Perhaps owing to more controversy than expected, the SEC has filed a notice to solicit additional comments on Nasdaq's proposal to require that listed companies establish and maintain an internal audit function. The Commission had until April 22 to approve or disapprove the proposal, but has delayed that decision until June 6 in order to consider the 38 comments that were received and seek more comments.

The majority of the comment letters came from CFOs of Nasdaq-listed companies, who complained about the cost burden. Several sought an exemption based on market cap, noting that compliance with SOX already requires the maintenance of effective internal controls with oversight by independent auditors, making this proposal redundant. Many of these companies indicated that compliance with regulatory requirements currently constitutes a significant expense to their relatively modest revenue base, and that this additional requirement is particularly unnecessary for companies that do not have complex businesses. Some of the smaller reporting companies noted that this proposal would defeat the purpose of the exemption available from SOX 404(b) requirements. The biotechnology industry was heavily represented in the comments.

There was also criticism that the requirement to provide management and the audit committee with ongoing assessment of the company's risk management process and system of internal controls was particularly inflexible and likely to increase expenses. In addition, some commenters believe that the outside auditors should not play a role in budgetary and staffing discussions for internal audit functions. The Society of Corporate Secretaries and Governance Professionals recommended that the proposed rule apply only to financial reporting risk, and that Nasdaq increase the implementation period and include a cost-benefit analysis, particularly with respect to the impact on smaller companies.

The Institute of Internal Auditors, however, fully supports the proposal, and in fact suggested that Nasdaq require internal audit functions to follow globally recognized professional standards.