SEC Asia Practice Insight

Get ready for your post-IPO life

Written by Joy Pan | Jun 22, 2024 6:03:00 PM

WELCOME TO THE U.S. MARKET.

Of all the challenges facing CEOs of newly public companies trading on U.S. exchanges, the most exacting may be the new mindset that you will need in order to navigate the rigors of SEC compliance and stock market regulations. 

The access to capital afforded by the U.S. public markets and the attendant opportunities it creates also come with stringent financial reporting requirements designed to ensure the integrity and transparency of the marketplace and to protect shareholder value. 

Non-negotiable filing deadlines and demanding regulatory compliance mandates are your new priorities. Earnings reports, regulatory filings, analyst and investor guidance, and the necessary steps to comply with the provisions of the Sarbanes-Oxley Act (SOX) are your new mission.

As a public company, you will be answerable to a vastly expanded group of stakeholders, including SEC counsel, your Audit Committee, outside auditors, Wall Street analysts and, of course, your investors.

 

You will be subject to public company policies and procedures that dictate important aspects of how you operate and that enforce parameters around how you make certain decisions.

Your financial disclosure obligations must be managed in tandem with the day-to-day demands of scaling a successful business. 

Post-IPO, you also will need to acclimate to working under the oversight of a Board of Directors, whose role is to ensure the company is acting in the best interest of shareholders. Board approval will be needed for all significant decisions and transactions, including new strategic directions, mergers and acquisitions, or other material changes.



Many private company owners do not fully recognize the new reality that awaits them as public company CEOs. This shift in mindset may be especially challenging for CEOs of non-U.S. companies unaccustomed to the strict compliance environment of the U.S. securities markets.

A well-prepared CEO will fully utilize the 9-12 months pre-IPO to begin adopting public company  practices, well ahead of the listing event. You will begin thinking and operating like a public company immediately once the decision to pursue an IPO is made, and start to build-out the financial team, IT infrastructure and reporting systems that will position the company to successfully pass its IPO assessment audit and win approval from the regulators to list on a U.S. securities exchange.

A well-prepared CEO will fully utilize the 9-12 months pre-IPO to begin adopting public company  practices

 

Internal Controls

Under PCAOB(Public Company Accounting Oversight Board) rules, companies must maintain independence from their external auditors.

To remain independent, a company’s auditors can no longer assist with financial reporting and disclosures. The management team must take ownership of financial reporting, disclosure and remediation activities. 

Auditors, however, continue to play a pivotal role post-IPO in ensuring the company’s financial integrity and transparency. They are responsible for establishing the policies and procedures that will govern your reporting and risk management, and for making sure they are followed.

Post-IPO Periodic Financial Reporting and Internal Control Requirements

After a registration statement is declared effective, you are required to file quarterly reports on Form 10-Q and annual reports on Form 10-K. As a public company, you must also file a current report on Form 8-K, disclosing any material events occurring between periodic reports.

You will need to address two types of controls and procedures in your post-IPO filings with the SEC:

  • Internal Control Over Financial Reporting (ICFR) — ICFR refers to procedures a company performs to reasonably ensure compliance with its policies related to preparing financial statements in accordance with U.S. GAAP and Regulation S-X. Management must annually file a report on the effectiveness of its ICFR. Moreover, with certain exceptions, non-EGC(Emerging Growth Companies) accelerated and large accelerated filers must generally include an auditor’s attestation report on the effectiveness of ICFR in their annual reports.
  • Disclosure Controls and Procedures — This broader set of controls (which largely encompass ICFR) provide assurance that information disclosed in a filer’s financial reports under the Securities Exchange Act of 1934 (the “Exchange Act” or “1934 Act”) is recorded, processed, summarized, and reported within the periods specified.

In addition, as your company’s principal executive, you and your principal financial officer (typically the CFO) must file certifications of the financial statements in your quarterly and annual reports to shareholders, as prescribed by Sections 302 and 906 of the Sarbanes-Oxley Act of 2002 (“Sarbanes-Oxley Act” or “Sarbanes-Oxley”).

Quarterly reports to shareholders are due within 45 days of quarter’s end. There is little margin for error or delay – failure to file within a 5-day grace period risks having your stock delisted. 

Relying on cash-basis interim financial closes is no longer an option. Public company reporting requirements are much stricter—and addressing them can require a great deal of internal process change.

In some cases – notably for external auditor and Audit Committee reviews of quarterly filings – it will be necessary to align your reporting process with stakeholder timelines and document their approvals. 

A robust financial reporting system is essential. Generally this requires upgrading your information technology infrastructure to automate the flow of information from business operations to the accounting system in order to facilitate reporting. This can make a critical difference when, for example, you must close your books within 15 days in order to meet a 45-day 10-Q reporting timeline. The manual or semi-manual systems you relied on pre-IPO will be insufficient to meet the aggressive filing deadlines and reporting requirements incumbent on U.S. public companies. 

Your auditors will be instrumental in the IT upgrade to ensure it accommodates a strong ERP  system integrating all of the company’s business and financial processes. An effective IT environment is essential in enabling you to maintain compliance with tight reporting deadlines – as well as in assuring the integrity of your risk management systems. 

You will find that having the right internal controls and financial team in place is of paramount importance in sustaining investor confidence as the company evolves and matures. 

THE  5 COMPONENTS AND 17 PRINCIPLES OF INTERNAL CONTROL 

Control Environment
1. Commitment to integrity and ethical values.
2. Board independence from management and oversight of internal controls.
3. Management structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.
4. Commitment to attract, develop, and retain competent individuals in alignment with objectives.
5. Accountability for internal control responsibilities in the pursuit of objectives.

Risk Assessment
6. Specification of objectives with sufficient clarity to enable the identification and assessment of risks.
7. Identification and analysis of risks.
8. Assessment of the potential for fraud in assessing risks.
9. Identification and assessment of changes that could significantly impact the system of internal control.

Control Activities
10. Mitigation of risks.
11. Control activities over technology to support the achievement of objectives.
12. Policies that establish what is expected and procedures that put policies into action.

Information and Communication
13. Use of relevant, quality information to support the functioning of internal control.
14. Internal communication of information necessary to support the functioning of internal
control.
15. Communication with external parties regarding matters affecting the functioning of internal control.

Monitoring Activities
16. Ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.
17. Timely evaluation and communication of internal control deficiencies to those responsible for taking corrective action, including senior management and the board of directors.