Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Sarbanes-Oxley Update: Notes


Published on

Published in: Business, Technology
  • Be the first to comment

Sarbanes-Oxley Update: Notes

  1. 1. SARBANES-OXLEY ACT OF 2002 Overview and Update
  2. 2. Accounting Governance (Before Sarbanes-Oxley Act 2002) <ul><li>SEC has always had statutory authority to oversee accounting, but delegated the task to </li></ul><ul><ul><li>FASB – which set guidelines for non-governmental financial statement reporting, and the </li></ul></ul><ul><ul><li>AICPA’s ASB (Auditing Standards Board) – which set guidelines for auditing practices. </li></ul></ul>
  3. 3. Accounting Governance (Before SOX Act con’t) <ul><li>Other AICPA units involved in accounting governance included: </li></ul><ul><ul><li>Accounting Standards Executive Committee (AcSEC) – supplements FASBs. </li></ul></ul><ul><ul><li>AICPA’s SEC Practice Section (SECPS) for firms with issuers. </li></ul></ul><ul><ul><li>Public Oversight Board (POB) manages Peer Review process. </li></ul></ul><ul><ul><li>Quality Control Inquiry Committee (QCIC) </li></ul></ul><ul><ul><li>Professional Ethics Division </li></ul></ul>
  4. 4. The Challenges to Governance <ul><li>Since 2000, the technology market bubble has burst and scandals have challenged accounting self-governance. </li></ul><ul><li>Allegations of misconduct include: </li></ul><ul><ul><li>Enron – special entities & form vs. substance. </li></ul></ul><ul><ul><li>Worldcom – mismatching costs on lines. </li></ul></ul><ul><ul><li>Tyco – CEO special payments/contracts and falsifying records. </li></ul></ul><ul><ul><li>Aldelphia – off-balance sheet loans, excessive capitalization, and inflated income. </li></ul></ul>
  5. 5. What was Missing? <ul><li>Analysis of these scandals found </li></ul><ul><ul><li>inadequate disclosure in financial reporting </li></ul></ul><ul><ul><li>lack of independence on the part of accounting firms </li></ul></ul><ul><ul><li>weak corporate audit committees </li></ul></ul><ul><ul><li>management that was not personally responsible for financial statements and disclosure </li></ul></ul>
  6. 6. Sarbanes-Oxley Getting Back on Track <ul><li>The SOX Act aims to tighten governance and protect investors by </li></ul><ul><ul><li>Reorientation SEC towards “active governance & monitoring”. </li></ul></ul><ul><ul><li>Creating the Public Company Accounting Oversight Board to do so. </li></ul></ul><ul><ul><li>Mandating new responsibilities of public corporations, including: </li></ul></ul><ul><ul><ul><li>“ Real” Audit Committee </li></ul></ul></ul><ul><ul><ul><li>Financial Statement Certification </li></ul></ul></ul><ul><ul><ul><li>Regulating Officers & Directors </li></ul></ul></ul><ul><ul><ul><li>New Disclosure Requirements </li></ul></ul></ul><ul><ul><li>Imposing other provisions. </li></ul></ul>
  7. 7. The “Commission” Takes Over <ul><li>The SEC’s new mission states that it </li></ul><ul><ul><li>promulgates rules/regulations that serve public interest and protect investors. </li></ul></ul><ul><ul><li>sets accounting standards and auditing practices, including rules for auditor independence. </li></ul></ul><ul><ul><li>can take legal, administrative, and disciplinary action against public accounting firms. </li></ul></ul>
  8. 8. The “Commission” Takes Over (con’t) <ul><li>The SEC has approved the following rules to date: </li></ul><ul><ul><li>Mandates Electronic Filing of Ownership Reports; Prohibits Improper Influence of Auditors. </li></ul></ul><ul><ul><li>Requirements for Listed Company Audit Committees. </li></ul></ul><ul><ul><li>Codes of Ethics and Audit Committee Expertise. </li></ul></ul><ul><ul><li>Insider Trades During Pension Fund Blackout Periods. </li></ul></ul><ul><ul><li>Use of Non-GAAP Measures (Pro-Forma & Off-Balance Sheet Disclosures). </li></ul></ul><ul><ul><li>MD&A Disclosures of Off-Balance Sheet Items. </li></ul></ul><ul><ul><li>New exhibit requirements for 302 and 906 certifications , effective August 14, 2003 . </li></ul></ul><ul><li>Visit: </li></ul>
  9. 9. Accounting Oversight Board - New Partner in Governance <ul><li>The Public Company Accounting Oversight Board (PCAOB) will serve as the SEC’s lead unit in fulfilling its mission and monitoring compliance with rulings. The AOB is </li></ul><ul><ul><li>a non-governmental not-for-profit corporation </li></ul></ul><ul><ul><li>that will register and regulate all public accounting firms and provide audit services to public companies. </li></ul></ul><ul><ul><li>It has authority to establish rules governing audits, conduct inspections and investigations, and impose sanctions. </li></ul></ul>
  10. 10. PCAOB - Partner in Governance (con’t) <ul><li>SEC approved Board on 4/25/2003 with William McDonough as President. Website: </li></ul><ul><li>On October 25, 2003, it becomes unlawful for any non-registered firm to prepare/issue an audit report for a public company. </li></ul>
  11. 11. PCAOB - Composed for Independence <ul><li>The AOB will be composed of </li></ul><ul><ul><li>Five financially literate full-time members. </li></ul></ul><ul><ul><ul><li>2 current or former CPAs, </li></ul></ul></ul><ul><ul><ul><li>3 non-CPAs (may never have been a CPA) </li></ul></ul></ul><ul><ul><ul><li>chair may hold a CPA, but no practice in past 5 years </li></ul></ul></ul><ul><ul><li>5 year term – based on review by SEC, Federal Reserve Board and Treasury Department. </li></ul></ul><ul><ul><li>Members may not receive any profits or other fixed payments from any public accounting firm, except fixed payment retirement benefits. </li></ul></ul><ul><ul><li>Members may be removed by the Commission &quot;for good cause.&quot; </li></ul></ul>
  12. 12. PCAOB - Implications for CPA Firms <ul><li>CPA firms offering Audit Services will now register with the AOB. Firms will </li></ul><ul><ul><li>pay an annual fee to the Board, </li></ul></ul><ul><ul><li>be assessed an &quot;annual accounting support fee“ if they are involved in stock issues, </li></ul></ul><ul><ul><li>submit to annual quality reviews (inspections) if the firm handles over 100 issues; every three years for all other firms, and </li></ul></ul><ul><ul><li>foreign accounting firms who audit a U.S. company must register and comply. </li></ul></ul>
  13. 13. PCAOB - Implications CPAs (con’t) <ul><li>The SEC is authorized to accept as GAAP any accounting principles established by a standard-setting body that meets the following criteria is </li></ul><ul><ul><li>a private entity, </li></ul></ul><ul><ul><li>not associated with public accounting firm in the past 2 years, </li></ul></ul><ul><ul><li>funded similarly to the Board, </li></ul></ul><ul><ul><li>prompt in considering changes to accounting principles by a majority vote, and </li></ul></ul><ul><ul><li>willing to keep standards current and consider international convergence when appropriate. </li></ul></ul>
  14. 14. PCAOB - Implications for CPAs (con’t) <ul><li>Under the act, it shall be &quot;unlawful&quot; for a registered public accounting firm to provide any non-audit service to an issuer contemporaneously with the audit, including: </li></ul><ul><ul><li>bookkeeping </li></ul></ul><ul><ul><li>financial information systems design and implementation </li></ul></ul><ul><ul><li>appraisal or valuation services, fairness opinions, or contribution-in-kind reports </li></ul></ul><ul><ul><li>actuarial services </li></ul></ul><ul><ul><li>internal audit outsourcing services </li></ul></ul><ul><ul><li>management functions or human resources </li></ul></ul><ul><ul><li>broker or dealer, investment adviser, or investment banking services </li></ul></ul><ul><ul><li>legal services and expert services unrelated to the audit, or </li></ul></ul><ul><ul><li>any other service that the Board determines, by regulation, is impermissible. </li></ul></ul><ul><ul><li>Note: Exemptions may be allowed. </li></ul></ul>
  15. 15. PCAOB - Implications for CPAs (con’t) <ul><li>Related to newly mandated internal control reporting </li></ul><ul><ul><li>Auditors may assist management in documenting internal controls, but may not test controls for management. </li></ul></ul><ul><ul><li>Firms attest to management’s effectiveness in assessing internal control over financial reporting (as explained below). </li></ul></ul>
  16. 16. PCAOB - Implications for Public Companies <ul><li>Public companies must now comply with these AOB requirements: </li></ul><ul><ul><li>Lead auditor and reviewing partner must be rotated every 5 years. </li></ul></ul><ul><ul><li>Accounting firm must report to Audit Committee and “discuss audit nuts & bolts”. </li></ul></ul><ul><ul><li>The CEO, controller, CFO, chief accounting officer may not have been employees of the audit firm within the past year. </li></ul></ul><ul><ul><li>State regulators decide adoption for small and mid-size non-registered accounting firms. </li></ul></ul>
  17. 17. PCAOB - Implications for Public Companies (con’t) <ul><ul><li>Additionally…… </li></ul></ul><ul><ul><li>Issuers will be assessed a &quot;annual accounting support fee“ based on their relative market capitalization. </li></ul></ul><ul><ul><li>Board auditing standards, such as record retention rules, second partner review, and scope of internal control testing, will affect the nature of audits. </li></ul></ul><ul><ul><li>Independence standards will limit the non-audit work that auditors can perform. </li></ul></ul>
  18. 18. PCAOB - Implications for Public Companies (con’t) <ul><ul><li>Company information will be subject to review in inspections of the independent auditor and the company can be required to testify and produce documents in an auditor disciplinary proceeding. </li></ul></ul><ul><ul><li>Companies will have to ensure compliance with any sanctions imposed by the Board, such as suspensions of auditors or their personnel from auditing. </li></ul></ul>
  19. 19. Audit Committee and Relationship with the Auditor <ul><li>The SOX stipulates that the audit committee of an issuing company: </li></ul><ul><ul><li>will be adequately funded; </li></ul></ul><ul><ul><li>will be directly responsible for the appointment, compensation, and oversight of audit firm; </li></ul></ul><ul><ul><li>may engage independent counsel or other advisors, as it determines necessary to carry out its duties; </li></ul></ul><ul><ul><li>establishes procedures for the &quot;receipt, retention, and treatment of complaints&quot; on accounting, internal controls, and auditing. </li></ul></ul>
  20. 20. Audit Committee and Director Responsibilities <ul><li>Under the SOX …… </li></ul><ul><ul><li>Unlawful for an issuer to extend credit to any director or executive officer. </li></ul></ul><ul><ul><li>Directors, officers and 10 percent owner must report designated transactions by the end of the 2nd day following the a transaction. </li></ul></ul>
  21. 21. Audit Committee and Management Responsibilities <ul><li>Management is now required to certify financial statements based on these guidelines: </li></ul><ul><ul><li>The CEO and CFO of each issuer will certify the &quot;appropriateness of the financial statements and disclosures contained in the periodic report, and that those financial statements and disclosures fairly present, in all material respects, the operations and financial condition of the issuer.&quot; </li></ul></ul><ul><ul><li>A violation of this section must be knowing and intentional to give rise to liability. Officer or director action to fraudulently influence audit results is unlawful. </li></ul></ul><ul><ul><li>CEO and the CFO shall &quot;reimburse the issuer for any bonus or other incentive-based or equity-based compensation received&quot; during the twelve months following the issuance or filing of the non-compliant document and &quot;any profits realized from the sale of securities of the issuer&quot; during that period. </li></ul></ul><ul><ul><li>Federal courts are authorized to &quot;grant any equitable relief that may be appropriate or necessary for the benefit of investors“ in cases brought by the SEC. </li></ul></ul>
  22. 22. Audit Committee and Management Responsibilities (con’t) <ul><li>Additionally, the SOX does the following </li></ul><ul><ul><li>Stipulates that SEC may bar a person from acting as an officer or director of an issuer if conduct &quot;demonstrates unfitness”. </li></ul></ul><ul><ul><li>Prohibits the purchase or sale of stock by officers and directors and other insiders during blackout periods. </li></ul></ul><ul><ul><li>Requires financial statement reports to &quot;reflect all material correcting adjustments made by the auditor”. </li></ul></ul><ul><ul><li>Mandates that financial reports will disclose all material off-balance sheet transactions&quot; and &quot;other relationships&quot; with &quot;unconsolidated entities&quot;. </li></ul></ul><ul><ul><li>Requires that the SEC shall issue rules providing for pro forma financial information. </li></ul></ul>
  23. 23. Audit Committee and Management Responsibilities (con’t) <ul><li>On or after June 15, 2004 , the act requires each annual report of an issuer to contain an &quot;internal control report“ that </li></ul><ul><ul><li>states that internal control is management’s responsibility, </li></ul></ul><ul><ul><li>contains an assessment of the effectiveness of the internal control structure/procedures for the reporting period which includes a disclosure of “material weaknesses”, and to which an auditor attests in relation to the financial statement engagement (can not be as separate engagement). </li></ul></ul><ul><ul><li>contains a disclosure as to whether the issuer has an ethics code in place to guide senior financial management. </li></ul></ul>
  24. 24. Audit Committee and Management Responsibilities (con’t) <ul><li>Controls subject to assessment include those related to: </li></ul><ul><ul><li>Gathering, recording, and reconciling transactions related to financial statement account balances, </li></ul></ul><ul><ul><li>non-routine transactions, </li></ul></ul><ul><ul><li>selection and application of accounting policy, and </li></ul></ul><ul><ul><li>prevention and detection of fraud. </li></ul></ul><ul><li>Management must provide documentation and evaluation of evidential matter related to testing of internal control design and effectiveness. </li></ul><ul><ul><li>Simple inquiry of company personnel by management is not adequate basis for report. </li></ul></ul><ul><li>Evaluation must be based on suitable framework, like the COSO, used as US standard (visit: ). </li></ul>
  25. 25. Audit Committee and Management Responsibilities (con’t) <ul><li>Effective August 14, 2003 , companies must comply with new exhibit rules for 302 and 906 certifications in periodic reports. </li></ul><ul><ul><li>302 certification is management’s statement regarding internal and disclosure control procedures, including </li></ul></ul><ul><ul><ul><li>Assessments of most recent evaluation, explanation of areas of weakness, and commentary on areas that need attention. </li></ul></ul></ul><ul><ul><li>906 certification continues on this theme, but also confirms management’s understanding of the criminal penalties related to intentional falsification of financial statements. </li></ul></ul>
  26. 26. Audit Committee and Disclosure Issues <ul><li>The SOX requires that issuers of stock disclose </li></ul><ul><ul><li>whether at least one member of its audit committee is a &quot;financial expert”, and </li></ul></ul><ul><ul><li>material changes in the financial condition or operations of the issuer on a rapid and current basis (real-time disclosure). </li></ul></ul>
  27. 27. Corporate Fraud & Accountability Act <ul><li>Related to SOX, it is a FELONY to &quot;knowingly&quot; destroy or create documents to &quot;impede, obstruct or influence&quot; any existing or contemplated federal investigation. </li></ul><ul><ul><li>Auditors are required to maintain &quot;all audit or review work papers&quot; for five years. </li></ul></ul><ul><ul><li>The statute of limitations on securities fraud claims is now the earlier of three years from the fraud or one year from the discovery. </li></ul></ul><ul><ul><li>“ Whistle blower protection&quot; is extended to employees of issuers and accounting firms employees. </li></ul></ul>
  28. 28. Corporate Fraud & Accountability Act (con’t) <ul><li>Under the Act, legal ramifications and criminal penalties include: </li></ul><ul><ul><li>Securities Fraud: to “knowingly defraud any person in connection with a security” of a public company. </li></ul></ul><ul><ul><ul><li>Max of 25 years (rather than 5 or 10) </li></ul></ul></ul><ul><ul><ul><li>10 – 25 years for an individual </li></ul></ul></ul><ul><ul><ul><li>$1.0 - $5.0 million in fines for an individual </li></ul></ul></ul><ul><ul><ul><li>$2.5 - $25 million in fines for a company </li></ul></ul></ul><ul><ul><li>Document tampering: 20 years in prison and a fine. </li></ul></ul>
  29. 29. SOX - Role of the CFO <ul><li>The act expands management’s responsibility for the accuracy of financial statements and places the burden of proof clearly with company executives, not external auditors. </li></ul><ul><li>This gives CFOs the opportunity to take an active part in designing systems that insure company compliance with SOX. </li></ul>
  30. 30. SOX - Role of the CFO <ul><li>The most immediate dictate related to documenting and reporting on internal control is paramount. Decision must be made related to </li></ul><ul><ul><li>who within the organization will document internal control, </li></ul></ul><ul><ul><li>who will claim ownership for documentation efforts and perform future maintenance, </li></ul></ul><ul><ul><li>should the documentation team be responsible for testing and assessment. </li></ul></ul><ul><ul><li>what role will internal audit play, </li></ul></ul><ul><ul><li>what general IT controls may be needed to improve accounting internal control, and </li></ul></ul><ul><ul><li>what technology is available to assist in internal control documentation and compliance management. </li></ul></ul>
  31. 31. SOX – Learning More <ul><li>To learn more about the progress of the SEC in implementing sections of the SOX visit the following sites: </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><ul><li>References: AICPA, SEC, Forbes, PCAOB, James Howard, UMUC, MACPA, VASA, GWSA, and PWC. </li></ul></ul>