Get Control Over Disclosure Controls and Procedures and Internal Control over Financial Reporting...

Get Control OverDisclosure Controls and Procedures

and Internal Control over Financial Reporting

Alex FrutosJackson Walker L.L.P. 901 Main Street, Suite 6000 Dallas, Texas 75202 [email protected] Phone: (214) 953-6012 www.jw.com

Strategic Compliance Group, Inc.Hands-on Seminar

Implementing Sarbanes-Oxley Section 404Under the “New Rules”

October 29, 2007

2

Agenda

I. A Review

II. Impact of the SOX

III. Why do legal professionals care?

IV. What are they?

V. What are the SEC/PCAOB requirements?

VI. What are best practices with respect to disclosure controls and procedures?

VII. Common issues

VIII. Where is Corporate Governance Headed?

3

I. A Review

4

I. A ReviewCorporate Environment Leading to Reform

Corporate Governance Then– Mainly a Matter of State Statute and Common Law– Federal Law Focused on Disclosure

High profile corporate failures Contributing factors

– Poor audit oversight– Failed board and management oversight– Officer self-dealing– Wall Street/analyst community– Flawed controls and disclosure processes– Insufficient regulatory oversight

Political environment– Public outcry made it easy for Congress to pass anything– Legal framework was assumed inadequate

5

I. A ReviewUnderlying Principals to SOX

– Prohibitions and standards for corporate governance– Mandate of more diligent oversight by boards, committees and

outside auditors– Greater accountability of executive officers– Mandate heightened controls and audit and review requirements– Increased financial and other disclosure

6

I. A ReviewOverview of The Sarbanes-Oxley Act

Prohibition on Loans to Directors and Executives (§402) Disgorgement of Bonus and Profits (§304) No insider trading during Pension Blackout Periods (§306) Code of Ethics for Senior Officers (§406) CEO and CFO Certifications (§§302 and 906) Public Company Accounting Oversight Board (§§102 and 109) Independent Audit Committee, Financial Experts and Procedures for

Receipt of Complaints (§§301 and 407) Internal Control over Financial Reporting (§404) Prohibition on Non-Audit Services (§201) Improper Influence on Audits (§303) Whistleblower Protection (§806) Increased Attorney Responsibilities (§307)

7


8


Principles underlying Regulation of Corporate Governance– Historically = Disclosure and State Corporate law

– Now = Federal Corporate Law, Prohibitions and Standards

Corporate Regulation –State vs Federal Law– State Law

• Historical focus on formation and capitalization• Viewed as inadequate or unwilling to set standards• “Race to the bottom” by Delaware, Pennsylvania and Nevada

– Emergence of Federal Corporate Law as reaction to Abuses• ’33/’34 Acts – Stock Market Collapse• Williams Act/FCPA (1977) – Foreign Bribery Scandals• Sarbanes-Oxley Act – Enron/Andersen/etc.

9


Liability and Other Implications– Requires issuers to review their relationship with their auditors to ensure

continued independence;– Implements more stringent rules for U.S. attorneys;– Protects whistleblowers; and– Imposes new sanctions and penalties on persons who violate certain

provisions of the U.S. securities laws. Impact of SOX

– More disclosure– Much greater expense– Material weaknesses– Late filers– More restatements– Going private and going dark transactions– Foreign listings– Calls for rollback

10


Average share price movement after disclosure of material weakness

– 1 day after disclosure, 0.67% drop– After 7 days, 0.90% drop– After 30 days 1.96% drop– After 60 days 4.06% drop

Larger drop when deadlines pass without management report or auditor opinion on effectiveness of internal controls being filed

– After 1 day, 2.13% drop– After 7 days, 2.89% drop– After 30 days, 3.81% drop– After 60 days, 7.01% drop

Median one-year stock return of companies that filed restatements in 2006 was -6% or 20% lower than the Russell 3000

Median one-year stock return of companies that disclosed material weaknesses in 2006 was -4% or 18% lower than the Russell 3000

Market Reaction to Disclosure ofMaterial Weaknesses and Restatements

11

II. Impact of the SOXAnnounced Restatements

Number of Restatements U.S. Public Companies

379513

627

12551420

0200400600800

1000120014001600

2003 2004 2005 2006 2007*

Source: Glass Lewis, company filings.* Through June 28, 2007

12


Restatements 1,420 (9.8%) of U.S. public companies and 118 (9.1%) of foreign U.S. listed

companies restated their financial statements in 2006– 9% restated in 2005 and 4.7% in 2004

2,931 U.S. companies (about 23%) filed at least one restatement during the last four years

683 companies (5%) restated two or more times in the last four years– 146 companies restated multiple times in 2006, up from 89 in 2005– 25 companies in 2006 filed 3 or more restatements, up from 7 in 2005

One third of larger companies and two thirds of microcap companies that restated still claimed to have effective internal control

Restatements by companies with >$75 million revenue down 20% 2006 over 2005 while companies with <$75 million in revenue up 49% over same period

Restatements by companies required to comply with 404 declined 14% and restatements by non-accelerated filers rose 40%

13

II. Impact of the SOXCommon Causes of Restatements

Restatements by Error Category

189

124

103

154

171

126

327

462

258

277

124

131

155

164

174

378

398

457

0 50 100 150 200 250 300 350 400 450 500

All other

Other comprehensive income

Capital assets

Tax accounting

Revenue recognition

Acquisitions / investments

Misclassification

Expense recognition

Equity

2005 2006

Source: Glass Lewis, company filings.

14

II. Impact of the SOXCommon Causes of Restatements

Stock-option back-dating grant practices– 128 companies filed 8-Ks announcing restatements for this

practice, including 117 that filed the restatement in 2006– 271 companies have disclosed internal or government

investigations

Accounting for convertible securities (243 restatements in 2006)

Cash flow misclassifications (99) Hedge accounting (65) Lease accounting (45 in 2006, down from 249 in 2005) Securitizations (19) Segments (18)

15

Revenue Recognition41%

Improper Disclosures12%

Manipulation of Expenses11%

Manipulation of Assets8%

Manipulation of Liabilities7%

Manipulation of Reserves7%

Bribery & Kickbacks3%

Asset Misappropriation4%

Manipulation of A/R3%

Goodwill1%Aiding and Abetting

2%

Investments1%

Deloitte, Ten things about financial statement fraud,A review of SEC enforcement releases, 2000-2006, June 2007

II. Impact of the SOXFraud Frequency by Type

16

II. Impact of the SOXFrequent Staff Comments

Revenue Non-GAAP measures 3rd party valuations Segments Financial statement classification Intangible assets Reserves Financial instruments Discontinued operations Asset Retirement Stock Compensation Disclosure controls & procedures MD&A

17

II. Impact of the SOXOverview of Civil and Criminal Causes of Action

Civil and criminal causes of action for reporting violations arise principally under Section 10 (15 U.S.C. Section 78j) and Section 32 (15 U.S.C. Section 78ff) of the Securities Exchange Act of 1934– Private cause of action under Rule 10b-5 for material misstatements and

omissions in connection with the purchase and sale of a security.– Separate private cause of action under Section 18 of the Exchange Act

for material misstatements and omissions in SEC reports, but most cases are brought under Rule 10b-5 because Section 18 has a more stringent reliance requirement, a short statute of limitations, and a good faith defense. Unlike Rule 10b-5, scienter is not an element of a Section 18 claim.

– SEC can also bring a variety of civil enforcement actions for material misstatements and omissions in SEC reports and other public statements.

– U.S. Attorney can assert criminal liability based on the “willful” violation provisions of Section 32 of the Exchange Act. When it does so, it frequently asserts criminal liability under other federal anti-fraud statutes.

18


19


For lawyers, this area comes up in the following contexts: Reviewing press release and other public disclosures and

Exchange Act filings, in particular Item 307 and 308 disclosure

M&A and debt and equity financing transactions Discussions with auditors over which deficiencies are

significant vs. which deficiencies are material weakness If things go terribly wrong, in-house and outside counsel

advise and represent– audit committees in conducting independent investigations and

responding to SEC investigations– attorney’s in meeting their elevated reporting obligations– companies that are subject to lawsuits

20

IV. What are they?

21

IV. What are they?

What are disclosure controls and procedures and internal control over financial reporting?

Concepts evolved from Sarbanes-Oxley Act §§302, 906 and 404

Both defined in Rules 13a-15 and 15d-15 of the Exchange Act

22

IV. What are they?Disclosure Controls and Procedures

Disclosure Controls and Procedures—– Controls and procedures designed to ensure that information

required for Exchange Act reports is recorded, processed, summarized and reported within the time periods specified by the SEC

– Include those controls and procedures designed to ensure that information required for Exchange Act reports is accumulated and communicated to management, including CEO and CFO, to allow timely decisions regarding required disclosures.

Covers Exchange Act reports: 8-K’s, 10-Q’s, 10-K’s, proxy statements and information statements

No prescribed disclosure controls and procedures. Each company to adopt its own.

23

IV. What are they?Internal Control over Financial Reporting

Internal Control over Financial Reporting—Process designed by, or under the supervision of, the CEO and CFO and effected by the board of directors and management, to provide reasonable assurance regarding– the reliability of financial reporting and– the preparation of financial statements for external purposes in

accordance with GAAP. Internal control over financial reporting includes those policies and

procedures that:– pertain to the maintenance of records that in reasonable detail

accurately and fairly reflect the issuer’s transactions and asset dispositions,

– provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with GAAP, and that receipts and expenditures are being made only in accordance with authorizations of management and directors, and

– provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of assets that could have a material effect on the financial statements.

24

IV. What are they?Disclosure Controls vs. Internal Control

Disclosure controls and procedures are designed to ensure that both financial information and material non-financial information are included in company’s reports

Substantial overlap but not identical:

DisclosureControls

Internal Control

25

IV. What are they?Overall Framework

Effectively designed and operating disclosure controls and procedures and internal control over financial reporting will include an overall framework of policies, processes, people and reports:

Policies Processes People Reports Disclosure Controls and Procedures

Instructions, Timelines and education and training

Disclosure Review Committee Checklists

Code of Ethics Certification process SEC compliance and reporting experts

Sub-certifications

Document Retention Policy Documented upstream process (standard unit reporting packages and sign offs)

Accountable unit managers and process owners

Disclosure preparation and review sign offs (standard unit reporting packages and sign offs)

Entity level controls (Reg FD Disclosure Policy, Whistleblower policy; Insider Trading Policy)

Documentation, performance and evaluation

Disclosure Review Committee, Board, Audit Committee

Evaluation reports; D&O Questionnaires

Accounting policies Financial reporting and disclosure process

GAAP experts Report of Independent Accountants

Internal Controls Documentation, performance, evaluation and audit of internal control

Internal audit function Internal audit reports

Board and committee charters Audit of financial statements Audit committee members Minutes of audit committee meetings and record of disclosure committee meetings held

26

V. What are the SEC/PCAOB

Requirements?

27

V. What are the SEC/PCAOB Requirements?

SummaryA. Maintain

– Every reporting company must maintain disclosure controls and procedures and internal control over financial reporting.

B. Evaluate– Management, with participation of CEO and CFO, must

• evaluate effectiveness of disclosure controls as of the end of each quarterly period.• evaluate as of end of each quarter any material change in internal control over financial reporting that

occurred during quarter.• evaluate effectiveness of internal control over as of end of fiscal year.

– Auditor evaluation of internal control as part of an integrated auditC. Disclose

– In 10-Q and 10-K CEO’s and CFO’s conclusions about the effectiveness of disclosure controls and procedures.

– In 10-Q and 10-K any material change in internal control over financial reporting that occurred during quarter.

– In 10-K, management report on internal control over financial reporting and independent auditor’s attestation report.

D. Certify– CEO and CFO must certify as to company’s disclosure controls and procedures and

internal control over financial reporting in each 10-Q & 10-K.

28

V. What are the SEC/PCAOB Requirements?A. Maintenance—Disclosure Controls

Maintenance of Disclosure Controls and Procedures Rule 13a-15(a) requires reporting companies to maintain

disclosure controls and procedures An adequate basis for the 302 and 906 certifications by

the CEO and CFO necessarily includes that– disclosure controls and procedures be put in place,– they be effective, and– the procedures and steps taken in compliance with such

procedures be documented

A discussion of best practices will follow

29

V. What are the SEC/PCAOB Requirements?A. Maintenance—Internal Control

Maintenance of Internal Control Rule 13a-15(a) requires reporting companies to maintain

internal control over financial reporting Since 1977 most public companies have had basic

processes in place as §13(b)(2) of Exchange Act requires companies to have “internal accounting controls”

Foamex—settled SEC investigation regarding inadequate internal controls

30

V. What are the SEC/PCAOB Requirements? B. Evaluation—Disclosure Controls

Quarterly Evaluation of Disclosure Controls Management, with participation of CEO and CFO, must

evaluate effectiveness of disclosure controls and procedures as of the end of each fiscal quarter

No prescribed standards for determining whether or not disclosure controls are effective

31

V. What are the SEC/PCAOB Requirements?B. Evaluation—Internal Control

Annual Evaluation of Internal Control Management, with participation of CEO and CFO, must

evaluate the effectiveness as of end of each fiscal year– Must base its evaluation on a suitable, recognized framework

(COSO) Compliance Dates:

– Large Accelerated Filers and Accelerated Filers – compliance began with fiscal year ending on or after November 14, 2004

– Non-accelerated Filers – provide management’s report beginning with fiscal year ending on or after December 15, 2007

32

V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control

Annual Evaluation of Internal Control (cont'd) On June 20, 2007, the SEC published interpretative

guidance addressing the manner in which management should conduct a top-down, risk based evaluation of the effectiveness of internal control

On the same date, a second SEC Release amended Rules 13a-15(c) and 15d-15(c) to provide that an evaluation conducted in accordance with the SECs guidance is a safe harbor for compliance.– This release removed the requirement for an audit of

management’s assessment

33


Annual Evaluation of Internal Control (cont'd) Identify Financial Reporting Risks and Controls

– Identify financial reporting risks– Identify controls that adequately address these risks– Consider entity-level controls– Role of information technology general controls– Back-up to support assessment

Evaluate the Operating Effectiveness of Controls– Determine the evidence needed to support assessment– Implement procedures to evaluate the operating of controls– Establish the evidence supporting the assessment

34


Annual Evaluation of Internal Control (cont'd) Documentation—

– In conducting an evaluation, company must maintain evidential matter, including documentation, to provide reasonable support for management’s assessment. Instruction 2 to S-K Item 308 and 308T.

This evidential matter should provide reasonable support for:– the evaluation of whether the controls are designed to prevent

or detect material misstatements or omissions;– the conclusion that the tests were appropriately planned and

performed; and– the conclusion that the results of the tests were appropriately

considered.

35


Quarterly Evaluation of Changes in Internal Control Management, with participation of CEO and CFO, must

evaluate any change:– that occurred during each quarter, and– that has materially affected, or is reasonably likely to materially

affect, internal control over financial reporting

36

V. What are the SEC/PCAOB Requirements?B. Evaluation—Internal Control—PCAOB AS No. 5

New PCAOB Auditing Standard No. 5— On July 27, 2007, the SEC approved PCAOB AS No. 5.

which supersedes PCAOB AS No. 2. Genesis for Change

– Feedback from companies on cost of audits– Desire to move back to more principles based (versus ruled

based) accounting (old standard perceived as too detailed and prescriptive)

– Desire to reinforce need for professional judgment– Unintended consequence of old standard promoting a “one size

fits all” approach– Align management’s and auditor’s approach

Effective for audits of years ending on or after November 15, 2007

37


Knowledge of I/C obtained from prior engagements

Industry developments Matters related to the company's business

Changes in operations Preliminary judgments regarding materiality

Previously identified control deficiencies

Legal or regulatory matters Extent of evidence available regarding effectiveness of I/C

Preliminary judgments regarding internal controls

Knowledge regarding risks related to the company

Relative complexity of the company's operations

Plan the Audit– Understand, define, and focus on Materiality– Understand the Business, its complexity, and its associated risks and then scope the

audit accordingly

When planning an integrated audit, the auditor should evaluate whether the following matters are important to the company’s financial statements and internal control over financial reporting and, if so, how they will effect the auditor’s procedures:

38


– Focus on “Top-Down”/”Risk-Based” Approach• Scope audit area to commensurate risk• Integrate Fraud considerations and consider as key risk

Financial Statement Level

Entity Level Controls

Significant Accounts and Disclosures

Relevant Assertions

Risk Assessment– Emphasis on Fraud Controls

• Considered part of top down approach — considered to include fraud risk assessment already performed for financial audit purposes

• Fraud risk assessment should be one step (integrated) for the financial statement and internal controls over financial reporting opinions

• Fraud considered the higher risk (versus error) and should get more attention

39


Gives more consideration to Entity Level Controls Uses professional judgment – no “checkbox” Eliminates the requirement for Auditor to issue an opinion on

management’s assessment of internal controls– Still requires Auditors to assess the effectiveness of the company’s

internal controls Requires the Auditor to report any discovered significant deficiencies,

but requires the Auditor to scope the audit only to assess whether any material weaknesses exist or could exist

For multi-location companies allows Auditor to eliminate sites that cannot impact Materiality

Emphasizes more up front work through walk-throughs for Auditors– Management may rely on self-assessments and monitoring

Emphasizes using the company’s or others work in both understanding the control environment and its design and testing its operation effectiveness

40

V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control—PCAOB AS No. 5

Internal control deficiencies fall into three categories:– Control deficiency—is a deficiency in the design or operation of a

control that does not allow management or employees to prevent or detect misstatements on a timely basis.

– Significant deficiency—is a control deficiency, or combination thereof, that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company’s financial reporting.

– Material weakness—is a deficiency, or combination thereof, such that results there if reasonable possibility (formerly more than remote likelihood) that a material misstatement of financial statements will not be prevented or detected on a timely basis.

If there is a “material weakness,” management cannot conclude that internal control over financial reporting is effective.

41


How do you know whether an internal control issue rises to the level of a material weakness?

Useful Analog: Rule 10b-5 definition of “Materiality”– Substantial likelihood that a reasonable shareholder would consider the omission or

representation important in making an investment decision OR– Substantial likelihood that a fact “would be viewed by the reasonable investor as

having significantly altered the ‘total mix’ of information made available.” See Basic v. Levinson; TSC Industries, Inc. v. Northway, Inc.

“Materiality” traditionally quantified with reference to auditing standards (SAS 47): 5% of pre-tax income or net income, 1/2% of total assets, 1/2% of total revenue

But see SAB 99—reliance on quantitative benchmarks to assess materiality for financial statements and performing audits is inappropriate; misstatements are not immaterial simply because below a # threshold.

AS 5 specifically includes the following list of indicators– Identification of fraud, whether or not material, on the part of senior management– Restatement of financials to reflect the correction of a material misstatement– Identification by the auditor of a material misstatement in the current period that

would not have been detected by the company’s internal controls– Ineffective audit committee oversight of financial reporting and internal controls

42


Box 1. Is the potential magnitude less than material to annual or interim financial statements?

Box 2. Are there complementary orredundant controls that were tested andevaluated that achieve the same controlobjective?

Box 3. Are there compensating controlsthat were tested and evaluated that reducethe magnitude of a misstatement of annualor interim financial statements to less thanmaterial?

Box 4. Does the evaluation of risk factorsresult in a judgment that there is not areasonable possibility that controls will failto prevent or detect a material misstatementof annual or interim financial statements?

Box 5. Is the matterimportant enough to meritattention by thoseresponsible for oversightof financial reporting?

Box 6. Would a prudentofficial conclude that thedeficiency is a material weakness consideringboth annual and interim financial statements?

Deficiency

SignificantDeficiency

Material Weakness

Yes

Yes

Yes

Yes

Yes

Yes

No

No

No

No

No

No

Activities-level Deficiencies

43


Box 1. Are there complementary or redundant ITGCs that were tested ad evaluated that achievethe same control objective?

Box 2. Are there control deficiencies at theapplication level evaluated in Chart 2 that arerelated to or caused by the ITGC deficiency?

Box 3. Are the control deficiencies at the application level related to or caused by the ITGC deficiencyclassified as a material weakness?

Box 5. Is the matter important enough to merit attention by thoseresponsible for oversight offinancial reporting?

Box 5. Would a prudent officialconclude that the deficiency is a material weakness consideringboth annual and interim financialstatements?

Deficiency


Material Weakness Yes

No

No

Yes

YesYes

Yes

No

No

No

IT General Control Deficiencies

44


Box 1. Is the deficiency an indication of a materialweakness?

Box 2. Are there complementary or redundantprograms or controls or compensating controls thatwere tested and evaluated that result in a judgmentthat the deficient control will not fail to prevent ordetect a material misstatement of annual or interimfinancial statements?

Box 3. Does the evaluation of risk factors result in a judgment that there is not a reasonable possibilitythat controls will fail to prevent or detect a materialmisstatement of annual or interim financialstatements?

Box 4. Is the matter important enough to merit attention by those responsible for oversightof financial reporting?

Box 5. Would a prudentofficial conclude that thedeficiency is a materialweakness consideringboth annual and interimfinancial statements?

Deficiency


Material Weakness Yes

Yes

Yes

YesNo

No

No

No

No

Yes

Entity-level Control Deficiencies

45

V. What are the SEC/PCAOB Requirements? C. Disclosure—Disclosure Controls

Disclose Management’s Assessment of Disclosure Controls

Company must disclose in each 10-Q and 10-K management’s conclusions regarding the effectiveness of disclosure controls as of the end of the period

If disclosure controls and procedures are not effective, disclosure should include– the reasons why and the nature of the deficiency,– how management is addressing the deficiency, including the

nature of any improvements and enhancements that were made or are being implemented,

– the timeline for any further improvements and– any efforts to mitigate the weakness in the interim.

46

V. What are the SEC/PCAOB Requirements?C. Disclosure—Internal Control

Management’s Annual Report on Internal Control 10-K must include a management report that:

– says management is responsible for establishing and maintaining adequate internal control over financial reporting

– identifies framework used to evaluate effectiveness– provides management’s assessment of effectiveness as of end

of fiscal year (including disclosure of any material weakness)– says that auditors have issued attestation report on the

company’s internal control over financial reporting

No prescribed location for the management’s report

47


Auditor’s Attestation Report 10-K must include an auditor’s attestation report

containing its opinion on the effectiveness of the company’s internal controls– An opinion on management’s assessment of the effectiveness of

internal controls is no longer necessary

Four types of opinions:– Unqualified opinion– Disclaimed opinion– Opinion that is qualified in scope– Adverse opinion

Opinion in auditor attestation does not necessarily impact opinion on financial statements and vice versa

48


Disclose Changes in Internal Control 10-Q and 10-K must disclose any change in internal

control that occurred during quarter that materially affected or is reasonably likely to materially affect internal control over financial reporting.– SEC says not required to disclose any changes made in

preparation for first management report, BUT issuers should “carefully consider” disclosing any material weakness and steps taken to correct it.

49

V. What are the SEC/PCAOB Requirements?D. Certification

Certification by CEO and CFO in each 10-Q and 10-K: based on their knowledge, the report does not contain any material misstatements or

omissions based on their knowledge, financial statements and financial info fairly present in all

material respects issuer’s financial condition and results of operations responsible for establishing and maintaining disclosure controls and procedures [and

internal control over financial reporting]– designed such disclosure controls and procedures to ensure that material information is made

known to them, particularly during period covered by report– designed such internal control over financial reporting to provide reasonable assurance re

reliability of financial reporting and preparation of financial statements per GAAP– evaluated effectiveness of disclosure controls and procedures as of end of period covered by

report and reported their conclusions in the report– disclosed in the report any change in internal control over financial reporting that occurred

during quarter that has materially, or is reasonably likely to material affect, internal control over financial reporting

disclosed, based on their most recent evaluation, to the auditors and audit committee:– All significant deficiencies and material weaknesses in internal control over financial reporting

that are reasonably likely to adversely affect issuer’s ability to record, process, summarize and report financial information; and

– Any fraud, whether or not material, involving management or employees who have significant role in internal control over financial reporting

50

VI. What are best practices with respect to disclosure controls?

51

VI. What are best practices with respect to disclosure controls?

A. Form a disclosure review committee

B. Prepare written compliance policies and procedures

C. Document compliance with policies and procedures

D. Implement a Regulation FD Disclosure Policy

E. Training and education

52

VI. What are best practices with respect to disclosure controls?A. Disclosure Review Committee

Disclosure Review Committee– Responsibilities –

• Review of Exchange Act filings, earnings and press releases, analyst communications, website

• Considering the materiality of information• Determining disclosure obligations• Coordinating reviews of CEO, CFO, independent accountants, internal

audits and the audit committee

– Members – SEC recommends principal accounting officer or controller, general counsel and principal risk management and investor relations officers. Also typically include CEO and CFO.

– Charter

53

VI. What are best practices with respect to disclosure controls?B. Written Compliance Policies and Procedures

Written compliance policies and procedures – Should be sufficiently detailed, but not overly burdensome– This documentation should

• Identify the personnel responsible for each section of the report,• Identify the other key participants involved in the report’s preparation,• Detail how the information necessary to prepare the report is collected

and communicated, and• Describe how drafts are reviewed and revised, including the degree of

review by outside auditors, counsel, the board of directors and the Audit Committee.

– A disclosure committee charter, a formal written compliance policy, certifications and sub-certifications and related materials and checklists can form the basis of a company’s written policies and procedures.

54

VI. What are best practices with respect to disclosure controls?C. Document Compliance with Policies and Procedures

Document Compliance with Policies and Procedures– Sub-certifications

• Many, but not all companies, use them• Should be tailored to areas of responsibility

– Instruction Sheets for Reviewers and Preparers– Timetables– Responsibility Checklists– 8-K Procedures

55

VI. What are best practices with respect to disclosure controls?D. Disclosure Policy and E. Training & Education

Disclosure Policy– designed to ensure compliance with Reg. FD– Siebel repealed—SEC action alleging failure to file 8-K re

selective disclosure of material information may violate Rule 13a-15 requirement that company maintain disclosure controls and procedures

– Flowserve case—SEC action involving the reaffirmation of earnings guidance

Training and Education

56

VII. Common Issues

57

VII. Common Issues

1) Should old drafts of Exchange Act filings be saved as part of the documentation process?

2) What issues related to internal control over financial reporting and disclosure controls and procedures should an acquiring company be concerned about? What kinds of representations and warranties should it obtain?

3) Is an acquiring reporting company required to include a target’s internal control over financial reporting and disclosure controls and procedures in the scope of its evaluation, disclosure and certification?

4) What issues are presented by the use of third party service providers such as ADP which perform accounting related functions?

58


59


Majority Voting for Directors– SEC and ISS Position

– Voluntary Corporate Action

– Possible Regulatory Action

Focus Executive Compensation—Disney Executive Compensation Disclosure Release

– Plain English

– Compensation, Discussion and Analysis

– Revised Compensation Tables

– Perks

– Disclosure of Pledged Stock by Directors and Executives

– New Centralize/Enhanced Corporate Governance Section

– Higher Threshold for Disclosure of Related Party Transactions

– Enhanced Form 8-K Disclosure

60


Stock Option Backdating and “Spring-Loading” Other Corporate Governance Pressures

– Activist Hedge Funds, Pension Funds and Private Equity Investors

– Direct Nomination (and Removal) of Directors

– 100% Independent Board

– Separation of Positions of Chairman and CEO

– Increased Allowance of Shareholder Proposals Restricting Corporate Activities

61

Thank you

Get Control Over Disclosure Controls and Procedures and Internal Control over Financial Reporting...

Documents

Transcript of Get Control Over Disclosure Controls and Procedures and Internal Control over Financial Reporting...