Date post: | 19-Dec-2015 |
Category: |
Documents |
View: | 220 times |
Download: | 2 times |
Get Control OverDisclosure Controls and Procedures
and Internal Control over Financial Reporting
Alex FrutosJackson Walker L.L.P. 901 Main Street, Suite 6000 Dallas, Texas 75202 [email protected] Phone: (214) 953-6012 www.jw.com
Strategic Compliance Group, Inc.Hands-on Seminar
Implementing Sarbanes-Oxley Section 404Under the “New Rules”
October 29, 2007
2
Agenda
I. A Review
II. Impact of the SOX
III. Why do legal professionals care?
IV. What are they?
V. What are the SEC/PCAOB requirements?
VI. What are best practices with respect to disclosure controls and procedures?
VII. Common issues
VIII. Where is Corporate Governance Headed?
4
I. A ReviewCorporate Environment Leading to Reform
Corporate Governance Then– Mainly a Matter of State Statute and Common Law– Federal Law Focused on Disclosure
High profile corporate failures Contributing factors
– Poor audit oversight– Failed board and management oversight– Officer self-dealing– Wall Street/analyst community– Flawed controls and disclosure processes– Insufficient regulatory oversight
Political environment– Public outcry made it easy for Congress to pass anything– Legal framework was assumed inadequate
5
I. A ReviewUnderlying Principals to SOX
– Prohibitions and standards for corporate governance– Mandate of more diligent oversight by boards, committees and
outside auditors– Greater accountability of executive officers– Mandate heightened controls and audit and review requirements– Increased financial and other disclosure
6
I. A ReviewOverview of The Sarbanes-Oxley Act
Prohibition on Loans to Directors and Executives (§402) Disgorgement of Bonus and Profits (§304) No insider trading during Pension Blackout Periods (§306) Code of Ethics for Senior Officers (§406) CEO and CFO Certifications (§§302 and 906) Public Company Accounting Oversight Board (§§102 and 109) Independent Audit Committee, Financial Experts and Procedures for
Receipt of Complaints (§§301 and 407) Internal Control over Financial Reporting (§404) Prohibition on Non-Audit Services (§201) Improper Influence on Audits (§303) Whistleblower Protection (§806) Increased Attorney Responsibilities (§307)
8
II. Impact of the SOX
Principles underlying Regulation of Corporate Governance– Historically = Disclosure and State Corporate law
– Now = Federal Corporate Law, Prohibitions and Standards
Corporate Regulation –State vs Federal Law– State Law
• Historical focus on formation and capitalization• Viewed as inadequate or unwilling to set standards• “Race to the bottom” by Delaware, Pennsylvania and Nevada
– Emergence of Federal Corporate Law as reaction to Abuses• ’33/’34 Acts – Stock Market Collapse• Williams Act/FCPA (1977) – Foreign Bribery Scandals• Sarbanes-Oxley Act – Enron/Andersen/etc.
9
II. Impact of the SOX
Liability and Other Implications– Requires issuers to review their relationship with their auditors to ensure
continued independence;– Implements more stringent rules for U.S. attorneys;– Protects whistleblowers; and– Imposes new sanctions and penalties on persons who violate certain
provisions of the U.S. securities laws. Impact of SOX
– More disclosure– Much greater expense– Material weaknesses– Late filers– More restatements– Going private and going dark transactions– Foreign listings– Calls for rollback
10
II. Impact of the SOX
Average share price movement after disclosure of material weakness
– 1 day after disclosure, 0.67% drop– After 7 days, 0.90% drop– After 30 days 1.96% drop– After 60 days 4.06% drop
Larger drop when deadlines pass without management report or auditor opinion on effectiveness of internal controls being filed
– After 1 day, 2.13% drop– After 7 days, 2.89% drop– After 30 days, 3.81% drop– After 60 days, 7.01% drop
Median one-year stock return of companies that filed restatements in 2006 was -6% or 20% lower than the Russell 3000
Median one-year stock return of companies that disclosed material weaknesses in 2006 was -4% or 18% lower than the Russell 3000
Market Reaction to Disclosure ofMaterial Weaknesses and Restatements
11
II. Impact of the SOXAnnounced Restatements
Number of Restatements U.S. Public Companies
379513
627
12551420
0200400600800
1000120014001600
2003 2004 2005 2006 2007*
Source: Glass Lewis, company filings.* Through June 28, 2007
12
II. Impact of the SOX
Restatements 1,420 (9.8%) of U.S. public companies and 118 (9.1%) of foreign U.S. listed
companies restated their financial statements in 2006– 9% restated in 2005 and 4.7% in 2004
2,931 U.S. companies (about 23%) filed at least one restatement during the last four years
683 companies (5%) restated two or more times in the last four years– 146 companies restated multiple times in 2006, up from 89 in 2005– 25 companies in 2006 filed 3 or more restatements, up from 7 in 2005
One third of larger companies and two thirds of microcap companies that restated still claimed to have effective internal control
Restatements by companies with >$75 million revenue down 20% 2006 over 2005 while companies with <$75 million in revenue up 49% over same period
Restatements by companies required to comply with 404 declined 14% and restatements by non-accelerated filers rose 40%
13
II. Impact of the SOXCommon Causes of Restatements
Restatements by Error Category
189
124
103
154
171
126
327
462
258
277
124
131
155
164
174
378
398
457
0 50 100 150 200 250 300 350 400 450 500
All other
Other comprehensive income
Capital assets
Tax accounting
Revenue recognition
Acquisitions / investments
Misclassification
Expense recognition
Equity
2005 2006
Source: Glass Lewis, company filings.
14
II. Impact of the SOXCommon Causes of Restatements
Stock-option back-dating grant practices– 128 companies filed 8-Ks announcing restatements for this
practice, including 117 that filed the restatement in 2006– 271 companies have disclosed internal or government
investigations
Accounting for convertible securities (243 restatements in 2006)
Cash flow misclassifications (99) Hedge accounting (65) Lease accounting (45 in 2006, down from 249 in 2005) Securitizations (19) Segments (18)
15
Revenue Recognition41%
Improper Disclosures12%
Manipulation of Expenses11%
Manipulation of Assets8%
Manipulation of Liabilities7%
Manipulation of Reserves7%
Bribery & Kickbacks3%
Asset Misappropriation4%
Manipulation of A/R3%
Goodwill1%Aiding and Abetting
2%
Investments1%
Deloitte, Ten things about financial statement fraud,A review of SEC enforcement releases, 2000-2006, June 2007
II. Impact of the SOXFraud Frequency by Type
16
II. Impact of the SOXFrequent Staff Comments
Revenue Non-GAAP measures 3rd party valuations Segments Financial statement classification Intangible assets Reserves Financial instruments Discontinued operations Asset Retirement Stock Compensation Disclosure controls & procedures MD&A
17
II. Impact of the SOXOverview of Civil and Criminal Causes of Action
Civil and criminal causes of action for reporting violations arise principally under Section 10 (15 U.S.C. Section 78j) and Section 32 (15 U.S.C. Section 78ff) of the Securities Exchange Act of 1934– Private cause of action under Rule 10b-5 for material misstatements and
omissions in connection with the purchase and sale of a security.– Separate private cause of action under Section 18 of the Exchange Act
for material misstatements and omissions in SEC reports, but most cases are brought under Rule 10b-5 because Section 18 has a more stringent reliance requirement, a short statute of limitations, and a good faith defense. Unlike Rule 10b-5, scienter is not an element of a Section 18 claim.
– SEC can also bring a variety of civil enforcement actions for material misstatements and omissions in SEC reports and other public statements.
– U.S. Attorney can assert criminal liability based on the “willful” violation provisions of Section 32 of the Exchange Act. When it does so, it frequently asserts criminal liability under other federal anti-fraud statutes.
19
III. Why do legal professionals care?
For lawyers, this area comes up in the following contexts: Reviewing press release and other public disclosures and
Exchange Act filings, in particular Item 307 and 308 disclosure
M&A and debt and equity financing transactions Discussions with auditors over which deficiencies are
significant vs. which deficiencies are material weakness If things go terribly wrong, in-house and outside counsel
advise and represent– audit committees in conducting independent investigations and
responding to SEC investigations– attorney’s in meeting their elevated reporting obligations– companies that are subject to lawsuits
21
IV. What are they?
What are disclosure controls and procedures and internal control over financial reporting?
Concepts evolved from Sarbanes-Oxley Act §§302, 906 and 404
Both defined in Rules 13a-15 and 15d-15 of the Exchange Act
22
IV. What are they?Disclosure Controls and Procedures
Disclosure Controls and Procedures—– Controls and procedures designed to ensure that information
required for Exchange Act reports is recorded, processed, summarized and reported within the time periods specified by the SEC
– Include those controls and procedures designed to ensure that information required for Exchange Act reports is accumulated and communicated to management, including CEO and CFO, to allow timely decisions regarding required disclosures.
Covers Exchange Act reports: 8-K’s, 10-Q’s, 10-K’s, proxy statements and information statements
No prescribed disclosure controls and procedures. Each company to adopt its own.
23
IV. What are they?Internal Control over Financial Reporting
Internal Control over Financial Reporting—Process designed by, or under the supervision of, the CEO and CFO and effected by the board of directors and management, to provide reasonable assurance regarding– the reliability of financial reporting and– the preparation of financial statements for external purposes in
accordance with GAAP. Internal control over financial reporting includes those policies and
procedures that:– pertain to the maintenance of records that in reasonable detail
accurately and fairly reflect the issuer’s transactions and asset dispositions,
– provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with GAAP, and that receipts and expenditures are being made only in accordance with authorizations of management and directors, and
– provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of assets that could have a material effect on the financial statements.
24
IV. What are they?Disclosure Controls vs. Internal Control
Disclosure controls and procedures are designed to ensure that both financial information and material non-financial information are included in company’s reports
Substantial overlap but not identical:
DisclosureControls
Internal Control
25
IV. What are they?Overall Framework
Effectively designed and operating disclosure controls and procedures and internal control over financial reporting will include an overall framework of policies, processes, people and reports:
Policies Processes People Reports Disclosure Controls and Procedures
Instructions, Timelines and education and training
Disclosure Review Committee Checklists
Code of Ethics Certification process SEC compliance and reporting experts
Sub-certifications
Document Retention Policy Documented upstream process (standard unit reporting packages and sign offs)
Accountable unit managers and process owners
Disclosure preparation and review sign offs (standard unit reporting packages and sign offs)
Entity level controls (Reg FD Disclosure Policy, Whistleblower policy; Insider Trading Policy)
Documentation, performance and evaluation
Disclosure Review Committee, Board, Audit Committee
Evaluation reports; D&O Questionnaires
Accounting policies Financial reporting and disclosure process
GAAP experts Report of Independent Accountants
Internal Controls Documentation, performance, evaluation and audit of internal control
Internal audit function Internal audit reports
Board and committee charters Audit of financial statements Audit committee members Minutes of audit committee meetings and record of disclosure committee meetings held
27
V. What are the SEC/PCAOB Requirements?
SummaryA. Maintain
– Every reporting company must maintain disclosure controls and procedures and internal control over financial reporting.
B. Evaluate– Management, with participation of CEO and CFO, must
• evaluate effectiveness of disclosure controls as of the end of each quarterly period.• evaluate as of end of each quarter any material change in internal control over financial reporting that
occurred during quarter.• evaluate effectiveness of internal control over as of end of fiscal year.
– Auditor evaluation of internal control as part of an integrated auditC. Disclose
– In 10-Q and 10-K CEO’s and CFO’s conclusions about the effectiveness of disclosure controls and procedures.
– In 10-Q and 10-K any material change in internal control over financial reporting that occurred during quarter.
– In 10-K, management report on internal control over financial reporting and independent auditor’s attestation report.
D. Certify– CEO and CFO must certify as to company’s disclosure controls and procedures and
internal control over financial reporting in each 10-Q & 10-K.
28
V. What are the SEC/PCAOB Requirements?A. Maintenance—Disclosure Controls
Maintenance of Disclosure Controls and Procedures Rule 13a-15(a) requires reporting companies to maintain
disclosure controls and procedures An adequate basis for the 302 and 906 certifications by
the CEO and CFO necessarily includes that– disclosure controls and procedures be put in place,– they be effective, and– the procedures and steps taken in compliance with such
procedures be documented
A discussion of best practices will follow
29
V. What are the SEC/PCAOB Requirements?A. Maintenance—Internal Control
Maintenance of Internal Control Rule 13a-15(a) requires reporting companies to maintain
internal control over financial reporting Since 1977 most public companies have had basic
processes in place as §13(b)(2) of Exchange Act requires companies to have “internal accounting controls”
Foamex—settled SEC investigation regarding inadequate internal controls
30
V. What are the SEC/PCAOB Requirements? B. Evaluation—Disclosure Controls
Quarterly Evaluation of Disclosure Controls Management, with participation of CEO and CFO, must
evaluate effectiveness of disclosure controls and procedures as of the end of each fiscal quarter
No prescribed standards for determining whether or not disclosure controls are effective
31
V. What are the SEC/PCAOB Requirements?B. Evaluation—Internal Control
Annual Evaluation of Internal Control Management, with participation of CEO and CFO, must
evaluate the effectiveness as of end of each fiscal year– Must base its evaluation on a suitable, recognized framework
(COSO) Compliance Dates:
– Large Accelerated Filers and Accelerated Filers – compliance began with fiscal year ending on or after November 14, 2004
– Non-accelerated Filers – provide management’s report beginning with fiscal year ending on or after December 15, 2007
32
V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control
Annual Evaluation of Internal Control (cont'd) On June 20, 2007, the SEC published interpretative
guidance addressing the manner in which management should conduct a top-down, risk based evaluation of the effectiveness of internal control
On the same date, a second SEC Release amended Rules 13a-15(c) and 15d-15(c) to provide that an evaluation conducted in accordance with the SECs guidance is a safe harbor for compliance.– This release removed the requirement for an audit of
management’s assessment
33
V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control
Annual Evaluation of Internal Control (cont'd) Identify Financial Reporting Risks and Controls
– Identify financial reporting risks– Identify controls that adequately address these risks– Consider entity-level controls– Role of information technology general controls– Back-up to support assessment
Evaluate the Operating Effectiveness of Controls– Determine the evidence needed to support assessment– Implement procedures to evaluate the operating of controls– Establish the evidence supporting the assessment
34
V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control
Annual Evaluation of Internal Control (cont'd) Documentation—
– In conducting an evaluation, company must maintain evidential matter, including documentation, to provide reasonable support for management’s assessment. Instruction 2 to S-K Item 308 and 308T.
This evidential matter should provide reasonable support for:– the evaluation of whether the controls are designed to prevent
or detect material misstatements or omissions;– the conclusion that the tests were appropriately planned and
performed; and– the conclusion that the results of the tests were appropriately
considered.
35
V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control
Quarterly Evaluation of Changes in Internal Control Management, with participation of CEO and CFO, must
evaluate any change:– that occurred during each quarter, and– that has materially affected, or is reasonably likely to materially
affect, internal control over financial reporting
36
V. What are the SEC/PCAOB Requirements?B. Evaluation—Internal Control—PCAOB AS No. 5
New PCAOB Auditing Standard No. 5— On July 27, 2007, the SEC approved PCAOB AS No. 5.
which supersedes PCAOB AS No. 2. Genesis for Change
– Feedback from companies on cost of audits– Desire to move back to more principles based (versus ruled
based) accounting (old standard perceived as too detailed and prescriptive)
– Desire to reinforce need for professional judgment– Unintended consequence of old standard promoting a “one size
fits all” approach– Align management’s and auditor’s approach
Effective for audits of years ending on or after November 15, 2007
37
V. What are the SEC/PCAOB Requirements?B. Evaluation—Internal Control—PCAOB AS No. 5
Knowledge of I/C obtained from prior engagements
Industry developments Matters related to the company's business
Changes in operations Preliminary judgments regarding materiality
Previously identified control deficiencies
Legal or regulatory matters Extent of evidence available regarding effectiveness of I/C
Preliminary judgments regarding internal controls
Knowledge regarding risks related to the company
Relative complexity of the company's operations
Plan the Audit– Understand, define, and focus on Materiality– Understand the Business, its complexity, and its associated risks and then scope the
audit accordingly
When planning an integrated audit, the auditor should evaluate whether the following matters are important to the company’s financial statements and internal control over financial reporting and, if so, how they will effect the auditor’s procedures:
38
V. What are the SEC/PCAOB Requirements?B. Evaluation—Internal Control—PCAOB AS No. 5
– Focus on “Top-Down”/”Risk-Based” Approach• Scope audit area to commensurate risk• Integrate Fraud considerations and consider as key risk
Financial Statement Level
Entity Level Controls
Significant Accounts and Disclosures
Relevant Assertions
Risk Assessment– Emphasis on Fraud Controls
• Considered part of top down approach — considered to include fraud risk assessment already performed for financial audit purposes
• Fraud risk assessment should be one step (integrated) for the financial statement and internal controls over financial reporting opinions
• Fraud considered the higher risk (versus error) and should get more attention
39
V. What are the SEC/PCAOB Requirements?B. Evaluation—Internal Control—PCAOB AS No. 5
Gives more consideration to Entity Level Controls Uses professional judgment – no “checkbox” Eliminates the requirement for Auditor to issue an opinion on
management’s assessment of internal controls– Still requires Auditors to assess the effectiveness of the company’s
internal controls Requires the Auditor to report any discovered significant deficiencies,
but requires the Auditor to scope the audit only to assess whether any material weaknesses exist or could exist
For multi-location companies allows Auditor to eliminate sites that cannot impact Materiality
Emphasizes more up front work through walk-throughs for Auditors– Management may rely on self-assessments and monitoring
Emphasizes using the company’s or others work in both understanding the control environment and its design and testing its operation effectiveness
40
V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control—PCAOB AS No. 5
Internal control deficiencies fall into three categories:– Control deficiency—is a deficiency in the design or operation of a
control that does not allow management or employees to prevent or detect misstatements on a timely basis.
– Significant deficiency—is a control deficiency, or combination thereof, that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company’s financial reporting.
– Material weakness—is a deficiency, or combination thereof, such that results there if reasonable possibility (formerly more than remote likelihood) that a material misstatement of financial statements will not be prevented or detected on a timely basis.
If there is a “material weakness,” management cannot conclude that internal control over financial reporting is effective.
41
V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control
How do you know whether an internal control issue rises to the level of a material weakness?
Useful Analog: Rule 10b-5 definition of “Materiality”– Substantial likelihood that a reasonable shareholder would consider the omission or
representation important in making an investment decision OR– Substantial likelihood that a fact “would be viewed by the reasonable investor as
having significantly altered the ‘total mix’ of information made available.” See Basic v. Levinson; TSC Industries, Inc. v. Northway, Inc.
“Materiality” traditionally quantified with reference to auditing standards (SAS 47): 5% of pre-tax income or net income, 1/2% of total assets, 1/2% of total revenue
But see SAB 99—reliance on quantitative benchmarks to assess materiality for financial statements and performing audits is inappropriate; misstatements are not immaterial simply because below a # threshold.
AS 5 specifically includes the following list of indicators– Identification of fraud, whether or not material, on the part of senior management– Restatement of financials to reflect the correction of a material misstatement– Identification by the auditor of a material misstatement in the current period that
would not have been detected by the company’s internal controls– Ineffective audit committee oversight of financial reporting and internal controls
42
V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control
Box 1. Is the potential magnitude less than material to annual or interim financial statements?
Box 2. Are there complementary orredundant controls that were tested andevaluated that achieve the same controlobjective?
Box 3. Are there compensating controlsthat were tested and evaluated that reducethe magnitude of a misstatement of annualor interim financial statements to less thanmaterial?
Box 4. Does the evaluation of risk factorsresult in a judgment that there is not areasonable possibility that controls will failto prevent or detect a material misstatementof annual or interim financial statements?
Box 5. Is the matterimportant enough to meritattention by thoseresponsible for oversightof financial reporting?
Box 6. Would a prudentofficial conclude that thedeficiency is a material weakness consideringboth annual and interim financial statements?
Deficiency
SignificantDeficiency
Material Weakness
Yes
Yes
Yes
Yes
Yes
Yes
No
No
No
No
No
No
Activities-level Deficiencies
43
V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control
Box 1. Are there complementary or redundant ITGCs that were tested ad evaluated that achievethe same control objective?
Box 2. Are there control deficiencies at theapplication level evaluated in Chart 2 that arerelated to or caused by the ITGC deficiency?
Box 3. Are the control deficiencies at the application level related to or caused by the ITGC deficiencyclassified as a material weakness?
Box 5. Is the matter important enough to merit attention by thoseresponsible for oversight offinancial reporting?
Box 5. Would a prudent officialconclude that the deficiency is a material weakness consideringboth annual and interim financialstatements?
Deficiency
SignificantDeficiency
Material Weakness Yes
No
No
Yes
YesYes
Yes
No
No
No
IT General Control Deficiencies
44
V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control
Box 1. Is the deficiency an indication of a materialweakness?
Box 2. Are there complementary or redundantprograms or controls or compensating controls thatwere tested and evaluated that result in a judgmentthat the deficient control will not fail to prevent ordetect a material misstatement of annual or interimfinancial statements?
Box 3. Does the evaluation of risk factors result in a judgment that there is not a reasonable possibilitythat controls will fail to prevent or detect a materialmisstatement of annual or interim financialstatements?
Box 4. Is the matter important enough to merit attention by those responsible for oversightof financial reporting?
Box 5. Would a prudentofficial conclude that thedeficiency is a materialweakness consideringboth annual and interimfinancial statements?
Deficiency
SignificantDeficiency
Material Weakness Yes
Yes
Yes
YesNo
No
No
No
No
Yes
Entity-level Control Deficiencies
45
V. What are the SEC/PCAOB Requirements? C. Disclosure—Disclosure Controls
Disclose Management’s Assessment of Disclosure Controls
Company must disclose in each 10-Q and 10-K management’s conclusions regarding the effectiveness of disclosure controls as of the end of the period
If disclosure controls and procedures are not effective, disclosure should include– the reasons why and the nature of the deficiency,– how management is addressing the deficiency, including the
nature of any improvements and enhancements that were made or are being implemented,
– the timeline for any further improvements and– any efforts to mitigate the weakness in the interim.
46
V. What are the SEC/PCAOB Requirements?C. Disclosure—Internal Control
Management’s Annual Report on Internal Control 10-K must include a management report that:
– says management is responsible for establishing and maintaining adequate internal control over financial reporting
– identifies framework used to evaluate effectiveness– provides management’s assessment of effectiveness as of end
of fiscal year (including disclosure of any material weakness)– says that auditors have issued attestation report on the
company’s internal control over financial reporting
No prescribed location for the management’s report
47
V. What are the SEC/PCAOB Requirements?C. Disclosure—Internal Control
Auditor’s Attestation Report 10-K must include an auditor’s attestation report
containing its opinion on the effectiveness of the company’s internal controls– An opinion on management’s assessment of the effectiveness of
internal controls is no longer necessary
Four types of opinions:– Unqualified opinion– Disclaimed opinion– Opinion that is qualified in scope– Adverse opinion
Opinion in auditor attestation does not necessarily impact opinion on financial statements and vice versa
48
V. What are the SEC/PCAOB Requirements?C. Disclosure—Internal Control
Disclose Changes in Internal Control 10-Q and 10-K must disclose any change in internal
control that occurred during quarter that materially affected or is reasonably likely to materially affect internal control over financial reporting.– SEC says not required to disclose any changes made in
preparation for first management report, BUT issuers should “carefully consider” disclosing any material weakness and steps taken to correct it.
49
V. What are the SEC/PCAOB Requirements?D. Certification
Certification by CEO and CFO in each 10-Q and 10-K: based on their knowledge, the report does not contain any material misstatements or
omissions based on their knowledge, financial statements and financial info fairly present in all
material respects issuer’s financial condition and results of operations responsible for establishing and maintaining disclosure controls and procedures [and
internal control over financial reporting]– designed such disclosure controls and procedures to ensure that material information is made
known to them, particularly during period covered by report– designed such internal control over financial reporting to provide reasonable assurance re
reliability of financial reporting and preparation of financial statements per GAAP– evaluated effectiveness of disclosure controls and procedures as of end of period covered by
report and reported their conclusions in the report– disclosed in the report any change in internal control over financial reporting that occurred
during quarter that has materially, or is reasonably likely to material affect, internal control over financial reporting
disclosed, based on their most recent evaluation, to the auditors and audit committee:– All significant deficiencies and material weaknesses in internal control over financial reporting
that are reasonably likely to adversely affect issuer’s ability to record, process, summarize and report financial information; and
– Any fraud, whether or not material, involving management or employees who have significant role in internal control over financial reporting
51
VI. What are best practices with respect to disclosure controls?
A. Form a disclosure review committee
B. Prepare written compliance policies and procedures
C. Document compliance with policies and procedures
D. Implement a Regulation FD Disclosure Policy
E. Training and education
52
VI. What are best practices with respect to disclosure controls?A. Disclosure Review Committee
Disclosure Review Committee– Responsibilities –
• Review of Exchange Act filings, earnings and press releases, analyst communications, website
• Considering the materiality of information• Determining disclosure obligations• Coordinating reviews of CEO, CFO, independent accountants, internal
audits and the audit committee
– Members – SEC recommends principal accounting officer or controller, general counsel and principal risk management and investor relations officers. Also typically include CEO and CFO.
– Charter
53
VI. What are best practices with respect to disclosure controls?B. Written Compliance Policies and Procedures
Written compliance policies and procedures – Should be sufficiently detailed, but not overly burdensome– This documentation should
• Identify the personnel responsible for each section of the report,• Identify the other key participants involved in the report’s preparation,• Detail how the information necessary to prepare the report is collected
and communicated, and• Describe how drafts are reviewed and revised, including the degree of
review by outside auditors, counsel, the board of directors and the Audit Committee.
– A disclosure committee charter, a formal written compliance policy, certifications and sub-certifications and related materials and checklists can form the basis of a company’s written policies and procedures.
54
VI. What are best practices with respect to disclosure controls?C. Document Compliance with Policies and Procedures
Document Compliance with Policies and Procedures– Sub-certifications
• Many, but not all companies, use them• Should be tailored to areas of responsibility
– Instruction Sheets for Reviewers and Preparers– Timetables– Responsibility Checklists– 8-K Procedures
55
VI. What are best practices with respect to disclosure controls?D. Disclosure Policy and E. Training & Education
Disclosure Policy– designed to ensure compliance with Reg. FD– Siebel repealed—SEC action alleging failure to file 8-K re
selective disclosure of material information may violate Rule 13a-15 requirement that company maintain disclosure controls and procedures
– Flowserve case—SEC action involving the reaffirmation of earnings guidance
Training and Education
57
VII. Common Issues
1) Should old drafts of Exchange Act filings be saved as part of the documentation process?
2) What issues related to internal control over financial reporting and disclosure controls and procedures should an acquiring company be concerned about? What kinds of representations and warranties should it obtain?
3) Is an acquiring reporting company required to include a target’s internal control over financial reporting and disclosure controls and procedures in the scope of its evaluation, disclosure and certification?
4) What issues are presented by the use of third party service providers such as ADP which perform accounting related functions?
59
VIII. Where is Corporate Governance Headed?
Majority Voting for Directors– SEC and ISS Position
– Voluntary Corporate Action
– Possible Regulatory Action
Focus Executive Compensation—Disney Executive Compensation Disclosure Release
– Plain English
– Compensation, Discussion and Analysis
– Revised Compensation Tables
– Perks
– Disclosure of Pledged Stock by Directors and Executives
– New Centralize/Enhanced Corporate Governance Section
– Higher Threshold for Disclosure of Related Party Transactions
– Enhanced Form 8-K Disclosure
60
VIII. Where is Corporate Governance Headed?
Stock Option Backdating and “Spring-Loading” Other Corporate Governance Pressures
– Activist Hedge Funds, Pension Funds and Private Equity Investors
– Direct Nomination (and Removal) of Directors
– 100% Independent Board
– Separation of Positions of Chairman and CEO
– Increased Allowance of Shareholder Proposals Restricting Corporate Activities