SarbanesOxley Act of 2002, and Changes in Auditing Standards SAS 99

1
Sarbanes-Oxley Act of 2002, andChanges in
Auditing Standards (SAS 99)

• BFSG Meeting
• December 10, 2002

2
Sarbanes-Oxley Overview

• Sweeping legislation, passed July, 2002
• Reforms in corporate governance, reporting, and
  audit profession
• Calls for further rule-making by SEC
• Applies to entities whose interests are
  publicly-traded on NYSE, NASDAQ

3
S-O Overview (Continued)

• Prohibits external auditors from providing
  certain non-audit services
• Requires management to assess and report on
  internal controls
• Makes CEO and CFO personally accountable for
  financial statement accuracy
• Puts forth many other imperatives, which could be
  adopted under best practices criteria
• (See handout)

4
Impact on Not-for-Profits

• No direct applicability for MIT
• We do not file 10-Ks, or 10-Qs with SEC
• Requirements of our auditors may impact us
• Atmospheric application, driven by trustees and
  peers
• Elect to comply with certain aspects as best
  practices, without increasing risk
• Gap analysis review with Audit Committee in
  June, 2003
• Remain vigilant for new requirements

5
Federal Sentencing Guidelines for Organizations
(FSGO)

• Enacted in 1988
• Sets penalties for organizations convicted of
  federal crimes (fraud, environmental violations,
  etc.)
• Leniency demonstrated toward organizations with
  effective compliance programs

6
Matters to Consider

• Responsibility for determining extent of
  voluntary adoption of S-O
• Audit Committee
• BFSG
• Code of Ethics/Business Conduct
• Process around violations
• Review of financial disclosures
• Approach to compliance

7
SAS 99

• New auditing standard, to enhance auditors fraud
  detection procedures
• New procedures include
• Queries about fraud risks
• Additional review of override controls (unusual
  transactions, exceptions, estimates, management
  judgments)
• Assessment of risk deterrent/risk mitigation
  programs
• Effective for fiscal 03 audit