Your SlideShare is downloading. ×
0
The New World of Corporate Responsibility An Overview of the New Drivers of Corporate Responsibility:  The  Sarbanes-Oxley...
It’s The Law! “ SEC may ban auditors’ advice on taxes” -  CNN Money <ul><li>“ More Cases of Accounting Problems Lurk” </li...
It’s also expensive! SEC Reporting and Disclosure Changes Summary of Estimated Impact (Incremental Costs) The added expens...
Topics Overview <ul><li>Sarbanes Oxley Act, NYSE and NASDQ Listing Requirements Overviews-Corporate Governance and Disclos...
Topics Overview (cont’d) <ul><li>Additional Aspects of Sarbanes-Oxley </li></ul><ul><ul><ul><li>Document Retention and Des...
Sarbanes Oxley Act, NYSE and NASDAQ Listing Requirements AN OVERVIEW Nancy Lanis Curative Health Services
Sarbanes Oxley Act Overview-Corporate Governance and Disclosures <ul><li>Sarbanes-Oxley Act of 2002 (“SOA”) enacted July 3...
Sarbanes Oxley Act Overview- Corporate Governance and Disclosures (cont.) <ul><li>Several provisions of the SOA require de...
NYSE and NASDAQ Listing Requirements Overview-  Corporate Governance and Disclosures   <ul><li>Board of Directors of NYSE ...
The Impact of New Standards on Compliance Programs and Corporate Governance   Nancy Lanis Curative Health Services
Practical Impact- Disclosures and the Integrity Chain  <ul><li>Intended to provide more reliable, timely and useful inform...
Requirements Affecting Senior Executives, Individual Directors <ul><li>CEO/CFO Certifications to assure accuracy, complete...
Requirements Affecting Senior Executives, Individual Directors (cont’d) <ul><li>Additional disclosure issues </li></ul><ul...
Requirements Affecting Senior Executives, Individual Directors (cont’d) <ul><ul><li>Code of Ethics  (NASDAQ-6 months post ...
Requirements Affecting Board of Directors, Board Committees <ul><li>Corporate Governance requirements affecting full Board...
Requirements Affecting Board of Directors, Board Committees (cont’d) <ul><li>Corporate Governance Requirements Affecting F...
Requirements Affecting Board of Directors, Board Committees (cont’d) <ul><li>Corporate Governance (Proposed) Requirements ...
Requirements Affecting Board of Directors, Board Committees (cont’d) <ul><li>Additional Corporate Governance (Proposed) Re...
Audit Committee Oversight  <ul><li>Increased Audit Committee Oversight Responsibilities: </li></ul><ul><ul><ul><li>Directl...
Audit Committee Oversight (cont’d)  <ul><ul><ul><li>At least annually, obtain and review a report by the independent Audit...
Audit Committee Composition <ul><ul><li>Independence  </li></ul></ul><ul><ul><ul><li>Audit Committee member not to receive...
Audit Committee Composition (cont’d) <ul><ul><li>Financial Expertise </li></ul></ul><ul><ul><ul><li>Audit Committee must i...
Audit Committee Reporting Mechanism <ul><li>Complaint Procedures:  </li></ul><ul><ul><ul><li>Must establish procedures for...
Audit Committee Pre-approvals <ul><ul><li>Must pre-approve any non-auditing service to  be performed by outside auditors (...
Requirements Affecting Outside Auditors <ul><li>New Auditor Independence Requirements </li></ul><ul><li>Registered public ...
Requirements affecting Outside Auditors (cont’d) <ul><li>Public Company Accounting Oversight Board established </li></ul><...
Requirements Affecting Outside Auditors (cont’d)  <ul><li>Mandatory Auditor rotation:  Partner cannot be lead or review pa...
Provisions Affecting Board Compensation Committees <ul><li>Prohibitions on loans to top management and Directors: </li></u...
Recommended Actions to Enhance Compliance- Specific Steps <ul><li>Assess/document P&P, processes already in place; determi...
Recommended Actions to Enhance Compliance- Specific Steps (cont’d) <ul><li>Consider/clarify relationship of Internal Audit...
Recommended Actions to Enhance Compliance- Specific Steps (cont’d) <ul><li>Financial and Disclosure controls: </li></ul><u...
Recommended Actions to Enhance Compliance- Specific Steps (cont’d) <ul><li>Financial and Disclosure controls: </li></ul><u...
Recommended Actions to Enhance Compliance- Specific Steps (cont’d) <ul><li>Financial and Disclosure controls: </li></ul><u...
Discussion <ul><li>Compliance Officers’ Brave New World? Familiarity with Financial and Disclosure Controls? </li></ul><ul...
APPENDIX Reporting & Internal Controls
Act Imposes Important Reporting Requirements on Management <ul><ul><li>Section 302 (and related SEC rule) (Civil)– CEO/CFO...
Act Imposes Important Reporting Requirements on Management  (continued) <ul><li>Section 404 – Management Must Assess Inter...
<ul><li>Recent CEO/CFO certifications filed with the SEC (either in respect of its “one time” Order or pursuant to Section...
General Rather Than Specific Requirements Have Been Established <ul><li>Management must determine for themselves the struc...
Understanding Requirements for Disclosure Controls and Procedures <ul><li>The SEC defines DC&P as follows: </li></ul><ul><...
Special Issues for Lawyers and Compliance Officials     Michael L. Shaw PricewaterhouseCoopers LLP
Special Issues for Lawyers and Compliance Officials <ul><li>Document retention and destruction </li></ul><ul><li>Whistlebl...
Documents (cont’d) <ul><li>18 U.S.C. § 1519:  “Whoever knowingly alters, destroys . . . with the intent to impede, obstruc...
Documents (cont’d) <ul><li>Need to develop a  business justification  for every element of the document destruction plan <...
SEC Lawyers <ul><li>New Lawyer Disclosure Obligation:  SEC to issue rules within 180 days setting minimum standards for la...
SEC Lawyers (cont’d) <ul><li>Materiality standard :  SEC is to adopt rule “requiring an attorney to report  evidence  of a...
SEC Lawyers (cont’d) <ul><ul><ul><li>What is a “similar violation?” </li></ul></ul></ul><ul><ul><ul><li>What is an “inappr...
Whistleblowers (cont’d) <ul><li>Sweeping new protections for whistleblowers-- </li></ul><ul><ul><li>Modeled after protecti...
Whistleblowers (cont’d) <ul><li>18 U.S.C. § 1513:  “Whoever knowingly, with the intent to retaliate, takes any action harm...
Whistleblowers (cont’d) <ul><li>Elements of 18 U.S.C. § 1514A: </li></ul><ul><ul><ul><li>Prohibits a company from sanction...
New Felonies and Increased Criminal Penalties <ul><li>Substantive new offenses added by the Act: </li></ul><ul><ul><ul><li...
New Felonies and Increased Criminal Penalties (cont’d) <ul><ul><ul><li>Enhanced penalties for conspiracies (from 5 years t...
Intersection with Compliance Programs and Internal Control Concepts     Michael L. Shaw PricewaterhouseCoopers LLP
Intersection with Elements of a Compliance Program <ul><li>Federal Sentencing Guidelines </li></ul><ul><li>Experience from...
Intersection with Elements of a Compliance Program <ul><li>Code of Conduct </li></ul><ul><li>Commitment by senior manageme...
Intersection with Elements of a Compliance Program <ul><li>High-level involvement </li></ul><ul><li>Responsibility for dev...
Intersection with Elements of a Compliance Program <ul><li>General and specific training sessions on a periodic basis </li...
Intersection with Elements of a Compliance Program Standards and Procedures Oversight Responsibility Education and Trainin...
Intersection with Elements of a Compliance Program Standards and Procedures Oversight Responsibility Education and Trainin...
Intersection with Elements of a Compliance Program Standards and Procedures Oversight Responsibility Education and Trainin...
Intersection with Elements of a Compliance Program Standards and Procedures Oversight Responsibility Education and Trainin...
Addressing DC&P Requirements Internal  Accounting  Controls Disclosure Requirements Financial Reporting Compliance Operati...
Operationalizing the Control Structure, Including the Certification Effort
<ul><li>COSO defines internal controls as a process effected by an entity’s Board of Directors, Management and other perso...
The Five Components under the COSO Framework <ul><li>Control Activities   </li></ul><ul><li>Policies/procedures that ensur...
Benefits of the New Law  <ul><ul><li>Increased confidence of CEO/CFO in meeting reporting requirements </li></ul></ul><ul>...
Final Observation <ul><ul><li>The Sarbanes-Oxley legislation has established a new paradigm for corporate responsibility, ...
Compliance Programs – The Missing Link     Jody Ann Noon, RN, JD
Complex Processes and Organizational Models <ul><li>The Health Care & Life Sciences Industry faces an ever-changing spectr...
Scope of Compliance  Health & Safety  Corporate Governance <ul><ul><li>Medicare </li></ul></ul><ul><ul><li>Medicaid </li><...
Point of View <ul><ul><li>Organizations tend to manage risks in “silos” </li></ul></ul><ul><ul><ul><li>Limited ability to ...
The Role of Compliance <ul><li>The effectiveness of Senior Management’s oversight is typically limited because: </li></ul>...
Traditional Model Quality, compliance and business risks managed by silo -  difficult to track all of the moving parts 73 ...
System Risk  Financial Risk  Operational Risk  Regulatory Risk  Compliance Risk  Quality, compliance and business risks ma...
Organizational Approaches <ul><ul><li>Board Oversight </li></ul></ul><ul><ul><ul><li>Committee of Directors </li></ul></ul...
Some Critical Success Factors <ul><li>Senior Management/Board commitment </li></ul><ul><li>Clearly defined mission, commun...
For More Information Contact: <ul><li>Michael L. Shaw </li></ul><ul><li>Senior Manager </li></ul><ul><li>PricewaterhouseCo...
Upcoming SlideShare
Loading in...5
×

The New World of Corporate Responsibility

672

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
672
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Audit Presenter: Remind audience that in fact this is a law , and there are potential penalties for failure to comply, including potential jail time. Re-enforce the obvious – this stuff is all over the press – but no always understood! Read a few of the quotes. The increased scrutiny has raised the bar in terms of not only company and management responsibilities, but the responsibilities of auditing firms, we are both not seen in a good light by the public. End result is that risk for the company’s CEO/CFO and audit firms has increased and must be properly managed.
  • Audit Presenter: Remind audience that in fact this is a law , and there are potential penalties for failure to comply, including potential jail time. Re-enforce the obvious – this stuff is all over the press – but no always understood! Read a few of the quotes. The increased scrutiny has raised the bar in terms of not only company and management responsibilities, but the responsibilities of auditing firms, we are both not seen in a good light by the public. End result is that risk for the company’s CEO/CFO and audit firms has increased and must be properly managed.
  • The limitation on “expert services” is new, and not in the SEC’s current auditor independence rules. What are “expert services”? It’s where an audit firm is asked to testify on behalf of a client in a judicial, regulatory or administrative proceeding. Question whether the SEC’s final rules will bar these types of services. Until the SEC issues clarifying rules, accounting firms can provide these types of services, which are now permitted under SEC rules. Also, there should be no problem with an accounting firm providing these types of services where it just reporting to the company -- the prohibition applies only to providing these services in judicial, administrative or regulatory proceedings . What about an investigation or responding to an audit report? That’s probably OK. Also probably OK for an accounting firm to testify in a proceeding as a fact witness. Note that it is expressly OK to provide tax services.
  • Existing loans to officers may be maintained -- are “grandfathered in” under the Act. Other types of loan-related “sweetheart deals” prohibited by the Act include loans to officers to purchase stock and standard officer relocation loans.
  • This plugs the gap in the previous law: Previous statute made it a crime for a person corruptly to obstruct, impede or influence a proceeding that was actually pending before a federal agency or Congress. For future proceedings , it was a crime to threaten or corruptly persuade another person to alter, destroy or mutilate an object to impair its integrity for use in an official proceeding. If you personally destroyed a document to obstruct a future proceeding, there was technically no violation. The obstruction of justice statute now applies to both pending and future proceedings. Companies are going to need DOJ Guidance in this area
  • Highlighted language is problematic : What does it mean? If you destroy a document that you have reason to believe could relate to some future Govt. inquiry, is this a violation of the statute? Minority Report of the Senate Judiciary Committee felt it would be, and raised its concerns about this situation. Majority never responded to this point (Per Rob Weiner). Although criminal statutes are to be narrowly construed as a matter of law -- this doesn’t provide much of a comfort level about the “in relation to” language. DOJ issued field guidance in connection with other provisions of the act, but not on the document retention issue.
  • Section 307, “Rules of Professional Responsibility for Attorneys”: sets forth “minimum standards of professional conduct for attorneys appearing and practicing before the Commission in any way in the representation of issuers . . .”
  • In addition to the new criminal provisions protecting whistleblowers, the Act also creates a new civil remedy for employees of public companies who believe that they have been discharged for whistle blowing. A company may not discharge , demote , suspend , threaten , harass , or in any other manner discriminate against an employee because the employee has provided information or has otherwise assisted in an investigation regarding any conduct which the employee reasonably believes constitutes a violation of federal securities laws, mail or wire fraud, or other federal laws on fraud against shareholders, or participates in or otherwise assists in such proceedings (or proceedings about to be filed). Employee alleging such discharge/discrimination can file a civil complaint with the Secretary of Labor. Action must be commenced within 90 days of the date the violation occurs.
  • What is “truthful information?” Section 1107 does not define the term.
  • The day after passage of the Act, on 8/01/02, Attorney General Ashcroft issued a Directive to all U.S. Attorney’s offices and FBI Field Offices ordering immediate implementation of Sarbanes-Oxley Act to combat corporate fraud. In conjunction with the Atty. General’s directive, the Fraud Section of the Criminal Division issued Field Guidances to prosecutors and investigators outlining the new tools and penalties in the Act, and identifying which provisions of the Act can be applied retroactively or prospectively. The Atty. General also sent a letter to the U.S. Sentencing Commission , directing it to review and amend, as appropriate, within 180 days (from Aug. 1, 2002), the Sentencing Guidelines related to obstruction of justice , criminal fraud , accounting and securities fraud , and the new “white collar” provisions in the Act related to document destruction and tampering . Special “Heads Up” to Corporate Compliance Officials : Ashcroft’s letter also asked the Sentencing Comm’n to consider “ revisions to discrete aspects of the organizational guidelines , including issuing guidance regarding internal investigations , voluntary self-disclosure and other compliance measures that will enhance the incentives for corporations to police themselves effectively, and to bolster the effectiveness of audit committees and other independent oversight personnel.”
  • This plugs the gap in the previous law: Previous statute made it a crime for a person corruptly to obstruct, impede or influence a proceeding that was actually pending before a federal agency or Congress. For future proceedings , it was a crime to threaten or corruptly persuade another person to alter, destroy or mutilate an object to impair its integrity for use in an official proceeding. If you personally destroyed a document to obstruct a future proceeding, there was technically no violation. The obstruction of justice statute now applies to both pending and future proceedings. Companies are going to need DOJ Guidance in this area
  • This plugs the gap in the previous law: Previous statute made it a crime for a person corruptly to obstruct, impede or influence a proceeding that was actually pending before a federal agency or Congress. For future proceedings , it was a crime to threaten or corruptly persuade another person to alter, destroy or mutilate an object to impair its integrity for use in an official proceeding. If you personally destroyed a document to obstruct a future proceeding, there was technically no violation. The obstruction of justice statute now applies to both pending and future proceedings. Companies are going to need DOJ Guidance in this area
  • This plugs the gap in the previous law: Previous statute made it a crime for a person corruptly to obstruct, impede or influence a proceeding that was actually pending before a federal agency or Congress. For future proceedings , it was a crime to threaten or corruptly persuade another person to alter, destroy or mutilate an object to impair its integrity for use in an official proceeding. If you personally destroyed a document to obstruct a future proceeding, there was technically no violation. The obstruction of justice statute now applies to both pending and future proceedings. Companies are going to need DOJ Guidance in this area
  • This plugs the gap in the previous law: Previous statute made it a crime for a person corruptly to obstruct, impede or influence a proceeding that was actually pending before a federal agency or Congress. For future proceedings , it was a crime to threaten or corruptly persuade another person to alter, destroy or mutilate an object to impair its integrity for use in an official proceeding. If you personally destroyed a document to obstruct a future proceeding, there was technically no violation. The obstruction of justice statute now applies to both pending and future proceedings. Companies are going to need DOJ Guidance in this area
  • This plugs the gap in the previous law: Previous statute made it a crime for a person corruptly to obstruct, impede or influence a proceeding that was actually pending before a federal agency or Congress. For future proceedings , it was a crime to threaten or corruptly persuade another person to alter, destroy or mutilate an object to impair its integrity for use in an official proceeding. If you personally destroyed a document to obstruct a future proceeding, there was technically no violation. The obstruction of justice statute now applies to both pending and future proceedings. Companies are going to need DOJ Guidance in this area
  • This plugs the gap in the previous law: Previous statute made it a crime for a person corruptly to obstruct, impede or influence a proceeding that was actually pending before a federal agency or Congress. For future proceedings , it was a crime to threaten or corruptly persuade another person to alter, destroy or mutilate an object to impair its integrity for use in an official proceeding. If you personally destroyed a document to obstruct a future proceeding, there was technically no violation. The obstruction of justice statute now applies to both pending and future proceedings. Companies are going to need DOJ Guidance in this area
  • This plugs the gap in the previous law: Previous statute made it a crime for a person corruptly to obstruct, impede or influence a proceeding that was actually pending before a federal agency or Congress. For future proceedings , it was a crime to threaten or corruptly persuade another person to alter, destroy or mutilate an object to impair its integrity for use in an official proceeding. If you personally destroyed a document to obstruct a future proceeding, there was technically no violation. The obstruction of justice statute now applies to both pending and future proceedings. Companies are going to need DOJ Guidance in this area
  • This plugs the gap in the previous law: Previous statute made it a crime for a person corruptly to obstruct, impede or influence a proceeding that was actually pending before a federal agency or Congress. For future proceedings , it was a crime to threaten or corruptly persuade another person to alter, destroy or mutilate an object to impair its integrity for use in an official proceeding. If you personally destroyed a document to obstruct a future proceeding, there was technically no violation. The obstruction of justice statute now applies to both pending and future proceedings. Companies are going to need DOJ Guidance in this area
  • Walk through definition of “internal controls” Emphasize that company’s don’t necessarily have a handle on this definition and may ask “What Is IT ”; You’re choice, may want to go the Brian Kinman route and start to refer to “Internal Controls” as “It”, and emphasize the difficulty in defining “What is IT”, “How is IT Working”, “How do you Monitor/Test IT”, “How do you Fix IT”
  • Briefly go through the 5 components. Emphasize that all 5 components must be in place for a control to be effective. State that PwC actually devised this framework as part of the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
  • The crux of the Sarbanes approach to controls is recognition that management has ultimate responsibility for the control activities in their organization – and that they will be held accountable for it. To ensure that management (and the board) have an effective means by which they can execute this responsibility, there must be a clear linkage between the governance activities of the board and management and the control activities of the entire organization. This link is a compliance program and infrastructure that measures and monitors the effectiveness and alignment between the two.
  • Transcript of "The New World of Corporate Responsibility"

    1. 1. The New World of Corporate Responsibility An Overview of the New Drivers of Corporate Responsibility: The Sarbanes-Oxley Act, NYSE Listing Requirements, and NASDAQ Proposal Discussion of Key Considerations and Intersection with Traditional Compliance Program and Internal Control Concepts Nancy Lanis Senior VP & General Counsel Curative Health Services Hauppauge, NY Michael L. Shaw Senior Manager PricewaterhouseCoopers LLP Washington, DC Jody Ann Noon RN, JD Partner Deloitte & Touche LLP Portland, OR
    2. 2. It’s The Law! “ SEC may ban auditors’ advice on taxes” - CNN Money <ul><li>“ More Cases of Accounting Problems Lurk” </li></ul><ul><li>The Associated Press, </li></ul><ul><li>December, 2002 </li></ul><ul><li>“ Swamped by Scandals </li></ul><ul><li>Corporate Cases Keep Top Lawyers Hopping” </li></ul><ul><li>The Washington Post </li></ul>“ In Corporate America It’s Clean-up time.” - Fortune, September 2002 <ul><li>“ Keeping an eye on Corporate America. </li></ul><ul><li>Ethics officers suddenly feel relevant” </li></ul><ul><li>Fortune, </li></ul><ul><li>November 2002 </li></ul>“ Only time and more indictments, not acts by the SEC and Congress, can restore investor confidence” - CNN Money, August 2002 <ul><li>“ Sane Walk, Nicer Shoes; </li></ul><ul><li>Parading of Executives in </li></ul><ul><li>Custody Fuels New Debate” </li></ul><ul><li>New York Times, </li></ul><ul><li>November, 2002 </li></ul>1 PricewaterhouseCoopers LLP
    3. 3. It’s also expensive! SEC Reporting and Disclosure Changes Summary of Estimated Impact (Incremental Costs) The added expenses as a result of increased regulatory requirements: (Assumes a &quot;typical&quot; Fortune 500 company with $3 billion in sales, global operations, an in-house internal audit function, in-house legal counsel and significant disclosure requirements.) Source : Financial Executive, January / February 2003 – “ New Regulations: Preparing for the Unplanned Costs ” By Johnsson and Wiechart PricewaterhouseCoopers LLP $3,000,000 - $8,000,000 $4,000,000 - $9,000,000 Total Incremental Costs $200,000 - $300,000 $250,000 - $500,000 System enhancements $100,000 - $200,000 $200,000 - $400,000 Required process improvements $250,000 - $300,000 $250,000 - $500,000 Finance/accounting/reporting expansion $200,000 - $400,000 $200,000 - $250,000 Corporate governance changes (BOD, D&O premiums) $250,000 - $300,000 $400,000 - $600,000 Outside consulting services $100,000 - $200,000 $150,000 - $250,000 Legal resources expansion $500,000 - $1,000,000 $800,000 - $1,500,000 External legal fees increases $200,000 - $300,000 $250,000 - $500,000 Internal audit expansion $200,000 - $300,000 $250,000 - $500,000 Internal audit expansion $1,000,000 - $5,000,000 $1,000,000 - $5,000,000 Independent audit scope changes and fee increases Ongoing / Annual One Time / Initial
    4. 4. Topics Overview <ul><li>Sarbanes Oxley Act, NYSE and NASDQ Listing Requirements Overviews-Corporate Governance and Disclosures </li></ul><ul><li>Practical Impact on Compliance Standards and Corporate Governance </li></ul><ul><ul><ul><li>Integrity and Disclosure Requirements </li></ul></ul></ul><ul><ul><ul><ul><li>Executives, Individual Directors </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Board of Directors, Board Committees </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Outside Auditor </li></ul></ul></ul></ul><ul><ul><ul><li>Recommended Actions to Enhance Compliance Programs </li></ul></ul></ul><ul><ul><li>Discussion </li></ul></ul>
    5. 5. Topics Overview (cont’d) <ul><li>Additional Aspects of Sarbanes-Oxley </li></ul><ul><ul><ul><li>Document Retention and Destruction </li></ul></ul></ul><ul><ul><ul><li>Whistleblowers </li></ul></ul></ul><ul><ul><ul><li>Attorney Reporting Responsibilities </li></ul></ul></ul><ul><ul><ul><li>Enforcement Penalties </li></ul></ul></ul><ul><ul><li>Intersection with Compliance Programs </li></ul></ul><ul><ul><li>Discussion of Internal Controls </li></ul></ul><ul><ul><li>Question & Answers </li></ul></ul>
    6. 6. Sarbanes Oxley Act, NYSE and NASDAQ Listing Requirements AN OVERVIEW Nancy Lanis Curative Health Services
    7. 7. Sarbanes Oxley Act Overview-Corporate Governance and Disclosures <ul><li>Sarbanes-Oxley Act of 2002 (“SOA”) enacted July 30, 2002 </li></ul><ul><li>Corporate scandals (Enron, WorldCom) provided impetus for Congress to act quickly </li></ul><ul><li>SOA approved by near unanimous vote in Congress (vote of 99-0 in the Senate and 423-3 in the House) </li></ul><ul><li>Fast pace of approval likely to result in need for numerous interpretations and explanations </li></ul><ul><li>Potential for far reaching impact on Corporate Governance and Conduct, Financial Reporting and the Public Accounting Profession </li></ul><ul><li>Also impacts legal community and investment banking analysts </li></ul>Curative Health Services
    8. 8. Sarbanes Oxley Act Overview- Corporate Governance and Disclosures (cont.) <ul><li>Several provisions of the SOA require detailed regulations by the SEC and other regulatory bodies </li></ul><ul><li>SOA aims to restore investor confidence in financial reporting and public capital markets </li></ul><ul><li>Broadly speaking the Act’s provisions seem to be built around the following principles: </li></ul><ul><ul><ul><li>Integrity </li></ul></ul></ul><ul><ul><ul><li>Independence </li></ul></ul></ul><ul><ul><ul><li>Proper Oversight </li></ul></ul></ul><ul><ul><ul><li>Accountability </li></ul></ul></ul><ul><ul><ul><li>Strong Internal Controls </li></ul></ul></ul><ul><ul><ul><li>Transparency </li></ul></ul></ul><ul><ul><ul><li>Deterrence </li></ul></ul></ul>Curative Health Services
    9. 9. NYSE and NASDAQ Listing Requirements Overview- Corporate Governance and Disclosures <ul><li>Board of Directors of NYSE approved new proposals in August, 2002 </li></ul><ul><li>Board of Directors of NASDAQ approved new proposals in May and July, 2002; Summary issued 10/10/02; Bulletin/New rule proposals issued 1/6/03 </li></ul><ul><ul><ul><li>Heightened Corporate Governance standards through additional listing requirements </li></ul></ul></ul><ul><ul><ul><li>Some additional requirements beyond SOA requirements </li></ul></ul></ul><ul><ul><ul><li>SEC, after public comment period, will vote to approve proposals </li></ul></ul></ul><ul><ul><ul><li>SEC voiced intent to combine NYSE and NASDQ requirements </li></ul></ul></ul>Curative Health Services
    10. 10. The Impact of New Standards on Compliance Programs and Corporate Governance Nancy Lanis Curative Health Services
    11. 11. Practical Impact- Disclosures and the Integrity Chain <ul><li>Intended to provide more reliable, timely and useful information to investors </li></ul><ul><li>Requirements span the reporting supply chain, reinforce accountability </li></ul><ul><li>Requirements affecting Senior Executives, Individual Directors </li></ul><ul><li>Requirements affecting the Board of Directors and Board Committees </li></ul><ul><li>Requirements affecting outside Auditors </li></ul>Curative Health Services
    12. 12. Requirements Affecting Senior Executives, Individual Directors <ul><li>CEO/CFO Certifications to assure accuracy, completeness and timeliness (separate civil, criminal certifications) (see appendix) </li></ul><ul><li>Establish and assess disclosure controls and procedures for collecting, processing and disclosing information required to be disclosed in periodic reports (10K, 10Q, 8-K) (current requirement); internal control reports in annual reports (fiscal years post 9/15/03) </li></ul><ul><li>Accelerated reporting by Executive Officers and Directors (2 days) </li></ul><ul><li>Code of Ethics, Senior Financial Officers (Disclose in 10K after 1/26/03) </li></ul><ul><li>Clawbacks for CEO/CFO bonus, stock sales profits if company’s financial statements are restated due to misconduct (12 months from 1 st disclosure) </li></ul>Curative Health Services
    13. 13. Requirements Affecting Senior Executives, Individual Directors (cont’d) <ul><li>Additional disclosure issues </li></ul><ul><ul><ul><li>Off-balance sheet transactions, contractual commitments, and contingent liabilities ( Q1 ‘03) </li></ul></ul></ul><ul><ul><ul><li>Pro forma (non-GAAP) information- quantitative reconciliation (Q1 ‘03) </li></ul></ul></ul><ul><ul><ul><li>Earnings releases; other material, non-public information about annual/quarterly fiscal periods on Form 8-K (Q1 ‘03) </li></ul></ul></ul><ul><ul><ul><li>Additional (and accelerated) Form 8-K events (SEC proposed 6/02) </li></ul></ul></ul><ul><ul><ul><li>MD&A critical accounting policies (SEC proposed 5/02) </li></ul></ul></ul><ul><ul><ul><li>SHS approve equity-based compensation plans (NYSE/NASD 10/02 filings with SEC) </li></ul></ul></ul><ul><ul><ul><li>Company web-site address </li></ul></ul></ul><ul><ul><ul><li>New filings deadlines- Forms 10K and 10Q (‘04) </li></ul></ul></ul><ul><li>No improper influence of Auditors (SEC proposed 10/02; effective Q1 ‘03) </li></ul><ul><li>Trading restrictions for Executive Officers and Directors- benefit plan blackout periods </li></ul>Curative Health Services
    14. 14. Requirements Affecting Senior Executives, Individual Directors (cont’d) <ul><ul><li>Code of Ethics (NASDAQ-6 months post SEC approval) </li></ul></ul><ul><ul><ul><li>CEO, CFO, principal accounting officer or Controller, similar functions </li></ul></ul></ul><ul><ul><ul><li>Exhibit to annual report </li></ul></ul></ul><ul><ul><ul><li>SOA Disclosure obligation only; (NYSE and NASD propose requirement) </li></ul></ul></ul><ul><ul><ul><li>Content </li></ul></ul></ul><ul><ul><ul><ul><li>honest and ethical conduct </li></ul></ul></ul></ul><ul><ul><ul><ul><li>avoidance of conflicts of interest </li></ul></ul></ul></ul><ul><ul><ul><ul><li>full, fair, accurate, timely, understandable disclosures </li></ul></ul></ul></ul><ul><ul><ul><ul><li>compliance with applicable laws, rules and regulations </li></ul></ul></ul></ul><ul><ul><ul><ul><li>prompt internal reporting of code violations </li></ul></ul></ul></ul><ul><ul><ul><ul><li>accountability for adherence </li></ul></ul></ul></ul><ul><ul><ul><li>Form 8-K disclosure of modifications, waivers (NYSE/NASD propose require disclose waivers) </li></ul></ul></ul>Curative Health Services
    15. 15. Requirements Affecting Board of Directors, Board Committees <ul><li>Corporate Governance requirements affecting full Board of Directors </li></ul><ul><li>Audit Committee oversight, composition/integrity, reporting mechanism, pre-approvals </li></ul><ul><ul><ul><li>Audit Committee and independent Auditors seen as key to restoring faith in the process of financial reporting and oversight </li></ul></ul></ul><ul><ul><ul><li>Audit Committee will have enhanced role in Corporate Governance </li></ul></ul></ul><ul><li>Bans on loans to Executive Officers/Directors (Compensation Committee) </li></ul>Curative Health Services
    16. 16. Requirements Affecting Board of Directors, Board Committees (cont’d) <ul><li>Corporate Governance Requirements Affecting Full Board: </li></ul><ul><li>Current NYSE/NASDAQ proposals (SEC may combine): </li></ul><ul><ul><ul><li>Majority of independent directors (NYSE- within 24 months SEC approval) (NASDQ-1 st annual meeting after 1/1/04) </li></ul></ul></ul><ul><ul><ul><li>Regularly convened executive sessions (independent Directors only) (NYSE/NASDAQ-6 months from SEC approval) </li></ul></ul></ul>Curative Health Services
    17. 17. Requirements Affecting Board of Directors, Board Committees (cont’d) <ul><li>Corporate Governance (Proposed) Requirements Affecting Full Board: </li></ul><ul><li>Independent Director standards will be increased (for example): </li></ul><ul><ul><li>NASDAQ </li></ul></ul><ul><ul><ul><li>No family member employed as executive officer in past 3 years </li></ul></ul></ul><ul><ul><ul><li>No former outside auditor partner/employee during last 3 years </li></ul></ul></ul><ul><ul><ul><li>No interlocking compensation committee issue during past 3 years </li></ul></ul></ul><ul><ul><ul><li>Not-for-profits covered if size tests met </li></ul></ul></ul><ul><ul><ul><li>Director or family member may not receive any payments >$60,000 other than for board service </li></ul></ul></ul><ul><ul><li>NYSE </li></ul></ul><ul><ul><ul><li>Similar requirements; but 5 year cooling off periods </li></ul></ul></ul><ul><ul><ul><li>Board must affirmatively determine no material relationship with company and disclose determination </li></ul></ul></ul>Curative Health Services
    18. 18. Requirements Affecting Board of Directors, Board Committees (cont’d) <ul><li>Additional Corporate Governance (Proposed) Requirements: </li></ul><ul><ul><ul><li>Independent Director approval of Director nominations </li></ul></ul></ul><ul><ul><ul><li>Adopt/disclose code of business conduct and ethics </li></ul></ul></ul><ul><ul><ul><li>SH approval for adoption/material modification of stock option plans </li></ul></ul></ul><ul><ul><ul><li>Independent Director approval of CEO and Executive Management compensation (NASDAQ) </li></ul></ul></ul><ul><ul><ul><li>Director Continuing Education to be mandated (NASDAQ) </li></ul></ul></ul><ul><ul><ul><li>Material misrepresentation/omission to NASDAQ may be basis for delisting (NASDAQ) </li></ul></ul></ul><ul><ul><ul><li>Nominating/Governance Committee Charter (NYSE) </li></ul></ul></ul><ul><ul><ul><li>Compensation Committee Charter (NYSE) </li></ul></ul></ul><ul><ul><ul><li>Adopt/disclose Corporate Governance guidelines (NYSE) </li></ul></ul></ul><ul><ul><ul><li>Annual CEO disclosure not aware of listing violation (NYSE) </li></ul></ul></ul>Curative Health Services
    19. 19. Audit Committee Oversight <ul><li>Increased Audit Committee Oversight Responsibilities: </li></ul><ul><ul><ul><li>Directly responsible for “appointment, compensation and oversight” of independent Auditors (SOA);) Have sole authority to appoint, compensate and oversee outside Auditor (NASDAQ) </li></ul></ul></ul><ul><ul><ul><li>Approve, in advance, the provision by the Auditor of all permissible non-audit services </li></ul></ul></ul><ul><ul><ul><li>Authority to engage and determine funding for independent counsel and other advisors; company must provide funding </li></ul></ul></ul><ul><ul><ul><li>Have a written charter (NYSE)(NASDAQ- 6 months post SEC approval) </li></ul></ul></ul>Curative Health Services
    20. 20. Audit Committee Oversight (cont’d) <ul><ul><ul><li>At least annually, obtain and review a report by the independent Auditor describing the firm’s internal quality control procedures; any material issues raised by the most recent internal quality control review, peer review or any inquiry or investigation within the preceding five years and assess the Auditor’s independence with respect to all relationships between the independent Auditor and the company (NYSE) </li></ul></ul></ul><ul><ul><ul><li>Discuss annual and quarterly financial statements with management and independent Auditor, including MD&A (NYSE) </li></ul></ul></ul><ul><ul><ul><li>Establish complaint reporting procedures/mechanism </li></ul></ul></ul><ul><ul><ul><li>Audit Committee must review and approve all related-party transactions (NASDAQ) </li></ul></ul></ul><ul><ul><ul><li>Additional NYSE requirements (e.g., discussing risk assessment and risk management) </li></ul></ul></ul>Curative Health Services
    21. 21. Audit Committee Composition <ul><ul><li>Independence </li></ul></ul><ul><ul><ul><li>Audit Committee member not to receive any compensation other than for board or committee service </li></ul></ul></ul><ul><ul><ul><li>Audit Committee member may not be affiliate of the company or its subsidiary (NASDAQ= own/control >20% voting stock ) </li></ul></ul></ul><ul><ul><ul><li>NASDAQ </li></ul></ul></ul><ul><ul><ul><li>Limit time non-independent Audit Committee members can serve to 2 years; prohibited from serving as chair. Cannot be company employee/family member; affirmative board determination required that in best company interests; disclosure requirements </li></ul></ul></ul>Curative Health Services
    22. 22. Audit Committee Composition (cont’d) <ul><ul><li>Financial Expertise </li></ul></ul><ul><ul><ul><li>Audit Committee must include at least one “financial expert.”(SOA-disclosure requirement in 10K after 1/26/03)(NYSE/NASD require) </li></ul></ul></ul><ul><ul><ul><li>All Audit Committee members must be able to read and understand financial statements (NYSE/NASDAQ- at time of appointment) </li></ul></ul></ul><ul><ul><ul><li>At least one member of the Audit Committee must have accounting or related financial management expertise (NYSE); consider education and experience as public accountant or Auditor or public company CFO, Controller, and sufficient financial expertise in the accounting and auditing areas specified in SOA (NASDAQ) </li></ul></ul></ul>Curative Health Services
    23. 23. Audit Committee Reporting Mechanism <ul><li>Complaint Procedures: </li></ul><ul><ul><ul><li>Must establish procedures for receipt, retention and treatment of complaints regarding accounting, internal accounting controls and auditing issues. </li></ul></ul></ul><ul><ul><ul><ul><li>Implies reporting mechanism, record-keeping and responsive actions </li></ul></ul></ul></ul><ul><ul><ul><li>Provide mechanism for employees to submit concerns on a confidential, anonymous basis regarding questionable auditing or accounting matters. </li></ul></ul></ul>Curative Health Services
    24. 24. Audit Committee Pre-approvals <ul><ul><li>Must pre-approve any non-auditing service to be performed by outside auditors (but certain services prohibited- see next slide) </li></ul></ul><ul><ul><li>Disclose such non-auditing approvals in periodic reports (10K, 10Q) </li></ul></ul>Curative Health Services
    25. 25. Requirements Affecting Outside Auditors <ul><li>New Auditor Independence Requirements </li></ul><ul><li>Registered public accounting firms will be prohibited from providing eight types of non-audit services to audit clients: </li></ul><ul><ul><ul><li>Bookkeeping or other services related to company’s accounting records or financial statements </li></ul></ul></ul><ul><ul><ul><li>Financial information systems design and implementation </li></ul></ul></ul><ul><ul><ul><li>Appraisal or valuation services, fairness opinions </li></ul></ul></ul><ul><ul><ul><li>Actuarial services </li></ul></ul></ul><ul><ul><ul><li>Internal audit outsourcing services </li></ul></ul></ul><ul><ul><ul><li>Management functions or human resources </li></ul></ul></ul><ul><ul><ul><li>Broker or dealer, investment adviser or investment banking services </li></ul></ul></ul><ul><ul><ul><li>Legal services and expert services unrelated to the audit </li></ul></ul></ul><ul><ul><ul><li>Any other service determined to be impermissible by the future Public Company Accounting Oversight Board </li></ul></ul></ul>Curative Health Services
    26. 26. Requirements affecting Outside Auditors (cont’d) <ul><li>Public Company Accounting Oversight Board established </li></ul><ul><ul><ul><li>Oversight of audit of public companies, protect investor interests </li></ul></ul></ul><ul><ul><ul><li>Responsibilities include: </li></ul></ul></ul><ul><ul><ul><ul><li>Register and inspect public accounting firms </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Set standards for outside Auditors </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Enforce compliance with SOA </li></ul></ul></ul></ul><ul><ul><ul><li>Not a government agency; First meeting held January, 2003 </li></ul></ul></ul><ul><ul><ul><li>5 members (only 2 CPAs) </li></ul></ul></ul>Curative Health Services
    27. 27. Requirements Affecting Outside Auditors (cont’d) <ul><li>Mandatory Auditor rotation: Partner cannot be lead or review partner for more than 5 consecutive years </li></ul><ul><li>Outside Auditor must timely report to Audit Committee: </li></ul><ul><ul><ul><li>All critical accounting policies and practices to be used in financial reports </li></ul></ul></ul><ul><ul><ul><li>All alternative treatments of financial information within GAAP that have been discussed with management, ramifications of their use, and treatment preferred by the Auditor </li></ul></ul></ul><ul><ul><ul><li>Other material written communications with management </li></ul></ul></ul>Curative Health Services
    28. 28. Provisions Affecting Board Compensation Committees <ul><li>Prohibitions on loans to top management and Directors: </li></ul><ul><ul><ul><li>Public companies now prohibited from directly or indirectly making personal loans to Executive Officers </li></ul></ul></ul><ul><ul><ul><li>Elimination of other types of loan-related “sweetheart deals” for Executive Officers </li></ul></ul></ul><ul><ul><li>Covers company and subsidiaries </li></ul></ul><ul><ul><li>Grandfathers loans outstanding prior to 7/30/02 (but no material modifications or extensions) </li></ul></ul>Curative Health Services
    29. 29. Recommended Actions to Enhance Compliance- Specific Steps <ul><li>Assess/document P&P, processes already in place; determine gaps requiring new standards </li></ul><ul><li>Develop and implement new standards </li></ul><ul><li>Communicate to and train appropriate individuals </li></ul><ul><ul><ul><li>Board of Directors </li></ul></ul></ul><ul><ul><ul><li>Senior Management </li></ul></ul></ul><ul><ul><ul><li>Compliance Officer </li></ul></ul></ul><ul><ul><ul><li>Other Employees </li></ul></ul></ul><ul><ul><li>Enhance reporting mechanism (ensure Audit Committee link) </li></ul></ul>Curative Health Services
    30. 30. Recommended Actions to Enhance Compliance- Specific Steps (cont’d) <ul><li>Consider/clarify relationship of Internal Audit/Public Reporting Compliance Coordinator, Compliance Officer, Compliance Committee, Board and Board Committee Oversight </li></ul><ul><li>Consider/incorporate auditing, monitoring approaches in compliance program </li></ul><ul><li>Opportunity to consider/incorporate overall risk assessment and risk management </li></ul><ul><li>Incorporate responsive actions in compliance program </li></ul>Curative Health Services
    31. 31. Recommended Actions to Enhance Compliance- Specific Steps (cont’d) <ul><li>Financial and Disclosure controls: </li></ul><ul><ul><ul><li>Develop timeline/calendar for preparing annual/quarterly reports, distribute to Management, Directors, Legal Counsel and Auditors </li></ul></ul></ul><ul><ul><ul><li>Prepare Disclosure Guidelines </li></ul></ul></ul><ul><ul><ul><ul><li>Assess/document P&P, processes already in place </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Review/research disclosure rules to assure all covered in process; review industry information- competitor reports, analyst research reports (identify issues that be material to investing public); determine gaps requiring new P&P </li></ul></ul></ul></ul>Curative Health Services
    32. 32. Recommended Actions to Enhance Compliance- Specific Steps (cont’d) <ul><li>Financial and Disclosure controls: </li></ul><ul><ul><ul><li>Prepare Disclosure Guidelines (continued) </li></ul></ul></ul><ul><ul><ul><ul><li>Identify appropriate individuals to involve in process- principal accounting officer/controller, risk management, investor relations, compliance officer, in-house counsel, business unit heads, subsidiary parallel positions, CEO/CFO review </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Assign responsibility to appropriate specific individuals </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Consider appropriate oversight and disclosure mechanisms- e.g., checklists, form Disclosure Committee </li></ul></ul></ul></ul>Curative Health Services
    33. 33. Recommended Actions to Enhance Compliance- Specific Steps (cont’d) <ul><li>Financial and Disclosure controls: </li></ul><ul><ul><ul><li>Prepare Disclosure Guidelines (continued) </li></ul></ul></ul><ul><ul><ul><ul><li>Back-up certifications by key individuals </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Consider parallel clawbacks in event of material restatement </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Legal Counsel review of reports </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Outside Auditor/Audit Committee roles, including review </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Document meetings, reviews, approvals/pre-approvals </li></ul></ul></ul></ul><ul><ul><ul><li>Review/revise Audit Committee charter </li></ul></ul></ul>Curative Health Services
    34. 34. Discussion <ul><li>Compliance Officers’ Brave New World? Familiarity with Financial and Disclosure Controls? </li></ul><ul><li>Respective roles of Compliance Officer, Internal Audit, Disclosure Committee, Compliance Committee, Board Committees (Audit, Governance, Compliance), CFO, Legal Counsel </li></ul><ul><ul><ul><li>How many have Board Compliance Committees? </li></ul></ul></ul><ul><li>Hotlines/reporting mechanisms- how many already include accounting, internal accounting controls, auditing issues? </li></ul><ul><li>Can Auditor also provide CIA IRO services? </li></ul><ul><li>Risk Assessment/risk management relationship with Compliance officer/compliance policies </li></ul>Curative Health Services
    35. 35. APPENDIX Reporting & Internal Controls
    36. 36. Act Imposes Important Reporting Requirements on Management <ul><ul><li>Section 302 (and related SEC rule) (Civil)– CEO/CFO Must Certify Quarterly and Annually that: </li></ul></ul><ul><ul><li>SEC report being filed has been reviewed </li></ul></ul><ul><ul><li>Report does not contain any untrue statements or omit any material facts necessary to make the statements made not misleading </li></ul></ul><ul><ul><li>Financial statements fairly present, in all material respects, the financial position, results of operations and cash flows </li></ul></ul><ul><ul><li>He/she is responsible for and has designed, established, and maintained Disclosure Controls & Procedures (“DC&P”), as well as evaluated and reported on the effectiveness of those controls and procedures within 90 days of the report filing date </li></ul></ul><ul><ul><li>Deficiencies and material weaknesses in internal control have been disclosed to Audit Committee and auditors, as well as any fraud (material or not) involving anyone with a significant role in internal control </li></ul></ul><ul><ul><li>Significant changes in internal control affecting controls for periods beyond review have been reported in the certification, including any corrective actions with regard to significant deficiencies and material weaknesses </li></ul></ul><ul><ul><li>Note: Individual certifications above and any corresponding disclosure requirements have various effective dates beginning with filings made after August 29, 2002. </li></ul></ul>PricewaterhouseCoopers LLP
    37. 37. Act Imposes Important Reporting Requirements on Management (continued) <ul><li>Section 404 – Management Must Assess Internal Controls Annually </li></ul><ul><li>(Effective date pending) </li></ul><ul><ul><li>Internal control report states management’s responsibility for establishing and maintaining adequate internal control structure and procedures for financial reporting </li></ul></ul><ul><ul><li>Management must assess effectiveness of internal control structure and procedures for financial reporting as of the end of the most recent fiscal year </li></ul></ul><ul><ul><li>Attestation by external auditor (Section 404 and 103) </li></ul></ul><ul><ul><li>Section 906 (Criminal) – CEO/CFO Must Certify that Periodic Financial Reports </li></ul></ul><ul><ul><li>(Effective July 30, 2002) </li></ul></ul><ul><ul><li>Fully comply with 34 Act and information fairly presents financial condition and results of operations </li></ul></ul>PricewaterhouseCoopers LLP
    38. 38. <ul><li>Recent CEO/CFO certifications filed with the SEC (either in respect of its “one time” Order or pursuant to Section 906) do not contain any explicit assertions about internal controls. As Section 302 and 404 provisions require certification or assessment of specified controls, companies will need to assess the implications of these expanded reporting responsibilities, and determine the nature of any additional steps that should be taken in response thereto. </li></ul>Cautionary Note PricewaterhouseCoopers LLP
    39. 39. General Rather Than Specific Requirements Have Been Established <ul><li>Management must determine for themselves the structure, approach and level of documentation and formalization that gives the CEO/CFO the requisite basis (and confidence) to provide Section 302 quarterly certifications. </li></ul><ul><li>The SEC provides a definition of Disclosure Controls and Procedures and related objectives but does not outline specific requirements, other than recommending the establishment of a disclosure committee. </li></ul><ul><li>In general, the new certification requirements may require some companies to formalize control structures, enhance controls and establish monitoring programs to enable CEOs and CFOs to make their evaluations and report their conclusions. </li></ul>The SEC expects that each company will develop a process that is consistent with its business and internal management and supervisory practices. PricewaterhouseCoopers LLP
    40. 40. Understanding Requirements for Disclosure Controls and Procedures <ul><li>The SEC defines DC&P as follows: </li></ul><ul><ul><li>Controls and other procedures of an issuer that are designed to ensure that information required to be disclosed by the issuer in the reports filed or submitted by it under the Exchange Act is recorded, processed, summarized and reported, within the time periods specified in the Commission's rules and forms. &quot;Disclosure controls and procedures” include, without limitation, controls and procedures designed to ensure that information required to be disclosed by an issuer in its Exchange Act reports is accumulated and communicated to the issuer's management, including its principal executive and financial officers, as appropriate to allow timely decisions regarding required disclosure . </li></ul></ul><ul><ul><li>In this regard, the SEC intends that companies maintain controls and procedures (commensurate with those already required with respect to financial reporting ) for gathering, analyzing and disclosing all information – BOTH financial and non-financial – that is required to be disclosed in specified and periodic filings. </li></ul></ul>PricewaterhouseCoopers LLP
    41. 41. Special Issues for Lawyers and Compliance Officials Michael L. Shaw PricewaterhouseCoopers LLP
    42. 42. Special Issues for Lawyers and Compliance Officials <ul><li>Document retention and destruction </li></ul><ul><li>Whistleblowers protection </li></ul><ul><li>Attorney reporting responsibilities </li></ul><ul><li>Increased enforcement penalties </li></ul>PricewaterhouseCoopers LLP
    43. 43. Documents (cont’d) <ul><li>18 U.S.C. § 1519: “Whoever knowingly alters, destroys . . . with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any [U.S.] department or agency . . . or in relation to or contemplation of any such matter or case . . .” </li></ul><ul><li>Highlighted language raises questions: </li></ul><ul><ul><ul><li>Could common document retention/destruction policies result in violations where they call for destruction of documents relevant to a matter that could arise in the future? </li></ul></ul></ul><ul><ul><ul><li>Potential problem if a document retention program is set up with the intent to avoid future Government liability. </li></ul></ul></ul>PricewaterhouseCoopers LLP
    44. 44. Documents (cont’d) <ul><li>Need to develop a business justification for every element of the document destruction plan </li></ul><ul><li>Document destruction program should exempt from destruction all documents that could be used in future investigations </li></ul><ul><li>Company’s e-mail policy and document retention policies should be reviewed and revised to accord with new statutory requirements. </li></ul>PricewaterhouseCoopers LLP
    45. 45. SEC Lawyers <ul><li>New Lawyer Disclosure Obligation: SEC to issue rules within 180 days setting minimum standards for lawyers appearing/practicing before the SEC (Sec. 307) </li></ul><ul><li>Two-tiered disclosure obligation: </li></ul><ul><ul><ul><li>(1) Rules will require in-house and outside counsel to report securities law violations to company’s CEO or chief legal officer; </li></ul></ul></ul><ul><ul><ul><li>(2) If they don’t respond appropriately, lawyer must report directly to Board of Directors or designated Board committee </li></ul></ul></ul>PricewaterhouseCoopers LLP
    46. 46. SEC Lawyers (cont’d) <ul><li>Materiality standard : SEC is to adopt rule “requiring an attorney to report evidence of a material violation of securities law or breach of fiduciary duty or similar violation by the company or any agent thereof ” </li></ul><ul><li>Good news </li></ul><ul><ul><ul><li>“ Materiality” limitation </li></ul></ul></ul><ul><ul><ul><li>No reporting outside the company is required </li></ul></ul></ul><ul><li>Troublesome issues: </li></ul><ul><ul><ul><li>“ Practicing before the Commission” is a broad standard; will probably include work on registration statements </li></ul></ul></ul><ul><ul><ul><li>What kind of “evidence” should an attorney have? </li></ul></ul></ul>PricewaterhouseCoopers LLP
    47. 47. SEC Lawyers (cont’d) <ul><ul><ul><li>What is a “similar violation?” </li></ul></ul></ul><ul><ul><ul><li>What is an “inappropriate” response on the part of the CEO or Chief Legal Officer, that would require the attorney to go to the Audit Committee or full Board? </li></ul></ul></ul><ul><ul><ul><li>What if the Audit Committee or Board are complicit in the wrongdoing, or refuse to take remedial action? </li></ul></ul></ul><ul><li>Legal department may want to articulate and disseminate standards to staff as to when they must come forward to the General Counsel </li></ul>PricewaterhouseCoopers LLP
    48. 48. Whistleblowers (cont’d) <ul><li>Sweeping new protections for whistleblowers-- </li></ul><ul><ul><li>Modeled after protections for airline employees reporting safety violations </li></ul></ul><ul><li>Two new criminal provisions to protect whistleblowers </li></ul><ul><ul><li>18 U.S.C. § 1513 </li></ul></ul><ul><ul><li>18 U.S.C. § 1514A </li></ul></ul>PricewaterhouseCoopers LLP
    49. 49. Whistleblowers (cont’d) <ul><li>18 U.S.C. § 1513: “Whoever knowingly, with the intent to retaliate, takes any action harmful to any person . . . for providing to a law enforcement officer any truthful information relating to the commission or possible commission of any Federal offense . . .” </li></ul><ul><li>Elements added to 18 U.S.C. § 1513(e): </li></ul><ul><ul><ul><li>Knowing and intentional action to retaliate </li></ul></ul></ul><ul><ul><ul><li>Against any person (not just an employee) </li></ul></ul></ul><ul><ul><ul><li>Providing truthful information relating to commission or possible commission </li></ul></ul></ul><ul><ul><ul><li>A law enforcement official (not just a Federal agent) </li></ul></ul></ul><ul><ul><ul><li>Regarding any Federal offense </li></ul></ul></ul>PricewaterhouseCoopers LLP
    50. 50. Whistleblowers (cont’d) <ul><li>Elements of 18 U.S.C. § 1514A: </li></ul><ul><ul><ul><li>Prohibits a company from sanctioning an employee because of any lawful act to provide information about “fraud against shareholders” to (1) a Federal agency, (2) Congress, or (3) employee’s supervisor. </li></ul></ul></ul><ul><ul><ul><li>Authorizes civil action for damages and equitable relief, including reinstatement, back pay, attorneys’ fees, etc. </li></ul></ul></ul><ul><ul><ul><li>90-day statute of limitations: employee must file claim within 90 days of retaliation. </li></ul></ul></ul><ul><ul><ul><li>Provision construed narrowly: applies only to information provided in connection with an ongoing proceeding. </li></ul></ul></ul>PricewaterhouseCoopers LLP
    51. 51. New Felonies and Increased Criminal Penalties <ul><li>Substantive new offenses added by the Act: </li></ul><ul><ul><ul><li>18 U.S.C. § 1348: Scheme or artifice to defraud </li></ul></ul></ul><ul><ul><ul><li>18 U.S.C. § 1350: Knowing violations involving new CEO/CFO certifications </li></ul></ul></ul><ul><li>Enhanced Penalties: </li></ul><ul><ul><ul><li>Multiple directives to U.S. Sentencing Commission to boost penalties for obstruction of justice, criminal fraud, accounting and securities fraud, and the new “white collar” provisions in the Act related to document destruction or tampering </li></ul></ul></ul>PricewaterhouseCoopers LLP
    52. 52. New Felonies and Increased Criminal Penalties (cont’d) <ul><ul><ul><li>Enhanced penalties for conspiracies (from 5 years to same level as underlying offense) </li></ul></ul></ul><ul><ul><ul><li>Stiffer penalties for criminal ERISA violations </li></ul></ul></ul><ul><ul><ul><li>Doubles the penalties for criminal violations of Securities Act of 1934 </li></ul></ul></ul>PricewaterhouseCoopers LLP
    53. 53. Intersection with Compliance Programs and Internal Control Concepts Michael L. Shaw PricewaterhouseCoopers LLP
    54. 54. Intersection with Elements of a Compliance Program <ul><li>Federal Sentencing Guidelines </li></ul><ul><li>Experience from other industry sectors </li></ul><ul><li>OIG Compliance Program Guidance </li></ul>Standards and Procedures Oversight Responsibility Education and Training Lines of Communication Monitoring and Auditing Enforcement and Discipline Response and Prevention PricewaterhouseCoopers LLP
    55. 55. Intersection with Elements of a Compliance Program <ul><li>Code of Conduct </li></ul><ul><li>Commitment by senior management </li></ul><ul><li>Distribution to applicable employees and contractors </li></ul><ul><li>Updating to address new risks </li></ul><ul><li>Values approach </li></ul><ul><li>Records retention </li></ul>Standards and Procedures Oversight Responsibility Education and Training Lines of Communication Monitoring and Auditing Enforcement and Discipline Response and Prevention PricewaterhouseCoopers LLP
    56. 56. Intersection with Elements of a Compliance Program <ul><li>High-level involvement </li></ul><ul><li>Responsibility for developing, operating, and monitoring the compliance program </li></ul><ul><li>Direct access to Board and/or CEO </li></ul><ul><li>Updates to Board and/or CEO </li></ul><ul><li>Operational Committee </li></ul>Standards and Procedures Oversight Responsibility Education and Training Lines of Communication Monitoring and Auditing Enforcement and Discipline Response and Prevention PricewaterhouseCoopers LLP
    57. 57. Intersection with Elements of a Compliance Program <ul><li>General and specific training sessions on a periodic basis </li></ul><ul><li>Cover commitment, reinforce policies and procedures, and address risks </li></ul><ul><li>Conducted for applicable employees and contractors </li></ul><ul><li>Documentation of training efforts </li></ul>Standards and Procedures Oversight Responsibility Education and Training Lines of Communication Monitoring and Auditing Enforcement and Discipline Response and Prevention PricewaterhouseCoopers LLP
    58. 58. Intersection with Elements of a Compliance Program Standards and Procedures Oversight Responsibility Education and Training Lines of Communication Monitoring and Auditing Enforcement and Discipline Response and Prevention <ul><li>Hotlines </li></ul><ul><li>Exit interviews </li></ul><ul><li>Periodic surveys </li></ul><ul><li>Supervisor accountability </li></ul><ul><li>Documentation of issues identified and resolved </li></ul><ul><li>Periodic reports on issues handled </li></ul><ul><li>Non-retaliation policy </li></ul>PricewaterhouseCoopers LLP
    59. 59. Intersection with Elements of a Compliance Program Standards and Procedures Oversight Responsibility Education and Training Lines of Communication Monitoring and Auditing Enforcement and Discipline Response and Prevention <ul><li>Internal or external evaluators to perform regular reviews </li></ul><ul><li>Focus on high-risk areas </li></ul><ul><li>Validation of policies and procedures </li></ul><ul><li>Qualifications of reviewers </li></ul><ul><li>Corrective action in response to audit results </li></ul><ul><li>Monitoring and reporting of audit efforts </li></ul>PricewaterhouseCoopers LLP
    60. 60. Intersection with Elements of a Compliance Program Standards and Procedures Oversight Responsibility Education and Training Lines of Communication Monitoring and Auditing Enforcement and Discipline Response and Prevention <ul><li>Consequences of violating the law, the Code of Conduct, or policies and procedures </li></ul><ul><li>Violations reviewed and resolved on a case-by-case basis </li></ul><ul><li>Consistent disciplinary action </li></ul><ul><li>Confidentiality </li></ul><ul><li>Periodic reports of action taken </li></ul>PricewaterhouseCoopers LLP
    61. 61. Intersection with Elements of a Compliance Program Standards and Procedures Oversight Responsibility Education and Training Lines of Communication Monitoring and Auditing Enforcement and Discipline Response and Prevention <ul><li>P rompt investigations of reasonable allegations of suspected noncompliance </li></ul><ul><li>Decisive steps to correct problems identified </li></ul><ul><li>Reporting to Government when appropriate under the advice of legal counsel </li></ul>PricewaterhouseCoopers LLP
    62. 62. Addressing DC&P Requirements Internal Accounting Controls Disclosure Requirements Financial Reporting Compliance Operations Internal Controls Over Financial Reporting Disclosure Controls and Procedures Other aspects of Compliance and Operations pertaining to DC&P LEGEND
    63. 63. Operationalizing the Control Structure, Including the Certification Effort
    64. 64. <ul><li>COSO defines internal controls as a process effected by an entity’s Board of Directors, Management and other personnel, designed to provide reasonable assurance regarding achievement of the objectives in each of the following categories: </li></ul><ul><ul><ul><li>Effectiveness & Efficiency of Operations </li></ul></ul></ul><ul><ul><ul><li>Reliability of Financial Reporting </li></ul></ul></ul><ul><ul><ul><li>Compliance with Applicable Laws and Regulations </li></ul></ul></ul>What are ‘Internal Controls’? 5 What are Internal Controls? PricewaterhouseCoopers LLP
    65. 65. The Five Components under the COSO Framework <ul><li>Control Activities </li></ul><ul><li>Policies/procedures that ensure management directives are carried out. </li></ul><ul><li>Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties. </li></ul><ul><li>Monitoring </li></ul><ul><li>Assessment of a control system’s performance over time. </li></ul><ul><li>Combination of ongoing and separate evaluation. </li></ul><ul><li>Management and supervisory activities. </li></ul><ul><li>Internal audit activities. </li></ul><ul><li>Control Environment </li></ul><ul><li>Sets tone of organization-influencing control consciousness of its people. </li></ul><ul><li>Factors include integrity, ethical values, competence, authority, responsibility. </li></ul><ul><li>Foundation for all other components of control. </li></ul><ul><li>Information and Communication </li></ul><ul><li>Pertinent information identified, captured and communicated in a timely manner. </li></ul><ul><li>Access to internally and externally generated information. </li></ul><ul><li>Flow of information that allows for successful control actions from instructions on responsibilities to summary of findings for management action. </li></ul><ul><li>Risk Assessment </li></ul><ul><li>Risk assessment is the identification and analysis of relevant risks to achieving the entity’s objectives-forming the basis for determining control activities. </li></ul>All five components must be in place for a control to be effective. 6 The Five Components under the COSO Framework PricewaterhouseCoopers LLP
    66. 66. Benefits of the New Law <ul><ul><li>Increased confidence of CEO/CFO in meeting reporting requirements </li></ul></ul><ul><ul><li>Improved coordination of Company Management Team </li></ul></ul><ul><ul><li>Improved and clarified Corporate Governance process </li></ul></ul><ul><ul><li>Systematized process for early identification of business risks/ whistle blowing issues/incident management </li></ul></ul><ul><ul><li>Systematized approach to dealing with change (i.e., transactions, personnel, accounting principles, internal controls and operating procedures) </li></ul></ul><ul><ul><li>Increased operational effectiveness </li></ul></ul>PricewaterhouseCoopers LLP
    67. 67. Final Observation <ul><ul><li>The Sarbanes-Oxley legislation has established a new paradigm for corporate responsibility, accountability, transparency, and behavior. Responsibilities of some parties have increased; while those of others have been made more explicit. And the Act has established a new standard for companies regarding the reporting of internal control effectiveness. </li></ul></ul>Good internal controls are not just a best practice……the Act reinforces them in the Law! PricewaterhouseCoopers LLP
    68. 68. Compliance Programs – The Missing Link Jody Ann Noon, RN, JD
    69. 69. Complex Processes and Organizational Models <ul><li>The Health Care & Life Sciences Industry faces an ever-changing spectrum of risks: </li></ul><ul><li>Who is responsible for managing risks related to each activity? What should be done to plug any gaps? </li></ul><ul><li>What are the mechanisms for escalating emerging risks? </li></ul><ul><li>Who monitors risk management activities to ensure they are effective? </li></ul>
    70. 70. Scope of Compliance Health & Safety Corporate Governance <ul><ul><li>Medicare </li></ul></ul><ul><ul><li>Medicaid </li></ul></ul><ul><ul><li>Environmental Protection (EPA) </li></ul></ul><ul><ul><li>Occupational Health (OSHA) </li></ul></ul><ul><ul><li>Food & Drug (FDA) </li></ul></ul><ul><ul><li>Fraud (Sarbanes-Oxley) </li></ul></ul><ul><ul><li>Foreign Corrupt Practices Act </li></ul></ul><ul><ul><li>RICO </li></ul></ul><ul><ul><li>Anti-Trust </li></ul></ul><ul><ul><li>Federal Sentencing Guidelines </li></ul></ul><ul><ul><li>Financial Reporting (e.g., Revenue Recognition) </li></ul></ul><ul><li>Complex, rapidly changing, global industry </li></ul><ul><li>Increasing regulatory oversight </li></ul><ul><li>Complex and inconsistent regulations around the world </li></ul><ul><li>Heightened awareness of compliance as a result of corporate scandals </li></ul><ul><li>Compliance risks impact almost everyone in the global enterprise </li></ul>The Compliance challenge – to leverage and integrate the full resources of the enterprise to manage key risk and product quality Consumer Protection <ul><li>HIPAA </li></ul><ul><li>Gramm Leach Blilely </li></ul><ul><li>EU Directive </li></ul>
    71. 71. Point of View <ul><ul><li>Organizations tend to manage risks in “silos” </li></ul></ul><ul><ul><ul><li>Limited ability to aggregate risk exposures </li></ul></ul></ul><ul><ul><ul><li>Difficult to identify interrelationships between risks </li></ul></ul></ul><ul><ul><ul><li>Timely, frank communication of emerging issues may not always occur </li></ul></ul></ul><ul><ul><li>Inconsistent approaches to managing risks between “silos” </li></ul></ul><ul><ul><ul><li>Quality, Compliance and Risk Management not well integrated </li></ul></ul></ul><ul><ul><ul><li>IT often an issue – opportunity for Compliance to take a broader view in assessing IT controls across the silos </li></ul></ul></ul><ul><ul><ul><li>Few internal audit functions have a true enterprise-wide view of risk </li></ul></ul></ul><ul><ul><li>Opportunity for Compliance to play a more strategic role: </li></ul></ul><ul><ul><ul><li>New compliance requirements demand that companies take a broader view of risk (e.g., Sarbanes-Oxley, OIG compliance guidelines, FDA) </li></ul></ul></ul><ul><ul><ul><li>Compliance impacts almost all functions and employees </li></ul></ul></ul><ul><ul><ul><li>Processes to monitor compliance can be used to monitor other risks and quality </li></ul></ul></ul><ul><ul><ul><li>Compliance can serve as a focal point for debating emerging risk issues, quality and management strategies </li></ul></ul></ul><ul><ul><ul><li>Compliance well placed to “connect the dots” across the enterprise </li></ul></ul></ul>
    72. 72. The Role of Compliance <ul><li>The effectiveness of Senior Management’s oversight is typically limited because: </li></ul><ul><ul><li>Limited linkage between governance and control activities </li></ul></ul><ul><ul><li>Existing internal control structures do not address the full range of risks </li></ul></ul><ul><ul><li>Key risks are managed by separate groups (e.g., FDA compliance, clinical trials, manufacturing quality) </li></ul></ul>The “missing link” is a compliance program and infrastructure to measure and monitor the effectiveness and alignment between corporate governance and business unit / functional risk management, compliance and quality activities. Compliance
    73. 73. Traditional Model Quality, compliance and business risks managed by silo - difficult to track all of the moving parts 73 Finance SEC (e.g., Sarbanes) Service Delivery FDA Privacy False Claims CoPs Sales & Marketing Kickbacks Privacy Accounts Receivable False Claims SEC Compliance
    74. 74. System Risk Financial Risk Operational Risk Regulatory Risk Compliance Risk Quality, compliance and business risks managed in a coordinated manner - easier to see key interrelationships and interdependencies Emerging Model Board Chief Compliance Officer Day-to-Day Operations <ul><li>Financial Risk </li></ul><ul><li>Regulatory Risk </li></ul><ul><li>Systems/IT Risks </li></ul><ul><li>Operational Risks </li></ul>
    75. 75. Organizational Approaches <ul><ul><li>Board Oversight </li></ul></ul><ul><ul><ul><li>Committee of Directors </li></ul></ul></ul><ul><ul><li>Senior Management Involvement </li></ul></ul><ul><ul><ul><li>Compliance Committee </li></ul></ul></ul><ul><ul><li>Centralized vs. Decentralized Strategy </li></ul></ul><ul><ul><ul><li>Strong central function </li></ul></ul></ul><ul><ul><ul><li>Pockets of expertise in the business units </li></ul></ul></ul><ul><ul><li>Teaming with Other Risk Management Functions </li></ul></ul><ul><ul><ul><li>Internal Audit </li></ul></ul></ul><ul><ul><ul><li>IT </li></ul></ul></ul><ul><ul><ul><li>Manufacturing </li></ul></ul></ul><ul><ul><ul><li>Sales and Marketing </li></ul></ul></ul><ul><ul><ul><li>Etc. </li></ul></ul></ul>
    76. 76. Some Critical Success Factors <ul><li>Senior Management/Board commitment </li></ul><ul><li>Clearly defined mission, communicated and understood throughout the organization </li></ul><ul><li>Mutual agreement on respective roles of compliance and other risk management groups </li></ul><ul><li>Realistic and manageable short-term objectives </li></ul><ul><li>Effective communication mechanisms </li></ul><ul><li>Effective strategy for identifying and monitoring key risks </li></ul><ul><li>Robust methodologies and tools that are consistent with the corporate culture </li></ul>
    77. 77. For More Information Contact: <ul><li>Michael L. Shaw </li></ul><ul><li>Senior Manager </li></ul><ul><li>PricewaterhouseCoopers </li></ul><ul><li>1300 K Street, N.W. – Suite 800 </li></ul><ul><li>Washington, D.C. 20005 </li></ul><ul><li>( 202 ) 414-1552 </li></ul><ul><li>[email_address] </li></ul><ul><li>Nancy Lanis </li></ul><ul><li>Senior Vice President & General Counsel </li></ul><ul><li>Curative Health Services </li></ul><ul><li>150 Motor Parkway </li></ul><ul><li>Hauppauge, N.Y. 11788 </li></ul><ul><li>(631) 232-7016 </li></ul><ul><li>[email_address] </li></ul>Jody Ann Noon RN, JD Partner Deloitte & Touche LLP Health Care Regulatory Practice jodynoon @ deloitte .com ( 503) 727 - 5207
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×