Upload
trinhtruc
View
213
Download
0
Embed Size (px)
Citation preview
Successful Compliance Strategies for
High Tech Growth
an Executive Panel Session
Tuesday, April 26 * 10:45 - 11:45 PM * Room 209-210
Guy ClarkeSenior Manager, Business Advisory ServicesGrant Thornton
Robert O’Connor, Jr.President & CEOSoftrax Corporation
Today’s Panel
John WallesExecutive Vice President Acquisitions & Integration
SSA Global
Agenda
• Introduction• Technology Solutions – critical business need and
opportunityBob O’Connor, Softrax Corporation
• Industry Barometer – what’s really happening in the marketplace, and what you can do about itGuy Clarke, Grant Thornton
• From the Trenches - Insights from inside one of the industry’s leading corporations John Walles, SSA Global
• Questions & Answers
Technology Solutions
Critical business need and opportunity
Robert O’Connor, Jr.President & CEOSoftrax Corporation
Hot compliance issues –costs and controls
• Companies can’t take any risks with financial reporting
• M&A preparedness – Buyer/Seller• Changing role of the auditor• No more spreadsheets• With spiraling compliance cost,
companies are looking for ROI
Key Challenges
• Revenue Recognition• Management of long term
multi-element contracts• Documentation• Audit trail• Renewable business• Forecasting
Source: www.RevenueRecognition.com and IDC, 2004n=118, does not add to 100% due to rounding
In your opinion, for which area is it mostdifficult to establish internal controls?
Contract Administration and Management, 29%
Revenue Recognition Accounting, 36%
General Ledger, 0%Treasury, 1%Payroll and Equity, 2%Other, 3%Billing and Accounts Receivable, 3%Order Processing, 4%Fixed Assets, 5%Inventory, 8%Purchasing and Payables. 8%
Internal Controls –Revenue Recognition Most Difficult
SOP 98-9
SOP 97-2
SAB 101
SOP 81-1
FASB
SEC
AICPA
Sarbanes-Oxley
EITF 00-21
Licenses
Subscriptions
Transactions
Services
Maintenance
Royalties
Utilization
Contracts
Renewals
Revenue
• Key reporting requirement
• Highly regulated
• Greatly scrutinized
• Heavily audited
• Hard to manage
Often insufficient internal controls
Revenue under Pressure
• Integrity of key transactions
• Documentation of transactional changes
• Revenue recognition compliance
• Real time disclosure and reporting
• Visibility and forecasting
M&A due diligence
IPO preparation
Not only for public companies:
Sarbanes-Oxley Increases Urgency
SOP 98-9
SOP 97-2
SAB 101
SOP 81-1
FASB
SEC
AICPA
Sarbanes-Oxley
EITF 00-21
Licenses
Subscriptions
Transactions
Services
Maintenance
Royalties
Utilization
Contracts
Renewals
Compliance Pays Off
• Provide – Transparent revenue history– Proper revenue recognition and deferred revenue processes– Complete customer, contract, and order database
• Results in …– Greater buyer confidence– Simpler Due Diligence– Higher valuation/multiples– No last minute surprises– Reduce write-down of deferred revenue
When you’re being acquired …
Compliance Pays Off
• Looking for …– Complete visibility into acquisitions true financial health– Verifiable, auditable history– Solid evidence of revenue performance and expectations
• Results in …– Minimized risk– Faster, smoother M&A process– More efficient integration– No last minute surprises
When you’re acquiring …
Source: www.RevenueRecognition.com and IDC, 2005
Compliance Pays Off
Documenting Internal Controls is more costly than effective
Source: www.RevenueRecognition.com and IDC, 2005
Benefits of fixing Internal Control weaknesses outweigh cost
Compliance Pays Off
The bottom-line - the cost of compliance: Is there an ROI?
• Crossing the “Compliance Chasm”• Taking advantage of
better processes• ROI
Industry Barometer
What’s really happening in the marketplace, and what you can do about it
Guy ClarkeSenior Manager, Business Advisory ServicesGrant Thornton
Agenda
• Overview of Sarbanes-Oxley
• The Marketplace – what's happening??
• Making the connection – Lessons Learned
• Questions & Answers
The catalyst - SOX– In the wake of mounting corporate scandals and accounting
misdeeds, the Sarbanes-Oxley Act was passed into law in 2002 with the purpose of restoring investor confidence in the U.S.
– The passage of the Act, coupled with related rules adopted by the SEC are designed to make it harder for publicly held companies to commit and conceal corporate fraud.
– Now, corporate governance and internal controls are no longer a luxury – they are required by law.
SOX Section 404 –Management's responsibility• Section 404 – Management’s annual internal
control assertion must state:
– Management's responsibility for internal control over financial reporting
– The framework used by management to conduct the evaluation (e.g., COSO / CobiT, )
– Management's assessment of control effectiveness, including disclosure of any "material weaknesses"
– The auditor has issued an attestation report on management's assessment
– Section 302 – Management's quarterly certifications of financial statements / internal controls (continuous)
Understanding the components– Financial and Operational Process Controls– Inventory of relevant information technology– General IT controls
• Governance• Security• Change management• Operations
– Spreadsheets (data)• Minimize reliance and implement change control
– Third-Party Service Providers (SAS70's)• Outsource key business processes, but must
maintain ownership
It's happening right now in the marketplace…• SOX does not scale easily
– Large vs. Small companies
• Requires expertise to apply / fit to a company's environment– Consulting assistance
• Private Companies– Compliance 12 mos. after initial SEC filing (Debt or
Equity)
• Investment (Time & Money) vs. ROI – Benefits?– Increased controls should yield efficiencies in financial
reporting and auditing from Year Two forward
GAO restatement Study Analysis of restatement causes (Jan '97 – Jun '02)
Source: October 2002 GAO study, Financial Statement Restatements.
FEI Survey findings – March 2005
3890
2018
964
Average External hours
76.4%$544,000$679,0006995$100 – 499 M
73.8%$250,000$336,0004300$25 – 99 M
76.4%$132,000$494,0004757Less than $25 M
What percentages of your processes
are you documenting
to comply with Section 404?
Average additional audit fee
(attestation report)
Average consultant, software, vendor
cost* necessary for compliance
Average Internal hours
Annual sales revenues
* excluding auditors fee
There is hope…
– SEC postpones 404 filing date for non-accelerated filers and foreign private issuers (July 2006)
– SECs two new initiatives:
• Committee established to help evaluate the impact of related regulations on smaller public companies
• Task force assembled by COSO to develop new internal control guidance to be published this summer for smaller companies
The end-game:Who are the stakeholders here and what do they need?
Investor protection and reliable financial informationRegulators
Reliable financial information and litigation protectionAuditors
Job and morale protectionEmployees
Investment protection and reliable financial informationInvestors
Job/litigation protection (i.e., piece of mind) and reliable financial information
Management
Lessons learned from our 404 fieldwork (100+ companies)
– Prior external audit management comments may come back to haunt you – deficiencies no longer can be overlooked by substantive audit work and many CPA firms spend little time on IT controls
– Little attention paid to records retention and management, (often assumed to be IT's responsibility) –SEC seeks documentation evidence to support management's position and the solution must extend across organization
– Many significant remediation issues fall within the IT domain are quite visible – weak IT general controls undermine automated applications that enable financial processes and external audit firms may insist on manual "stopgap" measures to compensate
More lessons learned– Education is a critical component often overlooked
– understanding what controls are and the impact they have
– Creating a stable IT environment is a must –continual changes to or implementation of new controls will require excessive testing
– Planning is Key – Be proactive and start early!
Guy ClarkeSenior Manager, Business Advisory ServicesGrant Thornton LLPGreater Bay Area, CAp: 408.346.4312e: [email protected]
John WallesExecutive Vice President Acquisitions & Integration
SSA Global
From the Trenches
Insights from inside one of the industry’s leading corporations