Embed Size (px)
Citation preview
WHY SOX
COMPLIANCE MATTERS
THE ROLE OF DUBLIN SALES COMPLIANCE IN
SARBANES-OXLEY ACT COMPLIANCE:
INTRODUCTION TO & APPLICATION OF SOX
WHAT IS SARBANES-OXLEY ?
Improved
transparency &
flow of info
Federal law binds
all public
corporations
Enacted 2002,
guidance in 2004,
2007, …
A change in US business practice SARBANES-OXELY ACT
Reacting to major corporate and accounting scandals, U.S. Govt. enacted
extensive rules, particularly for public companies, with respect to enhanced
financial disclosure, corporate governance, internal controls and auditing.
Management
accountability
Auditor
independence
Record
requirements
New Rule-Book for Public Co.’s SARBANES-OXELY ACT
Administration records must be accurately stored and available to management
and auditors alike, particularly further to reporting on a corporation's internal
control of financial reporting.
SOX imposed stricter rules on auditors and made corporate directors criminally
liable for false/inaccurate statements about company accounts.
Reforms to enhance corporate responsibility and fight corporate & accounting fraud
5
As part of obligations under the Sarbanes-Oxley Act, every quarter, subsidiaries
of U.S. public companies should certify that he or she has operated in
compliance.
It is an important reminder that we are all responsible for the overall health of the
company.
In turn, company executives can make the proper representations in quarterly
Sarbanes-Oxley certification letters issued to the Securities Exchange
Commission on behalf of the company.
SARBANES-OXELY ACT
PUBLIC COMPANIES & FINANCIAL MARKET REGULATION
Governing legislation for U.S. financial market regulation
TRUST INDENTURE ACT OF 1939
SECURITIES ACT OF 1933
SECURITIES EXCHANGE ACT OF 1934 created the Securities Exchange Commission
(section 4 of the Act / 15 U.S.C. § 78d)
INVESTMENT COMPANY ACT OF 1940 INVESTMENT ADVISERS ACT OF 1940
DODD-FRANK WALL STREET REFORM AND CONSUMER PROTECTION ACT OF 2010
SARBANES-OXELY ACT OF 2002 aka the Public Accounting Reform and Investor Protection Act,
Or the Corporate and Auditing Accountability and Responsibility Act
Laws central to the governance of financial market players and regulatory powers of the Securities Exchange Commission
7
DEFINING A ‘PUBLIC COMPANY’
a limited liability company that offers its securities for sale to the general public.
FINANCIAL & CAPITAL MARKETS
Securities refers to stocks and bonds traded in financial and capital markets. In the
U.S., stock refers to shares of a particular corporation (company) and all related
trade and activity is regulated by the SEC (Securities Exchange Commission).
VERIZON Communications Inc.,
A Public Corporation, and …
8
SECURITIES & EXCHANGE COMMISSION (SEC) A U.S. government board, consisting of five members, charged with regulating the public offer and sale of securities (stocks and bonds).
9
v
The SEC has a three-part
mission:
(i) to protect investors;
(ii) maintain fair, orderly &
efficient markets; and
(iii) facilitate capital formation.
To achieve its mandate, the SEC enforces statutory requirement that public
companies submit quarterly and annual reports, as well as other periodic
reports.
U.S. REGULATION OF PUBLIC CO’S & FINANCIAL MARKETS
10
Parent (Public)
Inc.
(Issuer)
SECURITIES REGULATION
As an “issuer” of securities, Verizon Communications Inc. is regulated by the SEC.
Stocks Bonds (issue)
SEC
Securities and
Exchange Commission
Financial Markets
Stock and Options
Exchanges
Electronic securities
Stocks Bonds (issue)
Stockholders / Bondholders
CORPORATE AUDITORS UNDER PCAOB SCRUTINY
Current accounting rules apply to off-balance sheet financing under the U.S.
General Acceptable Accounting Principles
(GAAP) and International Financial Reporting Standards (IFRS).
Established by the SOX Act 2002, the Public Company Accounting Oversight Board (PCAOB) became the primary regulator of audits of publicly traded companies.
11
SOX reforms increased independence of professional auditors
carrying out audits on U.S. public corporations.
The PCAOB has a supervisory role over independent auditors.
U.S. REGULATION OF PUBLIC CO’S & FINANCIAL MARKETS
12
Parent (Public)
Inc.
(Issuer)
Aol, Inc.
SECURITIES REGULATION
As an “issuer” of securities, Parent (Public) Inc. is regulated by the SEC and required to appoint an auditor, which is regulated by the PCOAB.
Stocks Bonds
(issue)
PCAOB Public Company Accounting
Oversight Board
SEC
Securities and
Exchange Commission
Financial Markets
Stock and Options
Exchanges
Electronic securities
Stockholders / Bondholders
Stocks Bonds
(issue)
Independent Auditor
WHAT’S NEW IN SARBANES-OXLEY ?
SIGNIFICANT REQUIREMENTS UNDER SOX COMPLIANCE
Managers have responsibility:
• to maintain and assess the effectiveness of a sound internal-control structure for financial reporting
Auditors have responsibility:
• to certify the soundness of this assessment by management and report on the state of the overall financial control system
14
AIMS OF SOX COMPLIANCE
REQUIREMENTS
• Restore investor confidence
• Improve reliability of financial reporting
CHANGES FOR SENIOR
CORPORATE OFFICERS • Role of General Counsel has increased
due to SOX compliance, requiring
General Counsel to work in tandem with
the Chief Compliance Officer
• Role of Chief Compliance Officer has
expanded
MOST BURDENSOME REQUIREMENT – SECTION 404
FINANCIAL REPORTS, ONUS ON CORPORATE BOARD
15
CERTIFIED STATEMENT BY CEO
The Chief Executive Officer must submit a
written statement alongside periodic financial
reports certifying that such report “fairly
presents in all material respects, the financial
condition and results of operations of the
issuer”, and fines and/or criminal liability may
attach for failure to do so [Section 906].
SAFE HARBOUR FOR WHISTLEBLOWERS
Similar penalties apply for any act of retaliation
against whistleblowers who provide law
enforcement with true information relating to a
SOX investigation [Section 1107]. (see also Dodd-
Frank Act)
CRIMINAL SANCTIONS FOR FAILURE TO
COMPLY
Criminal penalties apply for altering,
destroying, mutilating, concealing, falsifying
records, documents or tangible objects with
the intent to obstruct, impede or influence a
legal investigation, as well as violation of the
requirement to maintain all audit and review
papers.
INTERNAL CONTROL REPORTING
BOARD RESPONSIBILITY FOR FINANCIAL REPORTS
FINANCIAL REPORTING
• Reporting must include a list of all deficiencies in the internal controls and
information on any fraud that involves employees who are involved with
internal activities;
• Disclosure in reporting must include any significant changes in internal
controls or related factors that could have a negative impact on the internal
controls;
• Organizations cannot attempt to avoid these requirements by
reincorporating their activities or transferring their activities outside of the
United States.
FINANCIAL REPORTING
17
BOARD RESPONSIBILITY FOR FINANCIAL REPORTS
ASSESS SCOPE, ADEQUACY
& EFFECTIVENESS
18
ASSESSMENT BY MANAGEMENT
Section 404 imposes the requirement of management assessment of the scope,
adequacy and effectiveness of internal controls and publishing such findings in
the annual reports.
The registered accounting firm preparing financial reports must also attest to and
report on the effectiveness of internal control structures and procedures for financial
reporting.
BOARD RESPONSIBILITY FOR FINANCIAL REPORTS
SECTION 404 OBLIGATIONS ON MANAGEMENT
In determinations of the scope, adequacy and effectiveness of internal controls both
management and accountants must:
• Assess both the design and operating effectiveness of selected internal
controls related to significant accounts and relevant assertions, in the context of
material misstatement risks;
• Understand the flow of transactions, including IT aspects, sufficient enough to
identify points at which a misstatement could arise;
• Evaluate company-level (entity-level) controls;
• Perform a fraud risk assessment;
• Evaluate controls designed to prevent or detect fraud, including management
override of controls;
• Evaluate controls over the period-end financial reporting process;
• Scale the assessment based on the size and complexity of the company;
• Rely on management's work based on factors such as competency, objectivity,
and risk;
• Conclude on the adequacy of internal control over financial reporting.
SECTION 404 OBLIGATIONS
ON MANAGEMENT
19
REAL TIME REPORTING
REAL TIME REPORTING
21
You must tell us now!
REAL TIME REPORTING According to Section 401, disclosure in periodic reports
must include all material off-balance sheet liabilities,
obligations or transactions.
REAL TIME DISCLOSURES Section 409 imposes an obligation on the corporation
as an issuer to make real-time disclosures of
information on material changes in the financial
condition or operations, as a matter of urgency and
presented in easy-to-understand terms and
supported by trend and qualitative information of
graphic presentation where appropriate.
DUBLIN & SOX COMPLIANCE
WHAT IMPLICATIONS DO SOX REQUIREMENTS
HAVE ON AOL TECHNOLOGIES (IRELAND) LTD.?
SOX requirements apply to:
• (i) all publicly-held American
companies
• (ii) any international companies
that have registered equity or
debt securities with U.S.
Securities and Exchange
Commission [SEC]
• (iii) any accounting firm or
other third party that provides
financial services to either of
the former.
DO SOX
RULES IMPACT DUBLIN?
23
US Subsidiary Inc.
Parent (Public) Inc.
Subsidiary (Ireland)
Ltd.td.
WHAT IMPLICATIONS DO SOX REQUIREMENTS
HAVE ON U.S. PUBLIC COMPANY SUBSIDIARIES?
INDIRECT REACH OF SOX COMPLIANCE
No direct obligations are binding on the Ireland subsidiary entity because no filing
to the Securities Exchange Commission is required.
The Ireland subsidiary’s U.S. parent corporation (which is required to file with the
Securities Exchange Commission), however, is required to assess the
effectiveness of internal controls within its Ireland subsidiary.
The role of sales compliance and related reporting directly facilitates the U.S.
parent corporation in meeting its requirements under SOX law, principally
making filings with the Securities Exchange Commission.
DO SOX
RULES IMPACT DUBLIN?
U.S. REGULATION OF PUBLIC CO’S & FINANCIAL MARKETS
25
Parent (Public)
Inc.
(Issuer)
U.S. subsidiary,
Inc.
Ireland subsidiary Ltd. SECURITIES REGULATION
As an “issuer” of securities, a Public corporation is regulated by the SEC and required to have independent auditors, which in turn are scrutinized by the PCOAB.
Stocks Bonds (issue)
PCAOB Public Company Accounting
Oversight Board
SEC
Securities and
Exchange Commission
Financial Markets
Stock and Options
Exchanges
Electronic securities
Independent Auditor
REPORTING ONUS TRICKLES DOWN TO SUBSIDIARIES
26
Periodic Reporting
including: material off
balance sheet transactions SEC Securities Exchange
Commission
Parent (Public)
Co.
Inc.
REACH OF SOX COMPLIANCE
Not direct obligations on Ireland subsidiary ltd.,
because no filing to the Securities Exchange
Commission is required.
However, the U.S. parent of Ireland subsidiary ltd.,
U.S. subsidiary Inc. (which is required to file with the
Securities Exchange Commission if a public
corporation) must assess the effectiveness of
internal controls within its Ireland subsidiary.
U.S. subsidiary
Inc.
Ireland subsidiary Ltd.
INFORMATION SOURCED FROM SHARED SERVICES
27
Parent (Public)
Inc.
US Inc.
Ireland subsidiary
Ltd.
DISCLOSURE IN PERIODIC REPORTS
All material off-balance sheet liabilities, obligations or transactions must be disclosed in periodic reports submitted to the SEC (Securities Exchange Commission) in accordance with Section 401
Stockholders / Bondholders
Stocks Bonds (issue)
Stocks Bonds (issue)
Financial Markets
Periodic Reporting
Audit Reporting
Stockholder Reporting
Independent Auditor
SEC Securities Exchange
Commission
INFORMATION SOURCED FROM SHARED SERVICES
28
Parent (Public)
Inc.
What are subsidiaries
doing? How many deals have we closed in EU markets?
How many deals have we collected in EU
markets?
U.S. subsidiary
Inc.
Ireland subsidiary Ltd.
Deal Management
Team Billing/
Collections Teams
CLOSED CONTRACTS = OFF-BALANCE SHEET ASSETS Generally, an item should appear on the company's balance sheet if it is an asset or liability that the corporation owns or is legally responsible for.
29
All promises
to pay must be recorded
Current accounting rules apply to off-balance sheet financing under the U.S.
General Acceptable Accounting Principles and International Financial Reporting
Standards.
REPORTING ONUS TRICKLES DOWN TO SUBSIDIARIES
30
Periodic Reporting
including: material off
balance sheet transactions
SEC Securities Exchange
Commission
Parent (Public)
Inc.
U.S. subsidiary
Inc.
Ireland subsidiary Ltd.
BENEFITS OF SOX COMPLIANCE
MARKET EXPECTATIONS
Financial markets are driven on forecasting and expectations
• Stockholders are constantly prospecting on the future performance and health of the corporation.
• An important indicator of such performance and health is off-balance sheet assets, e.g. sales which have not been fully closed / collected.
• Therefore, sales compliance is carrying out an important reporting function, as well as compliance function.
• In fact, sections 404 plus 409 of the SOX Act together address real-time reporting, including the sales compliance function of reporting ‘closed but not collected’ sales.
32
+ =
M&A SOX INTEGRATION SOX compliance can be an issue when integrating new entities resulting from M&A acquisitions
• Complex factors for such integration have propensity to result in divergence between actual and reported performance.
• An unintended consequence and benefit of implementing documentation efforts is increased employee understanding of operations, how they are accomplished and how they might be improved.
33
PERCEIVED VS. ACTUAL
"A lot of steps we assumed were being taken -account reconciliations and interest calculations and data integrity checks- actually weren't"(PepsiCo)
34
PERSONAL ATTESTATIONS Sections 302 and 404 require CEOs and CFOs attest
personally to the effectiveness of internal control
systems for financial reporting (and Section 906
attaches criminal liability for 'willful failure' to portray the
true condition of the company's finances and
operations).
INDEPENDENT AUDITOR Section 404 mandates an independent auditor to attest
each year to the company's evaluation of its controls.
(The auditor is expected to assess the documentation
of controls and procedures as well as how competently
employees perform the control activities for which they
are responsible.)
PCAOB https://pcaobus.org/Pages/default.aspx
The Public Company Accounting Oversight Board is a
non-profit corporation established by Congress to
protect investors and the public interest by promoting
informative, accurate, and independent audit reports
and to oversee the audits of public companies and
broker-dealers.
BEST PRACTICE Responsibility for internal controls to be assigned to a
“sufficiently high level” person possessing “adequate
resources” to implement the system and periodic
reviews to uncover errors and wrongdoing.
SARBANES-OXLEY ACT 2002 http://www.soxlaw.com/
COMMITTEE OF SPONSORING
ORGANIZATIONS OF THE
TREADWAY COMMISSION The COSO is a joint initiative of the five private sector
organizations listed on the left and is dedicated to providing
thought leadership through the development of frameworks
and guidance on enterprise risk management, internal control
and fraud deterrence.
http://www.coso.org/
ANY QUESTIONS? THANK YOU
