Date post: | 04-Jun-2018 |
Category: |
Documents |
Upload: | garyberth26 |
View: | 226 times |
Download: | 0 times |
of 35
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
1/35
Corrections Technology AssociationSixth Annual Conference
Presented by:Mr. Robert E. Kaelin, Partner
May 3, 2005
Sarbanes-Oxley Act andImpact of Noncompliance
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
2/35
1777/40/82924(ppt)
Agenda
Background
Sarbanes-Oxley (SOX) Overview
Impact on Vendors
Impact on Agencies Future Impact
Conclusion
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
3/35
2777/40/82924(ppt)
Background
Why Do I Care About Sarbanes-Oxley?
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
4/35
3777/40/82924(ppt)
BackgroundThe Prob lem
SOX was a reaction to corporate scandals and lack of investorconfidence:
Enron.
Arthur Andersen.
MCI. Intense competition and pressure, conflicts of interest, and poor
practices led to poor reporting and mismanagement.
Criminal activities also contributed to the problem.
Many other smaller examples of dot com booms that turned
out to be investor busts all combined to prompt congressionalaction.
Source: Bauer College of Business
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
5/35
4777/40/82924(ppt)
BackgroundThe Problem Con t inues Today
A May 2, 2005 headline stated: Audit flaws wipe $2.7bn fromAIG.
Discoveries of improper accounting at American InternationalGroup (AIG) are to knock $2.7 billion off the value of the world'sbiggest insurer.
AIG said it would restate its accounts for each of the last 5 yearsfrom 2000 onwards, lowering the companys value by 3.3%.
It said it had found material weaknesses in its control systems
and postponed filing its 2004 accounts.
Source: http://news.bbc.co.uk/1/hi/business/4504865.stm
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
6/35
5777/40/82924(ppt)
BackgroundLearning Abou t SOX
Business Relationship: Advise clients on business process and implementation issues.
Project issues.
Client accountability.
Manage and run our company.
My role on the IJIS Institute Board of Directors:
Serve as chair of the Governance Committee.
Responsible for the overall impact of SOX on the institute.
Controls. Reporting.
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
7/356777/40/82924(ppt)
BackgroundLearning Abou t SOX(continued)
To understand SOX: Conducted Web research and evaluated SOX presentations.
Conferred with compliance auditor.
Disclaimer:
I am a Management consultantnot an auditor.
I understand SOX but do not want to know it!
SOX focuses on doing what is right.
Contact your legal adviser and auditor for specific analysis.
Rules are still being defined and refined.
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
8/357777/40/82924(ppt)
Sarbanes-Oxley Overview
What Is SOX?Sarbanes-Oxley Overview
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
9/358777/40/82924(ppt)
Sarbanes-Oxley OverviewThe Ac t
The act was signed into law on July 30, 2002. It includes regulations regarding:
Public Company Accounting Oversight Board (PCAOB).
Auditor independence.
Corporate responsibility. Enhanced financial disclosures.
Corporate and criminal fraud accountability.
It applies primarily to publicly traded companies.
SOX is actually a combination of: Sarbanes Oxley Act of 2002 (H.R. 3763).
Rules of the PCAOB.
Rules of the SEC.
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
10/359777/40/82924(ppt)
Sarbanes-Oxley OverviewThe Scope of the Act
The scope of the act focuses on: Internal controls.
Process.
Policies.
Activities. Compliance and reporting.
Transparency.
Accuracy.
Governance. Accountability.
Responsibility.
Avoidance of conflict of interest.
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
11/3510777/40/82924(ppt)
Sarbanes-Oxley OverviewThe Detai ls o f Act
Title I Public Company Accounting Oversight BoardTitle II Auditor Independence
Title III Corporate Responsibility
Title IV Enhanced Financial Disclosures
Title V Analyst Conflicts of Interest
Title VI Commission Resources and Authority
Title VII Studies and Reports
Title VIII Corporate and Criminal Fraud AccountabilityTitle IX White-Collar Crime Penalty Enhancements
Title X Corporate Tax Returns
Title XI Corporate Fraud and Accountability
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
12/3511777/40/82924(ppt)
Sarbanes-Oxley OverviewPubl ic Company Accoun t ing Overs ight Board
Established by SOX.
Nonprofit agency.
Responsibilities:
Register and inspect public accounting firms.
Establish standards for public accounting firms.
Enforce compliance with the act and rules of the board.
Investigate firms and impose sanctions.
Source for all title details: Bauer College of Business.
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
13/3512777/40/82924(ppt)
Sarbanes-Oxley OverviewCorpo rate Responsibi l i ty
Assigns the responsibility to the audit committee to appoint,compensate, and oversee the public accounting firm thatperforms the audit.
Requires CEO and CFO to:
Certify fairness of financial statements.
Take responsibility for disclosure controls.
Makes it unlawful to fraudulently influence, coerce, or misleadan auditor.
Provides for the forfeiture of certain compensation following the
issuance of a non-compliant financial document.
Provides the SEC with greater flexibility to remove managementor board members.
Requires attorneys to report evidence of material violations.
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
14/3513777/40/82924(ppt)
Sarbanes-Oxley OverviewCorpo rate Responsibi l i ty (continued)
Section 301: Public Company Audit Committees Companies that are not compliant with SEC audit committee
requirements are subject to delisting.
Audit committees are responsible for oversight of auditors includingthe resolution of disagreements between management and
auditors.
Audit committees must set up procedures to receive and addresswhistle-blower complaints.
Employees and others may take concerns directly to the auditcommittee.
Audit committee members are required to be independent, and adisclosure is required in proxy statements.
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
15/3514777/40/82924(ppt)
Sarbanes-Oxley OverviewEnhanced Financial Disclosures
Requires disclosure of material off balance sheet arrangements. Prohibits companies from making loans to directors or
executives.
Requires management to establish and maintain adequateinternal controls and procedures for financial reporting.
Requires disclosure of a code of ethics for senior financialofficers.
Requires companies to disclose whether at least one of the auditcommittee members is a financial expert.
Requires rapid disclosure of changes in financial condition.
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
16/3515777/40/82924(ppt)
Sarbanes-Oxley OverviewEnhanced Financ ial Disclosu res (continued)
Section 404: Management Assessment of Internal Controls Requires management to establish and maintain adequate internal
controls and procedures for financial reporting.
Requires that each annual report includes a statement:
Describing managements:
Responsibility for internal controls and procedures for financialreporting.
Assessment of the effectiveness of the controls and financialreporting procedures.
Incorporating the independent auditors review of managements
assessment of internal controls and financial reportingprocedures.
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
17/3516777/40/82924(ppt)
Sarbanes-Oxley OverviewEnhanced Financ ial Disclosu res (continued)
Related SEC releases define internal controls and procedures forfinancial reporting as controls that provide reasonable assurancesthat:
Transactions are properly authorized.
Assets are safeguarded against unauthorized or improper use.
Transactions are properly recorded to permit the preparation offinancial statements that are presented in a manner consistentwith GAAP.
To meet the assessment requirement, management must select asuitable, recognized framework for assessing the effectiveness of
internal controls.
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
18/3517777/40/82924(ppt)
Impact on Vendors
Impact on Vendors
What Do Vendors Have to Do About SOX?
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
19/3518777/40/82924(ppt)
Impact on VendorsSOX Is About Bus iness Pract ices
SOX has implications for most business practices and processesof publicly traded companies.
Any errors or misstatements that could cause a company to have torestate its financials are areas that require focus.
Systems and processes must be in place to administer the pricing,
services, and discounts.
Visibility and control must ensure that pricing and costs are capturedaccurately and on a timely basis.
Pricing services and discount processes often have the most peopleinvolved and represent the largest risk area.
Combined implications create a very large potential for misstatedfinancial results and SOX scrutiny, sanctions, and bad press.
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
20/3519777/40/82924(ppt)
Impact on VendorsSOX Impact
Skyrocketing SOX implementation costs: Have put high-tech companies in the position of having to delay
major projects.
Force companies to struggle to compete with low-cost competitionfrom Asia.
The SOX impact is more than technical, more than analytical,more than financial:
SOX places a burden of responsibility on all employees, not just theaccountants.
SOX impacts IT priorities and To do list. SOX will impact the role of IT in its users business and data.
SOX will challenge any IT organization whose culture is one ofcontainment.
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
21/3520777/40/82924(ppt)
Impact on VendorsSOX Requ irements
Companies must ensure that: Bad news is reported upwards.
IT project definitions include potential financial impact.
Ignoring problems is not allowed under SOX.
Different sections of the act are driving or will drive changes in the
financial organization.
Sections 302 and 404.
Process mapping.
Systematic remedies.
Process changes.
Collaboration and teaming.
Section 409.
Systematic remedies.
Major process changes.
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
22/3521777/40/82924(ppt)
Impact on VendorsCompl iance Process
Control ctivities Policies/procedures that ensure management directives
are carried out.
Range of activities including approvals, authorizations,
verifications, recommendations, performance reviews,
asset security and segregation of duties.
MonitoringAssessment of a control systems performance over
time.
Combination of ongoing and separate evaluation.
Management and supervisory activities.
Internal audit activities.
Control Environment Sets tone of organization-influencing control
consciousness of its people.
Factors include integrity, ethical values,
competence, authority, responsibility.
Foundation for all other components of control.
Information and Communication Pertinent information identified, captured and
communicated in a timely manner.
Access to internal and externally generated
information.
Flow of information that allows for successful
control actions from instructions on responsibilities
to summary of findings for management action.
Risk ssessment Risk assessment is the identification and analysis of
relevant risks to achieving the entitys objectives-
forming the basis for determining control activities.
All five components must be in placefor a control to be effective
Source: Pricewaterhouse Coopers
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
23/35
22777/40/82924(ppt)
Impact on Agencies
How Does This Apply to a Corrections Agency?
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
24/35
23777/40/82924(ppt)
Impact on AgenciesThe World Has Changed
Agencies may experience direct impact. Correctional industries that are public organizations are directly
impacted.
These organizations must comply.
Titles I, III, and IV establish practices and standards that most auditing
organizations, including government auditors, follow. Agencies will experience indirect impact:
Contractors working with agencies will be required to comply.
Internal reporting will increase.
Time to complete and project status are significant elements in
contractor risk management efforts.
Payment and contract issues will center on SOX compliance andmay limit previous flexibility.
Costs will go up as companies cope with SOX costs.
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
25/35
24777/40/82924(ppt)
Impact on AgenciesAudi t Guidance
The implication of Title I is that now there are three auditstandards-setting bodies in the United States.
PCAOB, which sets audit standards for publicly traded companies.
Auditing Standards Board of the American Institute of CertifiedPublic Accountants, which sets standards for privately held
companies and not-for-profit organizations.
U.S. General Accounting Office, which sets standards for federal,state, and local governments through the Yellow Book.
I t A i
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
26/35
25777/40/82924(ppt)
Impact on AgenciesGovernment Audi tors
Although SOX affects corporate auditing and internal controls,the impact on government auditors is as follows:
Government auditors should encourage good governance practiceswith the entities they audit.
Government auditors have a unique responsibility to ensure
accountability for public resources and government services.
The fundamental role of government auditors should remain clearand unchangedprovide assurance.
I t A i
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
27/35
26777/40/82924(ppt)
Impact on AgenciesNoncompl iance
While most corrections agencies and their activities do not falldirectly under SOX, reasonable effort should be made to modifyprocesses to comply.
Where compliance is required, noncompliance can result incriminal investigation to determine whether:
Information was transmitted by mail.
Information was withheld from investigators.
In these cases, felony charges can be brought.
In other cases, agencies may be ordered to comply with auditor
statements and requirements that: Add expensive processes with no additional funding source.
Add reporting requirements not otherwise necessary.
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
28/35
27777/40/82924(ppt)
Future Impact
Future Impact
Will This Go Away?
F t I t
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
29/35
28777/40/82924(ppt)
Future ImpactSOX Is L ikely to Grow
The results of SOX, both positive and negative, have led to severaldiscussions on expanding the scope of SOX.
Congress is reviewing options to expand to nonprofits to reducescandals like that of the United Way several years ago.
Congress is also examining the reporting of privately held companies.
The Government Accounting Office is reviewing procedures forgovernment agencies.
Additional rules in support of SOX and auditing process are underreview or in draft form.
State and local governments are revising policies and in a fewcases, legislation, to require SOX-like activity reporting.
F t I t
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
30/35
29777/40/82924(ppt)
Future ImpactNew York State Streng thens SOX
Attorney General Eliot Spitzer has proposed a series of reforms tostrengthen New York's corporate accountability laws. He stated:
Unfortunately, many of New York's laws are outdated and contain majorloopholes.
For these reasons, we must act to strengthen state laws to protectinvestors and donors.
Mr. Spitzer's proposals cover the following areas:
Protecting honest employees who report illegal activities.
Protecting against fraud relating to nonprofit corporations.
Preventing securities fraud.
Preventing cover-ups of corporate crimes. Addressing misconduct by corporate officers.
Improving oversight of the accounting industry.
Consumer advocates have applauded Mr. Spitzer's efforts.
F t I t
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
31/35
30777/40/82924(ppt)
Future ImpactGett ing a Hand le on SOX
Many auditors and accounting professionals offer programs toassess SOX compliance that provide:
Reports on areas of concerns.
Recommended changes.
Programs that align an organizations practices to comply withSOX.
All CFOs and agency budget officers should conduct reviews ofinternal governance and compliance.
Focus on financial and audit process understanding.
Whistler-blower protections.
Key leaders should monitor SOX as well as state and localpolicy changes.
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
32/35
31777/40/82924(ppt)
Conclusion
ConclusionWhat Are the Key Points?
Concl sion
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
33/35
32777/40/82924(ppt)
ConclusionKey Points
Understand that SOX is the model for legislative initiatives aimed atboth public and private companies in a number of states.
Maintain a strong and independent audit committee (where used).
Keep any arrangements for the auditor to provide non-audit servicesindependent of audit services.
Ensure executives understand the financial, compliance, and otherexternal information reporting.
Establish, maintain, and document significant financial and compliancecontrols.
Maintain and archive all appropriate entity records.
Remember SOX is the benchmark against which every companys
financial and corporate governance practices will be measured.
Conclusion
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
34/35
33777/40/82924(ppt)
ConclusionSOX Improvement A reas
Remediation efforts should focus on:
Financial processes.
Computer controls.
Internal audit effectiveness.
Security controls.
Audit committee oversight.
Fraud programs.
Process improvements for future compliance should focus on:
Financial reporting.
Risk identification and assessment.
Risk mitigation.
IT security strategy and implementation.
Internal audits.
Compliance management.
IT oversight and operations.
Conclusion
8/13/2019 Sarbanes-oxley Act and Impact of Non-compliance
35/35
ConclusionResources
www.aicpa.org www.findlaw.com
www.pcaobus.org
www.sec.gov
www.sec.gov/rules/final.shtml
www.isaca.org
Contact information: [email protected] 206-442-5010
www.mtgmc.com