1

A Common Sense Look at Sarbanes-Oxley

Presentation to the MIT Auditing Committee of the Corporation

June 8, 2003

2

Overview MIT is not governed by Sarbanes-Oxley

As companies move to conform with requirements, standards for “best practices” in governance shift toward the S-ox model

This affords us the opportunity to reflect upon certain governance processes

Our peers in the main remain on the sidelines

3

MIT’s Governance Practices MIT’s governance practices are mature:

Have served us well over time Have been modified as other opportunities have

arisen Audit Committee Charter adopted in 2001

We have no compelling need to change existing practices in post-Sarbanes-Oxley era – but may use this time to explore our business needs in terms of governance practices in the whole

4

Key Requirements

Brief summary of the key sections of the Act, those with potential applicability to institutions of higher education, follows this presentation Each section shows relevant MIT practices (As requested by the Audit Committee)

The Act is broken into major sections, including: Auditor Independence Corporate Responsibility Enhanced Financial Disclosures Corporate and Criminal Fraud Accountability

5

Topics for Discussion

Auditor Independence

Audit Committee structure, composition, independence, and oversight role

External Certifications

Processes for: Setting expectations Reporting of “problems”

6

Auditor Independence

Rotation of auditing firms and audit partners will be a matter of audit firm policy, which MIT will follow

Use of our independent auditing firm for non- audit services is addressed by MIT policy: Pre-approval of such services in excess of

$500,000 Annual review of all fees for services

7

Audit Committee Structure, Composition, Independence, and Oversight Role MIT’s Audit Committee’s structure,

composition and independence and oversight role established by the Corporation’s By- Laws

Clarified and ratified by the Audit Committee’s Charter, and MIT’s Conflict of Interest policy for Corporation members

Charter provides for committee member independence and financial expertise – slightly broader definitions than Sarbanes-Oxley

Charter also addresses oversight of auditors

8

External Certifications MIT does not include external certifications in the annual

financial statement report,

But desires financial and internal control accountability within the organization be clearly understood

Consequently, MIT is committed to study and strengthening if necessary the structural and control elements providing financial accountability Subject of the PwC Management Letter in recent years

Conceptually, individuals with responsibility for aspects of financial reporting or internal control, should be equipped to “certify” through the normal course of their work See next slide, “Setting Management’s Expectations”

9

Setting Management’s Expectations Sarbanes-Oxley requires a code of ethics for financial officers – MIT

sees a different need

MIT plans to clarify expectations for standards of business conduct and performance in roles, and ensure training and oversight of staff at all levels accordingly

These plans arise from management’s and auditors’ observations regarding the risks found in a decentralized business processing environment

Addressing these risks will be a collaborative opportunity, initially administration-led, eventually engaging of all

10

Reporting of Issues Sarbanes-Oxley requires a process enabling anonymous

reporting of accounting, auditing and internal control matters to the Audit Committee

Even absent formal protocols, MIT’s Office of Sponsored Programs, Senior Counsel and Audit Division currently receive and handle matters as appropriate

Management believes formalization of these practices may be beneficial to the control environment, and will explore a simple web-based means, via the Audit Division’s and other areas’ web-sites, to collect potential issues as reported

11

Summary Management believes good business practices should

be under continual review As standards for “best practices” change, MIT will remain

attentive

MIT will consider the approaches of peer organizations as potential models, to evaluate and perhaps emulate

Absent a regulatory or legal directive, a common-sense approach to governance practices will be our best posture