1 / 16

The Sarbanes-Oxley Act

The Sarbanes-Oxley Act. The Impact on Company Reporting Responsibilities. Discussion Document September , 2002 Brian Kingman – Educational Document – Not official yet. Sarbanes-Oxley Act o f 2002. The A ct was signed into law on July 30, 2002 and includes eleven titled sections:

fred
Télécharger la présentation

The Sarbanes-Oxley Act

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Sarbanes-Oxley Act The Impact on Company Reporting Responsibilities Discussion Document September, 2002 Brian Kingman – Educational Document – Not official yet

  2. Sarbanes-Oxley Act of 2002 • The Act was signed into law on July 30, 2002and includes eleven titled sections: • Title I Public Company Accounting Oversight Board • Title II Auditor Independence • Title III Corporate Responsibility • Title IV Enhanced Financial Disclosures • Title V Analyst Conflicts of Interest • Title VI Commission Resources and Authority • Title VII Studies and Reports • Title VIII Corporate and Criminal Fraud Accountability • Title IX White Collar Crime Penalty Enhancements • Title X Corporate Tax Returns • Title XI Corporate Fraud and Accountability

  3. Notable Sections in the New Law Have Increased Responsibilities for CEOs/CFOs and Audit Committees • Section 301 –Public Company Audit Committees • Establish procedures to handle complaints and whistleblower information regarding questionable accounting and auditing matters • Section 302 – CEO/CFO Quarterly and Annual Report Certifications regarding: • Factual accuracy and completeness of all statements in quarterly or annual report • Fair presentation in all material respects of the financial position and results of operations • Responsibility for establishing and maintaining disclosure controls and procedures • Requirement to ensure material information related to issuer is communicated to market place • Evaluation of effectiveness of Disclosure Controls and Procedures within last 90 days • Conclusions on the effectiveness of such controls • Disclosure of deficiencies in internal control to Audit Committee and auditors • Disclosure of fraud (material or not) involving anyone with significant role related to internal control • Reporting of significant changes in internal control affecting controls for periods beyond review • Section 404 – Management Assessment of Internal Controls over Financial Reporting • CEO/CFO annual assertion regarding internal control • Responsibility for establishing and maintaining internal control structure and procedures • Assessment of effectiveness of internal control structure / procedure • Attestation by external auditor (Section 103 requirement)

  4. Cautionary Note • While many organizations have prepared and submitted their initial CEO / CFO certification as of August 14, 2002, the procedures utilized to accomplish that requirement may not be adequate in meeting the requirements of Section 302 for the next reporting period or the requirements of Section 404 (annual certification of Internal Control structure and procedures)

  5. Internal Control Covered by the Act • The Act defines a new concept Disclosure Controls and Procedures which includes the traditional focus of internal controls over financial reporting, but expands the focus to include disclosure of all information, regardless of whether in a financial statement or other information included in a filing. • Traditional internal controls help to ensure the completeness and fairness of external reporting including financial reporting and make certain that receipts and expenditures are in accordance with the authorization of management and the board of directors. • Disclosure controls embodies all reporting and requires processes to be in place to gather, assess and report in a timely manner all financial AND non-financial information in all SEC filings. The concept of Disclosure Controls is broader than and encompasses the definition of internal controls over financial reporting.

  6. Definition of Internal Control (COSO) • Internal Control is a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: • Effectiveness and efficiency of operations • Reliability of financial reporting • Compliance with applicable laws and regulations • Note – While Internal Control was not defined in the Act, the COSO definition above has been accepted by the US government and its agencies.

  7. Contents or Agenda Required Company Actions • After consideration of the requirements of the Internal Control assertion of Section 404 and the ongoing quarterly evaluation of controls mandated by Section 302, it is clear that most organizations will need to more clearly formalize their internal control structure and establish more robust reporting and monitoring processes. It is unlikely this can be completed by the reporting deadline for the third quarter of 2002 and therefore interim procedures should be developed for the first quarterly certification required under Section 302. pwc 7

  8. Contents or Agenda Required Company Actions (con’t.) • Immediately for CEO-CFO: • Section 302 which mandates the quarterly and annual certification by the CEO and CFO will require immediate action, for example: • Communication of responsibility for control and financial reporting to financial / accounting staff throughout the organization • Communication of responsibility for control to operating management throughout the organization • Certification sign-off process for financial staff and operating management • Consider negative assurance report from Internal Audit • Process to communicate, evaluate and vet differences and disclosure issues raised by accounting and operating management • Formation of a disclosure committee and consideration of disclosure requirements that govern the specific organization pwc 8

  9. Contents or Agenda Required Company Actions (cont.) • Section 404 - requires an assertion as to the effectiveness of the Internal Control structure and procedures for financial reporting and a report by the external Auditor attesting to the accuracy of management’s assertion. • Note: At this writing, the SEC is considering deferring implementation of this Section to year end 2003. pwc 9

  10. Contents or Agenda What Do CEOs/CFOs Need? • A documented internal control structure that includes all relevant policies, procedures and operating principles • A structure that is robust and able to deal with the changes of a dynamic organization • A structure designed to be kept current on a real time basis • An infrastructure to support the internal control structure that facilitates communication, reporting, training, incident identification and issues management • An infrastructure that facilitates rollup certifications, acknowledgements and monitoring • An infrastructure that facilitates management’s ability to have confidence that the control structure is effective and one that can be tested • An infrastructure that can support monitoring the completion of applicable control procedures on a real time basis • A dashboard confirming ability to sign certification pwc 10

  11. Recommended Internal Control Structure For Disclosure/Financial Reporting Controls • Financial governance policy • Disclosure and financial reporting principles • Internal control policies • Internal control procedures • Communication and acknowledgement process • Training program • Change management ability • Disclosure and incident management process • Disclosure and incident management communication • Closing process procedures • Quarterly/Annual certification rollup • Overall control monitoring process • LONG TERM BUILD OUT -- These must be organized to allow management to ensure the process is working and to allow internal / external auditors to test it. A technology enabler should be considered

  12. Technology May be Required for Documentation and Monitoring Accounting Principles Control Policies (COSO) Accounting and Control Procedures Risk Assessment Review Financial Close Procedures & Process Operational & financial Understand the business What is required to be included VR framework Distribution Acknowledgement and Sign-Off Training Procedures Sign-Off Certification Executive Compliance Dashboard For CEO/CFO Processing and Sign Off Internal Auditing Monitoring Electronic Monitoring Accounting Adjustments and Disclosures Accounting Adjustments or Decisions

  13. Benefits of this Broader Focus • Clear articulation of accounting policies • Clear documentation of Internal Control structure and procedures • Effective process for acknowledgement of responsibility • Effective roll-up process for periodic reporting certification • Defensible program to demonstrate effort and approval for meeting requirements • Documented basis for all assertions / certifications made by CEO / CFO • Systematized process for early warning / whistle blowing / incident management • Systematized approach to dealing with change (i.e. transactions, personnel, accounting principles, internal controls and operating procedures) • A foundation that supports a consistent approach to control which will increase the CEO / CFO confidence in the effectiveness of their control structure

  14. How to Proceed – immediate Next Steps • Inventory existing structure components • Identify gaps and develop action plans related to principles, policies, procedures and controls • Evaluate quality of components • Establish infrastructure for internal structure • Identify technology support • Modify structure using technology • Implement formal structure • Test and operate • Perform risk assessment of disclosure and financial reporting objectives • Perform test of effectiveness of controls procedures • Identify weaknesses in control components or effectiveness • Develop/implement corrective action plans • Prepare certification • Prepare and test preliminary assertion on internal control PwC can assist companies with all of the above key next steps

  15. Final Observation The Sarbanes Oxley legislation has established a new paradigm for corporate accountability. Responsibilities of the audit committee and CEO and CFO have been clearly established at higher levels than in the past. It has also created a new standard for the design implementation and operation of an Internal Control structure. Good internal controls are no longer just a best practice……it’s the Law!

  16. Pwc Our People Your Worlds

More Related