It is a relatively quiet afternoon, and the general counsel of a NASDAQ-listed company is reflecting on where matters stand in complying with the flurry of rules, regulations and pronouncements of the Securities and Exchange Commission, NASDAQ and the PCAOB that followed in the wake of the passage of Sarbanes-Oxley (SOX).

On the governance side, the board of directors is now made up of the required majority of independent directors, the audit committee, compensation and governance committee members are all independent, and all these committees have adopted charters and disclosed them as required.

On the accounting and financial front, the Section 302 and Section 906 certification process seems to be working smoothly, and the internal auditors are working hard to complete the documentation and testing of internal accounting controls required to meet the requirements of Section 404 of SOX so that the CEO and CFO can review, assess and certify the internal controls by the deadline imposed by the SEC.

All things being equal, the general counsel feels pretty good about the company’s compliance status. All deadlines have been met, and those that remain – principally that of Section404 – appear to be under control.

At this point the company’s CEO and CFO march into the general counsel’s office and announce that they have just reached an understanding for the company to make a significant acquisition, a large privately owned company with fewer than 10 shareholders. The CEO and CFO want to proceed with a letter of intent and close the transaction as soon as possible.

Mindful of what he and the company have had to go through to comply with SOX and the many new rules and regulations spawned by it, the CEO asked whether any of these new provisions will have an effect on the proposed acquisition. The general counsel replied he would like to think about it, but his initial reaction was that SOX would have no direct application to the proposed transaction, since most of the provisions of SOX apply only to companies subject to the reporting requirements of the Securities Exchange Act of 1934, and the acquisition target is not such a company.

After reviewing the situation with outside counsel and the external auditors, the general counsel learned somewhat to his dismay that there were several provisions of SOX that would have to be taken into account in planning, structuring and executing the proposed acquisition.

He discovered that these provisions would not only increase the length and costs of due diligence required in connection with the acquisition, but also would affect the cost and timing of the proposed transaction.

Companies in general should expect and plan for greater involvement of outside auditors or other consultants to review and revise the target company’s internal disclosure and accounting controls so that they are in conformity with the acquiring company’s internal controls.

Since the target’s financial information will become a part of the acquirer’s consolidated financial statements following the transaction, financial due diligence will have to be expanded. Traditionally, acquisition-related financial due diligence focused primarily on the conformity of the target’s financial reporting to, and consistency with, GAAP.

Given the heightened transparency of financial reporting for public companies mandated by SOX, due diligence in acquisitions will have to focus on all transactions and liabilities (including off-balance sheet transactions), which could have a material effect on the target’s financial condition or results of operations, without regard to their GAAP treatment.

Section 402(a) of SOX generally prohibits personal loans by public companies to their executive officers or directors. While such loans are now banned for public companies, they have been and continue to be common in closely held companies. If any of the target’s officers, directors or shareholders will become executive officers or directors of an acquiring public company following the transaction, then any outstanding personal loans will have to be repaid before the transaction is closed. If they are not, the acquiring company could find itself in violation of Section 402(a).

The SEC regulations implementing SOX require public companies to maintain disclosure controls and procedures that will permit the capture and assimilation of all financial information required to be disclosed in periodic reports (Forms 10-Q and 10-K) filed with the SEC. On a related front, Section 404 of SOX requires public companies to include in their annual reports on Form 10-K (beginning for most public companies with the fiscal year ending on or after Dec. 31, 2004) management’s assessment of the effectiveness of internal accounting controls, as well as the disclosure of any material weaknesses in those controls.

Moreover, a company’s outside auditors will be required to attest to and report on management’s assessment of the internal accounting controls in accordance with procedures and standards that are still in development.

Beyond the direct impact of these new rules and procedures on public companies, their effect on acquisitions – particularly acquisitions of private companies by public companies – has raised a lot of uncertainty, timing considerations and, without a doubt, additional transaction costs.

Even if a private company target has audited financial statements, it does not necessarily mean that the target will have disclosure controls and internal accounting controls that will satisfy the new requirements. In fact, in most instances, it will not.

This deficiency will increase the due diligence requirements for an acquisition, and in many instances will require the acquirer to install or revise the target’s procedures. Since, as mentioned above, the target’s results will have to be consolidated with the acquirer’s as of the first 10-Q filed after the acquisition, both the timing and cost of the transaction will be affected.

Realistically, any material acquisition by a public company of a private target will raise a number of additional issues and questions relating to internal disclosure and accounting controls: Who will assess the adequacy of the target’s disclosure controls and internal accounting controls? Who will pay that cost? Can/should any changes to the target’s disclosure and accounting controls be done before closing?

What puts a fine point on the acquisition-related disclosure control and internal control issues is the certification process under Sections302 and 906 of SOX, which require the CEO and CFO of a public company to take personal responsibility for designing and maintaining disclosure controls and internal controls sufficient for the company to meet its financial reporting obligations.

While the certification requirements do not apply to a target’s financial statements included in the Form 8-K filed by the acquirer upon consummation of the acquisition, beginning with the first Form 10-Q following the closing, the acquirer’s CEO and CFO will have to certify financial statements (and the adequacy of the control mechanisms) including the financial condition of the target and its operating results since the acquisition date.

Again, timing is critical. The acquiring company must complete its financial due diligence, make any necessary changes to the internal control mechanism, and insure that the disclosure control mechanism is working properly in order for the acquiring company’s CEO and CFO to make the required certifications.

David D. Joswick is a principal at Michigan-based Miller Canfield where he focuses on corporate law. A member of the firm’s Business and Finance and Corporate Compliance Groups, he earned his B.B.A. from the University of Michigan’s School of Business Administration and his J.D. from Wayne State University. He is listed in both the Financial Institutions and Transactions Law Section and in the Corporate, M&A, and Securities Law Section of The Best Lawyers in America. He can be reached at (248) 267-3252 or joswick@millercanfield.com. For more information on Miller Canfield, visit www.millercanfield.com.