Sarbanes-Oxley Update: Notes

SARBANES-OXLEY ACT OF 2002

Overview and Update

Copyright, K. Klose, UMUC, 2003 2

Accounting Governance (Before Sarbanes-Oxley Act 2002)

SEC has always had statutory authority to oversee accounting, but delegated the task to

FASB – which set guidelines for non-governmental financial statement reporting, and the

AICPA’s ASB (Auditing Standards Board) – which set guidelines for auditing practices.


Accounting Governance (Before SOX Act con’t)

Other AICPA units involved in accounting governance included:

Accounting Standards Executive Committee (AcSEC) – supplements FASBs.

AICPA’s SEC Practice Section (SECPS) for firms with issuers.

Public Oversight Board (POB) manages Peer Review process.

Quality Control Inquiry Committee (QCIC)

Professional Ethics Division


The Challenges to Governance

Since 2000, the technology market bubble has burst and scandals have challenged accounting self-governance.

Allegations of misconduct include:

Enron – special entities & form vs. substance. Worldcom – mismatching costs on lines. Tyco – CEO special payments/contracts and falsifying

records. Aldelphia – off-balance sheet loans, excessive

capitalization, and inflated income.


What was Missing?

Analysis of these scandals found

inadequate disclosure in financial reporting

lack of independence on the part of accounting firms

weak corporate audit committees

management that was not personally responsible for financial statements and disclosure


Sarbanes-Oxley Getting Back on Track The SOX Act aims to tighten governance and protect

investors by

Reorientation SEC towards “active governance & monitoring”.

Creating the Public Company Accounting Oversight Board to do so. Mandating new responsibilities of public corporations, including:

“Real” Audit Committee Financial Statement Certification Regulating Officers & Directors New Disclosure Requirements

Imposing other provisions.


The “Commission” Takes Over

The SEC’s new mission states that it

promulgates rules/regulations that serve public interest and protect investors.

sets accounting standards and auditing practices, including rules for auditor independence.

can take legal, administrative, and disciplinary action against public accounting firms.


The “Commission” Takes Over (con’t)

The SEC has approved the following rules to date:

Mandates Electronic Filing of Ownership Reports; Prohibits Improper Influence of Auditors.

Requirements for Listed Company Audit Committees. Codes of Ethics and Audit Committee Expertise. Insider Trades During Pension Fund Blackout Periods. Use of Non-GAAP Measures (Pro-Forma & Off-Balance Sheet

Disclosures). MD&A Disclosures of Off-Balance Sheet Items. New exhibit requirements for 302 and 906 certifications,

effective August 14, 2003.

Visit: http://www.aicpa.org/sarbanes/index.asp


Accounting Oversight Board - New Partner in Governance

The Public Company Accounting Oversight Board (PCAOB) will serve as the SEC’s lead unit in fulfilling its mission and monitoring compliance with rulings. The AOB is

a non-governmental not-for-profit corporation

that will register and regulate all public accounting firms and provide audit services to public companies.

It has authority to establish rules governing audits, conduct inspections and investigations, and impose sanctions.


PCAOB - Partner in Governance (con’t)

SEC approved Board on 4/25/2003 with William McDonough as President. Website: http://www.pcaobus.org/

On October 25, 2003, it becomes unlawful for any non-registered firm to prepare/issue an audit report for a public company.


PCAOB - Composed for Independence

The AOB will be composed of

Five financially literate full-time members. 2 current or former CPAs, 3 non-CPAs (may never have been a CPA) chair may hold a CPA, but no practice in past 5 years

5 year term – based on review by SEC, Federal Reserve Board and Treasury Department.

Members may not receive any profits or other fixed payments from any public accounting firm, except fixed payment retirement benefits.

Members may be removed by the Commission "for good cause."


PCAOB - Implications for CPA Firms

CPA firms offering Audit Services will now register with the AOB. Firms will

pay an annual fee to the Board, be assessed an "annual accounting support fee“ if they are

involved in stock issues, submit to annual quality reviews (inspections) if the firm handles

over 100 issues; every three years for all other firms, and foreign accounting firms who audit a U.S. company must register

and comply.


PCAOB - Implications CPAs (con’t)

The SEC is authorized to accept as GAAP any accounting principles established by a standard-setting body that meets the following criteria is

a private entity, not associated with public accounting firm in the past

2 years, funded similarly to the Board, prompt in considering changes to accounting

principles by a majority vote, and willing to keep standards current and consider

international convergence when appropriate.


PCAOB - Implications for CPAs (con’t)

Under the act, it shall be "unlawful" for a registered public accounting firm to provide any non-audit service to an issuer contemporaneously with the audit, including:

bookkeeping financial information systems design and implementation appraisal or valuation services, fairness opinions, or contribution-in-kind

reports actuarial services internal audit outsourcing services management functions or human resources broker or dealer, investment adviser, or investment banking services legal services and expert services unrelated to the audit, or any other service that the Board determines, by regulation, is impermissible.

Note: Exemptions may be allowed.


PCAOB - Implications for CPAs (con’t)

Related to newly mandated internal control reporting

Auditors may assist management in documenting internal controls, but may not test controls for management.

Firms attest to management’s effectiveness in assessing internal control over financial reporting (as explained below).


PCAOB - Implications for Public Companies

Public companies must now comply with these AOB requirements:

Lead auditor and reviewing partner must be rotated every 5 years.

Accounting firm must report to Audit Committee and “discuss audit nuts & bolts”.

The CEO, controller, CFO, chief accounting officer may not have been employees of the audit firm within the past year.

State regulators decide adoption for small and mid-size non-registered accounting firms.


PCAOB - Implications for Public Companies (con’t)

Additionally……

Issuers will be assessed a "annual accounting support fee“ based on their relative market capitalization.

Board auditing standards, such as record retention rules, second partner review, and scope of internal control testing, will affect the nature of audits.

Independence standards will limit the non-audit work that auditors can perform.


PCAOB - Implications for Public Companies (con’t)

Company information will be subject to review in inspections of the independent auditor and the company can be required to testify and produce documents in an auditor disciplinary proceeding.

Companies will have to ensure compliance with any sanctions imposed by the Board, such as suspensions of auditors or their personnel from auditing.


Audit Committee and Relationship with the Auditor

The SOX stipulates that the audit committee of an issuing company:

will be adequately funded; will be directly responsible for the appointment,

compensation, and oversight of audit firm; may engage independent counsel or other advisors,

as it determines necessary to carry out its duties; establishes procedures for the "receipt, retention, and

treatment of complaints" on accounting, internal controls, and auditing.


Audit Committee and Director Responsibilities

Under the SOX ……

Unlawful for an issuer to extend credit to any director or executive officer.

Directors, officers and 10 percent owner must report designated transactions by the end of the 2nd day following the a transaction.


Audit Committee and Management Responsibilities

Management is now required to certify financial statements based on these guidelines:

The CEO and CFO of each issuer will certify the "appropriateness of the financial statements and disclosures contained in the periodic report, and that those financial statements and disclosures fairly present, in all material respects, the operations and financial condition of the issuer."

A violation of this section must be knowing and intentional to give rise to liability.Officer or director action to fraudulently influence audit results is unlawful.

CEO and the CFO shall "reimburse the issuer for any bonus or other incentive-based or equity-based compensation received" during the twelve months following the issuance or filing of the non-compliant document and "any profits realized from the sale of securities of the issuer" during that period.

Federal courts are authorized to "grant any equitable relief that may be appropriate or necessary for the benefit of investors“ in cases brought by the SEC.


Audit Committee and Management Responsibilities (con’t)

Additionally, the SOX does the following

Stipulates that SEC may bar a person from acting as an officer or director of an issuer if conduct "demonstrates unfitness”.

Prohibits the purchase or sale of stock by officers and directors and other insiders during blackout periods.

Requires financial statement reports to "reflect all material correcting adjustments made by the auditor”.

Mandates that financial reports will disclose all material off-balance sheet transactions" and "other relationships" with "unconsolidated entities".

Requires that the SEC shall issue rules providing for pro forma financial information.


Audit Committee and Management Responsibilities (con’t) On or after June 15, 2004, the act requires each annual

report of an issuer to contain an "internal control report“ that

states that internal control is management’s responsibility,

contains an assessment of the effectiveness of the internal control structure/procedures for the reporting period which includes a disclosure of “material weaknesses”, and to which an auditor attests in relation to the financial statement engagement (can not be as separate engagement).

contains a disclosure as to whether the issuer has an ethics code in place to guide senior financial management.



Controls subject to assessment include those related to: Gathering, recording, and reconciling transactions related to

financial statement account balances, non-routine transactions, selection and application of accounting policy, and prevention and detection of fraud.

Management must provide documentation and evaluation of evidential matter related to testing of internal control design and effectiveness. Simple inquiry of company personnel by management is not

adequate basis for report. Evaluation must be based on suitable framework, like the COSO,

used as US standard (visit: http://www.coso.org/).



Effective August 14, 2003, companies must comply with new exhibit rules for 302 and 906 certifications in periodic reports. 302 certification is management’s statement regarding

internal and disclosure control procedures, including Assessments of most recent evaluation, explanation of

areas of weakness, and commentary on areas that need attention.

906 certification continues on this theme, but also confirms management’s understanding of the criminal penalties related to intentional falsification of financial statements.


Audit Committee and Disclosure Issues

The SOX requires that issuers of stock disclose

whether at least one member of its audit committee is a "financial expert”, and

material changes in the financial condition or operations of the issuer on a rapid and current basis (real-time disclosure).


Corporate Fraud & Accountability Act

Related to SOX, it is a FELONY to "knowingly" destroy or create documents to "impede, obstruct or influence" any existing or contemplated federal investigation.

Auditors are required to maintain "all audit or review work papers" for five years.

The statute of limitations on securities fraud claims is now the earlier of three years from the fraud or one year from the discovery.

“Whistle blower protection" is extended to employees of issuers and accounting firms employees.


Corporate Fraud & Accountability Act (con’t)

Under the Act, legal ramifications and criminal penalties include: Securities Fraud: to “knowingly defraud any

person in connection with a security” of a public company. Max of 25 years (rather than 5 or 10) 10 – 25 years for an individual $1.0 - $5.0 million in fines for an individual $2.5 - $25 million in fines for a company

Document tampering: 20 years in prison and a fine.


SOX - Role of the CFO

The act expands management’s responsibility for the accuracy of financial statements and places the burden of proof clearly with company executives, not external auditors.

This gives CFOs the opportunity to take an active part in

designing systems that insure company compliance with SOX.


SOX - Role of the CFO

The most immediate dictate related to documenting and reporting on internal control is paramount. Decision must be made related to

who within the organization will document internal control, who will claim ownership for documentation efforts and perform

future maintenance, should the documentation team be responsible for testing and

assessment. what role will internal audit play, what general IT controls may be needed to improve accounting

internal control, and what technology is available to assist in internal control

documentation and compliance management.


SOX – Learning More

To learn more about the progress of the SEC in implementing sections of the SOX visit the following sites:

http://www.sec.gov/index.htm http://www.aicpa.org/sarbanes/index.asp http://www.pcaobus.org/ http://www.pwcglobal.com/

References: AICPA, SEC, Forbes, PCAOB, James Howard, UMUC, MACPA, VASA, GWSA, and PWC.

Sarbanes-Oxley Update: Notes

Business

Transcript of Sarbanes-Oxley Update: Notes