Corrections Technology Association Sixth Annual Conference - PowerPoint PPT Presentation

1 / 35
About This Presentation
Title:

Corrections Technology Association Sixth Annual Conference

Description:

Sarbanes-Oxley Overview Enhanced Financial Disclosures (continued) Section 404: ... SOX will impact the role of IT in its users business and data. – PowerPoint PPT presentation

Number of Views:185
Avg rating:3.0/5.0
Slides: 36
Provided by: Rober399
Category:

less

Transcript and Presenter's Notes

Title: Corrections Technology Association Sixth Annual Conference


1
Corrections Technology AssociationSixth Annual
Conference
Sarbanes-Oxley Act andImpact of Noncompliance
  • Presented by
  • Mr. Robert E. Kaelin, Partner

May 3, 2005
2
Agenda
  • Background
  • Sarbanes-Oxley (SOX) Overview
  • Impact on Vendors
  • Impact on Agencies
  • Future Impact
  • Conclusion

3
Background
  • Why Do I Care About Sarbanes-Oxley?

4
BackgroundThe Problem
  • SOX was a reaction to corporate scandals and lack
    of investor confidence
  • Enron.
  • Arthur Andersen.
  • MCI.
  • Intense competition and pressure, conflicts of
    interest, and poor practices led to poor
    reporting and mismanagement.
  • Criminal activities also contributed to the
    problem.
  • Many other smaller examples of dot com booms
    that turned out to be investor busts all combined
    to prompt congressional action.
  • Source Bauer College of Business

5
BackgroundThe Problem Continues Today
  • A May 2, 2005 headline stated Audit flaws wipe
    2.7bn from AIG.
  • Discoveries of improper accounting at American
    International Group (AIG) are to knock 2.7
    billion off the value of the world's biggest
    insurer.
  • AIG said it would restate its accounts for each
    of the last 5 years from 2000 onwards, lowering
    the companys value by 3.3.
  • It said it had found material weaknesses in its
    control systems and postponed filing its 2004
    accounts.
  • Source http//news.bbc.co.uk/1/hi/business/45048
    65.stm

6
BackgroundLearning About SOX
  • Business Relationship
  • Advise clients on business process and
    implementation issues.
  • Project issues.
  • Client accountability.
  • Manage and run our company.
  • My role on the IJIS Institute Board of Directors
  • Serve as chair of the Governance Committee.
  • Responsible for the overall impact of SOX on the
    institute.
  • Controls.
  • Reporting.

7
BackgroundLearning About SOX (continued)
  • To understand SOX
  • Conducted Web research and evaluated SOX
    presentations.
  • Conferred with compliance auditor.
  • Disclaimer
  • I am a Management consultant not an auditor.
  • I understand SOX but do not want to know it!
  • SOX focuses on doing what is right.
  • Contact your legal adviser and auditor for
    specific analysis.
  • Rules are still being defined and refined.

8
Sarbanes-Oxley Overview
Sarbanes-Oxley Overview
  • What Is SOX?

9
Sarbanes-Oxley OverviewThe Act
  • The act was signed into law on July 30, 2002.
  • It includes regulations regarding
  • Public Company Accounting Oversight Board
    (PCAOB).
  • Auditor independence.
  • Corporate responsibility.
  • Enhanced financial disclosures.
  • Corporate and criminal fraud accountability.
  • It applies primarily to publicly traded
    companies.
  • SOX is actually a combination of
  • Sarbanes Oxley Act of 2002 (H.R. 3763).
  • Rules of the PCAOB.
  • Rules of the SEC.

10
Sarbanes-Oxley OverviewThe Scope of the Act
  • The scope of the act focuses on
  • Internal controls.
  • Process.
  • Policies.
  • Activities.
  • Compliance and reporting.
  • Transparency.
  • Accuracy.
  • Governance.
  • Accountability.
  • Responsibility.
  • Avoidance of conflict of interest.

11
Sarbanes-Oxley OverviewThe Details of Act
  • Title I Public Company Accounting Oversight
    Board
  • Title II Auditor Independence
  • Title III Corporate Responsibility
  • Title IV Enhanced Financial Disclosures
  • Title V Analyst Conflicts of Interest
  • Title VI Commission Resources and Authority
  • Title VII Studies and Reports
  • Title VIII Corporate and Criminal Fraud
    Accountability
  • Title IX White-Collar Crime Penalty Enhancements
  • Title X Corporate Tax Returns
  • Title XI Corporate Fraud and Accountability

12
Sarbanes-Oxley OverviewPublic Company Accounting
Oversight Board
Title I
  • Established by SOX.
  • Nonprofit agency.
  • Responsibilities
  • Register and inspect public accounting firms.
  • Establish standards for public accounting firms.
  • Enforce compliance with the act and rules of the
    board.
  • Investigate firms and impose sanctions.
  • Source for all title details Bauer College of
    Business.

13
Sarbanes-Oxley OverviewCorporate Responsibility
Title III
  • Assigns the responsibility to the audit committee
    to appoint, compensate, and oversee the public
    accounting firm that performs the audit.
  • Requires CEO and CFO to
  • Certify fairness of financial statements.
  • Take responsibility for disclosure controls.
  • Makes it unlawful to fraudulently influence,
    coerce, or mislead an auditor.
  • Provides for the forfeiture of certain
    compensation following the issuance of a
    non-compliant financial document.
  • Provides the SEC with greater flexibility to
    remove management or board members.
  • Requires attorneys to report evidence of material
    violations.

14
Sarbanes-Oxley OverviewCorporate Responsibility
(continued)
Title III
  • Section 301 Public Company Audit Committees
  • Companies that are not compliant with SEC audit
    committee requirements are subject to delisting.
  • Audit committees are responsible for oversight of
    auditors including the resolution of
    disagreements between management and auditors.
  • Audit committees must set up procedures to
    receive and address whistle-blower complaints.
  • Employees and others may take concerns directly
    to the audit committee.
  • Audit committee members are required to be
    independent, and a disclosure is required in
    proxy statements.

15
Sarbanes-Oxley OverviewEnhanced Financial
Disclosures
Title IV
  • Requires disclosure of material off balance sheet
    arrangements.
  • Prohibits companies from making loans to
    directors or executives.
  • Requires management to establish and maintain
    adequate internal controls and procedures for
    financial reporting.
  • Requires disclosure of a code of ethics for
    senior financial officers.
  • Requires companies to disclose whether at least
    one of the audit committee members is a financial
    expert.
  • Requires rapid disclosure of changes in financial
    condition.

16
Sarbanes-Oxley OverviewEnhanced Financial
Disclosures (continued)
Title IV
  • Section 404 Management Assessment of Internal
    Controls
  • Requires management to establish and maintain
    adequate internal controls and procedures for
    financial reporting.
  • Requires that each annual report includes a
    statement
  • Describing managements
  • Responsibility for internal controls and
    procedures for financial reporting.
  • Assessment of the effectiveness of the controls
    and financial reporting procedures.
  • Incorporating the independent auditors review of
    managements assessment of internal controls and
    financial reporting procedures.

17
Sarbanes-Oxley OverviewEnhanced Financial
Disclosures (continued)
Title IV
  • Related SEC releases define internal controls and
    procedures for financial reporting as controls
    that provide reasonable assurances that
  • Transactions are properly authorized.
  • Assets are safeguarded against unauthorized or
    improper use.
  • Transactions are properly recorded to permit the
    preparation of financial statements that are
    presented in a manner consistent with GAAP.
  • To meet the assessment requirement, management
    must select a suitable, recognized framework for
    assessing the effectiveness of internal controls.

18
Impact on Vendors
Impact on Vendors
What Do Vendors Have to Do About SOX?
19
Impact on VendorsSOX Is About Business Practices
  • SOX has implications for most business practices
    and processes of publicly traded companies.
  • Any errors or misstatements that could cause a
    company to have to restate its financials are
    areas that require focus.
  • Systems and processes must be in place to
    administer the pricing, services, and discounts.
  • Visibility and control must ensure that pricing
    and costs are captured accurately and on a timely
    basis.
  • Pricing services and discount processes often
    have the most people involved and represent the
    largest risk area.
  • Combined implications create a very large
    potential for misstated financial results and SOX
    scrutiny, sanctions, and bad press.

20
Impact on VendorsSOX Impact
  • Skyrocketing SOX implementation costs
  • Have put high-tech companies in the position of
    having to delay major projects.
  • Force companies to struggle to compete with
    low-cost competition from Asia.
  • The SOX impact is more than technical, more than
    analytical, more than financial
  • SOX places a burden of responsibility on all
    employees, not just the accountants.
  • SOX impacts IT priorities and To do list.
  • SOX will impact the role of IT in its users
    business and data.
  • SOX will challenge any IT organization whose
    culture is one of containment.

21
Impact on VendorsSOX Requirements
  • Companies must ensure that
  • Bad news is reported upwards.
  • IT project definitions include potential
    financial impact.
  • Ignoring problems is not allowed under SOX.
  • Different sections of the act are driving or will
    drive changes in the financial organization.
  • Sections 302 and 404.
  • Process mapping.
  • Systematic remedies.
  • Process changes.
  • Collaboration and teaming.
  • Section 409.
  • Systematic remedies.
  • Major process changes.

22
Impact on VendorsCompliance Process
  • Control Activities
  • Policies/procedures that ensure management
    directives are carried out.
  • Range of activities including approvals,
    authorizations, verifications, recommendations,
    performance reviews, asset security and
    segregation of duties.
  • Monitoring
  • Assessment of a control systems performance over
    time.
  • Combination of ongoing and separate evaluation.
  • Management and supervisory activities.
  • Internal audit activities.
  • Control Environment
  • Sets tone of organization-influencing control
    consciousness of its people.
  • Factors include integrity, ethical values,
    competence, authority, responsibility.
  • Foundation for all other components of control.
  • Information and Communication
  • Pertinent information identified, captured and
    communicated in a timely manner.
  • Access to internal and externally generated
    information.
  • Flow of information that allows for successful
    control actions from instructions on
    responsibilities to summary of findings for
    management action.
  • Risk Assessment
  • Risk assessment is the identification and
    analysis of relevant risks to achieving the
    entitys objectives-forming the basis for
    determining control activities.

All five components must be in place for a
control to be effective.

Source Pricewaterhouse Coopers
23
Impact on Agencies
How Does This Apply to a Corrections Agency?
24
Impact on AgenciesThe World Has Changed
  • Agencies may experience direct impact.
  • Correctional industries that are public
    organizations are directly impacted.
  • These organizations must comply.
  • Titles I, III, and IV establish practices and
    standards that most auditing organizations,
    including government auditors, follow.
  • Agencies will experience indirect impact
  • Contractors working with agencies will be
    required to comply.
  • Internal reporting will increase.
  • Time to complete and project status are
    significant elements in contractor risk
    management efforts.
  • Payment and contract issues will center on SOX
    compliance and may limit previous flexibility.
  • Costs will go up as companies cope with SOX costs.

25
Impact on AgenciesAudit Guidance
  • The implication of Title I is that now there are
    three audit standards-setting bodies in the
    United States.
  • PCAOB, which sets audit standards for publicly
    traded companies.
  • Auditing Standards Board of the American
    Institute of Certified Public Accountants, which
    sets standards for privately held companies and
    not-for-profit organizations.
  • U.S. General Accounting Office, which sets
    standards for federal, state, and local
    governments through the Yellow Book.

26
Impact on AgenciesGovernment Auditors
  • Although SOX affects corporate auditing and
    internal controls, the impact on government
    auditors is as follows
  • Government auditors should encourage good
    governance practices with the entities they
    audit.
  • Government auditors have a unique responsibility
    to ensure accountability for public resources and
    government services.
  • The fundamental role of government auditors
    should remain clear and unchanged provide
    assurance.

27
Impact on AgenciesNoncompliance
  • While most corrections agencies and their
    activities do not fall directly under SOX,
    reasonable effort should be made to modify
    processes to comply.
  • Where compliance is required, noncompliance can
    result in criminal investigation to determine
    whether
  • Information was transmitted by mail.
  • Information was withheld from investigators.
  • In these cases, felony charges can be brought.
  • In other cases, agencies may be ordered to comply
    with auditor statements and requirements that
  • Add expensive processes with no additional
    funding source.
  • Add reporting requirements not otherwise
    necessary.

28
Future Impact
Future Impact
Will This Go Away?
29
Future ImpactSOX Is Likely to Grow
  • The results of SOX, both positive and negative,
    have led to several discussions on expanding the
    scope of SOX.
  • Congress is reviewing options to expand to
    nonprofits to reduce scandals like that of the
    United Way several years ago.
  • Congress is also examining the reporting of
    privately held companies.
  • The Government Accounting Office is reviewing
    procedures for government agencies.
  • Additional rules in support of SOX and auditing
    process are under review or in draft form.
  • State and local governments are revising policies
    and in a few cases, legislation, to require
    SOX-like activity reporting.

30
Future ImpactNew York State Strengthens SOX
  • Attorney General Eliot Spitzer has proposed a
    series of reforms to strengthen New York's
    corporate accountability laws. He stated
  • Unfortunately, many of New York's laws are
    outdated and contain major loopholes.
  • For these reasons, we must act to strengthen
    state laws to protect investors and donors.
  • Mr. Spitzer's proposals cover the following
    areas
  • Protecting honest employees who report illegal
    activities.
  • Protecting against fraud relating to nonprofit
    corporations.
  • Preventing securities fraud.
  • Preventing cover-ups of corporate crimes.
  • Addressing misconduct by corporate officers.
  • Improving oversight of the accounting industry.
  • Consumer advocates have applauded Mr. Spitzer's
    efforts.

31
Future ImpactGetting a Handle on SOX
  • Many auditors and accounting professionals offer
    programs to assess SOX compliance that provide
  • Reports on areas of concerns.
  • Recommended changes.
  • Programs that align an organizations practices
    to comply with SOX.
  • All CFOs and agency budget officers should
    conduct reviews of internal governance and
    compliance.
  • Focus on financial and audit process
    understanding.
  • Whistler-blower protections.
  • Key leaders should monitor SOX as well as state
    and local policy changes.

32
Conclusion
Conclusion
What Are the Key Points?
33
ConclusionKey Points
  • Understand that SOX is the model for legislative
    initiatives aimed at both public and private
    companies in a number of states.
  • Maintain a strong and independent audit committee
    (where used). 
  • Keep any arrangements for the auditor to provide
    non-audit services independent of audit
    services. 
  • Ensure executives understand the financial,
    compliance, and other external information
    reporting. 
  • Establish, maintain, and document significant
    financial and compliance controls.
  • Maintain and archive all appropriate entity
    records.
  • Remember SOX is the benchmark against which every
    companys financial and corporate governance
    practices will be measured.

34
ConclusionSOX Improvement Areas
  • Remediation efforts should focus on
  • Financial processes.
  • Computer controls.
  • Internal audit effectiveness.
  • Security controls.
  • Audit committee oversight.
  • Fraud programs.
  • Process improvements for future compliance should
    focus on
  • Financial reporting.
  • Risk identification and assessment.
  • Risk mitigation.
  • IT security strategy and implementation.
  • Internal audits.
  • Compliance management.
  • IT oversight and operations.

35
ConclusionResources
  • www.aicpa.org
  • www.findlaw.com
  • www.pcaobus.org
  • www.sec.gov
  • www.sec.gov/rules/final.shtml
  • www.isaca.org
  • Contact information rkaelin_at_mtgmc.com or
    206-442-5010
  • www.mtgmc.com
Write a Comment
User Comments (0)
About PowerShow.com