2024 IPO material weakness study

Comparison of the total number of closed IPOs (traditional) and total number/percentage of IPOs (traditional) with MWs disclosed in the initial registration statement (including amendments) for the past three years.

Out of 569 companies that closed traditional IPOs from 2021–2023, 253 companies (46.4 percent) disclosed MWs (MWs) in their initial registration statement, including amendments (S-1/S-1a/F-1/F-1a/S-4/S-4a).

The percentage of MWs ranges between 40 percent and 58 percent during the years covered in the study (2021–23)*:

• In 2021, 40 percent (137) of the total closed traditional IPOs (340) disclosed MWs
• In 2022, 58 percent (62) of the total closed traditional IPOs (107) disclosed MWs
• In 2023, 44 percent (54) of the total closed traditional IPOs (122) disclosed MWs

* Number of companies that closed IPOs and disclosed material weaknesses in their initial registration statement, including amendments (S-1/S-1a/F-1/F-1a/S-4/S-4a).

• Start early: A key success factor for getting a pre-IPO company through SOX compliance is starting early. While timing may vary by company size, structure, number of locations in scope, etc., it takes at least a year or more to get a company through its initial SOX compliance effort. Many pre-IPO companies do not have employees with recent SOX experience and thus tend to discount the effort related to the changing regulatory environment. The burden of leading the SOX compliance effort typically falls on accounting and finance along with other IPO responsibilities that include preparing the S-1 and getting the company through its financial audit.
• Key employees: Employees that need to provide support or that may be impacted by SOX 404 should be notified prior to kicking off the project and should receive SOX awareness training. A kickoff meeting with key executives is highly recommended. It is important to explain that SOX is an ongoing process rather than a one-time project. A successful SOX program requires that employees performing controls take ownership of their role in SOX and understand the value in the controls they perform (i.e., not just a compliance exercise).
• Cost: Although companies are aware that the initial cost of compliance is high, most companies still underestimate this cost. While it’s difficult to provide exact estimates, drivers such as number and complexity of revenue streams, number of geographical locations, level of automation, etc. can be used to develop an estimate.
• Tone at the top: Getting buy-in from the executive management team, including the CEO, CFO, and CIO, is essential. Communication that comes directly from upper management supporting the SOX effort and reemphasizing this message during strategic meetings/discussions throughout the course of the project helps ensure success.
• Dedicate resources: Most companies underestimate the number of resources required to successfully navigate through a company’s first year of compliance. If the company does not have an established internal audit department (which most small pre-IPO companies do not), resource needs should be addressed early by hiring or collaborating with outside consultants. It’s also important to dedicate at least one internal resource to lead the project effort and assist with remediation.
• Risk and reward: Companies should strive to take a risk-based approach to SOX and consider this exercise to add value and improve processes while achieving an important compliance requirement.
• Transition from private to public: The transition from being a privately held company to a public company can be significant. The additional hurdle of navigating SOX 404 compliance makes this process even more challenging.
• New processes: While existing processes may change, the company will also need to establish new processes as part of being a public company. The external financial reporting process is a good example of a new process that will need to be established and fine-tuned prior to going public, such as implementing disclosure committees.
• External auditor: It is important to get external auditors involved early during the process to understand their expectations and to get buy-in on scope, design and implementation, timing of the project, and communication protocols. Our experience as an auditor of public companies and in working with other Big Four firms can assist in navigating your discussions with the external auditors.
• Expect change: Depending on how well the company and its finance and accounting functions are structured, the company may experience slight to significant change after the completion of its initial documentation and identification of design gaps. Processes with significant design flaws may need to change completely and could take over a year to remediate especially if the solution requires implementation of new technology/systems. Some level of change should be expected throughout the organization.
• Technology considerations: Companies that have not adequately invested in technology and tools for financial reporting and business operations may struggle with technology and system limitations. This may require additional resources to implement new technology/systems or customize existing systems and reports. The IT effort required for SOX compliance should not be underestimated. IT plays a large role within the internal control structure and will be an integral part of SOX compliance. Additionally, to the extent possible, companies should consider implementing necessary new systems prior to the IPO. KPMG uses multidisciplinary teams that typically include Internal Audit, IT, and Tax. In addition, subject matter professionals are also incorporated as part of the project team.