Search for:

SEC officials have expressed concern that companies are not properly identifying and disclosing material weaknesses in internal controls, and that such weaknesses are too frequently disclosed only in conjunction with a restatement – after the damage is, in effect, done. See, e.g., January 2014 Update. However, an academic study in the May/June 2015 issue of The Accounting Review, published by the American Accounting Association, suggests that companies may have good reasons to be reticent about disclosing their control weaknesses: Companies that disclose material weaknesses in advance of a restatement are more likely to be penalized than those that do not. As summarized in an AAA press release, the study finds that there is — “[N]o evidence that penalties following a restatement are more likely for firms that fail to detect and disclose their control weakness as required. Instead, firms that do report their control weaknesses in a timely manner are generally more likely to face [varied] penalties in the event of a later restatement. These results are consistent with the disclosure of control weaknesses making it difficult for management to plausibly claim later that they had been unaware of the underlying conditions in the control environment that led to their restatements.” The study, entitled “Does SOX 404 Have Teeth? Consequences of the Failure to Report Existing Internal-Control Weaknesses,” was authored by Sarah C. Rice of Texas of Texas A&M University and David P. Weber and Biyu Wu of the University of Connecticut. It is available for purchase on the AAA’s website. According to the press release, the findings are based on analysis of the disclosures made by 659 companies that filed restatements between November 14, 2004 (when the internal control reporting requirements of SOX Section 404 became effective) and the end of 2010. During that period, 134 of the restating companies reported material weaknesses in their internal controls prior to announcing the restatement, while 525 did not report control weaknesses. Of those that did not disclose a material weakness prior to the restatement, 314 made after-the-fact disclosure of the existence of an internal control weaknesses at the time of the restatement. The SEC enforcement risk associated with disclosing a material weakness is fairly small. The press release states that pre-restatement disclosure of a material weakness increases the likelihood of SEC enforcement action by about 6 percent, “probably because it aids the agency ‘in identifying cases where potential enforcement actions are likely to succeed and make it difficult for management to claim they were unaware of the problems that led to the restatement.’” Companies that make pre-restatement disclosures may also suffer other consequences —

  • Class action lawsuits are “5 to 10% more likely when firms report internal control weaknesses prior to restatements.”
  • Top management turnover is 15 to 26% more likely.”
  • Auditor turnover is 6 to 9% more likely.”

Professor Weber summarizes the study in these terms: “For as long as anyone can recall, investors have complained about being blindsided by companies, where one day everything is fine and the next day it all falls apart. SOX 404 is supposed reduce the incidence of that sort of thing, but to do its job there has to be an incentive for top execs and auditors to divulge control problems in the company annual report, as mandated by the provision. I must admit that my colleagues and I were only mildly surprised that firms which fail to do so aren’t penalized. What surprised us a lot more is that companies which evidently take SOX 404 to heart are penalized.”


The study’s findings may provide interesting insight into SEC enforcement policy. The study should not, however, be used as a guide to corporate disclosure policy. If the Commission were to uncover evidence that a company intentionally withheld disclosure of a known material weakness, it is quite likely that it would bring enforcement action against the individuals – including, if applicable, audit committee members who made that decision or were aware of it.  


Daniel L. Goelzer has a strategic role in the Baker & McKenzie's global corporate, securities, and banking compliance practices. He has more than 35 years of securities law experience, including service in senior positions at both the Securities and Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PCAOB). The SEC appointed him as a founding member of the PCAOB, and he served as the Board’s Acting Chairman from 2009 to 2011. He is also a former General Counsel of the SEC and a former Vice Chair of the International Forum of Independent Audit Regulators. He writes and speaks frequently on national and international securities laws and accounting industry issues.

Write A Comment