As public banks and companies continue to grow, whether through mergers and acquisitions or organically, it’s not unusual for them to forget about important regulations.
In this blog, we wanted to focus on the requirements of the Securities and Exchange Commission (SEC) that require companies to provide an annual report on internal controls for their fiscal year end.[1] In particular, these internal control report requirements impact accelerated and large accelerated filers.[2]
The rules implementing Section 404 of the Sarbanes-Oxley (SOX) Act require management to produce an annual internal control report that includes:
While management is not required to produce this internal control report on a quarterly basis, they must perform a quarterly evaluation of any changes that have or are likely to materially affect the company's internal control over financial reporting. This evaluation must occur under the supervision of the company CEO and CFO. SEC reporting companies must disclose any material changes to internal control over financial reporting that have occurred during the most recent quarter covered by the report.
If your organization fits the profile of a company that must comply with these rules or is close to reaching the applicable market capitalization, it is important to know what you are required to do and provide. For example, if your company’s market cap reaches the applicable market caps for accelerated and large accelerated filers as of June 30 for a calendar year end company, then a Form 10-k for that fiscal year will be due on an accelerated basis. As an accelerated or larger accelerated filer, the registrant also is required to comply with Section 404(b) in that Form 10-K.
Example:
Bank A had a market cap of $70 million as of December 31, 2015. On June 30, 2016, their market cap increased to $76 million. They are now required to receive an audit on their internal controls over financial reporting. The registrant’s 2016 Form 10-K will be due 75 days after year end and must include its auditor’s report on the effectiveness of internal controls over financial reporting as of December 31, 2015.
As a result of the complexity and breadth of the SEC disclosure requirements and the ongoing increases in regulatory scrutiny, filers should be diligent about keeping their house in order. Penalties for missing these deadlines vary based on the nature of the missed report, and internal control gaps can occur if the deadlines are not addressed in a timely manner.
The ability to attest to the quality of internal controls over financial reporting is rooted in the strength of your internal audit process. While compliance is the objective outcome, sustaining internal control over financial reporting requires that you have the right structures in place and that management, board of directors, team members, and your independent auditor are working consistently with a shared understanding of financial reporting requirements and the tasks required for compliance.
HORNE helps companies stay aware of and manage regulatory and legal changes impacting how they do business and build strategy. We can help you transform these complexities into opportunity.
What You Need To Remember About SEC Mandates
Join the conversation and receive updates of new posts:
[1] Sarbanes-Oxley Update: SEC Mandates Management Report on Internal Controls and Modifies Officer Certification Requirements
[2] Final Rule: Management's Report on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports, Securities and Exchange Commission