Webcast: Public Company Readiness - KnowledgeLeader€¦ · · 2014-06-26Webcast: Public Company...

Webcast: Public Company ReadinessWebcast: Public Company ReadinessPreparing to meet the demands of Public Ownership

April 2, 200810:00am PST / 1:00pm EST

US / Canada Dial In #: 1.888.557.6117Conference ID Number: 38668421

The program will begin shortly

1

© 2008 Protiviti Inc. An Equal Opportunity Employer. This document is for your company's internal use only and may not be distributed to any other third party.

[email protected]

Today's Presenter Today's Presenter –– Chris WrightChris Wright

Chris Wright is a Regional Managing Director in the Metro New York / New England Region. Chris also leads our Finance Remediation and Reporting Compliance practice, focusing on assisting clients with improving Financial Reporting Risk, dealing with restatements and related investigations and preparing for the adoption of new accounting pronouncements.

[email protected]

Steve Hobbs is a Managing Director in the San Francisco office of Protiviti and leads Protiviti's Public Company Readiness solution. Prior to joining Protiviti, Steve was a Senior Partner at KPMG for three years and spent over 20 years at Arthur Andersen. In addition to his current responsibilities at Protiviti, Steve serves on the board of directors for two companies - one as Chairman and one as Audit Committee Chair.

Today's Presenter Today's Presenter –– Steve HobbsSteve Hobbs

2


[email protected]

Gordon Tucker is a Managing Director in the San Francisco office and heads the Firm's Manufacturing, Distribution and Technology industry team. Gordon began his career at Arthur Andersen in 1984 and has been with Protiviti since December 2003. He has over 20 years experience providing Internal and External Audit and consulting services to High Technology and Manufacturing companies. Client experience includes serving companies ranging in size from mid-market to Global 1000, with public and private ownership structures.

Erik Stone is a Managing Director in the San Francisco office. Erik has over 20 years of finance, accounting operations management and consulting experience including organization, process improvement, and technology related solutions. His project work has spanned Assessment, Due Diligence, Business Case Development, Design, Implementation and Execution phases.

[email protected]

Today's Presenter Today's Presenter –– Gordon TuckerGordon Tucker

Today's Presenter Today's Presenter –– Erik StoneErik Stone

3


A ReminderA Reminder

During the call you can ask questions by typing them into the chat box at the bottom of your screen.

There will be an Q&A at the end of the call.

4


Today's AgendaToday's Agenda

• Going Public – The Challenges

• Going Public – The Current IPO Landscape

• Protiviti's Six Elements of Infrastructure for Public Company Readiness

• Inherent Pre-IPO Risks

• Additional Public Company Readiness Considerations

• Q & A

5


Going Public Going Public –– The ChallengesThe Challenges

What should a privately held company do when planning to undertake an IPO?

"All companies, public and private, benefit from a sound and cost-effective system of internal controls. If a privately held company aspires to "go public," its management should consider an initial evaluation of its internal control over financial reporting to identify the company's readiness and areas that may require improvement. These areas can be addressed systematically over time rather than all at once when the company files its registration statement and is burdened with substantially more disclosure requirement responsibilities."

Source: Protiviti's Guide to the Sarbanes-Oxley Act: Internal Control Reporting Requirements –Frequently Asked Questions Regarding Section 404, Question 238, page 170.

6


Going Public Going Public –– The ChallengesThe Challenges

As companies prepare to become public, they face many challenges. Executives must ask themselves:

• Can we meet the reporting timelines required by the SEC?

• Do we understand the Sarbanes-Oxley Act requirements?

• Can we handle the complex accounting and disclosure requirements?

• Is our IT infrastructure scalable to handle our growth?

• Do we have and document business continuity plans?

• Will our corporate governance structure be adequate for our growth?

• Does the data used to manage and report our results have integrity?

• How effective is our Internal Audit function?

• Do we have effective records of management processes?

• Will any unfavorable findings resulting from the audit of the previous three years of financial information negatively impact the timing of a public offering?

7


Going Public Going Public –– The Current IPO LandscapeThe Current IPO Landscape

• Despite the sluggish market, there has been a 30% increase in S-1 filings over the same period last year.

• The SEC continues to make the US capital markets more accessibleand competitive.

• The effort and trend is expected to continue over the next 24 months.

131103Number of S-1 Filings

January & February 2008

January & February 2007

Source: U.S. Securities and Exchange Commission

8


Protiviti's Six Elements of Infrastructure for Public Protiviti's Six Elements of Infrastructure for Public Company Readiness Company Readiness

• Is the finance function strategy linked to business strategy?

• Do we have all appropriate business policies documented?

• Have we clearly defined lines between finance, IT and other functional units?

• Do we have appropriate IT policies?

• Are overall governance charters, and board policies in place?

• How effective and efficient is our Financial Close Process?

• How effective is our Budgeting process?

• Do we have documented processes?

• Is process owner monitoring in place?

• Do we have an Enterprise Risk Agenda?

• Have we established Internal Audit function?

• Do we have appropriate IT Service Organization?

• Do we have BOD committees established?

• Do we have an effective corporate structure?

• Do we have the right professional advisory groups?

• Do we have the requisite skills to ensure accurate financial reporting?

• Do we have an appropriate Finance organization reporting structure?

• Have we defined system users to mitigate Segregation of Duties issues?

• Do we generate and review Enterprise Risk Assessment reports?

• Internal customer reports?

• External reports?

• Process owner self assessment?

• Internal audit reports?

• KPIs for Finance Organization effectiveness?

• Relevant and reliable system reports?

• Have we established methodologies for integrated SOX 302, 906 and 404 certification?

• Do we have budget and financial control methodologies?

• Have we established methodologies for application of accounting policies and estimates?

• Are we getting the information we need to run an grow the business?

• Do we have an integrated and scalable IT environment?

• Have we considered alignment of current ERP environment with key business initiatives?

• Do we have appropriate Financial and operating systems?

• Have we considered minimization of spreadsheets within financial reporting?

• Do we have Internal controls and contracts repositories?Action Item: Assess current state and urgency of remediation.

Business Strategies &

Policies

Business Processes

Organization and People

Management Reports Methodologies Systems and

Data

9


Inherent PreInherent Pre--IPO RisksIPO Risks

In our experience, pre-public and newly public companies tend to face the risk of not achieving the following:

Accurate Financial Reporting –

– Companies need to ensure they have the requisite skills to understand the application of accounting principles and ensure accurate financial reporting.

Efficient Financial Close –

– In order to meet the revised SEC filing requirements, companies must ensure they have an accurate and efficient financial close process

Scalable IT Environment –

– Reviewing the IT system environment to ensure that the company is able to handle the growth in the business is imperative in being public

Appropriate Corporate Governance and SOX Compliance –

– Ensuring the company has a robust, regulatory and corporate governance understanding and an efficient, internal control environment is critical to achieving initial and ongoing compliance with SOX regulations.

10


Finance Remediation and Reporting Compliance Finance Remediation and Reporting Compliance ––Six Elements of InfrastructureSix Elements of Infrastructure

Business Strategies &

Policies

Business Processes

Organization and People

Management Reports Methodologies Systems and

Data

• Policies over financial reporting procedures exist, and are updated frequently

• Operating processes are aligned with financial reporting segments and elements

• Established Corporate Risk Governance, including Disclosure Committee

• Process owner monitoring of internal and external trends, methods, and changes that impact financial reporting

• Research and issue development processes in external reporting of financial information

• Management and control over the information provided by outside service providers

• Professional advisors and experts – internal and external

• Clearly articulated roles, responsibilities, and accountability for coordination of activities

• Integrated working group including legal, HR, treasury, tax, and financial reporting

• External and internal reports; alignment of metrics and segmentation

• Valuation/ratio analysis and comprehensive reports

• Relevant and reliable system reports which provide critical data to support calculations and disclosures

• Monitoring, selection, and application of appropriate accounting principles and policies

• Ensure consistent adherence to the desired process for conducting transactions within the existing policy framework

• Methodologies for:

– Development of critical input variables,

– Periodic assessment of estimates

• Secure, verifiable data transfer between systems maintained by HR, outside service providers, and accounting/reporting

• IT systems across controls and forced edit/change of reports to safeguard general ledger and sub-ledger data and interfacing

• IT Business Continuity and Security Plans

Protiviti systematically evaluates the critical infrastructure components to identify opportunities to enhance a Company's business. Throughout our approach we look for areas to improve an organization across the six key elements of Financial Reporting Risk:

11


Assessing Financial Reporting RiskAssessing Financial Reporting Risk

Do management and the audit committee know where the key risks to your company's financial reporting process exist, including:

• Accounting for transactions with significant estimates or judgments

• Complex transactions and accounting principles application

• Broad accounting guidelines

• Accurate underlying data

• Adequate system support

• Management override opportunity

Companies need to work in "anticipatory mode" to get out in front of financial reporting issues before they become reputation threatening.

12


Financial Reporting (FR) Risk Profile AssessmentFinancial Reporting (FR) Risk Profile Assessment

• Financial Reporting ("FR") Risk Profile Assessment is a foundational component of our Public Company Readiness approach.

• The objective of an FR Risk Profile is to identify and monitor the areas prone to potential misstatements (new and old).

• An FR Risk Profile will provide a roadmap so appropriate oversight and control can be monitored or established to reduce financial reporting risk to an acceptable level.

The FR Risk Profile is a foundational component of Public Company Readiness.

13


Financial Reporting (FR) Risk Profile AssessmentFinancial Reporting (FR) Risk Profile Assessment

• An FR Risk Profile is not another "one-off" assessment. It should be dynamic and updated periodically.

• An FR Risk Profile can serve as the logical "first step" in beginning the necessary risk assessment for scoping management's approach to Sarbanes-Oxley compliance.

• This will provide transparency for the drivers and magnitude of financial reporting risks for all to see.

Remediate

UnderstandPast, Presentand Potential Challenges

Identify Authoritative

Literature

Assign Profile Rating

Assess Need for Accounting

Position Paper

Identify Relevant

Accounts and Disclosures

• Material account balances

• Significant / complex transactions

• Financial statement disclosures

• Identify available guidance

• Consider the various alternatives

• Review application of alternatives

• Inventory existing policies and procedures

• Evaluate current practice

• Consider transparency of accounting position

• Review SEC comment letters

• Review external auditor findings and management letters

• Assess other regulatory agency notice or findings

• Finance management consideration of data gathered

• Discussion of findings

• Financial management assigns a rating

• Develop action plan with key stakeholders

• Implement changes

• Re-assess

14











15


Efficient Financial Close Efficient Financial Close

Years Ending On or After Form 10-K Deadline Form 10-Q Deadline

Accelerated Filer

Non-Accelerated Filer

75 days after fiscal year-end

90 days after fiscal year-end

40 days after fiscal quarter-end

45 days after fiscal quarter-end

SEC Requirement for Public Companies:

Common Challenges for Pre Public Companies:

• Casual close process, few milestones, informal status reporting• Less mature accounting systems, little electronic integration• Numerous manual activities• Too much detail to close fast/Not enough detail for audit• No previous disclosure committee• Many spreadsheets, few controls, increasing risk of errors• Dependent on key people

16


Financial Close Process Assessment Financial Close Process Assessment

• Develop detailed close checklist

• Holistic Assessment across Protiviti’s Six Elements of Infrastructure.

• Pre-determined escalation policy and protocols

• Remote location & 3rd party tasks, report formats clearly defined

• Financial reporting adjustments and approval authority established

• Detailed tracking of financial close activities

• Daily status meetings

• Frequency and participation for Disclosure Committee, Audit Committee and External Audit review

• Accountability to due dates

• Well defined roles, training and requisite skills

• Disclosure Committee composition

• Daily close status and issuereporting

• Use process dashboards to monitor/improve performance (time, JEs by task, person, day, etc.)

• Track proposed GL adjustments

• 302 sub certifications

• Level of detail appropriate to materiality requirements

• Reconciliations prioritized, standard templates used

• Replace spreadsheets

• Enhance Spreadsheet Controls

• Integrated systems to control data flow

• Electronic support schedules

BusinessPolicies

BusinessPolicies

BusinessProcessesBusiness

ProcessesPeople and

OrganizationPeople and

OrganizationManagement

ReportsManagement

Reports MethodologiesMethodologies Systems and Data

Systems and Data

17


Financial Close Process Financial Close Process –– Revenue CycleRevenue Cycle

• Software or Service Revenue often major challenge for close

• Many functions in the “Revenue Cycle” impact revenue reporting

• Key challenge to collect data around cycle and from multiple functions

PRICING STRATEGY

INVOICING

QUOTE, CONTRACT &ORDER MANAGEMENT

ACCOUNTS RECEIVABLE& COLLECTIONS

REVENUE REPORTING& MONITORING

REVENUE PROJECTIONS& FORECASTS

DEAL MANAGEMENT& NEGOTIATION

REVENUE RECOGNITION

QUOTE, CONTRACT &ORDER MANAGEMENTEnablers

Aligned Processes, People, Roles & Skills, Tools &

Information

18










Inherent PreInherent Pre--IPO Risks IPO Risks

19


Ensuring a Scalable IT EnvironmentEnsuring a Scalable IT Environment

Common Challenges:

• Smaller IT staff with limited skills and bandwidth

• Informal (non existent) policies & procedures including SDLC controls and business continuity plans

• Proliferation of desktop applications (spreadsheets) & decentralized data storage

• Immature ERP systems

• Lack of integration

• Short term decisions with significant long term implications (e.g. ERP selection, hosted solutions, outsourcing, etc.)

20


IT Strategy & Policies

The strategy should cover application, infrastructure and organizational requirements, including outsourcing. It should include a roadmap for

major projects and projected resource requirements and address the following critical IT related risks:

• Failover systems if highlight dependent of high availability systems.

• Data security and governance if loss of sensitive data or IP would have a sever impact on the business.

• Plans to comply with various regulations (SOX, HIPAA, PCI, etc.), as required

Business Process

Define and implement formal process and controls for:

• Change Management (including IT Steering Committee and SDLCs - System Development Lifecycle Controls)

• Security and Access Management and Operations

• Establish user support operations consistent with service level agreements

• Document and follow standard operations processes

People & Organizational Structure

• Ensure that org structure, reporting lines and responsibilities (such as Security or Production Support) are clearly defined

• Validate that IT personnel have appropriate skills to support their evolving functions, and ensure ongoing training

ITStrategy &

Policies

ITStrategy &

PoliciesBusiness

ProcessesBusiness

ProcessesPeople and



ReportsManagement


Systems and Data

Developing a Scalable IT Environment Developing a Scalable IT Environment –– Key ActivitiesKey Activities

21


Ensuring a Scalable IT EnvironmentEnsuring a Scalable IT Environment

Management Reporting

Establish key metrics to monitor IT’s performance and measure progress towards goals. Some measures should be reported outside the IT

organization to validate IT service levels are appropriate to support the overall business goals. Sample metrics may include: time to break even on

new IT investments; time to resolve IT support questions; IT expense/employee; # employees/# IT FTE, IT exp/revenues, etc.

Methodologies

Consider what standard models and methodologies (e.g. COBIT) support your IT strategy, and consult with industry experts to determine the

methodologies the organization will follow. Provide training, require adherence and measure performance around the use of your methodologies.

Systems and Data

• Determine ERP solution to best meet the financial reporting and operational needs of the organization

• Review IT application portfolio and replace numerous, legacy applications with a more robust solution

• Assess current storage and backup solutions for greater reliability and cost savings

• Ensure systems are configured for security / regulatory compliance requirements

ITStrategy &

Policies

ITStrategy &

PoliciesBusiness

ProcessesBusiness

ProcessesPeople and



ReportsManagement


Systems and Data

22











23


Becoming SOX Compliant Becoming SOX Compliant

SOX Section Key SOX Activity

Recommended Implementation

Timeframe

Section 404 1. Document the Company's Significant Business Processes Affecting Financial Reporting

By S-1 filing

Section 404 2. Identify Risks, Controls and Areas of Improvement in Internal Control over Financial Reporting

By S-1 filing

Section 404 3. Conduct Remediation of Internal Control Structure 3 quarters prior to 404 Compliance Date

Other Key Considerations

4. Evaluate the Role and Composition of the Board and Audit Committee

Prior to IPO


5. Evaluate Need for Internal Audit Function After 404 Compliance

Section 404 6. Implement a Process to Test Internal Controls and Report on that Testing

2 quarters prior to 404 Compliance Date


7. Evaluate Need for an Enhanced Financial Reporting Function to Support New Reporting and Disclosure Requirements

By S-1 filing

Section 302 / 906 8. Implement a CEO/CFO Certifications Process By First 10Q

SOX Section 406 9. Make Code of Ethics and Business Conduct Policy Publicly Available

Prior to IPO

Section 301 10. Establish "Whistle Blower" Hotline Prior to IPO

24


Protiviti's Approach to SOX ComplianceProtiviti's Approach to SOX Compliance

Protiviti utilizes its proprietary market-proven standard approach for Sarbanes-Oxley Compliance. Following project scoping and initiation efforts in Phase I, the majority of efforts will be incurred in the documentation (Phase II) and testing (Phase III) of controls embedded within the business processes. To the extent that any controls are determined to be improperly designed or operating ineffectively during these Phase II and III efforts, remediation of these control weaknesses will be addressed in Phase IV.

PHASE I: Assess Current State and Identify Relevant

Controls

Set Foundation

Project Management Continuous Improvement

PHASE II: Document Critical

Processes and Controls

PHASE III: Evaluation and

Testing of Controls

PHASE IV: Remediation of

Control WeaknessesReport

Process Management

Assessment Management

Knowledge Management

Financial Reporting Requirements

Relevant Processes

Internal ControlReport

Process Risks/Controls

Control Design Control Improvements

Control OperationEntity-Level Controls

Components of Internal Control

Reporting

Our Approach

Tools & Technology

25


1. Project Scope, Approach and Plan defined (reviewed with External Auditor)2. Priority financial reporting elements identified, current state of critical

processes inventoried and assessed (reviewed with External Auditor)3. Risks and assertions for key financial reporting elements identified, critical

processes documented. Control design validated and internally tested, results documented and improvement action plan developed

4. Process improvements designed/implemented, e.g.: policies, processes, controls, reports and systems

5. Remediation testing and implementation activities completed. 6. External Auditor "Dry-Run" testing completed7. Remediation for External Auditor review comments completed8. Management certification and External Auditor attestation process completed

Assess Current State/ Identify Relevant Processes

Document Design and Evaluate Critical Processes and Controls Testing

Design and Implement Solutions for Material Control Gaps

Ongoing testing/evaluation of operating effectiveness

Set Project Foundation

2

1

3

External Auditor "Dry-Run" Testing

Remediation for External Auditor Review Comments

Management certification and External Auditor

attestation

8

01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16

Months

High Level Project Timeline High Level Project Timeline –– ExampleExample

= Major Milestones

4

5

6

7

26


Additional Public Company Readiness Considerations

27


Public Company Readiness Public Company Readiness –– The Four PhasesThe Four Phases

Phase IVMonitor & Manage

Phase IVMonitor & Manage

Phase III Remediation &

Preparation

Phase III Remediation &

PreparationPhase II

Solution DesignPhase II

Solution DesignPhase IInitial

Assessment

Phase IInitial

Assessment

• Assess the current state of readiness against the Six Elements of Infrastructure

• Identify readiness of core public company requirements:

– Accurate Financial Reporting

– Efficient Financial Close

– Corporate Governance and SOX Compliance

– IT scalability

• Assess the urgency of solution based on cost / benefit, required timeline

• Develop a high level work plan, timeline, resource requirements

• Design required solutions for initial assessment findings with urgent needs

• Develop baseline of appropriate policies and procedures

• Review the Revenue Recognition Process

• Develop baseline for Financial Close Process

• Perform Risk Assessment and initial scoping for SOX Readiness and Compliance

• Assess the IT Environment and help "spec and select" the right ERP system, if required

• Implement solutions and remediate urgent needs

• Produce SOX Section 302 certification

• Achieve SOX Section 404 compliance

• Manage short and long term goals

• Ensure Section 906 Hotline is in place

3 – 6 Weeks 6 – 8 Weeks Through S-1 filing Through 2nd 10-K Filing

28


Additional Public Company Readiness ConsiderationsAdditional Public Company Readiness Considerations

Investment Bank Selection

Printing Company Selection

Transfer Agent Selection

Additional Related Entity Audit Requirement

Reportable Segment Identification

Interactions with the SEC

Pre-IPO Filings and Review

Board of Directors Composition

Insurance Coverage Analysis

Future finance organization

Resolution of a material weakness

Joint venture arrangement

Business Continuity Management

IT Security

IT Application Control Effectiveness

Bank Arrangement Discussion

Treasury Department Analysis

Records Retention Policy Review

Incentive Plan(s) Review

Income Tax Detail Review

Compensation Policy Review

Development and Implementation of Policies and Procedures

Accounting Staff Competency

IT Cost control

External Auditor Selection

General Counsel Selection

Enterprise Risk Agenda

Investment policies for marketable securities

Contract and License Management and Auditing

Intellectual Property protection

Fraud risk management

Litigation support and the use of eDiscovery tools

Corporate Restructuring

In addition to helping our clients remediate the urgent needs identified in the four core areas, we are also often asked to assist clients with the following important activities:

29


Key TakeawaysKey Takeaways

• Public markets continue to be an attractive source for capital and exit strategy alternatives

• Strategic assessments and planning for an IPO are key factors to a successfully priced offering

• Resources and effort required to prepare for an IPO are frequently underestimated

• Companies generally have numerous infrastructure and other readiness issues that require remediation

• Challenges in today’s fast-moving markets – Will you be Ready?

30


Q&A

At Protiviti, we believe the companies that most effectively understand and manage their risk are the companies that most often succeed. Or as we like to say…

[email protected] Bay Area Managing Director

408.808.3260

Thank you for joining us!


408.808.3253

[email protected] York Managing Director

212.603.5434


415.402.6441

Date post:	27-May-2018
Category:	Documents
Upload:	dangtruc
View:	215 times
Download:	0 times

Webcast: Public Company Readiness - KnowledgeLeader€¦ · · 2014-06-26Webcast: Public Company...

Documents