Last night William Donaldson, chairman of the Securities and Exchange
Commission, said that he would work to reduce the cost of Sarbanes-Oxley
compliance.  His remarks are reported in today’s Financial Times.

Not surprisingly, the focus of the cost-saving effort will be on Section 404,
which requires testing and reporting on internal controls.  It is where
most companies have run into the most difficulty. The FT quotes Donaldson
as saying that he wants to make these rules more cost-effective.  He also
said that his commitment to the principles of Sarbanes-Oxley remains unchanged.

So … it seems possible that we will see some modification to the rules
implementing Section 404. 

Is this a problem?

I have already used these blog entries to argue that "compliance," per
se, should not be the central focus of a company’s Sarbanes-Oxley
effort.  The real focus should be on establishing internal controls that
will provide strong assurance that financial information is accurate, that
encourage efficient, effective use of resources, and that safeguard assets and
records. "Compliance" emerges as a result of putting such controls in
place.  Clearly, if a company is driven by these kinds of internal goals,
changes in SOX rules will not be a primary concern.

But, realistically, it is also clear that many companies are in the position
of just trying to comply with the rules.  Business doesn’t like
uncertainty, and potential rule changes introduce uncertainty.  Will this
uncertainty have an impact on your company’s compliance work?  Will it
affect your plans to create the kind of sustainable internal control framework
that I have been talking and asking about over the past few days?  Send
me an email or post some comments …