1 / 25

The Sarbanes-Oxley (SOX) – Implications for Business and Technology

The Sarbanes-Oxley (SOX) – Implications for Business and Technology. Dallas, Texas June 16, 2004. SOX Panelists. SOX – Implications for Business and Technology. Kapila K. Anand National Industry Director Real Estate & Hospitality Advisory Services KPMG LLP.

garima
Télécharger la présentation

The Sarbanes-Oxley (SOX) – Implications for Business and Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Sarbanes-Oxley (SOX) – Implications for Business and Technology Dallas, Texas June 16, 2004

  2. SOX Panelists

  3. SOX – Implications for Business and Technology • Kapila K. Anand • National Industry Director Real Estate & Hospitality Advisory Services • KPMG LLP

  4. SOX – Implications for Business and Technology • Richard Barrett-Cuetara, Esq. Cowles & Thompson, P.C. Hospitality and Lodging

  5. SOX – Implications for Business and Technology • Emily Calloway, Director, Corporate Accounting • Starwood Hotels & Resorts, Inc.

  6. SOX – Implications for Business and Technology • Monica Huber, Senior Manager • World Class Finance, Enterprise Solutions • BearingPoint

  7. SOX – What is it? What’s new?

  8. How SOX came to be…………….

  9. The Spirit of the Sarbanes-Oxley Act • What are the driving forces behind SOX? • Restoring investor trust and confidence in the public markets • Increase the integrity of data reported to the public • Address perceived inequities arising from corporate and accounting scandals

  10. What has recently changed? • The SEC issued final rules in June 2003 for Section 404 and in March 2004 for Section 409 which included the following amendments and modifications: • Section 404 – Management Assessment of Internal Controls • Changes the effective date from fiscal years ending on or after September 15, 2003 to June 15, 2004 • Modifies definition of internal control • Requires companies to provide a statement identifying the framework used by management to evaluate the effectiveness of internal control over financial reporting • Provides that management is precluded from determining that a company’s internal control over financial reporting is effective if one or more material weaknesses in such controls is identified • Provides that companies are not required to perform quarterly evaluations of internal controls over financial reporting that are as extensive as the annual reviews. Requires that companies evaluate any changes in internal controls over financial reporting that could have a material impact over such controls • Provides that evaluation of disclosure controls is still required on a quarterly basis but the date of such evaluation is set at the end of the fiscal period rather than within 90 days of the report. Provides high level guidance on the level of this required quarterly evaluation

  11. What has recently changed? • Section 409 – Real Time Disclosure • Expanding the number of events that are reportable on Form 8-K (add eight new items to the form, transfer two items from the periodic reports and expand disclosures under two existing Form 8-K items) • Shortened the Form 8-K filing deadline for most items to four business days after the occurrence of an event

  12. The next big SOX topic will be Section 409:Real-Time Disclosures

  13. The SOX Investment

  14. Where is the Money Going?Excerpts from Wall Street Journal Article(Companies Complain About Cost Of Corporate-Governance Rules, 2/10/2004) • "We are seeing a significant drain," says Bill Kiernan, Magma's controller. "We would not be doing this level of documentation or going through this extensive an exercise were it not for Sarbanes-Oxley.” • Magma Design Automation Inc., a chip designer in Santa Clara, Calif., which has seen its legal and accounting bills soar. Last quarter, Magma blamed the new rules in shaving a penny off its earnings-per-share -- reporting nine cents instead of 10 cents. The company, which posted $75 million in revenue for fiscal 2003, saw its legal fees jump 105% in the first quarter of 2004. • To comply with section 404 public companies are spending large dollars: • A survey of 321 companies … shows that businesses with more than $5 billion in revenue expect to spend an average of $4.7 million each implementing the new 404 rule this year, according to FEI, which represents top corporate officials. • Even before the most expensive Sarbanes-Oxley rules take effect, companies say their audit costs are increasing by as much as 30% or more this year • Companies also are paying steep fees to fund a new accounting-oversight board -- as much as $2 million apiece annually for some large businesses

  15. Two approaches have emergedin the marketplace Protectionists • Most companies are focused on simply complying with the act in order to “check the box”. The people they are hiring to assist them in these efforts reflects this focus. • Most of the current (section 404) SOX work is being handled by: • Audit Firms - Attestation & Testing, Controls Documentation • Temporary Resource Companies - Controls Documentation • Characteristics of this approach • Majority (>80%) approach • Achieved 302 compliance • Focused assessment for 404 compliance • Targeted remediation • Targeted use of technology (e.g., auditor tools for self assessment) • Few functional disciplines involved (e.g., Finance, Legal, Audit)

  16. Two approaches have emerged in the marketplace Transformers • These companies are hiring a mixture of: • Audit Firms – Attestation & Testing • Consulting Firms – Documentation Support, Systems Integration, Finance Process improvement • Software Vendors – Systems Installation, Support • Characteristics of this approach • Recognize opportunity to make real change in Finance • Targeted activities aligned with SOX timeline (302, 404, 409, etc.), multi phase approach • Extend remediation activity to include document management • Expanded use of technology as part of overall program • Multi discipline effort Some companies are recognizing this as an opportunity to transform their organizations and processes into world class operations to support real time reporting and disclosure.

  17. Governance • Policies & Procedures Financial Reporting Process Internal Controls Financial Systems Internal Organizations - Finance - Legal - HR - IT - Sales - Marketing - Audit External Organizations - Board - Audit - Partners - System Integrators - Audit Committee SOX touches the whole organization and often involves external parties The Sarbanes-Oxley compliance project engages the whole organization, from the Boardroom to the front-line • Companies expect to document an average of 79% of their processes and expect external auditors will test an average of 57% of those processes. (FEI Survey 2/2004) • These companies expected a mean of 12,265.4 internal people hours needed to comply with Section 404/Management Report on Internal Controls • In addition these companies expected 3,059.1External hours (EXCLUDING auditor’s fee for attestation) needed to comply with Section 404/Management Report on Internal Controls • Most firms will be required to do this in depth level of review. To miss the opportunity to positively effect the processes would be a large opportunity lost.

  18. SOX – How does it affect me?

  19. Discussion Questions • OK, so SOX is a fact of life for all companies today, what are issues facing companies regarding current compliance efforts and what long-term impact will the SOX have, if any? • How does SOX specifically affect the hotel industry specifically? Are compliance efforts more complicated in the distributed ownership environment? • Is IT in denial regarding SOX compliance? What role do IT controls play in the SOX compliance efforts? • Does SOX provide an opportunity for companies to drive forward to operational excellence on both the business & IT sides of the house? Or is it simply something that companies "have" to do, and is a tactical exercise in compliance? • What role does awareness training and communication play in achieving SOX compliance? • Does SOX provide a common framework for financial computing and reporting? Or is the act so broad that each company may implement it in its own way? • What are the expected penalties for non-compliance? • Are role and responsibilities clearly defined in the IT area? • How will SOX change the business of doing business? • How are companies planning to leverage their ERP systems to achieve SOX compliance? • How are they tying their compliance tool into the rest of their financial infrastructure? • If have invested in compliance tools to achieve short-term compliance (e.g. 302 & 404) will these tools be viable for longer-term compliance efforts? • Is ROI part of your SOX compliance mandate? If so, do you understand how to calculate it?

  20. Appendix

  21. Maintaining an Ethical Work Environment

  22. Quantifying the ROI from Process Improvements & Automation

  23. Straight Hours Saved Quantified by: Duration of Original Task(s) – New duration of task(s) Time Saved * Cost of FTE (~$200,000) Reduced overtime travel and food expenses Estimate these costs Other Related Benefits Reduction in Operational Risk Reduction in possibility of human error Time historically spent on activities related to reconciliation's / pursuing issues Reduced costs through eliminating need for time consuming reconciliation Other Less Tangible Savings How time is reallocated Increased Analytical Time Picking up new tasks that were previously not completed due to time constraints Employee Satisfaction Recognition of management team listening to issues Lead to reduced turnover Higher level of motivation Reduced Dependence on External Consultants and Temporary Employees Some Examples

  24. Sample of ROI Through automation significant costs were removed from employees daily activities freeing them up to focus on more value added activities Time Savings Distribution of Staff Tasks Prior to Process Improvement Post Process Improvement Value Add Overtime Reconciliation External Staff

  25. Sample ROI Through improving the staff’s quality of work life the group has realized significant reduction in turnover and the associated cost savings • Retention Savings • * Based on an assumption of improved work environment results in 10% less attrition of workers effected

More Related