliance with applicable laws and regulations."
While the above standards should apply to both large and small companies, it is recognized that small companies may implement them differently, having less formal and structured controls while at the same time recognizing these controls can be just as effective in small companies. The new proposed changes to the measure of controls to be applied to small companies are dubbed "COSO lite."
Why COSO Played A Role In Implementing SOX
At the time Sarbanes-Oxley was enacted there was a relatively small passage in the Act that stated that management and their auditors had to test and render an opinion on the internal control of financial reporting for all companies. One of the difficulties with this small passage was that there was really no framework for providing such a report. Consequently, auditors had to look to any standard at hand for basing their opinions. They looked to COSO, which was only an advisory mechanism, which outlined suggested best practices for setting up internal controls for Fortune 500-type companies.
Auditors, who had never had formal standards for opining on internal controls, created an extensive audit documentation methodology, which required many hours to implement. This hesitancy of auditors to provide advice to clients without having an arsenal of discreet information about their processes, excessive testing and documentation has immeasurably increased their clients' cost. The measure is now afoot to find a less costly and effective way to measure existing internal controls.
How New SOX Guidelines Are Expected To Aid Small Companies
The prevailing thinking is that the SEC and PCAOB will take a top-down approach in order to put into context the major financial statement risks a company faces. What controls should they have in place versus what had been the norm under AS2? AS2 was more of a bottom-up approach, which included starting off with appropriate sign-offs on various time sheets and receiving reports and then building all the way to the top of the internal control spectrum - the financial statements. In contrast with AS2, AS5 is thought to be the better way - start with the financial statements at the top and work the processes down to necessary controls. This process combined with COSO Lite, which is designed to build suggested controls for smaller organizations, gives auditors and companies a standard by which to benchmark their internal financial controls.
At the end of 2006 the SEC and the PCAOB released proposed new guidance and standards to assist small public companies in complying with Section 404. These standards are designed primarily to: 1) focus the audit on matters most important to internal control of financial matters and eliminate unnecessary procedures; (2) modify the audit requirement for smaller companies so that only the necessary detailed information is produced by relying more on the work of the company's advisors and focusing on the top-down approach. The PCAOB still holds to the proposition that the auditor should still test the effectiveness of controls in order to attest to and report on management's assessment.
How Can Small Companies Build A Structure Of Controls That Best Reflects Their Risks?
One of the areas we at Amper have been featuring is to help our small biotech firms use their existing cash control models which are so effective, then constructing a superstructure upon the existing cash controls to monitor other risks to satisfy the internal control requirement. This structure does not encompass all of the COSO guidelines but it does afford companies with sufficient controls and accompanying documentation to give them a passing grade with regard to the internal control benchmark. We have found that we are able to use the one major control, i.e., cash management tool documentation, as the guiding control for companies with as few as two people in a finance department. This one measure often alleviates some of the inherent weaknesses in the reporting system.
Why Are Small Biotech Companies Greatly In Need Of Relief?
As noted in a previous paragraph, many publicly held biotech companies are marginally profitable or unprofitable. Unlike other small companies, they are subject to litigation over patent infringement, licensing disputes, patent trolls, etc. They must assert in their filings their awareness of any material contingencies or material impairments of their patent portfolios. As auditors, we ask to speak to in-house counsel, external counsel and patent counsel as to whether they are aware of any potential contingencies or potential claims against the company's intellectual property. If such is the case, there has to be disclosure in their public filings, even if the company is aware of a risk. This is also true in the case of a license impairment, which would have a material effect upon the company's business.
While it is my opinion that the stock markets have not reacted punitively when a small tech company has a material weakness statement regarding its internal controls, such is not the case where it is accused of patent infringement or loss of a valuable license. The investment community realizes that when companies are starved for cash, they may have to choose between advancing a new product through the development cycle rather than spending funds on the infrastructure of the business. For most biotech or other technology companies, their valuations are not based on their financial condition but on the strength of their intellectual property and portfolio position. A company will be punished from a market evaluation standpoint if there is uncertainly about its intellectual property position, if its clinical trials or safety record are not going well or its development progress is not developing its product into one that can be commercialized. Questions about patent infringement disputes are critical elements to a potential investor before he makes a significant investment.
How Can Accountants Help A Young Company Realize Its Potential?
It is vital that accountants see where the young company is in its life cycle and the critical factors to its success. By helping a company with introductions to the right financing sources and potential partnering arrangements, we can add value. As these transitions come to fruition, we look at the proposed transaction with the company and help them to understand the accounting, the tax, the dilution to the owners and the economics of the transaction. By providing accounting and tax support, by providing quality financial statements and tax returns, we assist the company in reaching a stage where it is ready for a sale, a licensing transaction or an IPO, and it is in the best possible condition for that due diligence that is a necessary concomitant.
John Pennett is an Audit Officer in Amper's Edison, New Jersey office, where he serves as the Director of the Life Sciences Practice. He has spent 23 years serving public and private life science, technology, manufacturing/distribution and professional service providers. He is a member of the Biotechnology Council of New Jersey, the New Jersey Technology Council and the Accounting Advisory Board of the Rutgers University School of Business.