Implementation Issues of Sarbanes-Oxley by ujl89480


									Implementation Issues of
     CASE Presentation
     September 23, 2004
      By Denise Farnan
• Overview of Sarbanes-Oxley legislation
• Key sections of legislation and key players
• SOX implementation issues for public
  insurance companies
• Positives from implementation of SOX

Overview of Sarbanes-Oxley Act
• Became law on July 30, 2002
• The Act established a board (PCAOB) to create
  auditing standards and regulation for all SEC
• Created specific corporate responsibility for
  financial reporting, internal controls and audit
  committee standards
• Enacted rules relevant to attorneys, securities
  analysts, auditors and brokers
• Established criminal penalties for non-compliance
   Intent of Sarbanes-Oxley Act
• Provide confidence and trust to investors
  and public in the post-Enron era.
• Requires management accountability --
  focus on rapid identification & correction of
  control weaknesses along with additional
  financial disclosure requirements
• Hold external auditors to a higher
  attestation standard

              Key Sections of SOX
• Section 302 requires the CEO and CFO on a quarterly basis to sign off
  on financial statement fairness and internal control effectiveness. They
  also must report any significant changes in internal controls since their
  last evaluation.
• Section 404 requires a separate management report on internal control
  effectiveness and audit by the organization’s external financial
  statement auditor. It becomes effective for most large companies for
  their entire reporting year ending December 31, 2004 and has a
  12/31/2005 effective date for other companies.
• Section 906 is related to Sections 302 and 404, and requires that CEOs
  and CFOs ensure all financial reporting (including annual and periodic
  reports) fairly presents, in all material respects, the financial condition
  and results of operations of the issuer. It also provides for significant
  criminal penalties for non-compliance.
   Key Sections of SOX (cont’d)
• Section 201 prohibits a registered public accounting firm from
  performing both audit and non-audit services.
• Section 301 requires an audit committee to establish
  “whistleblower” procedures to allow the confidential and
  anonymous submission of concerns regarding questionable
  accounting or auditing matters.
• Section 409 requires disclosure to the public on a rapid and
  current basis additional information concerning material
  changes in the financial condition or operations of the issuer
  (Form 8-K).

         Who are the key external
Public Company Accounting Oversight Board (PCAOB)

• Is a private-sector, non-profit corporation, created by the Sarbanes-
  Oxley Act, to oversee the auditors of public companies.
• Responsible for establishing auditing and related attestation standards,
  quality control standards, and ethics standards to be used by registered
  public accounting firms in the preparation and issuance of audit
• Proposed rules and standards must be submitted to the Securities and
  Exchange Commission for approval prior to becoming law.

         Who are the key external
         Securities and Exchange Commission (SEC)

•    Is the primary overseer and regulator of the U.S.
     securities markets.
•    Reviews documents that publicly-held companies are
     required to file with the Commission. The documents
1.   Registration statements for newly-offered securities;
2.   Annual and quarterly filings (Forms 10-K and 10-Q);
3.   Proxy materials sent to shareholders before an annual meeting;
4.   Annual reports to shareholders.
5.   Disclosure of current reportable events (Form 8-K)

         Who are the key external
           COSO - Committee of Sponsoring Organizations
•    COSO is the Internal Control Framework recommended by
     regulatory/industry bodies for use in Sarbanes-Oxley
     compliance purposes.
•    Designed to provide reasonable assurance towards achieving
     business objectives in the following three categories:
1.   Reliability of financial reporting (primary emphasis of SOX)
2.   Effectiveness and efficiency of operations
3.   Compliance with applicable laws and regulations

•    Establishes that management has primary responsibility for
     establishing and maintaining internal controls.

            Internal Control Items
     COSO’s Five Internal Control Components

1.    Control Environment (Assignment of authority & responsibility,
      Management’s philosophy and operating style)
2.    Risk Assessment (Establishment of objectives, Ability to manage
      internal & external change)
3.    Control Activities (Segregation of duties, Documentation of polices
      & procedures, reconciliations, Transaction approvals)
4.    Information & Communication (Is the right information provided
      to the right people at the right time?)
5.    Monitoring (Responding to control deficiencies, Frequency of
      monitoring procedures, Evidence that monitoring took place)

 Implementation Issues for SOX
• Sarbanes-Oxley Act requires education of employees and
  management across departments
• Increased documentation, testing, walkthrough
  requirements for management and auditors
• Efforts to correct any potential deficiencies identified
  during walkthrough
• Development of testing and monitoring strategy for risk
  assessment and control activity

 Implementation Issues for SOX
• $$$$ --- Higher audit fees
• Purchase of compliance software – which one?
• Work with 3rd Party vendors on investor communications
  and establishment of a whistleblower program
• Changes in IT Department on system controls utilizing the
  recommended Internal Control Framework established by

       Positives Results from
      Implementation of SOX
• Improve process efficiencies through
  identification of weaknesses
• Reduce internal fraud with implementation
  of improved controls
• Create environment for corporate


To top