Stock Market Today

Leech believes that one of the reasons the SEC never addressed the IMA’s concerns is the revolving door between the audit community and the federal regulator, the SEC. As the IMA suggested in its letters, a big hurdle to improving Sarbox’s implementation was the fact that COSO 92 is now 18 years old and the big audit firms, and the companies they audit, were fully invested in that standard, flaws and all.

Enter Douglas K. Besch, a senior manager from KPMG who came to the SEC’s Office of Chief Accountant as an two-year termed Accounting Fellow and has recently returned to his firm. Leech, in conversation and email exchanges with Mr. Besch, argued that the risk-controls frameworks endorsed by the SEC needed to be reviewed. (Risk controls frameworks are just what they sound like –a way for companies to measure and control the risk they’re taking with their assets and decisions.)

The SEC had actually opened the door in saying that other suitable frameworks could be used, which Besch himself confirms, and is part of the SEC’s rule on the topic.

Besch said that he told Leech that registrants could use other frameworks as long as they could demonstrate they worked. But Leech wasn’t just asking for an alternative, he was asking the SEC to rethink its recommendation — the only way practices would ever really change. Despite the failures of the financial crisis making the need for change clear, without an SEC formal review and support from the big audit community, Leech has made little progress in his crusade.

Registrants who have to file reports based on COSO 92 were, according to Besch, free to “pre-clear” other risk controls approaches, but there was no project on at the SEC to review these issues, which is why the SEC would not review suggestions that came only from Leech. But what corporation would willingly stick out like a sore thumb by holding itself to non-recommended risk controls frameworks, and also take on the burden of proving to the SEC that those frameworks actually work?