Wisconsin Lawyer: Sarbanes-Oxley Affects Your Private Company Clients:

State Bar of Wisconsin

Sign In
    Wisconsin LawyerWisconsin Lawyer

News & Pubs Search


    Sarbanes-Oxley Affects Your Private Company Clients

    Although the Sarbanes-Oxley Act does not directly affect financial reporting and corporate governance practices of private companies in the same extensive manner that it affects public companies, it could become the "best practices" standard for private companies. In many situations a private company could benefit from voluntarily adopting governance improvements.

    Larry Lieberman

    Share This:

    Wisconsin Lawyer
    Vol. 77, No. 6, June 2004

    Sarbanes-Oxley Affects Your Private Company Clients

    Although the Sarbanes-Oxley Act does not directly affect financial reporting and corporate governance practices of private companies in the same extensive manner that it affects public companies, it could become the "best practices" standard for private companies. In many situations a private company could benefit from voluntarily adopting governance improvements.

    a group of people in shadowby Larry D. Lieberman

    The enactment of the Sarbanes-Oxley Act of 20021 has led to enormous changes in financial reporting and corporate governance practices of U.S. public companies. In response to the scandals at Enron, WorldCom, Tyco and other large public companies, Sarbanes-Oxley and related rulemaking by the Securities and Exchange Commission (SEC) and stock exchanges sweep broadly in transforming the public accounting industry and in reforming disclosure and governance practices of publicly traded companies.

    Sarbanes-Oxley applies primarily to companies registered under the Securities Exchange Act of 1934. Increasingly, however, the ramifications of Sarbanes-Oxley also are being felt by private companies. Attorneys should be mindful of the manner in which Sarbanes-Oxley can affect their private company clients. In addition, any company can benefit by improving its governance practices, and a private company may simply want to adopt enhanced governance practices even though it is not obligated to do so. Counsel for a private company should understand the potential positive benefits of good corporate governance and consider whether to recommend that a company voluntarily adopt at least some governance changes.

    The term "corporate governance" has now become commonplace, but it is used by different people in very different ways. For purposes of this article, "corporate governance" is used in the manner defined by the Organization for Economic Co-Operation and Development:

    "[T]he system by which business corporations are directed and controlled. The corporate governance structure specifies the distribution of rights and responsibilities among different participants in the corporation, such as the board, managers, shareholders and other stakeholders, and spells out the rules and procedures for making decisions on corporate affairs. By doing this, it also provides the structure through which the company objectives are set, and the means of attaining those objectives and monitoring performance."2

    This definition includes the organizational structure and corporate procedures and systems designed to improve financial performance and corporate transparency and accountability. It also includes the corporation's culture and ethics.

    Requirements of Sarbanes-Oxley for Private Companies

    Private companies have not entirely escaped the reach of Sarbanes-Oxley. Sarbanes-Oxley already contains important provisions that apply directly to them as well as to public companies.

    Notice of blackout periods under defined contribution plans. Plan administrators must notify participants in any defined contribution plan in writing at least 30 days before any "black-out period." A black-out period is any period of more than three consecutive business days during which participants are restricted from diversifying assets in their account or obtaining plan loans or distributions.3

    Criminal liability for retaliation against informants. Sarbanes-Oxley criminalizes retaliation against any person, including interfering with that person's employment, for providing truthful information to law enforcement officers relating to the possible commission of any federal offense.4 This provision of Sarbanes-Oxley is not limited to securities-related offenses or to employees of public companies.

    Other criminal provisions. Sarbanes-Oxley adds other criminal penalties and remedies, including criminal liability for altering or destroying documents to impede any federal investigation or bankruptcy case,5 and enhanced liability for white collar crimes and securities fraud, whether involving public or private companies.6

    Some private companies are amending applicable retirement plan, employment, and document retention policies and procedures in order to incorporate these aspects of Sarbanes-Oxley.

    Voluntary Adoption of Governance Changes by Private Companies

    Beyond the few provisions of Sarbanes-Oxley directly applicable to them, private companies increasingly also are adopting at least some of the corporate governance reforms that are required of public companies under Sarbanes-Oxley. In response to a recent survey of 1,400 chief financial officers (CFOs) of privately held companies, 58 percent said they planned to implement new procedures in response to the corporate governance standards being imposed on their public company counterparts.7

    Many companies no doubt will feel increasing pressure from external forces to adopt changes. For example, important business partners such as investors, lenders, customers, or vendors may well prefer to do business with companies that have good corporate governance practices. An outside director of a private company may insist as a condition to service that the company have good corporate governance practices, particularly if the director has public company experience. The International Organization for Standardization (ISO) is exploring the desirability and feasibility of proposing ISO corporate responsibility standards along the lines of the ISO 9000 quality management standards.8 As a result, private companies that desire ISO certification may want to change their governance practices. Regulators of financial institutions increasingly are imposing enhanced governance requirements on banks and other financial institutions in light of the perceived benefits to the institutions.9 In fact, legislation has been introduced in more than a dozen states, although not in Wisconsin, to extend certain Sarbanes-Oxley provisions to private companies.10 These or other external factors may push a company toward implementing corporate governance improvements.

    Even in the absence of external forces, private companies would do well to recognize that many of the concepts underlying Sarbanes-Oxley promote better management of any company, whether public or private,11 and that a private company can benefit in important ways by making at least some changes in governance practices. The following are some of the more important potential benefits.

    Better strategic decision-making. Improving corporate governance practices can result in directors more carefully exploring and analyzing important strategic decisions. In addition, improving accounting controls and procedures may allow the provision of better, more timely information to assist in these decisions. These changes can add tremendous value to a private company.

    More reliable financial information. A company with strong internal controls is less likely to prepare unreliable financial statements or make ill-advised business decisions based on unreliable financial data.

    Reduced litigation exposure. The directors of private and public companies are legally obligated to satisfy their fiduciary duties. To the extent that governance practices of public companies have established higher standards of director conduct, courts are likely to look to those standards to determine whether directors have exercised the requisite degree of care and loyalty. A private company's implementation of improved corporate governance practices can reduce the directors' exposure to litigation from disaffected shareholders or other constituencies who claim that the directors failed to fulfill their fiduciary obligations.

    Preparedness for going public. Private companies that eventually want to go public will become subject to Sarbanes-Oxley at the time of the transaction. Complying with Sarbanes-Oxley will require substantial planning and resources, and a company contemplating an initial public offering (IPO) should prepare to comply with Sarbanes-Oxley well in advance.

    Improved desirability as an acquisition candidate. As part of its due diligence, a public company typically will assess the corporate governance practices, particularly the accounting controls, of any private company acquisition candidate. This assessment is most important if the acquisition would be material to the public company because the public company will be responsible for the adequacy of the accounting controls after the acquisition date. Good corporate governance and accounting controls could make a private company more attractive as an acquisition candidate.

    Fraud deterrence. Better corporate governance practices, particularly accounting controls, will not eliminate the possibility of fraud or embezzlement but could reduce the likelihood or severity of such acts.

    Improving Governance Practices

    In deciding how to improve governance practices, a private company should consider what steps are reasonable and practical for it. The extent of the recommended changes will very much depend on the particular company's situation. Nevertheless, a number of measures to upgrade governance standards are applicable to a wide range of private companies.

    Larry Lieberman


    Larry D. Lieberman, Stanford 1984, practices with Godfrey & Kahn S.C., Milwaukee. He is a shareholder member of the firm's securities and financial institutions practice areas.

    Add independent directors. Under new NYSE and Nasdaq requirements, the majority of the directors of a listed company must be independent. This may be impractical for most private companies, but neither is it advisable to have no independent directors, which currently is the practice of many private companies. Independent board members can provide objective oversight and advice to complement management's vision and activities. In addition, independent directors are best equipped to serve as a check on audit, internal control, and related-party activities of a private company.

    As an alternative to adding independent directors to the board of directors, a private company might consider establishing an advisory board. Advisory board members also can provide independent advice, but they would not have the full range of legal responsibilities incumbent upon directors.

    Establish an independent audit committee. Many private companies do not have an independent audit committee. An audit committee can help a company improve the integrity, reliability, and readability of its financial statements. The audit committee should have a formal written charter that outlines its role and responsibilities, including meeting with management and the independent auditors regarding the financial statements, selecting or recommending the auditor, approving the nonaudit services provided by the auditor, and reviewing and approving related-party transactions. To the extent practicable, consideration should be given to including an audit committee financial expert on the committee, as many public companies do.

    Establish corporate governance guidelines. NYSE-listed companies are required to establish corporate governance guidelines.12 No single set of guidelines would be appropriate for every company, but certain key areas of importance for private companies may include the matters listed below:

    • Director qualification standards.
    • Director responsibilities. These responsibilities should clearly articulate what is expected from a director, including, for example, a policy concerning a director's expected time commitment and basic duties and responsibilities with respect to attendance at board meetings and advance review of reading materials.
    • Director access to management and, as necessary and appropriate, to independent advisers, such as legal counsel.
    • Director orientation and continuing education.
    • Management succession. Succession planning should include policies and principles for chief executive officer (CEO) selection and performance review, as well as policies regarding succession in the event of an emergency or the CEO's retirement.
    • Meeting frequency and preparation. The board should meet at least four times a year for a half-day at a time. For some companies, it may be necessary to meet more often, perhaps for shorter periods. Before the meeting, preferably a week before, a package of materials including an agenda, supporting materials, and an executive summary should be sent to directors.
    • Director compensation.
    • Evaluation of the board and board committees. The board should conduct a periodic self-evaluation to determine whether the board and its committees are functioning properly.

    For many private companies, particularly companies with a CEO who is the controlling shareholder, issues such as director selection, management succession, and CEO review and compensation cannot be addressed adequately without the CEO's full support and involvement.

    Improve internal control environment. A private company should consider periodically reviewing the adequacy, scope, implementation, and operation of the company's internal accounting controls and practices. It may be prudent, for example, for the company to establish a separate internal audit function, which is now required of NYSE-listed companies. In addition, a private company may want to consider obtaining a certification from its auditors as to the effectiveness of the company's internal controls. Starting in 2004, such a certification will be required for public companies. In order for the auditor to provide this certification, a company's internal controls and procedures need to be documented.

    Review related-party transactions. Policies should be implemented that require all transactions with directors, officers, and other affiliates to be on an arm's-length basis and approved in advance by the audit committee or other independent directors. Consideration should be given to prohibiting loans to directors and officers, as is required for public companies. Related-party transactions are subject to heightened risks of abuse, and it is therefore prudent for the independent directors to take reasonable precautions to prevent over-reaching.

    Adopt a code of ethics. Public companies are now required to disclose whether or not they have adopted a code of ethics applicable to the company's principal executive, financial, and accounting officers. The NYSE and Nasdaq now require listed companies to adopt a code of conduct and ethics for directors, officers, and employees. The NYSE notes that such a code can focus the board and management on areas of ethical risk, provide guidance to personnel to help them recognize and deal with ethical issues, provide mechanisms to report unethical conduct, and help foster a culture of honesty and accountability. These codes typically cover conflicts of interest, confidentiality, fair dealing, protection of company assets, compliance with laws, and encouraging the reporting of illegal or unethical behavior. A code of ethics can enhance a company's stature with third parties, and it may provide some legal protection if a company is sued for misconduct and the company can demonstrate that it has a code of ethics and diligently attempted to follow it.

    Review relationship with auditor. Sarbanes-Oxley requires accounting firms that audit public companies to register with the newly created Public Company Accounting Oversight Board (PCAOB). If it hasn't already done so, a private company that is contemplating an IPO should consider changing to a registered accounting firm prior to the IPO. Sarbanes-Oxley also prohibits the independent accountants from performing specified nonaudit services for a public company audit client, and the nonaudit services that are not prohibited must be pre-approved by the audit committee. Many private companies rely on their auditors to provide them with a wide range of important services. Particularly in smaller cities, where there may be fewer qualified accounting firms, restricting the range of services that the auditor provides may not necessarily be in a private company's best interest. In many cases, however, a private company may be better served by engaging another firm to provide nonaudit services.


    Sarbanes-Oxley does not directly affect private companies in the same extensive manner that it affects public companies. Nevertheless, because Sarbanes-Oxley is the standard for public companies, even if it is not a legal mandate, it could become the "best practices" standard for private companies. In any event, in many situations a private company may benefit from voluntarily adopting governance improvements. As a result, attorneys should stay informed regarding Sarbanes-Oxley and related rulemaking and make appropriate recommendations for their private company clients.


    1Pub. L. No. 107-204 [H.R. 3763] (2002).

    2See Encycogov, AcadPublishing.

    3Sarbanes-Oxley Act § 306(b) (amending 29 U.S.C. § 1021).

    4Sarbanes-Oxley Act § 1107 (amending 18 U.S.C. § 1513).

    5Sarbanes-Oxley Act §§ 802, 1102 (amending 18 U.S.C. §§ 1519, 1512, respectively).

    6Titles IX, XI of Sarbanes-Oxley Act of 2002, also referred to as "White-Collar Crime Penalty Enhancement Act of 2002" and "Corporate Fraud Accountability Act of 2002," respectively.

    7The Impact of Sarbanes-Oxley on Private Business, Robert Half International Inc. (July 2003), at 11.

    8"The Desirability and Feasibility of ISO Corporate Social Responsibility Standards," Final Report, May 2002, prepared by the Consumer Protection in the Global Market Working Group of the ISO Consumer Policy Committee.

    9See, e.g., Financial Institutions Letter 17-2003, "Effects of the Sarbanes-Oxley Act of 2002 on Insured Depository Institutions" (FDIC March 5, 2003); "Interagency Policy Statement on the Internal Audit Function and Its Outsourcing" (Federal Reserve System Board of Governors, FDIC, OCC, OTS March 17, 2003).

    10See "2003 Overview of Accounting Reform State Legislation Activity"; "Additional Business Related Legislative Proposals" (Am. Inst. of Certified Public Accountants).

    11The Impact of Sarbanes-Oxley on Private Business, supra n.7.

    12New York Stock Exchange Listed Company Manual § 303A ¶ 9.