Skip to main content

Bridgepoint summarizes NASDAQ’s Proposed Internal Audit Requirement

Internet network technology, digital software development, future tech background, IoT concept. Man using digital tablet and laptop with global network connection, computer code

Update on 5/9/13: Since the posting of the article, please note this excerpt from The NASDAQ OMX Group, Inc which is putting a delay on the proposed rule:

“In light of the breadth and nature of the comments from our issuer community, and others, NASDAQ has
determined to withdraw the proposal so that we may adequately consider these comments. NASDAQ remains committed to the highest standards of corporate governance, and believes it is important that listed companies have appropriate mechanisms and processes in place to review risks and the system of internal controls. It is our intent to revise the proposed rule, taking into account the comments, and resubmit it. We will of course keep you updated as things progress…”

NASDAQ Proposes Internal Audit Requirement

The NASDAQ Stock Market LLC (NASDAQ) filed a proposed rule change with the Securities and Exchange Commission (SEC) on February 20, 2013 requiring all NASDAQ-traded companies to have an internal audit function. Currently, companies traded on the NASDAQ are not required to have an internal audit function, although in accordance with the Sarbanes-Oxley Act (SOX), they are required to maintain internal controls over financial reporting. This rule is still in the proposal stage, however if approved, would require companies listed on NASDAQ on or before June 30, 2013 to have an internal audit function established no later than December 31, 2013.

Why would NASDAQ have proposed this rule? NASDAQ has indicated the proposed rule is designed to protect investors and the public interest by (a) ensuring that listed companies have a mechanism in place to regularly review and assess their system of internal control, and (b) make sure that management and the audit committee are provided with ongoing information about the company’s risk management processes and system of internal control. Further, New York Stock Exchange (NYSE)  listed companies have been required since 2003 to maintain an internal audit function (with certain exclusions such as closed-end and open-end funds registered under the Investment Company Act, passive investment vehicles, foreign companies and companies that list only debt or preferred stock). The NYSE implemented this change in 2003 just before the SOX requirements went into effect, presumably to ensure that companies had the function in place to oversee the SOX regulatory requirements.

What are the Pros and Cons of this Rule? The positive aspect of this rule is the integration of the Internal Audit function into the organization’s overall governance structure to provide oversight for compliance with financial reporting and other technology and operating requirements. The internal audit function is important for companies, and will provide an independent, unbiased and objective viewpoint of financial and operational business activities and the performance of management. The negative aspect of this proposed rule is that smaller organizations with limited complexity or operations and effective management oversight of all business activities will incur an additional cost burden that may be questionable as to its benefits.

Will this Rule Be Approved? It’s uncertain, but the SEC has received a large number of concerns, questions and objections against the new rule. Most parties believe there should be a minimum size requirement to implement the rule ($100 million market capitalization was recommended by several responders).

One executive was more colorful in her feedback to the proposed rule by quoting Ralph Waldo Emerson: “Foolish consistency is the hobgoblin of little minds”.

Want to Read More? Here’s a link to a Wall Street Journal article on the proposed rule: http://blogs.wsj.com/riskandcompliance/2013/04/01/nasdaq-may-amend-or-withdraw-internal-audit-rule/

How can Bridgepoint Help? Bridgepoint’s Risk Services practice has seasoned professionals skilled at assessing risks and implementing internal audit functions in companies. We can provide assistance to address the impact of the proposed NASDAQ rule from implementation to execution of an internal audit function that “fits” your organization.  We believe that a value-added internal audit function can independently assess risks and controls as well as help drive company performance. We also are staying apprised of latest NASDAQ requirements for you.

Contact John Sorrells (JSorrells@bridgepointconsulting.com) or David Roe (DRoe@bridgepointconsulting.com) if you have any questions.

By

Jeanne has managed the successful implementation of many internal audits and Sarbanes-Oxley 404 compliance projects. Her organized and efficient execution of compliance work has given her experience in analyzing, remediating deficiencies, and testing financial processes.