Policy

SEC proposes easing internal-control audit rules for smaller public companies

Only large accelerated filers would keep auditor attestation under the SEC plan, as the public-float cutoff jumps to $2 billion and many smaller issuers drop out.

Derek Washington··2 min read
Published
Listen to this article0:00 min
SEC proposes easing internal-control audit rules for smaller public companies
Source: cdn.sanity.io

The SEC moved to shrink the set of public companies that must get an auditor’s attestation on management’s internal-control assessment, a change that would leave only large accelerated filers under Section 404(b) if adopted. The proposal, issued May 19, would raise the public-float threshold for that status from $700 million to $2 billion, and a company would have to meet that level for two straight years and have at least 60 consecutive months of reporting before it could qualify.

The rule would do more than move the threshold. It would eliminate the accelerated filer and smaller reporting company filer categories, leaving every company that is not a large accelerated filer as a non-accelerated filer. Those non-accelerated filers would no longer be required to obtain auditor attestation on internal control over financial reporting, while also picking up scaled disclosure accommodations that include fewer years of financial statements and, in some cases, no say-on-pay or say-when-on-pay votes. Comments are due July 20, 2026.

AI-generated illustration
AI-generated illustration

For KPMG audit teams, that would shift where the hours go. Smaller public-company clients could step out of mandatory 404(b) testing, but they would still need strong controls, management’s own assessment, and a judgment call on whether to buy voluntary assurance anyway. In a firm where busy season, staffing pressure and the partner track are already shaped by compliance deadlines, a narrower attestation market would push more effort toward control design, readiness work and audit committee conversations about risk.

The SEC framed the proposal as a way to simplify a filer-status system it says is too complex for companies and investors, while also supporting capital formation and IPO competitiveness. Business groups have long argued that the current rule is expensive and does not always deliver benefits that match the cost. Investor-protection advocates warn that trimming the requirement could loosen a discipline imposed after Enron and WorldCom.

That history still hangs over the debate. Section 404 was enacted in July 2002 after those scandals, and Dodd-Frank later permanently exempted companies with less than $75 million in public float from the attestation rule. The Government Accountability Office said in a 2025 report that Section 404(b) costs are higher for larger companies but more burdensome for smaller ones, while a 2013 report found exempt companies had more financial restatements and urged clearer disclosure of attestation status.

The practical question for audit and finance teams is which clients need to reassess internal-control readiness now. Any issuer near the $2 billion float mark, any company planning an IPO or follow-on market step, and any client relying on a lighter compliance posture should revisit SOX documentation, testing and board reporting before this proposal becomes settled law.

This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.

Did this article answer your question?

Discussion

More KPMG News