Sarbanes Oxley ActSarbanes Oxley Act

Introduction to SOxIntroduction to SOx

Why SOxWhy SOx

• Enron files for bankruptcy with $62.8 billion in assets

• WorldCom $107 billion – Largest Bankruptcy in History

• Thousands of Investors lost Billions of Dollars and Trillions in Confidence

• Demise of Arthur Andersen

Who are Sarbanes & OxleyWho are Sarbanes & Oxley

• Paul S Sarbanes – Senator from Maryland

• Michael G. Oxley Congressman fromO Ohio

What is SOxWhat is SOx

• Sarbanes Oxley Act 202

• Public Company Accounting Reform and Investor Protection Act (PCARIPA) of 2002

Preamble to SOx Act 2002Preamble to SOx Act 2002

To protect investors by improving the accuracy and reliability of corporate

disclosure made pursuant to the securities laws, and for other purposes

Who has to comply?Who has to comply?

• Any company that list securities in US– Large & Mid-size companies (accelerated

filers)– Small companies (non-accelerated filers)

• Domestic (US Based)

• Foreign (ADR issuer)

Impact of SOxImpact of SOx

• Big spending to meet compliance requirement

• Delayed earnings report

• More accurate reporting

• Better internal control

The ActThe Act

• Component Sections– Title I: Public Company Accounting Oversight 101-109– Title II: Auditors Independence 201-209– Title III Corporate Responsibility 301-308– Title IV: Enhanced Financial Disclosure 401-409– Title V: Analyst Conflict of Interest 501– Title VI: Commission Resources and Authority 601-604– Title VII: Studies and Report 701-705– Title VIII: Corporate and Criminal Fraud 801-807– Title IX: White-Collar Crime Penalty 901-906– Title X: Corporate Tax Return 1001– Title XI: Corporate Fraud and Accountability 1101-1107

Title I: PCAOBTitle I: PCAOB

• SOx created Public Accounting Overview Board (PCAOB)

• PCAOB replaces AICPA for setting public accounting auditing standards

• The Task:– Register public accounting firms– Set and enforce auditing standards– Enforce Compliance– Investigates claims and bring forth disciplinary claims

Title II: Auditor IndependenceTitle II: Auditor Independence

• External Auditor can not:– Perform internal audit functions– Install financial systems– Provide financial statement of bookkeeping

services– Move own company personnel into corporate

positions– Provide investment or auditing legal services

Title VIII: Corporate FraudTitle VIII: Corporate Fraud

• Section 806: Whistleblower Protection– Prohibits retaliatory action– Ensure anonymity– Emphasizes “Tone and the Top”

Title III: Corporate ResponsibilityTitle III: Corporate Responsibility

• Section 301: Audit Committee– Free and independent Board Member– Must contain a “financial expert”– Develop an Audit Committee charter– Control all audit functions– Work with external auditor to ensure

compliance with SOx

Title III: Corporate ResponsibilityTitle III: Corporate Responsibility

Section 302 Financial Responsibility

• CEO/CFO certify that:– Has reviewed the financial report– The report contains no omissions or

misstatement of material facts– The report fairly represent the financial

conditions

Title III: Corporate ResponsibilityTitle III: Corporate Responsibility

Section 302 Internal Control Certification

• CEO/CFO certify he/she responsibility for:– Designing the internal control system– Designing disclosure controls and procedures– Evaluating the effectiveness of the internal

and disclosure controls– Disclosing to the auditors and committee

• All significant deficiencies• Any fraud involving internal control

Title III: Corporate ResponsibilityTitle III: Corporate Responsibility

Section 302 Internal Control Certification

• Penalty for false certification:– $1mil and/or up to 10 years for “knowing” of a

violation– $5mil and/or up to 20 years for “willing” of a

violation

Title IV: Enhanced Financial Title IV: Enhanced Financial DisclosureDisclosure

• Code of Ethics for Financial Officers

• Periodic report disclosures

• Internal control management (see 404)

• Real time financial statement disclosures (sec 409)

Internal ControlsInternal Controls

What is Internal ControlWhat is Internal Control

“The policies, procedures, practices, and organizational structures designed to

provide reasonable assurance that business objectives will be achieved and that

undesired events will be prevented, or detected and corrected”

Purpose of Internal ControlsPurpose of Internal Controls

• Aid in achieving organization’s goals and objectives

• Assist in reliability financial reporting and compliance

• Lead organization through its day-to-day operations providing”– Rules or guidelines for activities– Identifying and mitigating risks

Section 404a: Internal ControlSection 404a: Internal Control

• Internal Control must be:– Established– Maintained– Analyzed– Assessed for effectiveness

• CEO and CFO certify internal controls are sufficient and have been monitored within 90 days of report filling

Section 404b: Audit of Internal Section 404b: Audit of Internal ControlControl

• Report attesting to the effectiveness of internal controls required per fiscal year

• Material changes in internal control system must be reported every quarter

• The report must address:– The design of the system– The effectiveness– Proof of actual tests on the controls and the

result