The Sarbanes Oxley Act

1
The Sarbanes Oxley Act

• What it Means to You
• November 2004
• David Kaufman

2
Acquis Background

• Company Type Private management consulting firm
• Founded in 1998 profitable since inception
  headquarters in New York City
• Client Profile Main focus on Global Fortune
  1000 core industries served include
  Pharmaceutical, High-Tech, Financial Services,
  Travel, Government
• Examples of Collective Client Experience Pfizer,
  Bank of Tokyo-Mitsubishi, Cadbury, National
  Semiconductor, Mitsubishi International, NYC
  Government, Interpublic Group, AstraZeneca
• Staff Background 90 of consultants have worked
  on European and North American initiatives,
  primarily in the travel area

3
Quick Facts

4
What is Sarbanes-Oxley?
Congressional Act Named after Senator Paul
Sarbanes and Congressman Michael Oxley

• Enacted in 2002 to increase corporate
  responsibility and accounting standards
• Requires CFO / CEO signoff on financial
  statements
• Companies must also attest to internal controls
  in place

5
Sarbanes Oxley Also Known As

• We asked 100 people (including Paul Sarbanes and
  Michael Oxley)

What is Sarbanes Oxley also known as?
6
SOX Applies to Which Companies?

• Publicly traded companies in the US
• Non-US public multinational companies engaging in
  business in the US
• Voluntary compliance for private firms but seen
  as Best Practice

7
Section 404 Compliance Dates
Compliance dates have been extended
Original
Original
Fiscal Year ending on or after
6/15/2004
4/15/2005
8
Key Elements of SOX
9
Three Key Controls

• Safeguarding assets - Controls to prevent theft,
  fraud, waste, and abuse

• Financial reporting - Controls to ensure the
  appropriate reporting of expenses

• Authorization - Controls to confirm the
  appropriate approvals of expenditures

10
Why is SOX Important to Planners?

• Affects almost every aspect of the meeting
  planning process

RFP
Site Selection
Planning / organization
On-site Activities
Post Meeting

• Meeting objectives
• Executive approvals
• Budgets
• Locations
• RFPs / Site selection criteria
• Standard contracts / Negotiations
• Preferred suppliers
• Payment methods

• Marketing
• Announcements
• Registration strategy
• Travel arrangements
• Event management
• Miscellaneous Expenses

• Invoice payments
• Account reconciliation
• Financial reporting
• Attendee evaluation surveys
• ROI calculation

11
What Should Planners Look At?

• Interactions with travel agencies and event
  management suppliers
• Contracts, commitments, financial liabilities,
  and operational risks
• Current controls on manual processes
• Allocation of costs to the correct budgets
• Current use of technology
• Safety of attendees
• Extravagant meetings

12
What is Extravagant?

• Roman themed party where guests are greeted by
  chariots and gladiators
• Events held in a Sardinian resort where rooms
  start at 1200 a night
• Flying Jimmy Buffett and his band to an island at
  a cost of 250,000
• A 7-day event including partying, jet skiing,
  sailing, golfing, and feasting for 75 guests
• Charging half the costs of the party to the
  company

2.1MM birthday party for the former Tyco CEOs
wife

13
Case Study One

• Susans company has a strict event vendor
  selection policy and Tylers hotel is not a
  preferred vendor

Can Susan make an exception and plan the event?
14
General Approach

• Document end-to-end current processes
• Identify important, manual, and risk prone
  processes
• Evaluate existing controls
• Develop and execute strategy to remedy
  deficiencies
• Evaluate success and document risks

15
SOX Documentation
Documentation of Processes
Documentation of Controls
Covers initiation, authorization, recording,
processing, and reporting of transactions
Identify process risks and demonstrate
appropriate control activities and measures
Are these current, complete, and readily
available?
16
The COSO Framework
Committee of Sponsoring Organization (COSO) has
developed a framework for internal controls
Control Environment
Risk Assessment
Control Activities
Information Communication
Monitoring

• Framework supported by the SEC and PCAOB
• Most popular framework in the United States

17
Types of Controls
What controls do you currently have in place?
18
The Use of Technology

• Enforce a consistent process for your meeting
  planning spend
• Automatically record a clear and comprehensive
  audit trail of all activities
• Provide evidence of compliance through built-in
  reports and notifications
• Increase planning and registration process
  efficiency

19
Technology Providers

• Meeting planning checklists
• Standardized RFPs
• Meetings-sourcing databases
• Attendee management
• Preferred supplier flags
• Company policy / best practices notification

20
Case Study Two

• Highly documented policy and process
• Extensive process controls on planning activities

• Uses Excel spreadsheets to track meetings
• Manual RFP process

• Uses automated online RFP process
• Utilizes online resources to document planning
  steps

• No formal preferred supplier policy
• Policies developed ad-hoc and not documented

Who is SOX compliant?
21
Opportunities Beyond SOX

• Building a true end-to-end process
• Integration with Travel programs
• Increased process efficiency with technology
• Improved vendor relationships
• Strategic sourcing opportunities

22
Review Survey

• We asked 100 auditors

What type of documentation in the meeting
planning area will help ease your concerns?
23

• David Kaufman
• Partner
• Acquis Consulting Group
• 299 Broadway, 12th Floor
• New York, NY 10007
• 212.233.5677