Yesterday the SEC filed its latest stock option backdating case. The action, SEC v. Tullos, Civil Action No. SACV 08-242 AG (C.D. Calif. Filed March 4, 2008). The action was brought against Nancy M. Tullos, the former vice president of human resources of Broadcom Corporation. The settled action raised more questions about the prosecution standards in these cases.

According to the Commission’s complaint Ms. Tullos participated in a scheme to backdate options at Broadcom under which the grants were backdated to the low closing price for the company’s stock. This scheme, which ran from 1998 through 2003, resulted in the issuance of in-the-money grants for Ms. Tullos and a number of other individuals. According to the complaint Ms. Tullos communicated false grant dates within the company and provided spreadsheets of stock option allocations for the backdated grants to the finance and shareholder services departments knowing that they would use the information to prepare Broadcom’s books and records and periodic filings with the SEC. In addition to contributing to misrepresentations in the books and records of the company, Ms. Tullos personally profited from the backdated grants.

To resolve the case Ms. Tullos consented to the entry of a statutory injunction prohibiting future violations of Section 17(a)(3) of the Securities Act of 1933, as well as Section 13(b)(5) of the Securities Exchange Act of 1934 and the pertinent rules there under. In addition Ms. Tullos consented to the entry of an order which required her to pay over $1.3 million in disgorgement and prejudgment interest to be offset by the value of her exercisable stock options which were cancelled and the payment of a $100,000 civil penalty.

The action against Ms. Tullos is not the first stock option backdating case to be based on a Section 17(a)(3) negligence claim. Previously, the Commission filed a settled enforcement action against former Maxim Integrated Products CEO and Chairman, John F. Gifford that was based on an alleged violation of Section 17(a)(3). These two cases differ significantly from the initial option back backdating cases involving Brocade and Comverse, both of which were based on claimed intentional fraudulent conduct. Those still under the scrutiny of the SEC for option backdating will have to watch and wonder in the coming days whether the prosecution standards will focus on intentional fraudulent conduct or a lesser negligence standard.

Section 404 is undoubtedly one of the most talked about provisions of the Sarbanes-Oxley Act. Many have complained about the burdens and the costs of complying with the section. The SEC has continually extended the compliance deadline for smaller companies.

A new survey by Compliance Week (a news letter focused on corporate governance) to be published today suggests that most public companies have made the necessary improvements to their internal controls, requiring few changes going forward. This result suggests that Auditing Standard No. 5 may not be of as much assistance as anticipated in streamlining SOX compliance procedures, according to a Compliance Week release.

SOX Section 404 requires that companies assess their controls and that auditors sign off on the effectiveness of those controls. As a company reduces the number of key controls – those used to ensure that the company financial reporting processes are timely and reliable – it simplifies its financial reporting processes, reducing the chance of error and costs. According to the Compliance Week survey of nearly 300 public companies, nearly three quarters of those companies reduced their number of key controls significantly in their first year of SOX compliance. As a result, most companies do not expect to make significant reductions in the number of key controls on a going forward basis.

Other key findings from the survey include:

• the median number of key controls at the entities surveyed is 297 although the range varied greatly from only a few to as many as 5,000 depending on the size of the company;

• companies in complex and highly regulated industries had more key controls; and

• the type of enterprise software system did not have any apparent relation to the number of key controls.