Dykema
  October 18, 2005 - Michigan

Sarbanes-Oxley Is Not Just For Public Companies
  by Mark W. Peters; Jin Kyu-Koh; Jeffrey A. Belisle

The Sarbanes-Oxley Act of 2002 (“SOA”) raised the bar with regard to, among other things, corporate governance, internal controls and executive responsibility. While SOA’s provisions apply primarily to public companies, private companies should become familiar with SOA for two reasons: First, portions of SOA do, in fact, apply to private companies – such as whistleblower protection and document retention provisions. Second, implementation of SOA provisions which by their terms only apply to public companies may be required by certain business partners of private companies or may make good business sense. These issues are discussed further below. Business Partners Many parties with whom private companies routinely deal are suggesting, and in some cases requiring, at least some level of SOA compliance. Lenders, for example, are beginning to require compliance with some of SOA’s provisions prior to providing financing. Lenders are particularly interested in accurate financial reports and may require officers to certify the accuracy of such reports in a manner similar to certification requirements imposed on public company officers under SOA. Lenders are also requiring SOA corporate governance measures and may require representations and warranties or covenants in financing agreements to ensure compliance. Venture capital investors are also interested in SOA compliance by both companies in which they hold an interest and potential new investment targets, with a particular focus on accurate financial reports and prohibition of related party transactions barred by SOA. Insurers are also looking to SOA, particularly when providing directors & officers coverage. Certified financial results and various corporate governance measures, such as independent directors, may be required as conditions to coverage. Some governmental entities are also requiring some level of compliance prior to awarding contracts to private companies. Mergers or Acquisitions If an acquisition by a public company is a viable option for a private company, SOA must be addressed as part of that transaction. SOA compliance is time consuming and costly, and as a result, a public company evaluating a private company target is likely to attribute a lower value to such target if significant time and expense will be necessary to bring the target up to SOA standards. A “SOA ready” private company target, on the other hand, will make for an attractive candidate and may even call for an acquisition premium. A potential target with inadequate internal controls and financial reporting procedures will cause particular concern for a public company acquirer’s officers. Once an acquisition is complete, officers of the acquirer will be required to personally certify as to the accuracy of the target’s financial results. An improper certification can result in fines, and even possibly criminal penalties. This provides quite an incentive for public company acquirers to place a premium on strong financial reporting procedures and internal controls of target companies. Many acquirers are beginning to incorporate SOA compliance as part of the due diligence process, requiring targets to fully document internal controls and correct deficiencies as a condition to completing a deal. Some acquirers have also required representations and warranties in agreements covering corporate governance, internal controls and other SOA related matters. Going Public The most obvious private company candidate to consider SOA is one anticipating a public offering. Many of the Act’s provisions must be complied with as soon as a registration statement is filed with the Securities and Exchange Commission. Private companies can provide for a much smoother and less costly transition into public life by laying the groundwork for compliance well in advance of a public offering. For example, companies should establish board committees and draft related charters. Board member composition must also be considered early. SOA and stock exchange rules require that a majority of board members be “independent,” and private companies may need to recruit new board members to comply. A company may also need to retain new outside auditors if current auditors are not properly registered with the Public Company Accounting Oversight Board and accounting services currently being provided must be evaluated to avoid conflicts prohibited by SOA. A company may further wish to engage its accountants to perform a “pre-review” of internal controls since once SOA applies, an outside assessment of internal controls will be required. Once public, the CEO and CFO will be required to personally certify financial reports and internal control disclosures. To do so comfortably, either financial reporting internal controls should be strengthened or, at a minimum, a company should ensure data reporting and internal control capabilities are sufficient to handle modifications that may be required to comply with SOA. Addressing financial reporting processes early will further help company employees adjust to necessary changes. It’s Good Business Practice At a minimum, private companies should look to SOA as a “best practices” guide and implement provisions deemed to be particularly applicable and cost effective. Many of SOA’s corporate governance measures, such as establishing board committees and developing a code of ethics for senior officers, make sense because they can be accomplished at reasonable costs that are significantly outweighed by the benefits provided. Good corporate governance provides legitimacy to corporate records and actions, provides for the standardization of processes to improve efficiency and accuracy, and will result in more accurate financial reporting for internal management to evaluate. Some proactive private companies have even incorporated a Management Discussion and Analysis section into their financial reports, which is an SEC requirement for public companies. A final point to consider is director liability, since private company directors owe duties of care and loyalty to shareholders just like directors of public companies. Complying with SOA’s provisions may provide directors with protection from plaintiff’s attorneys who may point to SOA as a basis for arguing how a director should or should not have acted. Conclusion and Recommendations We recognize that implementation of SOA in its entirety is not feasible or cost effective for most private companies. However, many private companies are now either being forced to comply with certain parts of SOA or are complying as part of their ongoing business planning to more easily realize goals of a public offering or acquisition. Companies that are considering implementing certain practices that have resulted from SOA should seek the advice of knowledgeable counsel. SOA requirements and other “best practices” private companies may consider adopting include the following: •Recruit independent directors for the board of directors and board committees •Establish audit, nominating and compensation committees and draft related charters •Adopt a code of ethics •Ensure proper registration of outside auditing firm •Evaluate and document internal controls and procedures and consider improving if deemed necessary •Review services provided by outside auditors and adopt policies regarding approval of non-audit services •Engage auditors to perform “pre-review” of internal controls if a public offering is expected •Add MD&A to financial reports •Add corporate governance information to company website •Require executive officers to certify financial reports For additional information on Sarbanes-Oxley or any other corporate related matters, contact Mark W. Peters at (313) 568-5333, Jin-Kyu Koh at (313) 568-6627 or Jeffrey A. Belisle at (313) 568-5461.