Annie Flatz Global Accounting

1
Annie FlatzGlobal Accounting Financial
Services Controller
2
Agenda

• SOX background overview
• Initial 404 assessment approach
• Sustaining model
• Summary

3
Painting the Picture

• What Happened?
• Expected checks and balances insufficient.
• Accounting independence compromised.
• When the Storm Was Over
• Arthur Andersen atomized.
• Market capitalization a few trillion less.
• SOX is the law.

4
What do the SOX rules require of companies
auditors?
5
Sarbanes-Oxley Overview
Sarbanes Oxley Act of 2002
Paul S. Sarbanes (D)
Michael G. Oxley (R)

• The most sweeping corporate legislation since the
  Securities and Exchange Act of 1934
• The Federalization of corporate law
• RULES
• Public Company Accounting Oversight Board
• Auditor Independence
• Corporate Responsibility
• Enhanced Corporate Disclosures
• Analyst Conflict of Interest
• ENFORCEMENT
• Commission Resources and Authority
• Studies and Reports
• CONSEQUENCES
• Corporate and Criminal Fraud Accountability
• White Collar Crime Penalty Enhancement
• Corporate Tax Returns
• Corporate Fraud Accountability

6
What Does 404 Require?

• 10-K must include an internal control report
  containing the following disclosures
• Responsibility Statement of internal controls
  responsibility of management
• Framework Statement of the internal controls
  framework utilized
• Assessment Managements internal controls
  conclusions
• Audit External audit opinion

COSO
CEO/CFO Assessment Auditor Attestation
7
Serious Business

• Control Deficiencies
• Management Attention
• Significant Deficiencies
• Management Attention
• BOD Audit Committee Attention
• External Audit Attention
• Material Weakness
• Management Attention
• BOD Audit Committee Attention
• External Audit Attention
• Quarterly filing disclosure
• Adverse Management Control Report
• Adverse External Audit Control Opinion

DEFICIENT INTERNAL CONTROL IS NOT AN OPTION
8
What are the implications of SOX?

• In Answering This Question, Think About
• Implications for companies
• Implications for auditors
• Implications for investors

9

• SOX 404 Initial Assessment Approach

10
Existing 404 Structure

• 404 Management Review Committee (MRC)
• 8 Members

• 404 Program Management Office
• 4 Members

• Info Systems (IS) SOX MRC
• 12 Members

• 404 Process Documentation Teams
• 150 were involved

• 404 IS Documentation Teams
• 25 FTEs

• 404 Project Team
• 10 Members

• IS Core Team
• 10 Members

Process Test Teams
IS Test Teams
Internal Audit Test Teams
11
404 Methodology
Financial Statement Areas

• 10 Financial Statement Areas (e.g. Close
  Reporting)
• 62 Processes in scope. (e.g. Consolidation/Elimina
  tion)

Scope
Significant Accounts
Significant Processes
Process Documentation

• 62 Risk Assessments completed
• 440 Financial statement area key controls (e.g.
  reconciliations)
• 1800 General IT key controls (e.g. access)

Risk Assessments
Document
Key Controls
Manual
Apps
Gen IT

• Bulk in Q2, Internal Audit performing 50

Management Monitoring/Testing
Mont/Test

• Documentation review Q2, Testing Q3

External Audit Testing
Audit

• 4 opinions Managements Internal Control Report
• External Audit Financial
  Statement Opinion External
  Audit Opinion on Managements Assessment
  External Audit Opinion on Control
  Effectiveness

Management Assertion/External Audit Attestation
12
Due Diligence for Initial 404 Assessment
How many pages of evidentiary documentation were
prepared?
13,000
How many hours of effort does it take to comply?
gt 150,000
How much is Intel spending on year one
compliance?
25M-30M
13

• Sustaining Model

14


Balancing the Equation _at_ Intel

FINANCE CHARTER
MAINTAIN SHAREHOLDER VALUE
DRIVE SHAREHOLDER VALUE
INTEGRITY
COMPETITIVE

KEEP INTEL LEGAL
BUSINESS PARTNER

• Financial reporting
• Transaction integrity
• Asset safeguarding

• Right business decisions
• ROI
• Benchmarking

BOTH SIDES ARE IMPORTANT
15
Sustaining 404

• Sustaining model
• Continuously improve process management through
  training goal setting
• Annual detail review with Sr. finance management
  quarterly status checks
• Quarterly review of YTD testing results with CEO
  CFO
• Recognition and reward to process excellence
• Required training
• Controls, Policies/Procedures, Risk Assessment
  training for all new finance employees
• Detailed functional training for all new to a
  functional area (e.g. Close Reporting Revenue)
• Annual refresh required in each area
• Tester training for all 404 testers
• On-going communication model
• Tops-down to emphasize importance
• Functionally to highlight changes and timelines

16

• In Summary

17

• Intel conducts business with
• uncompromising integrity
• We maintain our leadership by
• Setting performing to the highest standards
• Seeking long-term shareholder value
• Operating beyond reproach, consistently worldwide

18
Is it all worth it?

• THERE IS VALUE ADD
• Accountability
• Executive attention awareness
• Public confidencesomething was done

• THERE IS A COST
• Management time
• Audit PCAOB fees
• Liability insurance

..On BalanceYes
19
Backup
20
COSO Framework
Diagram Based Upon AICPA Auditing Standards
AU319, Definition of Internal Control (Paragraph
.13)