Breakout Session - PowerPoint PPT Presentation

1 / 34
About This Presentation
Title:

Breakout Session

Description:

Sarbanes-Oxley (SARBOX) was enacted into law 7/30/2002 (signed by ... Bernie Ebbers (WorldCom) 25 years. 13,140,000 minutes, nights and weekends included, ... – PowerPoint PPT presentation

Number of Views:36
Avg rating:3.0/5.0
Slides: 35
Provided by: davidd3
Category:

less

Transcript and Presenter's Notes

Title: Breakout Session


1
(No Transcript)
2
Sarbanes Oxley Internal Controls Strong Contract
Management Disciplines Requiredfor 404
Certification
Breakout Session 1005 Tom Reid Chief Problem
Solver Certified Contracting Solutions, LLC
www.certifiedcontractingsolutions.com Date April
24, 2007 Time 140 - 240
3
What is SARBOX?
  • Sarbanes-Oxley (SARBOX) was enacted into law
    7/30/2002 (signed by President Bush)
  • Applies to issuers, as defined by the
    Securities Exchange Act of 1934

4
Why SARBOX?
  • Ken Lay (Enron) (deceased)
  • Bernie Ebbers (WorldCom)
  • 25 years
  • 13,140,000 minutes,
  • nights and weekends included,
  • no roaming
  • Arthur Anderson

5
Why SARBOX?
  • Desire for legislative action
  • Designed to restore investor confidence
  • Hold corporate America more accountable

6
Comprehensive Law
  • Title I Public Company Accounting Oversight
    Board
  • Title II Auditor Independence
  • Title III Corporate Responsibility
  • Title IV Enhanced Financial Disclosures
  • Title V Analyst Conflicts of Interest
  • Title VI Commission Resources and Authority

7
Comprehensive Law
  • Title VII Studies and Reports
  • Title VIII Corporate and Criminal Fraud
    Accountability
  • Title IX White Collar Crime Penalty
    Enhancements
  • Title X Corporate Tax Returns
  • Title XI Corporate Fraud Accountability

8
Intended Effect?
  • To tighten accounting procedures
  • Improve board oversight for public firms
  • At least one member must be financially literate

9
Cost of Compliance
  • 20 Billion since enactment (FY end 2006)
  • Estimated 1.2 trillion loss in stock market
    value
  • More than 8 in 10 CFOs say benefit does not
    outweigh cost
  • Financial community judgment still outstanding

10
What Does Section 404 Require?
  • Document internal controls
  • Test internal controls
  • Verified by independent auditors
  • Certified to PERSONALLY by CEO CFO
  • Knowing or Willful Failure to portray true
    conditions is a crime (section 906)

11
A Proper Control Environment
  • Encompasses the attitudes and values of directors
    and executives
  • Degree to which they they recognize the
    importance of
  • Method
  • Transparency
  • Care in creation and execution of company
    policies and procedures

12
First Line of Defense
  • A proper control environment provides the first
    line of defense
  • Controls themselves become second line
  • Makes people understand that it is NOT OK to
  • Strike side deals
  • Recognize revenue prematurely
  • Conceal possible conflicts of interest
  • Look the other way

13
How to Implement in Small Companies
  • The key in SOX for all small companies is the
    evaluation of internal controls and paramount in
    determining this is to be realistic about what
    controls are in place.
  • Do not create a control environment or rather
    control points that may be lofty! Audits of these
    controls will hold you to these lofty control
    aspirations.
  • Just because they exist in larger companies, do
    not try to rationalize that you should also have
    them.
  • DO NOT MAKE IT HARDER THEN IT NEEDS TO BE!!!

14
For Example
  • The internal control documentation for a small
    bio-pharmaceutical RD company
  • Its market cap exceed 75 million as of June 30,
    2006
  • required them to adhere to SARBOX as of their
    next year-end.
  • With the guidance of a consultant and the
    fervor of management, the internal controls were
    designed to include very lofty items.
  • As the review proceeded, it was determined that
    these were just that LOFTY!
  • A rewrite of many of these controls ensued
    resulting in additional expense preparing to
    comply with SOX requirements.

15
Internal Controls Defined
  • The Committee of Sponsoring Organization of the
    Treadwell Commission (COSO) defined Internal
    Controls in a broad fashion that can be described
    as a process or set of processes designed to
    address operating efficiencies and effectiveness
    and reliability of financial reporting and
    compliance with laws and regulations.

16
Not Just a Compliance Approach
  • COSO Internal Control Framework approaches the
    subject from a management perspective.
  • A control framework relates, generally, to how
    extensively the organization addresses the
    controls over risks.

17
Internal Control Framework
  • Key concepts of the COSO Internal Control
    framework
  • Control Environment Sets the tone of the
    organization influencing the control
    consciousness of its people.
  • Risk Assessment Identifying and analyzing
    relevant risks.
  • Control Activities Policies and procedures
  • Information and Communication Systems Support
    identifying, capturing and exchange of
    information that allows people to carryout their
    responsibilities.
  • Monitoring - The process that assesses the
    quality of internal performance over time.

18
Why SARBOX?
  • Ken Lay (Enron) (deceased)
  • Bernie Ebbers (WorldCom)
  • 25 years
  • 13,140,000 minutes,
  • nights and weekends included,
  • no roaming
  • Arthur Anderson

19
Contract Management Responsibilities
  • Contracts require a signature
  • The company should be asking Who can sign for
    what?
  • Management needs to know exactly what
    encumbrances or commitments it has outstanding,
    as well as what revenue it will be generating
    based on its active contracts.

20
Contract Management Job Descriptions
  • Responsibilities must be clearly defined
  • Signature authority sometimes follows positions
    rather than individuals
  • Clear lines of authority improve communication
    flows
  • Defines ownership of business processes
  • Improves performance of temporary fill-ins and
    replacements
  • Avoids rubber stamp signatures

21
Duties and Responsibilities
  • The key tenet here is whether duties overlap
    causing a risk that the individual can create a
    false entry to offset a true entry. Obviously,
    the most recognized fraud would involve cash.
    However, contracting would have its own set of
    risks, for example, the approval of a contract
    with a fictitious contractor to provide services.

22
Signature Authority Delegations
  • Each contract should be executed with the
    appropriate signature authority.
  • Good business sense would ensure that only
    authorized or approved personnel can bind or
    encumber the organization by affixing their
    signature to a contract. This allows for
    controlling the original contract and any
    subsequent modifications and in general
    controlling your business.

23
Contract Management of Suppliers
  • The extended enterprise can involve companies
    that do not maintain the same controls
  • The extended enterprise may include companies
    that must be relied on for the 404 certifications
  • Contract Managers ensure that these contracts
    provide the data and audit assurance that is
    required.

24
Contract Management Concerns re Financial Systems
  • The central record keeping of organization, (esp.
    the financial system), causes SARBOX concerns to
    auditors and management.
  • Revenue The impact of un-invoiced items due to
    improper recording of contracts
  • Commitments The impact of unrecorded obligations
    and pending liabilities causing financial
    statements to under record liabilities.

25
Questions to Ask
  • Where are contract records kept? Are they
    accessible?
  • Can we track key data elements about our
    obligations?
  • Effective expiration dates
  • Revenue recognition terms and conditions
  • Evergreen provisions
  • Annual and total dollar values
  • Effect of tiered pricing

26
More Questions to Ask
  • How do we track and measure savings?
  • Can we ensure full value for every dollar spent?
  • Do our legacy systems give us accurate data?
  • Can we identify all external supplier
    commitments?
  • Are they part of our compliance system?
  • Is the statement of work clear?
  • Can we assess penalties if our compliance is
    affected by their actions?

27
Automated Systems
  • Most companies will utilize some sort of
    automated system to record their contracts,
    usually not the financial system.
  • The integration or lack of integration into the
    financial records will be under scrutiny with
    SARBOX.
  • If the contracts are deemed a high risk area,
    which in governmental contracting it would be,
    auditors will be concerned over access to that
    system, the controls over the system itself the
    security access to the system, the passwords,
    where data resides, the back-up of data, and
    obviously functionality (the actual recording of
    the transactions).

28
Tools to Aid Compliance
  • Effective policies and procedures
  • Clarity in contract documents
  • Internal audits
  • Formal risk assessments
  • Compliance matrices
  • Training
  • Timely contract closeout
  • Effective record retention

29
What about Non-Publics or Non-Profits?
  • The SARBOX standards have become the floor
    so-called best practices
  • The only audits you can get in some cases is a
    full SARBOX audit
  • This increases the costs to those to whom it was
    not supposed to apply
  • Some states are passing Mini-SARBOX
  • Some provisions apply anyway!

30
What Provisions Apply to ALL Businesses?
  • Record retention
  • Whistleblower protection

31
Criminal Aspects
  • Knowing/Willful False Certification
  • Securities Fraud
  • Alteration of Corporate Documents
  • Retaliation Against Whistleblowers
  • Obstruction of Justice

32
Any Benefits?
  • Some companies have used SARBOX to improve other
    systems
  • Record keeping
  • Employee records
  • ISO 9000, Six Sigma, other quality programs
  • Standardized processes
  • Strict SARBOX compliance can help mitigate
    penalties under Sentencing Guidelines

33
MySpace Sites
  • Official NCMA Group
  • http//groups.myspace.com/officialncma
  • Government Contracting Professionals
  • http//groups.myspace.com/governmentcontractingpro
    fessionals
  • My Site(!)
  • http//www.myspace.com/GovernmentContractsGuru

34
Questions?
  • www.Ask-Tom-Reid.com
  • www.certifiedKsolutions.com
  • www.governmentcontractingsolutions.com/blog
  • www.govcon-solutions.com
Write a Comment
User Comments (0)
About PowerShow.com