Sarbanes-oxley Act and Impact of Non-compliance

8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance

1/35

Corrections Technology AssociationSixth Annual Conference

Presented by:Mr. Robert E. Kaelin, Partner

May 3, 2005

Sarbanes-Oxley Act andImpact of Noncompliance


2/35

1777/40/82924(ppt)

Agenda

Background

Sarbanes-Oxley (SOX) Overview

Impact on Vendors

Impact on Agencies Future Impact

Conclusion


3/35

2777/40/82924(ppt)

Background

Why Do I Care About Sarbanes-Oxley?


4/35

3777/40/82924(ppt)

BackgroundThe Prob lem

SOX was a reaction to corporate scandals and lack of investorconfidence:

Enron.

Arthur Andersen.

MCI. Intense competition and pressure, conflicts of interest, and poor

practices led to poor reporting and mismanagement.

Criminal activities also contributed to the problem.

Many other smaller examples of dot com booms that turned

out to be investor busts all combined to prompt congressionalaction.

Source: Bauer College of Business


5/35

4777/40/82924(ppt)

BackgroundThe Problem Con t inues Today

A May 2, 2005 headline stated: Audit flaws wipe $2.7bn fromAIG.

Discoveries of improper accounting at American InternationalGroup (AIG) are to knock $2.7 billion off the value of the world'sbiggest insurer.

AIG said it would restate its accounts for each of the last 5 yearsfrom 2000 onwards, lowering the companys value by 3.3%.

It said it had found material weaknesses in its control systems

and postponed filing its 2004 accounts.

Source: http://news.bbc.co.uk/1/hi/business/4504865.stm


6/35

5777/40/82924(ppt)

BackgroundLearning Abou t SOX

Business Relationship: Advise clients on business process and implementation issues.

Project issues.

Client accountability.

Manage and run our company.

My role on the IJIS Institute Board of Directors:

Serve as chair of the Governance Committee.

Responsible for the overall impact of SOX on the institute.

Controls. Reporting.


7/356777/40/82924(ppt)

BackgroundLearning Abou t SOX(continued)

To understand SOX: Conducted Web research and evaluated SOX presentations.

Conferred with compliance auditor.

Disclaimer:

I am a Management consultantnot an auditor.

I understand SOX but do not want to know it!

SOX focuses on doing what is right.

Contact your legal adviser and auditor for specific analysis.

Rules are still being defined and refined.


8/357777/40/82924(ppt)

Sarbanes-Oxley Overview

What Is SOX?Sarbanes-Oxley Overview


9/358777/40/82924(ppt)

Sarbanes-Oxley OverviewThe Ac t

The act was signed into law on July 30, 2002. It includes regulations regarding:

Public Company Accounting Oversight Board (PCAOB).

Auditor independence.

Corporate responsibility. Enhanced financial disclosures.

Corporate and criminal fraud accountability.

It applies primarily to publicly traded companies.

SOX is actually a combination of: Sarbanes Oxley Act of 2002 (H.R. 3763).

Rules of the PCAOB.

Rules of the SEC.


10/359777/40/82924(ppt)

Sarbanes-Oxley OverviewThe Scope of the Act

The scope of the act focuses on: Internal controls.

Process.

Policies.

Activities. Compliance and reporting.

Transparency.

Accuracy.

Governance. Accountability.

Responsibility.

Avoidance of conflict of interest.


11/3510777/40/82924(ppt)

Sarbanes-Oxley OverviewThe Detai ls o f Act

Title I Public Company Accounting Oversight BoardTitle II Auditor Independence

Title III Corporate Responsibility

Title IV Enhanced Financial Disclosures

Title V Analyst Conflicts of Interest

Title VI Commission Resources and Authority

Title VII Studies and Reports

Title VIII Corporate and Criminal Fraud AccountabilityTitle IX White-Collar Crime Penalty Enhancements

Title X Corporate Tax Returns

Title XI Corporate Fraud and Accountability


12/3511777/40/82924(ppt)

Sarbanes-Oxley OverviewPubl ic Company Accoun t ing Overs ight Board

Established by SOX.

Nonprofit agency.

Responsibilities:

Register and inspect public accounting firms.

Establish standards for public accounting firms.

Enforce compliance with the act and rules of the board.

Investigate firms and impose sanctions.

Source for all title details: Bauer College of Business.


13/3512777/40/82924(ppt)

Sarbanes-Oxley OverviewCorpo rate Responsibi l i ty

Assigns the responsibility to the audit committee to appoint,compensate, and oversee the public accounting firm thatperforms the audit.

Requires CEO and CFO to:

Certify fairness of financial statements.

Take responsibility for disclosure controls.

Makes it unlawful to fraudulently influence, coerce, or misleadan auditor.

Provides for the forfeiture of certain compensation following the

issuance of a non-compliant financial document.

Provides the SEC with greater flexibility to remove managementor board members.

Requires attorneys to report evidence of material violations.


14/3513777/40/82924(ppt)

Sarbanes-Oxley OverviewCorpo rate Responsibi l i ty (continued)

Section 301: Public Company Audit Committees Companies that are not compliant with SEC audit committee

requirements are subject to delisting.

Audit committees are responsible for oversight of auditors includingthe resolution of disagreements between management and

auditors.

Audit committees must set up procedures to receive and addresswhistle-blower complaints.

Employees and others may take concerns directly to the auditcommittee.

Audit committee members are required to be independent, and adisclosure is required in proxy statements.


15/3514777/40/82924(ppt)

Sarbanes-Oxley OverviewEnhanced Financial Disclosures

Requires disclosure of material off balance sheet arrangements. Prohibits companies from making loans to directors or

executives.

Requires management to establish and maintain adequateinternal controls and procedures for financial reporting.

Requires disclosure of a code of ethics for senior financialofficers.

Requires companies to disclose whether at least one of the auditcommittee members is a financial expert.

Requires rapid disclosure of changes in financial condition.


16/3515777/40/82924(ppt)

Sarbanes-Oxley OverviewEnhanced Financ ial Disclosu res (continued)

Section 404: Management Assessment of Internal Controls Requires management to establish and maintain adequate internal

controls and procedures for financial reporting.

Requires that each annual report includes a statement:

Describing managements:

Responsibility for internal controls and procedures for financialreporting.

Assessment of the effectiveness of the controls and financialreporting procedures.

Incorporating the independent auditors review of managements

assessment of internal controls and financial reportingprocedures.


17/3516777/40/82924(ppt)

Sarbanes-Oxley OverviewEnhanced Financ ial Disclosu res (continued)

Related SEC releases define internal controls and procedures forfinancial reporting as controls that provide reasonable assurancesthat:

Transactions are properly authorized.

Assets are safeguarded against unauthorized or improper use.

Transactions are properly recorded to permit the preparation offinancial statements that are presented in a manner consistentwith GAAP.

To meet the assessment requirement, management must select asuitable, recognized framework for assessing the effectiveness of

internal controls.


18/3517777/40/82924(ppt)

Impact on Vendors

Impact on Vendors

What Do Vendors Have to Do About SOX?


19/3518777/40/82924(ppt)

Impact on VendorsSOX Is About Bus iness Pract ices

SOX has implications for most business practices and processesof publicly traded companies.

Any errors or misstatements that could cause a company to have torestate its financials are areas that require focus.

Systems and processes must be in place to administer the pricing,

services, and discounts.

Visibility and control must ensure that pricing and costs are capturedaccurately and on a timely basis.

Pricing services and discount processes often have the most peopleinvolved and represent the largest risk area.

Combined implications create a very large potential for misstatedfinancial results and SOX scrutiny, sanctions, and bad press.


20/3519777/40/82924(ppt)

Impact on VendorsSOX Impact

Skyrocketing SOX implementation costs: Have put high-tech companies in the position of having to delay

major projects.

Force companies to struggle to compete with low-cost competitionfrom Asia.

The SOX impact is more than technical, more than analytical,more than financial:

SOX places a burden of responsibility on all employees, not just theaccountants.

SOX impacts IT priorities and To do list. SOX will impact the role of IT in its users business and data.

SOX will challenge any IT organization whose culture is one ofcontainment.


21/3520777/40/82924(ppt)

Impact on VendorsSOX Requ irements

Companies must ensure that: Bad news is reported upwards.

IT project definitions include potential financial impact.

Ignoring problems is not allowed under SOX.

Different sections of the act are driving or will drive changes in the

financial organization.

Sections 302 and 404.

Process mapping.

Systematic remedies.

Process changes.

Collaboration and teaming.

Section 409.

Systematic remedies.

Major process changes.


22/3521777/40/82924(ppt)

Impact on VendorsCompl iance Process

Control ctivities Policies/procedures that ensure management directives

are carried out.

Range of activities including approvals, authorizations,

verifications, recommendations, performance reviews,

asset security and segregation of duties.

MonitoringAssessment of a control systems performance over

time.

Combination of ongoing and separate evaluation.

Management and supervisory activities.

Internal audit activities.

Control Environment Sets tone of organization-influencing control

consciousness of its people.

Factors include integrity, ethical values,

competence, authority, responsibility.

Foundation for all other components of control.

Information and Communication Pertinent information identified, captured and

communicated in a timely manner.

Access to internal and externally generated

information.

Flow of information that allows for successful

control actions from instructions on responsibilities

to summary of findings for management action.

Risk ssessment Risk assessment is the identification and analysis of

relevant risks to achieving the entitys objectives-

forming the basis for determining control activities.

All five components must be in placefor a control to be effective

Source: Pricewaterhouse Coopers


23/35

22777/40/82924(ppt)

Impact on Agencies

How Does This Apply to a Corrections Agency?


24/35

23777/40/82924(ppt)

Impact on AgenciesThe World Has Changed

Agencies may experience direct impact. Correctional industries that are public organizations are directly

impacted.

These organizations must comply.

Titles I, III, and IV establish practices and standards that most auditing

organizations, including government auditors, follow. Agencies will experience indirect impact:

Contractors working with agencies will be required to comply.

Internal reporting will increase.

Time to complete and project status are significant elements in

contractor risk management efforts.

Payment and contract issues will center on SOX compliance andmay limit previous flexibility.

Costs will go up as companies cope with SOX costs.


25/35

24777/40/82924(ppt)

Impact on AgenciesAudi t Guidance

The implication of Title I is that now there are three auditstandards-setting bodies in the United States.

PCAOB, which sets audit standards for publicly traded companies.

Auditing Standards Board of the American Institute of CertifiedPublic Accountants, which sets standards for privately held

companies and not-for-profit organizations.

U.S. General Accounting Office, which sets standards for federal,state, and local governments through the Yellow Book.

I t A i


26/35

25777/40/82924(ppt)

Impact on AgenciesGovernment Audi tors

Although SOX affects corporate auditing and internal controls,the impact on government auditors is as follows:

Government auditors should encourage good governance practiceswith the entities they audit.

Government auditors have a unique responsibility to ensure

accountability for public resources and government services.

The fundamental role of government auditors should remain clearand unchangedprovide assurance.

I t A i


27/35

26777/40/82924(ppt)

Impact on AgenciesNoncompl iance

While most corrections agencies and their activities do not falldirectly under SOX, reasonable effort should be made to modifyprocesses to comply.

Where compliance is required, noncompliance can result incriminal investigation to determine whether:

Information was transmitted by mail.

Information was withheld from investigators.

In these cases, felony charges can be brought.

In other cases, agencies may be ordered to comply with auditor

statements and requirements that: Add expensive processes with no additional funding source.

Add reporting requirements not otherwise necessary.


28/35

27777/40/82924(ppt)

Future Impact

Future Impact

Will This Go Away?

F t I t


29/35

28777/40/82924(ppt)

Future ImpactSOX Is L ikely to Grow

The results of SOX, both positive and negative, have led to severaldiscussions on expanding the scope of SOX.

Congress is reviewing options to expand to nonprofits to reducescandals like that of the United Way several years ago.

Congress is also examining the reporting of privately held companies.

The Government Accounting Office is reviewing procedures forgovernment agencies.

Additional rules in support of SOX and auditing process are underreview or in draft form.

State and local governments are revising policies and in a fewcases, legislation, to require SOX-like activity reporting.

F t I t


30/35

29777/40/82924(ppt)

Future ImpactNew York State Streng thens SOX

Attorney General Eliot Spitzer has proposed a series of reforms tostrengthen New York's corporate accountability laws. He stated:

Unfortunately, many of New York's laws are outdated and contain majorloopholes.

For these reasons, we must act to strengthen state laws to protectinvestors and donors.

Mr. Spitzer's proposals cover the following areas:

Protecting honest employees who report illegal activities.

Protecting against fraud relating to nonprofit corporations.

Preventing securities fraud.

Preventing cover-ups of corporate crimes. Addressing misconduct by corporate officers.

Improving oversight of the accounting industry.

Consumer advocates have applauded Mr. Spitzer's efforts.

F t I t


31/35

30777/40/82924(ppt)

Future ImpactGett ing a Hand le on SOX

Many auditors and accounting professionals offer programs toassess SOX compliance that provide:

Reports on areas of concerns.

Recommended changes.

Programs that align an organizations practices to comply withSOX.

All CFOs and agency budget officers should conduct reviews ofinternal governance and compliance.

Focus on financial and audit process understanding.

Whistler-blower protections.

Key leaders should monitor SOX as well as state and localpolicy changes.


32/35

31777/40/82924(ppt)

Conclusion

ConclusionWhat Are the Key Points?

Concl sion


33/35

32777/40/82924(ppt)

ConclusionKey Points

Understand that SOX is the model for legislative initiatives aimed atboth public and private companies in a number of states.

Maintain a strong and independent audit committee (where used).

Keep any arrangements for the auditor to provide non-audit servicesindependent of audit services.

Ensure executives understand the financial, compliance, and otherexternal information reporting.

Establish, maintain, and document significant financial and compliancecontrols.

Maintain and archive all appropriate entity records.

Remember SOX is the benchmark against which every companys

financial and corporate governance practices will be measured.

Conclusion


34/35

33777/40/82924(ppt)

ConclusionSOX Improvement A reas

Remediation efforts should focus on:

Financial processes.

Computer controls.

Internal audit effectiveness.

Security controls.

Audit committee oversight.

Fraud programs.

Process improvements for future compliance should focus on:

Financial reporting.

Risk identification and assessment.

Risk mitigation.

IT security strategy and implementation.

Internal audits.

Compliance management.

IT oversight and operations.

Conclusion


35/35

ConclusionResources

www.aicpa.org www.findlaw.com

www.pcaobus.org

www.sec.gov

www.sec.gov/rules/final.shtml

www.isaca.org

Contact information: [email protected] 206-442-5010

www.mtgmc.com

Date post:	04-Jun-2018
Category:	Documents
Upload:	garyberth26
View:	226 times
Download:	0 times

Sarbanes-oxley Act and Impact of Non-compliance

Documents