Compliance issues still loom large for companies aiming for IPOs


There was a time when people were convinced that Sarbanes-Oxley absolutely destroyed a company's chance to go public. 

You likely recall the outcry, as many stridently claimed the law was pushing companies to London's AIM, that New York City was losing ground as a financial center, that the sky was falling. The rhetoric has declined substantially as of late. When non-accelerated filers were made exempt from 404(b) by Dodd-Frank, no one proclaimed that small companies were saved. 

But the fact remains that governance issues loom large for companies aiming to go public. When asked to name their top three challenges ahead of an IPO, senior executives of companies considering such an offering listed improving corporate governance (64 percent), preparation of a robust business plan (40 percent) and preparation of financial track record (36 percent), according to a survey by KPMG. The first and third items suggest that companies need to be thinking about Sarbanes-Oxley and GRC issues well ahead of an offering. You need these ducks lined up before you take a step down that path. Tasks such as selecting the right board members may seem easy but they are fraught with risks. 

Protiviti managing director Scott Gracyalny offers his five keys for preparing for an IPO from a compliance standpoint: 

1. Establish a sound governance structure. While Sarbanes-Oxley and other financial reporting compliance regulations are considered old news, they represent a fundamental change in the organization's approach to governance, risk and compliance (GRC) upon embarking on the road toward an IPO. Organizations must demonstrate that the business is grounded on well-defined ethics principles and governed by a balanced, independent operating structure not only to be in compliance but to also establish market confidence. Among other considerations, organizations will pay specific attention to establishing a code of ethics, an appropriately credentialed board, and an internal audit function that reports directly to an independent audit committee.  

2. Update financial reporting processes. SEC oversight and related financial reporting regulations will likely require adjustment of the company's accounting policies, including but not limited to the treatment of employee stock and compensation; classification and recognition of assets, liabilities, expenses and revenue; and business segment reporting.

3. Execute a corporate-wide risk assessment. The liquidity the IPO provides also brings with it increased public scrutiny. Private companies typically find themselves managing the "risk of the day," and the impact of failed compliance may often be limited to a direct operational loss or regulatory fine. However, public oversight raises the awareness of the company's actions and the likelihood that risk exposures will be detected and also increases their reputational impact. In many cases, the risk that brings down the house is the one that was never considered in the first place, perhaps because it is either difficult to quantify or insignificant in terms of its direct financial impact. When developing the company's risk profile, it is essential to consider the reputational impact of risks, which will quickly move the company from strict focus of financial reporting regulations to a broader set of business risks.

4. Define a rationalized internal control structure. Listing on the stock exchanges raises the evidentiary bar, which may come at significant cost. Companies can reduce the cost of compliance by developing rationalized policies, processes and related controls from the outset. The regulatory landscape continues to impose new requirements on businesses, and companies without an internal control structure that can be fanned toward compliance with new regulations will find their various internal control programs and related costs proliferate--or--that they're simply unable to keep up with regulatory requirements. 

5. Develop a corporate social responsibility reporting function. Recalling that a key distinction between a company's pre- and post-IPO approach relates to the creation of public confidence, one should not underestimate the value of a corporate social responsibility function that both sets a positive agenda and reports to the community the good things the company is doing beyond baseline compliance. A July 2007 Goldman Sachs study indicated that companies that are considered leaders in implementing environmental, social and governance policies had outperformed the general stock market by 25 percent since 2005. While the verdict is still out on the bottom-line impacts of corporate social responsibility activities, privately held companies that have likely achieved success by focusing on consistent execution of their business plans would do well to heighten the importance they place on good public relations.  Especially when times get tough--and those times are inevitable--it is helpful to be able to withdraw from a bank of good will. - Jim