Post on 14-Dec-2015
Governance Rules and Expectations are Changing…what does this mean to your
organization?CAUBO 2004
Brian G. Brown
Director - Corporate Audit Services
AGRICORE UNITED
• Largest Agri-business in Western Canada
• Established by merger of United Grain Growers Limited (UGG) and Agricore Cooperative in November 2001
• Listed on the Toronto Stock Exchange (“AU”)
AGRICORE UNITED
• 3 Core Businesses: Grain Handling, Crop Inputs (Retail), Livestock Services
• 80 elevators, 200 retails, 10 feedmills, 4+ port terminals, 7 distribution centres, 8 special crops plants, 3 research facilities
• Joint Ventures, Investments, Subsidiaries• Significant relationships with Scotiabank
(Credit), Swiss Re (Risk Management), Archer Daniels Midland (Strategic Alliance)
AGRICORE UNITED (2003)
• Sales $2.7 billion
• Revenue from Services $410 million
• Assets $1.6 billion
• Net Loss = $2.4 million
• Cash Flow from Operations $60 million
• 2500 Employees
INSTITUTE OF INTERNAL AUDITORS
• Global governing body for the practice of Internal Auditing
• 93,000 members worldwide in 243 affiliates & chapters
• 11 chapters in Canada with 4000 members• Professional Guidance including the Standards
for the Professional Practice of Internal Auditing• Certification - CIA, CFSA, CGAP, CCSA
What we are going to discuss today...
• How did we get into this situation?• What are the new Canadian regulations?• Are there other Governance initiatives?• What’s coming?• How are Publicly-traded organizations responding?• What does this mean to Universities and other
public institutions?• Are there any benefits?• Do the regulations really matter?
History – Canada was a world leader:
• MacDonald Commission - 1988
• TSX - “Where were the Directors?” - 1994
• COCO - 1995
– Other countries developed guidance:• Cadbury - UK
• Treadway (COSO) - USA
– Late 1990’s:• “5 Years to the Dey” - Canada
• NYSE Blue Ribbon Commissions
– Saucier Report (2001)
Why the recent increase in interest in Corporate Governance?
Boondoggle after Boondoggle
(in the public and private sector)• Enron• Worldcom• Livent• Nortel• HRDC• Sponsorship Scandal
THE PUBLIC HAS LOST CONFIDENCE!
Sarbanes Oxley (SOX) - USA’s immediate response (January 2002)
• Section 302 (CEO/CFO CERTIFICATION)
• Section 404 - (INTERNAL CONTROL EVALUATION AND EXTERNAL AUDITOR ATTESTATION)
• Effective November 15, 2004 or July 15, 2005
More patience in Canada……what should we do, if anything?
• OSC Chair/TSX President exchange public correspondence
• Business and various groups debate
• Time-lines for implementation
• Does Canada need tighter regulations?
• Principles or rules?
• Effect on smaller listed companies?
What are the new Canadian Regulations…….(CSA/OSC)?
• NI 51-102 - Continuous Disclosure• NI 52-107 - Accounting Principles• NI 52-108 - Auditor Oversight• NI 52-109 - CEO/CFO Certification• NI 52-110- Audit Committee
KEY POINTS - 51-102 Continuous Disclosure:
• New filing deadlines:– annual financial statements within 90 days of year-end
(previously 140 days)– interim financial statements within 45 days of quarter-end
(previously 60 days)
• Auditor Review:– Must disclose if no external auditor review of interim
statements
KEY POINTS - 52-107 Acceptable Accounting Principles and Auditing Standards
• Public companies that are not SEC (USA) registrants – financial statements must be in accordance with
Canadian GAAP– must be audited in accordance with Canadian
GAAS
KEY POINTS - 52-108 Auditor Oversight
• Audit Report on public company financial statements:– prepared by an auditor registered with
Canadian Public Accountability Board (CPAB)– auditor must be in compliance with CPAB
KEY POINTS - 52-109 CEO/CFO Certification
“Bare” Certification (now in effect)– quarterly certification of financial statements and MD & A – no misrepresentation or omission of material fact– fair representation (no GAAP reference) of:
• financial condition
• results of operations
• cash flows
KEY POINTS - 52-109 CEO/CFO Certification
• Beginning with year-ends after January 1, 2005, additionally certify that:– designed disclosure controls (quarterly)– designed procedures and internal controls over
financial reporting (quarterly)– evaluated the effectiveness of disclosure
controls (annually)– reported changes in internal controls over
financial reporting
KEY POINTS - 52-109 CEO/CFO Certification…….clarifications
• Certification of filings:– CEO & CFO must certify they have reviewed documents
• No Misrepresentation:– based on their knowledge– disclosure and internal controls must be adequate to
provide knowledge
• Fair Presentation– based on their knowledge– present fairly in all material respects the financial
condition, results of operations, and cash flows– present fairly goes beyond GAAP requirements
KEY POINTS - 52-110 Audit Committees
Applies commencing with Annual Meetings after July 1, 2004
• written charter• composition - independence, financial literacy• external auditor relationship• pre-approve all non-audit services• procedures for receiving complaints and anonymous
submissions concerning accounting, internal controls, or auditing matters (whistleblower rule)
• additional disclosure
What other issues/initiatives are affecting governance?
• Shareholder activitism (eg. CCGG)
• CBCA
• Banking, insurance regulations
• Enterprise Risk Management
• Accounting guidelines
• Government scandals
What’s Coming in the near future?
OSC 58-201 Effective Corporate Governance (ED Period ended, currently under review)
• Best Practices for effective governance – Board Composition, mandate, training, etc– Code of Business Conduct and Ethics– Nominations– Compensation– Board Assessment
What’s Coming in the near future?
• Certification of effectiveness of internal controls over financial reporting
• External Auditor attestation
(OSC Exposure Draft expected
September 2003)
Impact on publicly-traded organizations…………….
Time, Cost, Distraction, Disclosure, Documentation……..
For what benefit?
Impact on publicly-traded organizations…………….
4 key areas:
1. Certifications
2. Disclosure Procedures & Controls
3. Internal Controls over Financial Reporting
4. Whistleblowing
Certifications
• Establish sub-certification process involving key executives/officers/others– determine who will be involved
– how often and when
– format of the certificates
• Certifying all key financial info being disclosed externally - it must be provided to the sub-certifiers
SHARING LIABILITY???
Certifications - Impact
• Operating management more focused on financial reporting
• Greater awareness of implications
• Nervousness, uncertainty
• Increased papertrail• Monitoring, review,
and follow-up of the sign-offs
• Increased Legal Dept involvement
• Time and cost
Disclosure Procedures and ControlsWhat does this mean?
• Provide reasonable assurance that..– Required disclosure recorded, processed, summarized &
reported on timely basis– such information is accumulated and communicated to
management including the CEO & CFO
• Information that underlies the “numbers”….– Significant contracts– business developments– workforce relationships– legal proceedings
Disclosure Procedures and Controls
What do we need to do?• Establish a Disclosure Committee• Review current/existing practices for keeping
“Corporate Office”/CEO/CFO up to date• Review financial statement “closing”
procedures• Implement regular (eg. Quarterly) meetings
between Disclosure Committee and key finance and operations management
Disclosure Procedures and ControlsWhat do we need to do?
• Ensure continuous flow of communication from operating divisions to “corporate”
• Implement a “review process” for all relevant external disclosure - link to sub-certifications
• Document everything• Minute meetings• Develop an ongoing disclosure review process -
“evaluation” (eg. Internal Audit)
Internal Controls over Financial Reporting
What are these?• Provide reasonable assurance
regarding reliability of financial reporting• effected by BOD, management, & other
personnel• focus tends to be on “detective” controls
- eg. Would fraud be caught?
Internal Controls over Financial Reporting• Must certify that controls have been designed
– How do you know?– How do you know if they are adequate?
• Anticipated future certification that controls have been evaluated by management
MAJOR PROJECT!!
Identify, document, assess adequacy, evaluate effectiveness
Internal Controls over Financial Reporting - Project Outline
• Phase 1: Planning & Scoping– identify internal skills and resources– determine if external support is required and, if
so, whom– establish a project team with mgmt support– develop training plan– develop project scope – select control framework (eg. COSO)
Internal Controls over Financial Reporting - Project Outline
• Phase 2: Risk Assessment and Prioritization– de-consolidate the financial statements– identify key processes that drive financial
reporting– establish criteria for risk assessment (including
materiality level)– evaluate the identified processes and risk rank
(workshop approach)
Internal Controls over Financial Reporting - Project Outline• Phase 3: Documentation of Controls
– determine who is responsible for documentation vs review of processes
– complete an inventory of existing documentation– establish schedules and deadlines– establish documentation protocol/format– train team leaders on documentation process– complete documentation, including Control
Environment and Computer General Controls
Internal Controls over Financial Reporting - Project Outline
• Phase 4: Evaluation and Testing– review documentation and test controls for
effectiveness
• Phase 5: Identify & Correct Deficiencies– review identified issues and develop improvements– establish remediation plan and assign
• Phase 6: Report on Controls– report results to CEO/CFO
Whistleblowing• Audit Committee must ensure procedures are in
place– method for employees and others to “safely” report
concerns about financial reporting, fraud, etc.– determine who in the organization will be responsible
for investigating and reporting– complaints must be tracked– investigation and follow-up documented– report statistics and significant issues to Audit
Committee
What about universities, public institutions, and other not-for
profits?
Pause……..
then get on with it…...
Impact on universities and other public organizations…..
• Private - sector regulations will become “best practices”
• Stakeholders will expect all organizations to have implemented many of these requirements
• The public will be less tolerant to financial errors/mis-statements, scandals, surprises, etc.
All this work…..
Are there benefits beyond compliance?
All this work……are there any benefits?
• Increased management awareness of responsibilities for internal controls
• Potential operational process improvement
• Improved internal communications
• Deterrent to fraud
• Less surprises
Increased Public Confidence…..maybe
Will these initiatives matter?
Rules, regulations, structures, documentation, certification,
reporting will help but…...
Nothing matters more than INTEGRITY
Governance Rules and Expectations are Changing…what does this mean to your
organization?CAUBO 2004
Brian G. Brown
Director - Corporate Audit Services
Questions?
Comments?