Sarbanes-Oxley Update: Notes
description
Transcript of Sarbanes-Oxley Update: Notes
SARBANES-OXLEY ACT OF 2002
Overview and Update
Copyright, K. Klose, UMUC, 2003 2
Accounting Governance (Before Sarbanes-Oxley Act 2002)
SEC has always had statutory authority to oversee accounting, but delegated the task to
FASB – which set guidelines for non-governmental financial statement reporting, and the
AICPA’s ASB (Auditing Standards Board) – which set guidelines for auditing practices.
Copyright, K. Klose, UMUC, 2003 3
Accounting Governance (Before SOX Act con’t)
Other AICPA units involved in accounting governance included:
Accounting Standards Executive Committee (AcSEC) – supplements FASBs.
AICPA’s SEC Practice Section (SECPS) for firms with issuers.
Public Oversight Board (POB) manages Peer Review process.
Quality Control Inquiry Committee (QCIC)
Professional Ethics Division
Copyright, K. Klose, UMUC, 2003 4
The Challenges to Governance
Since 2000, the technology market bubble has burst and scandals have challenged accounting self-governance.
Allegations of misconduct include:
Enron – special entities & form vs. substance. Worldcom – mismatching costs on lines. Tyco – CEO special payments/contracts and falsifying
records. Aldelphia – off-balance sheet loans, excessive
capitalization, and inflated income.
Copyright, K. Klose, UMUC, 2003 5
What was Missing?
Analysis of these scandals found
inadequate disclosure in financial reporting
lack of independence on the part of accounting firms
weak corporate audit committees
management that was not personally responsible for financial statements and disclosure
Copyright, K. Klose, UMUC, 2003 6
Sarbanes-Oxley Getting Back on Track The SOX Act aims to tighten governance and protect
investors by
Reorientation SEC towards “active governance & monitoring”.
Creating the Public Company Accounting Oversight Board to do so. Mandating new responsibilities of public corporations, including:
“Real” Audit Committee Financial Statement Certification Regulating Officers & Directors New Disclosure Requirements
Imposing other provisions.
Copyright, K. Klose, UMUC, 2003 7
The “Commission” Takes Over
The SEC’s new mission states that it
promulgates rules/regulations that serve public interest and protect investors.
sets accounting standards and auditing practices, including rules for auditor independence.
can take legal, administrative, and disciplinary action against public accounting firms.
Copyright, K. Klose, UMUC, 2003 8
The “Commission” Takes Over (con’t)
The SEC has approved the following rules to date:
Mandates Electronic Filing of Ownership Reports; Prohibits Improper Influence of Auditors.
Requirements for Listed Company Audit Committees. Codes of Ethics and Audit Committee Expertise. Insider Trades During Pension Fund Blackout Periods. Use of Non-GAAP Measures (Pro-Forma & Off-Balance Sheet
Disclosures). MD&A Disclosures of Off-Balance Sheet Items. New exhibit requirements for 302 and 906 certifications,
effective August 14, 2003.
Visit: http://www.aicpa.org/sarbanes/index.asp
Copyright, K. Klose, UMUC, 2003 9
Accounting Oversight Board - New Partner in Governance
The Public Company Accounting Oversight Board (PCAOB) will serve as the SEC’s lead unit in fulfilling its mission and monitoring compliance with rulings. The AOB is
a non-governmental not-for-profit corporation
that will register and regulate all public accounting firms and provide audit services to public companies.
It has authority to establish rules governing audits, conduct inspections and investigations, and impose sanctions.
Copyright, K. Klose, UMUC, 2003 10
PCAOB - Partner in Governance (con’t)
SEC approved Board on 4/25/2003 with William McDonough as President. Website: http://www.pcaobus.org/
On October 25, 2003, it becomes unlawful for any non-registered firm to prepare/issue an audit report for a public company.
Copyright, K. Klose, UMUC, 2003 11
PCAOB - Composed for Independence
The AOB will be composed of
Five financially literate full-time members. 2 current or former CPAs, 3 non-CPAs (may never have been a CPA) chair may hold a CPA, but no practice in past 5 years
5 year term – based on review by SEC, Federal Reserve Board and Treasury Department.
Members may not receive any profits or other fixed payments from any public accounting firm, except fixed payment retirement benefits.
Members may be removed by the Commission "for good cause."
Copyright, K. Klose, UMUC, 2003 12
PCAOB - Implications for CPA Firms
CPA firms offering Audit Services will now register with the AOB. Firms will
pay an annual fee to the Board, be assessed an "annual accounting support fee“ if they are
involved in stock issues, submit to annual quality reviews (inspections) if the firm handles
over 100 issues; every three years for all other firms, and foreign accounting firms who audit a U.S. company must register
and comply.
Copyright, K. Klose, UMUC, 2003 13
PCAOB - Implications CPAs (con’t)
The SEC is authorized to accept as GAAP any accounting principles established by a standard-setting body that meets the following criteria is
a private entity, not associated with public accounting firm in the past
2 years, funded similarly to the Board, prompt in considering changes to accounting
principles by a majority vote, and willing to keep standards current and consider
international convergence when appropriate.
Copyright, K. Klose, UMUC, 2003 14
PCAOB - Implications for CPAs (con’t)
Under the act, it shall be "unlawful" for a registered public accounting firm to provide any non-audit service to an issuer contemporaneously with the audit, including:
bookkeeping financial information systems design and implementation appraisal or valuation services, fairness opinions, or contribution-in-kind
reports actuarial services internal audit outsourcing services management functions or human resources broker or dealer, investment adviser, or investment banking services legal services and expert services unrelated to the audit, or any other service that the Board determines, by regulation, is impermissible.
Note: Exemptions may be allowed.
Copyright, K. Klose, UMUC, 2003 15
PCAOB - Implications for CPAs (con’t)
Related to newly mandated internal control reporting
Auditors may assist management in documenting internal controls, but may not test controls for management.
Firms attest to management’s effectiveness in assessing internal control over financial reporting (as explained below).
Copyright, K. Klose, UMUC, 2003 16
PCAOB - Implications for Public Companies
Public companies must now comply with these AOB requirements:
Lead auditor and reviewing partner must be rotated every 5 years.
Accounting firm must report to Audit Committee and “discuss audit nuts & bolts”.
The CEO, controller, CFO, chief accounting officer may not have been employees of the audit firm within the past year.
State regulators decide adoption for small and mid-size non-registered accounting firms.
Copyright, K. Klose, UMUC, 2003 17
PCAOB - Implications for Public Companies (con’t)
Additionally……
Issuers will be assessed a "annual accounting support fee“ based on their relative market capitalization.
Board auditing standards, such as record retention rules, second partner review, and scope of internal control testing, will affect the nature of audits.
Independence standards will limit the non-audit work that auditors can perform.
Copyright, K. Klose, UMUC, 2003 18
PCAOB - Implications for Public Companies (con’t)
Company information will be subject to review in inspections of the independent auditor and the company can be required to testify and produce documents in an auditor disciplinary proceeding.
Companies will have to ensure compliance with any sanctions imposed by the Board, such as suspensions of auditors or their personnel from auditing.
Copyright, K. Klose, UMUC, 2003 19
Audit Committee and Relationship with the Auditor
The SOX stipulates that the audit committee of an issuing company:
will be adequately funded; will be directly responsible for the appointment,
compensation, and oversight of audit firm; may engage independent counsel or other advisors,
as it determines necessary to carry out its duties; establishes procedures for the "receipt, retention, and
treatment of complaints" on accounting, internal controls, and auditing.
Copyright, K. Klose, UMUC, 2003 20
Audit Committee and Director Responsibilities
Under the SOX ……
Unlawful for an issuer to extend credit to any director or executive officer.
Directors, officers and 10 percent owner must report designated transactions by the end of the 2nd day following the a transaction.
Copyright, K. Klose, UMUC, 2003 21
Audit Committee and Management Responsibilities
Management is now required to certify financial statements based on these guidelines:
The CEO and CFO of each issuer will certify the "appropriateness of the financial statements and disclosures contained in the periodic report, and that those financial statements and disclosures fairly present, in all material respects, the operations and financial condition of the issuer."
A violation of this section must be knowing and intentional to give rise to liability.Officer or director action to fraudulently influence audit results is unlawful.
CEO and the CFO shall "reimburse the issuer for any bonus or other incentive-based or equity-based compensation received" during the twelve months following the issuance or filing of the non-compliant document and "any profits realized from the sale of securities of the issuer" during that period.
Federal courts are authorized to "grant any equitable relief that may be appropriate or necessary for the benefit of investors“ in cases brought by the SEC.
Copyright, K. Klose, UMUC, 2003 22
Audit Committee and Management Responsibilities (con’t)
Additionally, the SOX does the following
Stipulates that SEC may bar a person from acting as an officer or director of an issuer if conduct "demonstrates unfitness”.
Prohibits the purchase or sale of stock by officers and directors and other insiders during blackout periods.
Requires financial statement reports to "reflect all material correcting adjustments made by the auditor”.
Mandates that financial reports will disclose all material off-balance sheet transactions" and "other relationships" with "unconsolidated entities".
Requires that the SEC shall issue rules providing for pro forma financial information.
Copyright, K. Klose, UMUC, 2003 23
Audit Committee and Management Responsibilities (con’t) On or after June 15, 2004, the act requires each annual
report of an issuer to contain an "internal control report“ that
states that internal control is management’s responsibility,
contains an assessment of the effectiveness of the internal control structure/procedures for the reporting period which includes a disclosure of “material weaknesses”, and to which an auditor attests in relation to the financial statement engagement (can not be as separate engagement).
contains a disclosure as to whether the issuer has an ethics code in place to guide senior financial management.
Copyright, K. Klose, UMUC, 2003 24
Audit Committee and Management Responsibilities (con’t)
Controls subject to assessment include those related to: Gathering, recording, and reconciling transactions related to
financial statement account balances, non-routine transactions, selection and application of accounting policy, and prevention and detection of fraud.
Management must provide documentation and evaluation of evidential matter related to testing of internal control design and effectiveness. Simple inquiry of company personnel by management is not
adequate basis for report. Evaluation must be based on suitable framework, like the COSO,
used as US standard (visit: http://www.coso.org/).
Copyright, K. Klose, UMUC, 2003 25
Audit Committee and Management Responsibilities (con’t)
Effective August 14, 2003, companies must comply with new exhibit rules for 302 and 906 certifications in periodic reports. 302 certification is management’s statement regarding
internal and disclosure control procedures, including Assessments of most recent evaluation, explanation of
areas of weakness, and commentary on areas that need attention.
906 certification continues on this theme, but also confirms management’s understanding of the criminal penalties related to intentional falsification of financial statements.
Copyright, K. Klose, UMUC, 2003 26
Audit Committee and Disclosure Issues
The SOX requires that issuers of stock disclose
whether at least one member of its audit committee is a "financial expert”, and
material changes in the financial condition or operations of the issuer on a rapid and current basis (real-time disclosure).
Copyright, K. Klose, UMUC, 2003 27
Corporate Fraud & Accountability Act
Related to SOX, it is a FELONY to "knowingly" destroy or create documents to "impede, obstruct or influence" any existing or contemplated federal investigation.
Auditors are required to maintain "all audit or review work papers" for five years.
The statute of limitations on securities fraud claims is now the earlier of three years from the fraud or one year from the discovery.
“Whistle blower protection" is extended to employees of issuers and accounting firms employees.
Copyright, K. Klose, UMUC, 2003 28
Corporate Fraud & Accountability Act (con’t)
Under the Act, legal ramifications and criminal penalties include: Securities Fraud: to “knowingly defraud any
person in connection with a security” of a public company. Max of 25 years (rather than 5 or 10) 10 – 25 years for an individual $1.0 - $5.0 million in fines for an individual $2.5 - $25 million in fines for a company
Document tampering: 20 years in prison and a fine.
Copyright, K. Klose, UMUC, 2003 29
SOX - Role of the CFO
The act expands management’s responsibility for the accuracy of financial statements and places the burden of proof clearly with company executives, not external auditors.
This gives CFOs the opportunity to take an active part in
designing systems that insure company compliance with SOX.
Copyright, K. Klose, UMUC, 2003 30
SOX - Role of the CFO
The most immediate dictate related to documenting and reporting on internal control is paramount. Decision must be made related to
who within the organization will document internal control, who will claim ownership for documentation efforts and perform
future maintenance, should the documentation team be responsible for testing and
assessment. what role will internal audit play, what general IT controls may be needed to improve accounting
internal control, and what technology is available to assist in internal control
documentation and compliance management.
Copyright, K. Klose, UMUC, 2003 31
SOX – Learning More
To learn more about the progress of the SEC in implementing sections of the SOX visit the following sites:
http://www.sec.gov/index.htm http://www.aicpa.org/sarbanes/index.asp http://www.pcaobus.org/ http://www.pwcglobal.com/
References: AICPA, SEC, Forbes, PCAOB, James Howard, UMUC, MACPA, VASA, GWSA, and PWC.