Sarbanes-Oxley Act (SOX)

SOX – A Preview

Question

What do the following organizations have in common ?

Xerox Sunbeam Tyco MicroStrategy Freddie Mac Parmalat WorldCom Enron ?

Answer! They have all experienced major accounting scandals which were due, at least in part, to serious breakdowns in corporate governance .

Enron

At the time, Enron’s bankruptcy was the largest ever in the U.S.

Alleged massive accounting fraud

Serious misuse of Special Purpose Entities (SPEs) in order to inflate revenues and profits and to keep large amounts to debt off the company’s balance sheet

Self-enrichment of top executives

Falsification of documents

Enron

Substantial breakdowns in corporate governance

Internal controls

External auditors

Board of directors

Financial institutions

Analysts

Regulators

SOX

In response to the Arthur Anderson, Enron and WorldCom debacle, the Sarbanes-Oxley Act seeks to:

Restore the public confidence in both public accounting and publicly traded securities

Assure ethical business practices through heightened levels of executive awareness and accountability

The Sarbanes-Oxley Act of 2002 “ The most significant piece of legislation to hit the securities field since 1933-1934.”

Background to the SOX Act

After Enron (Dec. 2001)…

Senator Sarbanes (D-Maryland) introduced a tough bill in the senate, with new penalties for financial fraud

Rep Oxley (R-Ohio) introduced a milder bill in the house, saying that Enron was a one-off case

But then came WorldCom (July 2002) and support for anything less than significant legislation evaporated

Who Does the SOX Act Affect?

External auditors

Internal auditors

Boards of directors and their committees

Top executives

Senior managers

Attorneys, both internal and external

Regulators

ENHANCED FINANCIAL DISCLOSURES

Issuers must disclose “off-balance sheet transactions” in periodic reports

No issuer shall make, extend, modify or renew any personal loan to CEOs, CFOs (limited exceptions include company credit cards)

Annual reports will contain internal control reports which state the responsibility of management for establishing such controls and their assessment of the effectiveness of such controls – which must be attested to by the auditor

In periodic reports filed, the issuer must disclose its code of ethics for senior financial officers, and if the issuer has not adopted such a policy, must disclose why not

Issuer must disclose whether or not its audit committee is comprised of at least one financial expert, and if not, why

Member considered financial expert if they have an understanding of GAAP, experience in preparing/auditing financials, experience with internal controls, and an understanding of audit committee functions

SEC must review disclosures (in financials) made by any issuer at least once every three years (similar to Board review of registered public accounting firms)

Issuers must disclose in real time any additional information concerning material changes in the financial condition or operations of the issuer

ANALYST CONFLICTS OF INTEREST

National Securities Exchanges and registered securities associations must adopt rules designed to address conflicts of interest that can arise when securities analysts recommend securities in research reports

To improve objectivity of research and provide investors with useful and reliable information

CORPORATE AND CRIMINAL FRAUD

To knowingly destroy, create, manipulate documents and/or impede or obstruct federal investigations is considered felony, and violators will be subject to fines or up to 20 years imprisonment, or both

All audit report or related workpapers must be kept by the auditor for at least 5 years

Whistleblower protection – employees of either public companies or public accounting firms are protected from employers taking actions against them, and are granted certain fees and awards (such as Attorney fees)

Provisions of the SOX Act

The CEO and CFO must certify that the reports the Company files with the SEC are fair

But they can only make that representation if the line managers assure them that their units’ financials are fair

The CEO and the CFO must certify that the Company has a system of internal controls, and that it is effective, as of the year end

But again, they can only make that representation if the line managers assure them that their units’ control system is effective

Financial Statement Certification

The CEO and CFO must certify in each period filing that the financial information:

“ does not contain any untrue statement of a material fact”

and

“ fairly presents in all material respects the financial condition and results of operations of the issuer.”

What Does “Fairly Presents” Mean?

Will our ASSETS produce future benefits equal to their cost?

Receivables, Inventory, Property, Goodwill?

Do our LIABILITIES report all of the amounts we expect to pay out?

Supplier payables, benefits owed, lease commitments, short-term and long-term debt?

Is all of the REVENUE we reported really earned?

Have we recorded all of our EXPENSES for the period?

Have we described the critical ASSUMPTIONS underlying our financial reports, and have we described any significant CONTINGENCIES ?

Management’s Annual Internal Control Report

A statement of management's responsibility for establishing and maintaining adequate internal control over financial reporting for the company;

A statement identifying the framework used by management to evaluate the effectiveness of this internal control;

Management's assessment of the effectiveness of this internal control as of the end of the company's most recent fiscal year; and

A statement that its auditor has issued an attestation report on management's assessment

SEC 9/25/03

An Internal Control System Is…

By law....it is a process that provides reasonable assurance regarding the reliability of financial reporting for external purposes. It includes policies and procedures that:

- provide for maintenance of records that reflect the company’s transactions

- provide assurance that transactions are recorded in accordance with GAAP

- provide assurance that assets are protected against theft or fraud

What are Internal Controls?

The five components in a control system:

Control environment (how do people feel?)

Risk assessment (what could go wrong?)

Control activities (procedures to control against risks)

Information and communication (timely feedback, truth-telling)

Monitoring (ongoing assessment of the environment, and the risks, and the effectiveness of the procedures)

THE most important component of any control system is the Control Environment … The Tone at the Top of the corporation and its operating units

Source: UTC Annual Report 2001

Source: UTC Annual Report 2002

Corporate Governance

At the heart of many of the recent accounting scandals has been the failure of corporate governance structures, including the inability and/or unwillingness of boards of directors to execute their duties responsibly, both individually and collectively

Despite the heightened interest in and awareness of the importance of effective corporate governance, there continues to be a general lack of understanding of the principles underlying such governance.

The Corporation

For businesses of significant size, the corporation has become the dominant form of organization. So, what is it?

A corporation is…

A legal entity that has status independent of its owners

Three features make corporations attractive…

Unlimited life

Limited liability of the owners

Easy transfer of ownership

The Role of the Board of Directors

The responsibility of governing the affairs of the corporation belongs to its board of directors. The board’s authority is derived from the corporation’s shareholders whom they represent, as specified in certain governing documents, which include…