Jeffrey Thomson, Acting President and CEO

1
Accounting Control Assessment Standards The
Missing Piece in the Restatement Puzzle

• Presented by
• Jeffrey Thomson, (Acting) President and CEO
• May 9, 2008

2
About your Speaker

• Jeff Thomson
• (Acting) President and CEO - IMA
• Prior to his IMA assignment (2005), worked at
  ATT for over two decades where he served in
  various financial, strategic, and operational
  roles including CFO of a multi-billion dollar
  business.
• Considered a global thought leader in emerging
  area of GRC - governance, risk and compliance.
• Has provided testimony to the U. S. Congress on
  internal controls and risk management as it
  relates to Sarbanes-Oxley implementation. Also
  appeared before the SEC on critical regulatory
  matters impacting U.S. global competitiveness.
• COSO (Committee of Sponsoring Organizations)
  Board Member.
• Executive Education/Certificates from Columbia
  Business School, Wharton and MIT/Sloan.
• a

3
About the Institute of Management Accountants
www.imanet.org
Mission To provide a dynamic forum for
management accounting and finance professionals
to develop and advance their careers through
certification, research and practice development,
education, networking, and advocacy of the
highest ethical and professional
practices. Certification Certified Management
Accountant (CMA). Global Reach Members in
over 100 countries. Research Practices
Leadership Strategies Strategic Cost Management
Business Performance Management Technology
Enablement and, (NEW) Finance GRC (Governance,
Risk and Compliance).
4
Agenda- Todays Session

• Supply Chain View of Financial Reporting
• The Missing Piece in the Restatement Puzzle
• Emphasis on risk and controls sub-optimization
• IMA Resources
• Panel Discussion

5
The Financial / Information Supply Chain
External Financial Reporting
Business Operations
Internal Financial Reporting / DSS
Investment, Lending, Regulation
Economic Policy Making
Processes
XBRL
XBRL-FR
XBRL
XBRL
Participants
Companies
Financial Publishers and Data Aggregators /
Brokers / Analysts
Investors
Central Banks
Auditors
Management Accountants and Finance Professionals
Trading Partners
Regulators
Software Vendors
6
Management Accountants Roles Responsibilities
Decision Support Planning
Internal Controls
Financial Systems
Financial Information Supply Chain
Design
Implement
Manage
Report
Audit
Public Accounting
Management Accounting
To achieve clean audits and produce relevant
financial information for stakeholders, the
professionals inside the financial/information
supply chain who design, implement and manage
business processes must be properly trained,
educated and certified. This includes a new
core competency risk management and internal
controls.
7
IMA Oral Input to SEC CIFiR Panel 4 Delivery of
Financial Information (2/15/08)
1) Strategic Business Partner
2) Financial Governance, Risk, and Compliance
3) Performance Management, Decision Support,
Planning and Budgeting
4) Design, Implement, Manage, and Report on the
transactions of the business
Foundation
5) Develop finance and accounting professionals
with appropriate education, certification, and
experience to work inside organizations
Recommendation 1 SEC recognition that
integration of financial with non- financial
performance measures reporting is the domain of
management accountants and finance professionals
inside the CFO organization
8
Take-Away It ALL Depends on Human Capital!

• Professionalization of corporate finance function
  and accounting staff critical to assure right,
  relevant, and reliable financial statements
• Deployment of principles-based standards depends
  on professional judgment of inside corporate
  finance and accounting professionals
• Production of financial and non-financial/CSR
  measures dependent on properly trained corporate
  finance and accounting professionals
• XBRL deployment depends on properly prepared
  corporate finance and accounting professionals

Recommendation 2 SEC should influence the
development of properly educated and certified
finance function professionals inside CFO
functions, (similar to SEC influence in advancing
XBRL and GAAP/IFRS convergence). Recommendation
3 SEC should encourage registrants to furnish
pertinent non financial data, BUT only when
significant level of professionalization of
finance functions inside corporations is achieved
9
U.S. Sarbanes-Oxley (SOX) in Relation to
Financial Restatements

• Internal Controls over Financial Reporting and
  their impact on material financial restatements
  are linked. More than 1 in 10 U.S. firms
  restate, and yet many attest to the markets that
  they had an effective system of internal controls
  to prevent material restatements. What gives??

10

11
Financial Restatements Is a 10-13 Error Rate
Acceptable??(source Audit Analytics)
12
Audit Analytics Restatements Update Feb. 2008

• Calendar 2007 experienced the first decline in
  restatement disclosures since 2001 (30).
• However, the proportion of restatements remains
  high ( of total filers).
• In addition, in 2007, some analysts would argue
  that the drop in restatements could be largely
  attributed to the FIN 48/SAB 108 alternative
  (adjustment to beginning balance RE).
• Finally, academic studies are indicating that
  accounting complexity is not the major driver
  of financial restatements.

13
Academic Research on Restatements (Plumlee and
Yohn, March 2008)
14
SOX's Overarching Objective

• "to protect investors by improving the
  accuracy and reliability of corporate disclosures
  made pursuant to securities laws, and other
  purposes" or, stated more bluntly, "to
  protect investors by reducing the frequency of
  material errors in financial disclosures issued
  by SEC registrants"

15

SOX Progress Report February 2008 (source Glass,
Lewis Co. February 2007)
2,931 U.S. companies, about 23, filed at least
one restatement during the last four years 683
companies restated two or more times
16
SOX Progress Report February 2008 (Glass, Lewis
Co., The Errors of Their Ways, 2007)
"Companies take note If you restated, you must
have had a material weakness. We still have a
hard time figuring out how so many companies that
restated also could have reasonably concluded
that their internal controls are effective and
they have no material weaknesses - or that no
material weaknesses even existed at the time of
the errors.
17
The Missing Piece in the Restatement Puzzle
Control Assessment Standards

• Congress delegated responsibility to define
  control assessment standards to
• the SEC.
• The SEC must have concluded that COSO 1992 was a
  "suitable"
• set of guidance.
• The PCAOB concluded COSO 1992 by itself wasn't
  enough and created AS2.
• AS2, by default, became the first generally
  accepted control assessment
• standard and produced high control
  effectiveness opinion error rates.
• AS5, while better, suffers from many of the same
  "fatal flaws. See April 2008
• edition of Compliance Week (Gains on Key
  Controls May Stall ), p. 1.

18
The Missing Pieces in the Restatement Puzzle
Inadequate focus on systematic error reduction
19
The Missing Pieces in the Restatement Puzzle
Inadequate focus on identifying the real risks
Identifying Real Risks
20
Inadequate focus on identifying the real risks
Finally, the management and boards of
directors of these financial services firms
failed to put in place adequate risk management
systems. Moreover, the Fed, SEC and the Office
of the Comptroller of the Currency did not take
any meaningful, proactive regulatory action to
require improvements in risk management and
public disclosure ... Arthur Levitt, Wall
Street Journal, March 21, 2008.
Identifying Real Risks
21
Failures in Enterprise Risk Management
Once Again, Risk Protection Fails
Suddenly, Risk Managers are all the Rage
Banks High-Tech Security Cant Keep Up with
Traders
22
Summary Losses Write Downs

• Write downs in mortgage-related securities
• Morgan Stanley - 9.4 billion (in 4th quarter of
  2007)
• Merrill Lynch - 7.9 billion (in 3rd quarter of
  2007)
• UBS 11.4 billion loss in 4th quarter
  full-year net loss of 4 billion
• Citigroup - 18.1 billion (in 4th quarter of
  2007)
• Bear Stearns was defrauded out of 6.8 million
• Société Générale 7.2 billion loss on series of
  fraudulent trades

23
ERM Failures Why Was it Missed?

• Smartest Men in the Room Phenomenon Continues
• Michael Lewis on the Black Scholes Model for
  valuing Securities The math was too advanced,
• the theorists too smart, the debate for
• anyone not in mathematics was bound to
• end badly. Bottom line You cannot sell
• at a good price when everyone else is
• selling. (March 2008 Conde Naste
• Portfolio)

24
ERM Failures Why Was it Missed?

• Need to Understand Management Compensation
  Schemes
• Need to understand at all levels,
• Some methods can be dysfunctional
• Stock Options
• Various Performance Measures
• Compensation grew without performance as the
  market increased.
• Sub-Prime Crisis No one had to assume the
  responsibility for the risk.

25
ERM Failures Why Was it Missed?

• Complexity
• Financial Transactions
• Organizational Arrangements
• Identifying who holds the risk
• Identifying Risk Factors is Often Based on Our
  Past History
• Research, starting with children, point out that
  from an early age, we learn about risk by
  encountering it.
• We had a long period of a stable market, thus we
  assumed it would last forever.

26
The Missing Pieces in the Restatement Puzzle
Sub-optimal GACAS standard setting (Generally
Accepted Control Assessment Standards)
Identifying Real Risks
Sub-optimal GACAS Standard Setting
27
The Missing Pieces in the Restatement Puzzle
U.S. litigious legal system presents major
challenges
U.S. Litigious Legal System
Identifying Real Risks
Sub-optimal GACAS Standard Setting
28
The Missing Pieces in the Restatement Puzzle
Absence of fact-based research
U.S. Litigious Legal System
Identifying Real Risks
Absence of fact-based research
Sub-optimal GACAS Standard Setting
29
(No Transcript)
30
IMA FGRC Resources Available NOW!!

• SMAs (Statements on Management Accounting) on
  Enterprise Risk Management.
• Research studies (e.g., COSO study), global
  discussion papers, comment letters filed with SEC
  and PCAOB, Congressional testimony.
• Webinars (live and for re-broadcast),
  conferences, Strategic Finance articles.
• New FGRC Research Advisory Committee formed
  Global members being sought!!
• Visit www.imanet.org/fgrc for current FGRC
  resources

31
(No Transcript)
32
IMA FGRC Resources Coming Soon!

• On-line educational resources and learning
  modules being created to improve individual and
  organizational performance (focus on improving
  the quality of internal and external financial
  reporting using a true risk-based approach).
• First capabilities delivered in calendar 2008.

33
About your Panel Member

• Andre Van Hoek
• Vice President, Corporate Controller and Chief
  Accounting Officer Celgene Corporation
• Prior to joining Celgene (2007), was Assistant
  Corporate Controller at Johnson Johnson.
• Member of Financial Reporting Committee of IMA.
• Past Member of Internal Auditing Standards Board
  IIA and Past President of IIA Benelux.
• Member of Industry Organizations Pharma
  Accounting and Reporting Principles Committee
  BioNJ CFO Committee.
• Member of COSO Task Force on Monitoring.
• Guest speaker at various Universities and
  Conferences.
• a

34

• Graham Gal, Ph.D.
• Faculty Isenberg School of Management
• Department of Accounting and Information Systems
• Member of ACM and AAA.
• Past President of the Information Systems
  Section.
• ISACA Faculty Liaison.
• Visited at RSA Security (2004).
• Invited Speaker on issues related to Continuous
• Reporting and Monitoring.

35
J. Donald Warren Jr., Ph.D. Assistant Professor,
Accounting and Information Systems Director,
Masters of Accountancy in Financial Accounting

• Retired from PricewaterhouseCoopers LLP after a
  career of 31 years. 
• PWCs liaison to the SEC.
• Co-authored PWCs third edition of the Handbook
  of IT Auditing and the firms SEC Manual. 
• Held positions at US General Accounting Office
  and the Financial Accounting Standards Board. 
• Area of ExpertiseAuditing, Financial
  Accounting, Managerial Accounting, Information
  Systems