Title: SarbanesOxley Act 2002 SOX
1Sarbanes-Oxley Act 2002 (SOX) Managing Compliance
2Managing SOX Compliance
- General Observations on SOX
- Tone From the Top
- Varying Significantly From Company to Company
- SOX is Driving Centralization
- For more control
- Very Little Consistency In How CRE Departments
are Addressing SOX
3Managing SOX Compliance
- Lessons Learned
- Do not over define processes
- Focus on the key controls
- Get buy in early from audit team on
methodology to avoid re-doing work - Better use of automation will facilitate SOX
processes and testing requirements
4Sarbanes-Oxley Overview
5Managing SOX Compliance
- The more extensive and reliable managements
assessment is, the less extensive and costly the
auditors work will need to be. - PCAOB
- Public Company Accounting Oversight Board
- Rule Making Docket Matter NO. 08
- March 9, 2004
6Managing SOX Compliance
Corporate Real Estate SOX Issues
- FASB Reporting
- Real Estate Transactions
- Rent Forecast/Budgeting
- Real Estate Construction
- Lease Administration
- Vacant Space Reporting
- Rent Collection
- Cost Allocation/Space Management
- Capital Planning Management
- Environmental
- Fixed Asset Tracking Property Equipment
7Managing SOX Compliance
- - Reporting Requirements to Corporate Finance
- FASB 13 (Accounting for Leases)
- Capital Vs. Operating Leases
- Contingent Liability Reporting for 10-K
- FASB 66 (Accounting for Sales of Real Estate)
- FASB 98 (Accounting for Sale Leasebacks)
- FASB 143 (Accounting for Asset Retirement
Obligations) - FASB 146 (Accounting for Costs Associated with
Dispositions) - FIN 45 (Guarantors Accounting and Disclosure
Requirements - for Guarantees)
- FIN 46 (Consolidation of Variable Interest
Entities)
8Managing SOX Compliance
- Issues Confronting Real Estate Departments
- Managing the cultural changes caused by much
higher accountability - Managing ways to consistently perform required
tasks - Visible alerts where processes are not followed
- Improving ways to automate SOX processes
- Developing methods of reporting to demonstrate
compliance
9Managing SOX Compliance
- Managing the Cultural Change
- The challenge - People do not want to be managed
more closely - Have benefits for following the processes
- Modify compensation for following the process
- Utilize your partners to aid in compliance
- Provide the proper training to understand how and
why you are having to do this - Make it clear that SOX Processes are not an
option - Use SOX as the way to mandate better business
10Managing SOX Compliance
- Automate Your Processes
- Require Utilization of the Process
- Make it the Only way to perform the activity
- Automation should make the job easier to perform
- Have real time reporting to confirm process are
being followed - Web-based systems make it very easy to distribute
the process - Automation makes the adherence or lack there of
very visible - Automation of processes greatly reduces the
difficulty of reporting and testing your controls
11Managing SOX Compliance
- Lease Administration Case Study
- Why is Lease Administration a SOX Process
- Source For FASB 13 Contingent Liability Reporting
- Source To Communicate To Financial Systems the
Payment of Rent - Source For Managing Income From Subleases
- Source For Expense Allocation to Business Units
12Managing SOX Compliance
Lease Administration Role Players
- External Broker Manages the Transaction
- Internal Agent Represents the Companys
Interests - Lease Administrators - Abstracts Lease and Inputs
Data Into the Database System - Lease Administration Supervisor Approves all
Abstracts and Manages Accounting Feeds and FASB
Reporting - Department Head Approves all FASB Reports and
Accounting Feeds - Finance Department Representative Approves Data
Into Financial System
13Managing SOX Compliance
Lease Administration Process
Send Performance Evaluation Survey (Lease
Administrator)
Executed Lease Delivered to Lease Administrator
Create Hard Copy Electronic File With
Bookmarks (Lease Administrator)
Submit Rent Voucher to Finance
Review for Complete Documentation
Approve Monthly Changes in Rent and Escalation
Increases When They Occur
Supervisor and Transaction Agent Approve Abstract
Perform Abstract by Lease Administrator
FASB - Contingent Liability Reporting Annually
14Managing SOX Compliance
Lease Administration Process
Send Performance Evaluation Survey (Lease
Administrator)
Executed Lease Delivered to Lease Administrator
Create Hard Copy Electronic File With
Bookmarks (Lease Administrator)
Submit Rent Voucher to Finance
Review for Complete Documentation
Approve Monthly Changes in Rent and Escalation
Increases When They Occur
Supervisior and Transaction Agent Approve Abstract
Perform Abstract by Lease Administrator
FASB - Contingent Liability Reporting Annually
15Managing SOX Compliance
Testing Monitoring Controls Define Who Will
Internally Test/Audit the Controls How Often
Matter of Judgment (Defined by SOX Team with
Input From External Auditor) Sample
Size What is the appropriate level of testing?
Matter of Judgment (Defined by SOX
Team with Input From External
Auditor) Must Maintain Audit/Testing Records for
5 Years
16Managing SOX Compliance
Monitoring and Self-Testing the Controls Each
Occurrence Each abstract is reviewed and
approved by supervisor and transaction
agent Monthly Lease administrators and
supervisor electronic the report to
Finance Quarterly 10 of Completed Transaction
are Audited Quarterly Annually 10 Portfolio
Properties are Audited Annually
17Managing SOX Compliance
- FASB 13 Reporting Rules
- All RE leases must be recognized as contingent
liabilities and - footnoted on the primary financials
- Future rent obligations must be straight-lined
- Obligations are broken out by year for the first
five years, then all - remaining rents combined.
Example Report
18Managing SOX Compliance
- Example SOX Compliance Report
19Managing SOX Compliance
- Impact on Vendors
- While transactions can be outsourced, the company
remains responsible for the controls that impact
that activity - Testing will involve their activity
- Solicit their assistance in documenting these
processes - Contracting with service providers will require
additional - reporting requirements
- audit rights
- documentation of service provider processes
20Managing SOX Compliance
- Summary
- Whatever you identify as you SOX process, you
will be expected to adhere to Focus on key SOX
issues - Automate the your processes and require them to
be utilized Modify compensation/bonus to
emphasize importance - Develop reporting and testing procedures to
ensure controls are functioning as intended - Set the timing and quantity of sample sizes for
each - test
- Establish Procedures for Storing Audit Records
for 5 - Years