ebook img

Beyond Sarbanes-Oxley compliance : effective enterprise risk management PDF

260 Pages·2005·0.77 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Beyond Sarbanes-Oxley compliance : effective enterprise risk management

ch00_FM_4404.qxd 5/6/05 8:53 AM Page iii BEYOND SARBANES-OXLEY COMPLIANCE Effective Enterprise Risk Management ANNE M. MARCHETTI John Wiley & Sons, Inc. ch00_FM_4404.qxd 5/6/05 8:53 AM Page iv This book is printed on acid-free paper. Copyright ©2005 by John Wiley & Sons, Inc. All rights reserved. Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400, fax 978-646-8600, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, 201-748-6011, fax 201-748-6008, or online at http://www.wiley.com/go/permissions. Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services, or technical support, please contact our Customer Care Department within the United States at 800-762-2974, outside the United States at 317-572-3993 or fax 317-572-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. For more information about Wiley products, visit our Web site at www.wiley.com. Library of Congress Cataloging-in-Publication Data: ISBN-13 978-0-471-72626-5 ISBN-10 0-471-72626-5 Printed in the United States of America 10 9 8 7 6 5 4 3 2 1 ch00_FM_4404.qxd 5/6/05 8:53 AM Page xi CONTENTS Part One Initial Compliance 1 1 Sarbanes-Oxley Act Overview 3 2 Overview of Sarbanes-Oxley Sections 302, 404, and 409 17 3 Determining Organizational Readiness 29 4 The “Path” to Compliance 41 Part Two Ongoing Maintenance and Monitoring 69 5 Change Management 71 6 Ongoing Compliance Activities 91 7 Audit Function Considerations 117 8 Other Ongoing Compliance Issues 133 Part Three Beyond Compliance 143 9 Process Improvement Considerations 145 10 International Financial Reporting Standards 155 11 Non-U.S.-Based Companies and Sarbanes-Oxley Compliance 167 12 Financial Services Compliance Initiatives 173 Appendix A Sarbanes-Oxley Section 302 183 Appendix B Sarbanes-Oxley Section 404 185 Appendix C Sarbanes-Oxley Section 409 187 xi ch00_FM_4404.qxd 5/6/05 8:53 AM Page xii Contents Appendix D Evaluation Questions to Understand the Current State of Control Processes 189 Appendix E Internal Control over Financial Reporting 191 Appendix F Evaluating Control Deficiencies 193 Appendix G Sample Documentation 197 Appendix H AS2 Control Testing Provisions 219 Appendix I Responsibilities of Internal Auditing 241 Appendix J Actual Internal Control Disclosures 245 Index 267 xii ch00_FM_4404.qxd 5/6/05 8:53 AM Page xiii BEYOND SARBANES-OXLEY COMPLIANCE ch01_4404.qxd 5/6/05 8:53 AM Page 1 PART ONE INITIAL COMPLIANCE ch01_4404.qxd 5/6/05 8:53 AM Page 3 1 SARBANES-OXLEY ACT OVERVIEW Enron, Arthur Andersen, WorldCom, Tyco, Adelphia. These companies have become household names mostly because of their past display of cor- porate greed, fraud, and accounting improprieties. The offenses of these few organizations are not representative of the majority of more than 15,000 public companies in the United States, yet the results of their abuses are far reaching. When the details of corruption emerged, and stock prices and retirement savings plummeted, the American public became outraged and demanded reform. On July 30, the U.S. Congress answered this public outcry for change and enacted the Sarbanes-Oxley Act of 2002 (the “Act”). The Act was signed into law to improve the accuracy and transparency of financial reports and corporate disclosures, as well as to reinforce the importance of corporate ethical standards. As a result, the Securities and Exchange Commission (SEC) issued rules outlining the provisions of the Act. In addition, the New York Stock Exchange (NYSE), the American Stock Exchange (Amex) and the over-the-counter Nasdaq Stock Market (Nasdaq), have all significantly modified the standards for listing stocks on their exchanges. Many view the Act’s provisions for internal controls over financial reporting (Section 404) and executive certifications (Section 302) as painful and costly to implement with little derived benefit. Others see the mandated changes as an opportunity to implement best business prac- tices, drive greater performance, and boost investor confidence. 3 ch01_4404.qxd 5/6/05 8:53 AM Page 4 Initial Compliance OVERVIEW OF THE ACT The Act is the most significant legislation impacting the accounting pro- fession since the Securities Acts of 1933 and 1934, which it amends. It addresses a wide range of matters relevant to publicly held issuers and their auditors, including auditor oversight and independence, corporate respon- sibility for financial reports, and enhanced financial disclosures. The Act is composed of 11 Titles as outlined below. Title Summaries Title 1. Public Company Accounting Oversight Board (PCAOB or “Board”) The Act establishes the board as a private, nonprofit company funded by annual accounting support fees assessed to issuers1(as defined in Section 3 of the Securities Exchange Act of 1934 (15 U.S.C.78c)). The board’s duties include the mandatory registering of public accounting firms that prepare audit reports; establishing auditing, quality control, ethics, and independence standards relating to the preparation of audit reports; con- ducting inspections of registered public accounting firms; and enforcing compliance with the Act. Title 2. Auditor Independence Title 2 prohibits registered public accountants conducting an issuers finan- cial statement audit from performing nonauditing services such as book- keeping, the design and implementation of financial information systems, appraisals, valuations, fairness opinions, internal audit outsourcing, and management functions. All audit and nonaudit services require preap- proval by the audit committee of the issuer. Additionally, there are provi- sions for audit partner rotation, specific reporting requirements by registered public accounting firms to the issuers’ audit committee, and an absolute prohibition of an audit firm providing audit services to clients for one year if the client has hired certain employees of the registered public accounting firm in key financial positions. Title 3. Corporate Responsibility This provision of the Act mandates the SEC to direct the national securi- ties exchanges and national securities associations to prohibit the listing of 4 ch01_4404.qxd 5/6/05 8:53 AM Page 5 Sarbanes-Oxley Act Overview any security of an issuer that is not in compliance with the following Act requirements: • Existence of audit committee oversight of registered public account- ing firm • Board of directors/audit committee independence • Procedures for receiving complaints concerning accounting or audit- ing matters and anonymous employee concerns relating to question- able accounting or auditing matters established by the audit committee • Audit committee authority to engage independent counsel and other advisors • Provision of appropriate funding, as determined by the audit com- mittee, for payment to the registered public accounting firm and to advisors hired by the audit committee Title 3 also requires chief executive officer (CEO) and chief financial officer (CFO) certifications of financial statements, outlines penalties for corporate officers and directors for material noncompliance, and prohibits insider trading during pension fund blackout periods. Title 4. Enhanced Financial Disclosures Title 4 outlines requirements to help assure the accuracy of financial state- ments and supporting financial disclosures. It requires reporting of mater- ial unconsolidated and off-balance sheet transactions as well as mandates that pro forma financial information is factual and complete, and recon- ciles with the financial condition and results of operations of the issuer. Personal loans to executives are prohibited; issuers are required to disclose whether or not they have a code of ethics for senior financial officers, and mandates that the audit committee include at least one financial expert as defined by the Act. This provision also outlines requirements regarding management’s assessment of internal controls and the real-time disclosure of material changes to financial conditions or operations. Title 5. Analyst Conflicts of Interest This section of the Act requires the SEC, or national securities exchanges and national securities associations, to implement rules to improve “pub- lic confidence in securities research, and to protect the objectivity and independence of securities analysts....”2 5 ch01_4404.qxd 5/6/05 8:53 AM Page 6 Initial Compliance Title 6. Commission Resources and Authority Pursuant to Title 6, $98 million in funding is authorized to the SEC to hire an additional 200 professionals to provide enhanced oversight of auditors and audit services required by Federal securities laws. Title 7. Studies and Reports Title 7 authorizes the General Accounting Office (GAO) and the SEC to perform studies and issue reports investigating the consolidation of public accounting firms; the role of credit rating agencies in the securities market; the number of professionals found to have aided and abetted a violation of securities laws from the period January 1, 1998, to December 31, 2001; the enforcement actions taken by the Commission involving violations of reporting requirements; and whether investment banks and financial advis- ers assisted public companies in obfuscating their true financial condition. Title 8. Corporate and Criminal Fraud Accountability This provision of the Act, which is also referred to as the Corporate and Criminal Accountability Act of 2002, details the penalties for the destruc- tion of corporate audit records and the willful destruction, alteration, or fal- sification of records in Federal investigations and bankruptcy proceedings. This section also establishes a five-year record retention period for audit or review workpapers and provides protection for whistleblowers. Title 9. White-Collar Crime Penalty Enhancements The Act in Title 9, which is also referred to as the White-Collar Crime Penalty Enhancement Act of 2002, modifies the Federal Sentencing Guidelines to increase the penalties for white-collar crimes. More impor- tantly for issuers, it establishes a requirement for the CEO/CFO certifica- tion of periodic financial statements and specifies the penalties for the failure to certify and the willful certification of knowingly false financial reports. Penalties range from $1 million to $5 million and may include imprisonment for up to 20 years depending on the violation. Title 10. Corporate Tax Returns Title 10 simply states that “[I]t is the sense of the Senate that the Federal income tax return of a corporation should be signed by the CEO of such corporation.”3 6

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.