While certain provisions of the Sarbanes-Oxley Act of 2002 currently apply to private companies, including increased penalties and liabilities for certain
crimes, public companies are required to be compliant with each provision of the Act. Waiting until the registration statement is being prepared and marketed to address compliance with the Act is a very daunting task. Additionally, with this type of compliance strategy, it may be difﬁcult to ﬁnd an underwriter willing to proceed with the offering. Accordingly, private companies contemplating an initial public offering should consider the following:
Internal controls – The Act requires the registrant’s management (CEO and CFO) to provide certain certiﬁcations in periodic ﬁlings with the SEC regarding the company’s internal controls. Additionally, on an annual basis, the external auditor is required to audit the company’s internal controls over ﬁnancial reporting. Accordingly, to prepare for the applicable internal controls certiﬁcations once you become a public registrant, establishing, documenting, and monitoring compliance of executing internal controls as early as possible is recommended.
Audit committee – The Act requires public companies to have independent audit committee members, including one member qualiﬁed as a ﬁnancial expert. Accordingly, companies should evaluate the composition of the audit committee and seek qualiﬁed individuals.
Board of directors – The Act requires directors to be truly independent. Further, at least one board member must have a ﬁnancial background – either be a CPA or have served as a CFO. One member of the board must chair the audit committee and outside directors must meet in executive session. Attracting and retaining board members has become more difﬁcult and more expensive due to the perceived higher level of risk and shift from equity to cash compensation.
Auditor relationship – The Act prohibits a company’s external auditor from providing certain non-audit services, including but not limited to, internal audit, legal, and valuation services. Additionally, permissible non-audit services must bepre-approved by the audit committee. Accordingly, companies should evaluate the existing relationship with their outside audit ﬁrm in order to avoid any possible improprieties.
Code of ethics – The Act requires public companies to establish a code of ethics, and if one is not established, the reason for not establishing one must be disclosed. Having a code of ethics and demonstrating diligence in compliance is likely to be a key element in any alleged corporate misconduct.
Loans to company executives – The Act prohibits public companies from extending or maintaining credit in the form of a personal loan to or for any director or executive ofﬁcer. Accordingly, appropriate actions should be taken to ensure these types of arrangements can be extinguished prior to the initial public offering.
Be sure to give yourself enough time to recruit proper outside directors. In the post-Sarbanes-Oxley environment, you should allow four to six months for this process.