NASDAQ Internal Audit Requirement Draws Comments
NASDAQ Stock Market LLC (NASDAQ) recently filed with the Securities and Exchange Commission (SEC) for a proposed rule change that would require all NASDAQ listed companies to establish an internal audit function. The objective of the rule is to ensure that management and the audit committee is provided with regular assessments of a company’s risk management process and internal control system. This will serve as a mechanism to regularly review and assess the internal control system, identify weaknesses and develop appropriate remedial actions. It is designed to protect investors and the public interest. If approved by the SEC, the new rule will require companies listed on NASDAQ on or before June 30, 2013 to establish an internal audit function no later than December 31, 2013. It will require companies listed after June 30, 2013 to establish an internal audit function prior to listing. Each company may establish the internal audit function within its’ corporate structure or outsource it to a third party service provider. The SEC solicited comments on the proposal through March 29, 2013. There were a limited number of comments from CPA firms and NASDAQ listed companies from around the country. The main concerns consisted of the following:
- The smaller reporting companies were surprised that the proposed rule did not include a market capitalization limit for companies similar to the SOX 404 (b) exemption.
- A number of the companies were concerned with the cost of the mandate. The expense to comply with public company rules and requirements, audit fees, legal fees, NASDAQ fees and SEC reporting and filing fees is already significant.
- Some companies were concerned with the relatively short time-frame that they would have to comply with the requirement. The deadline to comply should be extended to allow the companies to setup the internal audit function properly.
- If Congress and the SEC believed that such a mandate was necessary it would have been established within the Sarbanes-Oxley Act of 2002 or the Dodd Frank Wall Street Reform and Consumer Protection Act of 2010.
- The implementation of the proposed rule would be inconsistent with the approach taken by Congress in passing the JOBS Act, which provides a holiday from the auditor attestation requirements. Although the JOBS Act requires newly public issuers to attest to their management’s assessment of internal control over financial reporting, it recognized the expense of making those assessments, as well as the burden imposed on internal personnel.
Hopefully, the SEC will give the comments some serious consideration and fine-tune the proposed rule to meet the objective of protecting the investors and the public interest while satisfying the concerns of the public companies affected by this change. Paul S. Adams, CPA, CFE, CFF Senior Manager EFPR Group padams@efprgroup.com 585-295-0511 Firm Website: www.efprgroup.com EFPR Group Internal Audit Division: www.stonebridgebp.com