馃攳
Toppan Merrill - SOX Spotlight: Pre IPO SOX Compliance Readiness - YouTube
Channel: unknown
[0]
- So what seems to trip
up most companies is
[3]
they're caught flat-footed
when it comes to SOX.
[8]
(upbeat music)
[12]
- Hello, and welcome to
another Toppan Merrill
[15]
Dimensions Spotlight video conversation.
[17]
My name is Scott Snyder.
[19]
Today, we're gonna talk
[20]
about the SOX compliance requirements,
[22]
the complex SOX requirements,
[23]
and the intersection of those requirements
[26]
with the SEC overall financial
reporting requirements
[29]
for companies seeking to
access the capital markets
[32]
through an initial public offering.
[34]
I'm really pleased to be joined today
[35]
by Elizabeth Epler Jones,
partner with AXIA Partners
[39]
out of Houston, Texas.
[40]
Elizabeth, thanks so much for joining us.
[43]
- Aw, thanks so much Scott.
[44]
It's great to be here.
[45]
- Elizabeth, there's
been a lot of activity
[47]
in the capital markets in
the last 12 to 24 months,
[50]
specifically around
initial public offerings.
[52]
And as the slide on the
screen demonstrates,
[55]
that growth has really
exploded from 2019 into 2020,
[59]
with more than double the
number of filings with the SEC.
[63]
One of the most interesting
results of this growth
[66]
is the emergence of the SPAC IPO option.
[70]
And as the slide also demonstrates,
[72]
the number of SPACs,
[72]
or the percentage of SPACs
filed in 2019 sat at just 28%.
[77]
In 2020, that number rose to 62%,
[81]
which is just an
incredible rate of growth.
[85]
I know our reporting right
now as of just last week
[88]
is showing nearly 225 SPAC
filings already in 2021.
[94]
So there doesn't seem to be any slowdown
[96]
in that momentum as well.
[97]
But no matter if a company decides
[100]
to go the traditional
route to reach the IPO
[103]
or a SPAC route or even a direct listing,
[105]
it's the intersection of those
SEC reporting requirements
[109]
with the SOX compliance requirements
[111]
that really seems to be tripping folks up.
[114]
You and I have talked
[115]
about how we really encourage companies
[117]
to begin acting like a public company
[119]
long before they actually
become a public company.
[122]
But SOX and the readiness that
companies need to go through
[126]
to be prepared for SOX
really is more complex
[129]
than most people think.
[130]
- Yeah, as you mentioned,
[132]
this robust IPO market we're seeing
[134]
in front of us here has generated
tons of questions, right,
[137]
phone conversations, Zoom meetings,
[139]
with leadership at these
different companies.
[142]
We find most often they generally
have a broad understanding
[144]
of SOX but kind of struggle to
answer these three questions.
[148]
Number one, what will it take
[150]
for our company to be SOX-compliant?
[152]
Number two, when do we
need to comply with SOX?
[156]
Number three, who in my
organization needs to be involved?
[161]
So first, let me take just a quick moment
[163]
and go over the rules themselves.
[165]
At its highest level, SOX compliance
[167]
for newly public companies
revolves around compliance
[170]
with the 11 sections of the
Sarbanes-Oxley Act of 2002,
[174]
so basically, SOX.
[176]
For today's discussion,
though, I wanna focus
[177]
on three sections 302,
906, and 404 A and B.
[184]
The key to section 302 are
the personal statements
[187]
that we show here from
the CEO and the CFO.
[190]
Here they have to actually sign off
[192]
and say financial statements
have been reviewed
[195]
and are materially correct.
[196]
They are accepting personal
responsibility for establishing
[200]
and maintaining disclosure controls and,
[203]
and internal controls
over financial reporting.
[205]
All significant deficiencies
[207]
and material weaknesses have
been properly disclosed,
[209]
and they are not aware of
any instances of fraud.
[212]
With 906, the CEO and the CFO,
[216]
while they do have to sign off
[218]
that the financial report
is materially correct,
[220]
the real crux of 906 is
around this application
[223]
of criminal penalties.
[224]
This is the first time
that they can get penalized
[228]
for certifying a misleading
or fraudulent report.
[232]
It can be up to $5 million
or 20 years in prison,
[235]
but a pretty big deal.
[236]
Finally, under section 404A,
[240]
management must make an assertion
[243]
around their internal controls
over financial reporting.
[245]
Are they designed and
operating effectively?
[247]
Under 404B, that's where
the external auditors come
[250]
into play, and they must attest
[252]
or give an opinion on the
company's internal controls
[255]
over financial reporting.
[257]
- So Elizabeth, that framework
around those basic tenets
[260]
of SOX is really helpful.
[261]
Thanks for sharing that.
[263]
But what about that question
that we get so often
[266]
from new prospective IPO
candidates, which is the,
[270]
when do I actually need
to be in compliance?
[273]
When does SOX intersect
[274]
with these SEC reporting requirements?
[278]
- Absolutely, so what seems
to trip up most companies
[281]
is they're caught flat-footed
when it comes to SOX.
[284]
So let me show you why.
[286]
Let's start by saying, first of all,
[288]
we recognize obviously that
it takes an incredible amount
[291]
of work for a company to go public
[293]
no matter which vehicle you choose to use.
[295]
I want you to understand
the SOX requirements
[298]
and then be able to work backwards
[300]
to give your company
the most runway possible
[303]
to get done what you need to get done.
[306]
This slide is set up to
illustrate the filing requirements
[309]
along with the timing
[310]
and the work needed to
support those requirements
[312]
under a traditional Jobs Act IPO,
[315]
which means you coming through
[317]
as an emerging growth company.
[321]
So the first milestone
that you're gonna see here
[322]
is the S-1 filing itself.
[324]
The requirements for
this filing is disclosure
[326]
of any known material weaknesses
[328]
in the risks section of your document.
[331]
So I'm sure you're asking yourself,
[332]
Elizabeth, how do I get there?
[333]
Ideally, you would start working
through the documentation
[337]
of your risk and controls
about 12 to 18 months,
[340]
or ideally, at least 12 to 18 months
[342]
in advance of your S-1 filing.
[345]
You wanna perform a
round of walk-throughs.
[347]
You'd want to be able to catalog
[349]
and manage your findings and make sure
[351]
that everything has been
appropriately communicated
[353]
to the audit committee
[354]
and ultimately in the S-1 document itself.
[357]
As you can see over here, we've assumed
[360]
that you've gone effective right
around the end of the year,
[364]
in which case, now the clock
has started on your first 10-K.
[369]
You're still required
[370]
to disclose any known
material weaknesses here,
[373]
but what we've added is a new layer
[375]
of complexity around the management 302
[377]
and 906 certifications.
[378]
We talked about that
on the previous slide.
[381]
What we're gonna do to
continue to support that
[382]
is we're gonna add a
little bit more testing
[384]
and obviously keep up
[386]
with the reporting through
the audit committee
[388]
and ultimately into the document itself.
[390]
So next up, we have our first
set of quarterly filings
[395]
and your second 10-K.
[397]
Keep in mind, as you can see,
[399]
these 302 and 906 requirements,
they don't go away.
[402]
They just kind of keep adding.
[404]
And now for the first time,
we've added over here,
[408]
management's assessment
of internal controls
[410]
over financial reporting.
[411]
So to get there,
[412]
we're gonna have to do a
little bit more testing
[414]
and a little bit more reporting.
[415]
But we're gonna get there.
[417]
It's gonna be okay.
[418]
So next step, we have our
ongoing quarterly filings.
[423]
This cycle will continue to run
[425]
until your company trips out
[427]
of emerging growth company status.
[430]
And in this scenario,
we've assumed you ship out
[433]
of the status at the end of the year.
[436]
What happens now is
your external auditors,
[439]
in addition to the 404A requirements
[442]
and management's assessment,
[443]
your external auditors
are actually now required
[445]
to issue their opinion on
your internal controls.
[449]
This brings more work.
[450]
This extra assessment does
drive quite a bit greater effort
[454]
for everybody involved.
[456]
You have to have more
precise documentation.
[458]
You have to do more testing.
[460]
And definitely, you're
gonna have more reporting
[461]
and communication all the way around.
[465]
- Elizabeth, thanks for
sharing that timeline.
[467]
Those requirements actually
feel quite daunting the way
[470]
that you've laid them out.
[472]
And, of course, ultimately you have to get
[474]
to the point where the CEO
and the CFO are comfortable
[477]
because they'll actually
need to sign those filings
[480]
before they're submitted to the SEC.
[483]
And certainly there's
complexities behind the scenes
[486]
for every organization
actually getting to that point.
[490]
With SOX, it has tentacles all
throughout an organization.
[494]
Can you share with our audience
sort of your perspective
[497]
on the depth and the breadth
of SOX inside of a company?
[502]
- Generally speaking,
[504]
when I'm talking to pre-IPO companies
[506]
about the SOX impact inside
of the company itself,
[509]
I keep coming up with
the image of a pyramid.
[512]
So I'm gonna explain this pyramid to you,
[514]
this certification pyramid,
[516]
and understand that the strength
[517]
of the building comes
from a strong foundation.
[520]
Here, we have a sample company
[522]
with a certain number of key controls.
[525]
We have a baseline of key control owners
[528]
who are scattered
throughout the organization.
[530]
You can see here, in our example,
[531]
we've got accounting
and finance, treasury,
[534]
governance, information
technology, and HR and payroll,
[537]
depending on how the company is set up.
[541]
These control owners are the folks
[543]
who own the key controls, as I stated,
[546]
and they ensure that their
controls are in place
[549]
and functioning throughout the year.
[550]
And it's working the way that
they're described, right?
[553]
Under this approach,
[555]
the control owners would then certify
[558]
on a quarterly basis the same
requirements that are required
[563]
of the CEO and the CFO,
meaning they'll go through
[565]
and they'll say, I'm doing my work.
[566]
There's no fraud.
[567]
I've disclosed anything,
any kind of problems.
[570]
From here, their department heads
[572]
now have the opportunity
[574]
to review these below certifications,
[577]
make sure that they're
no-issue resolutions.
[579]
And now they can summarize
[580]
and bubble up that
information to the next level,
[583]
to the CEO and the CFO, who
are the ones, as you remember,
[587]
the ones who are accepting
personal responsibility.
[589]
So they've got both the
access to the detail
[592]
and the summarized information,
[594]
and they have a solid basis
[595]
for making their own certifications.
[598]
At this point, you could
share this information
[600]
with the audit committee
members, who as well,
[603]
have personal obligations
around corporate governance
[606]
and stewardship.
[608]
You form a basis for your
actual certifications
[611]
that go into the document itself.
[613]
Now, here's where this
gets even more interesting,
[615]
is through the SOX automation process,
[618]
through this technology, we
can drive this entire pyramid
[622]
with workflows, issue and
management resolution,
[626]
as well as notifications
within the app itself
[628]
and through emails.
[630]
- Just really feels like the
key takeaway here is readiness,
[635]
the fact that you really need to plan.
[636]
And planning months in advance
[639]
feels like the basic
requirements here to be ready.
[644]
- Absolutely, Scott.
[645]
I would actually,
[646]
I'd take it out even
farther than just months
[648]
'cause, you know, months, you
still think single digits.
[650]
We really want you thinking about this
[652]
as you plan your process for the IPO
[656]
at the very, very beginning.
[658]
Your tone controls really should be one
[660]
of the very first things
that you take into account
[662]
because people don't consider
is that a material weakness
[667]
in your S-1 filing,
[668]
continual material weaknesses
throughout the K process
[672]
and the first couple of Ks and Qs,
[673]
it really has an impact,
not just on your company,
[676]
but how does this make
your underwriters look?
[678]
How does this make your
external auditors look?
[680]
How does this make your management team?
[682]
What will the capital markets think
[683]
about these continued errors?
[685]
So the more that you can get
buttoned up and locked down
[689]
and really comfortable
[689]
that everything is gonna
run the way that it should,
[692]
the better off you're
gonna be in the long run.
[694]
And the way you do that
is you raise your hand.
[696]
You ask for help early on, right?
[698]
You say, hey, I'm good
at all these things,
[700]
maybe something I'm not so good at.
[702]
How can this be easier?
[703]
How can this go smoother?
[706]
What information do I need to have
[707]
at the tips of my fingers in
order to make these decisions
[710]
and make sure that I stay in compliance
[712]
but also that I am helping my
entire organization be better,
[717]
quicker, faster, stronger?
[719]
- You know, Elizabeth,
[720]
it really feels like there's
a reputation component
[722]
to what you're saying.
[724]
It's the reputation of your
brand first and foremost,
[728]
but, of course, the reputation
that you give to your company
[731]
through what you report in
your financial statements.
[734]
- Makes everybody look so much better.
[736]
It's easy.
[737]
It's easy if you do it on the front end.
[739]
It's hard to play catch up.
[740]
It's so hard to play catch up.
[741]
We've seen it time and time again.
[743]
- Elizabeth, thanks so
much for joining us today.
[745]
We really appreciate bringing
your valuable insight
[747]
to the conversation.
[749]
For anybody watching the video,
[751]
if you want more information on SOX
[753]
and SOX compliance technology
solutions that we offer here
[756]
at Toppan Merrill, jump
on over to our website,
[759]
toppanmerrill.com, where there's lots
[761]
of information there on our solution
[763]
and, of course, ways to
get in touch with Elizabeth
[765]
or any one of our other
SOX compliance experts.
[768]
Thanks again for joining us today.
Most Recent Videos:
You can go back to the homepage right here: Homepage