Download V. What are the SEC/PCAOB Requirements?

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
Document related concepts

Auditor's report wikipedia , lookup

Transcript 
Get Control Over
Disclosure Controls and Procedures
and
Internal Control over Financial Reporting
Alex Frutos
Jackson Walker L.L.P.
901 Main Street, Suite 6000
Dallas, Texas 75202
[email protected]
Phone: (214) 953-6012
www.jw.com
Strategic Compliance Group, Inc.
Hands-on Seminar
Implementing Sarbanes-Oxley Section 404
Under the “New Rules”
October 29, 2007
Agenda
I.
II.
III.
IV.
V.
VI.
A Review
Impact of the SOX
Why do legal professionals care?
What are they?
What are the SEC/PCAOB requirements?
What are best practices with respect to disclosure
controls and procedures?
VII. Common issues
VIII. Where is Corporate Governance Headed?
1
I. A Review
2
I.
A Review
Corporate Environment Leading to Reform
 Corporate Governance Then
– Mainly a Matter of State Statute and Common Law
– Federal Law Focused on Disclosure
 High profile corporate failures
 Contributing factors
–
–
–
–
–
–
Poor audit oversight
Failed board and management oversight
Officer self-dealing
Wall Street/analyst community
Flawed controls and disclosure processes
Insufficient regulatory oversight
 Political environment
– Public outcry made it easy for Congress to pass anything
– Legal framework was assumed inadequate
3
I.
A Review
Underlying Principals to SOX
– Prohibitions and standards for corporate governance
– Mandate of more diligent oversight by boards, committees and
outside auditors
– Greater accountability of executive officers
– Mandate heightened controls and audit and review requirements
– Increased financial and other disclosure
4
I.












A Review
Overview of The Sarbanes-Oxley Act
Prohibition on Loans to Directors and Executives (§402)
Disgorgement of Bonus and Profits (§304)
No insider trading during Pension Blackout Periods (§306)
Code of Ethics for Senior Officers (§406)
CEO and CFO Certifications (§§302 and 906)
Public Company Accounting Oversight Board (§§102 and 109)
Independent Audit Committee, Financial Experts and Procedures for
Receipt of Complaints (§§301 and 407)
Internal Control over Financial Reporting (§404)
Prohibition on Non-Audit Services (§201)
Improper Influence on Audits (§303)
Whistleblower Protection (§806)
Increased Attorney Responsibilities (§307)
5
II. Impact of the SOX
6
II. Impact of the SOX
 Principles underlying Regulation of Corporate Governance
– Historically = Disclosure and State Corporate law
– Now = Federal Corporate Law, Prohibitions and Standards
 Corporate Regulation –State vs Federal Law
– State Law
•
•
•
Historical focus on formation and capitalization
Viewed as inadequate or unwilling to set standards
“Race to the bottom” by Delaware, Pennsylvania and Nevada
– Emergence of Federal Corporate Law as reaction to Abuses
•
•
•
’33/’34 Acts – Stock Market Collapse
Williams Act/FCPA (1977) – Foreign Bribery Scandals
Sarbanes-Oxley Act – Enron/Andersen/etc.
7
II. Impact of the SOX
 Liability and Other Implications
– Requires issuers to review their relationship with their auditors to ensure
continued independence;
– Implements more stringent rules for U.S. attorneys;
– Protects whistleblowers; and
– Imposes new sanctions and penalties on persons who violate certain
provisions of the U.S. securities laws.
 Impact of SOX
–
–
–
–
–
–
–
–
More disclosure
Much greater expense
Material weaknesses
Late filers
More restatements
Going private and going dark transactions
Foreign listings
Calls for rollback
8
II. Impact of the SOX
Market Reaction to Disclosure of
Material Weaknesses and Restatements
 Average share price movement after disclosure of
material weakness
–
–
–
–
1 day after disclosure, 0.67% drop
After 7 days, 0.90% drop
After 30 days 1.96% drop
After 60 days 4.06% drop
 Larger drop when deadlines pass without
management report or auditor opinion on effectiveness
of internal controls being filed
–
–
–
–
After 1 day, 2.13% drop
After 7 days, 2.89% drop
After 30 days, 3.81% drop
After 60 days, 7.01% drop
 Median one-year stock return of companies that filed
restatements in 2006 was -6% or 20% lower than the
Russell 3000
 Median one-year stock return of companies that
disclosed material weaknesses in 2006 was -4% or
18% lower than the Russell 3000
9
II.
Impact of the SOX
Announced Restatements
Number of Restatements
U.S. Public Companies
1600
1400
1200
1000
800
600
400
200
0
1420
1255
513
2003
627
379
2004
2005
2006
2007*
Source: Glass Lewis, company filings.
* Through June 28, 2007
10
II. Impact of the SOX
Restatements
 1,420 (9.8%) of U.S. public companies and 118 (9.1%) of foreign U.S. listed
companies restated their financial statements in 2006
– 9% restated in 2005 and 4.7% in 2004
 2,931 U.S. companies (about 23%) filed at least one restatement during the
last four years
 683 companies (5%) restated two or more times in the last four years
– 146 companies restated multiple times in 2006, up from 89 in 2005
– 25 companies in 2006 filed 3 or more restatements, up from 7 in 2005
 One third of larger companies and two thirds of microcap companies that
restated still claimed to have effective internal control
 Restatements by companies with >$75 million revenue down 20% 2006
over 2005 while companies with <$75 million in revenue up 49% over same
period
 Restatements by companies required to comply with 404 declined 14% and
restatements by non-accelerated filers rose 40%
11
II.
Impact of the SOX
Common Causes of Restatements
Restatements by Error Category
457
Equity
258
398
Expense recognition
462
378
Misclassification
327
174
Acquisitions / investments
126
164
171
Revenue recognition
155
154
Tax accounting
131
Capital assets
103
124
124
Other comprehensive income
277
All other
189
0
50
100
150
200
250
2005
300
350
400
450
500
2006
Source: Glass Lewis, company filings.
12
II.
Impact of the SOX
Common Causes of Restatements
 Stock-option back-dating grant practices
– 128 companies filed 8-Ks announcing restatements for this
practice, including 117 that filed the restatement in 2006
– 271 companies have disclosed internal or government
investigations
 Accounting for convertible securities (243 restatements in
2006)
 Cash flow misclassifications (99)
 Hedge accounting (65)
 Lease accounting (45 in 2006, down from 249 in 2005)
 Securitizations (19)
 Segments (18)
13
II.
Impact of the SOX
Fraud Frequency by Type
Aiding and Abetting
2%
Manipulation of A/R
3%
Bribery & Kickbacks
3%
Goodwill
1%
Investments
1%
Asset Misappropriation
4%
Manipulation of Reserves
7%
Revenue Recognition
41%
Manipulation of Liabilities
7%
Manipulation of Assets
8%
Deloitte, Ten things about financial statement fraud,
A review of SEC enforcement releases, 2000-2006, June 2007
Manipulation of Expenses
11%
Improper Disclosures
12%
14
II.













Impact of the SOX
Frequent Staff Comments
Revenue
Non-GAAP measures
3rd party valuations
Segments
Financial statement classification
Intangible assets
Reserves
Financial instruments
Discontinued operations
Asset Retirement
Stock Compensation
Disclosure controls & procedures
MD&A
15
II.
Impact of the SOX
Overview of Civil and Criminal Causes of Action
 Civil and criminal causes of action for reporting violations arise
principally under Section 10 (15 U.S.C. Section 78j) and Section 32
(15 U.S.C. Section 78ff) of the Securities Exchange Act of 1934
– Private cause of action under Rule 10b-5 for material misstatements and
omissions in connection with the purchase and sale of a security.
– Separate private cause of action under Section 18 of the Exchange Act
for material misstatements and omissions in SEC reports, but most cases
are brought under Rule 10b-5 because Section 18 has a more stringent
reliance requirement, a short statute of limitations, and a good faith
defense. Unlike Rule 10b-5, scienter is not an element of a Section 18
claim.
– SEC can also bring a variety of civil enforcement actions for material
misstatements and omissions in SEC reports and other public
statements.
– U.S. Attorney can assert criminal liability based on the “willful” violation
provisions of Section 32 of the Exchange Act. When it does so, it
frequently asserts criminal liability under other federal anti-fraud statutes.
16
III. Why do legal professionals care?
17
III. Why do legal professionals care?
For lawyers, this area comes up in the following contexts:
 Reviewing press release and other public disclosures and
Exchange Act filings, in particular Item 307 and 308
disclosure
 M&A and debt and equity financing transactions
 Discussions with auditors over which deficiencies are
significant vs. which deficiencies are material weakness
 If things go terribly wrong, in-house and outside counsel
advise and represent
– audit committees in conducting independent investigations and
responding to SEC investigations
– attorney’s in meeting their elevated reporting obligations
– companies that are subject to lawsuits
18
IV. What are they?
19
IV. What are they?
What are disclosure controls and procedures and
internal control over financial reporting?
 Concepts evolved from Sarbanes-Oxley Act §§302, 906
and 404
 Both defined in Rules 13a-15 and 15d-15 of the
Exchange Act
20
IV. What are they?
Disclosure Controls and Procedures
 Disclosure Controls and Procedures—
– Controls and procedures designed to ensure that information
required for Exchange Act reports is recorded, processed,
summarized and reported within the time periods specified by
the SEC
– Include those controls and procedures designed to ensure that
information required for Exchange Act reports is accumulated
and communicated to management, including CEO and CFO,
to allow timely decisions regarding required disclosures.
 Covers Exchange Act reports: 8-K’s, 10-Q’s, 10-K’s,
proxy statements and information statements
 No prescribed disclosure controls and procedures.
Each company to adopt its own.
21
IV. What are they?
Internal Control over Financial Reporting
 Internal Control over Financial Reporting—
Process designed by, or under the supervision of, the CEO and CFO
and effected by the board of directors and management, to provide
reasonable assurance regarding
– the reliability of financial reporting and
– the preparation of financial statements for external purposes in
accordance with GAAP.
 Internal control over financial reporting includes those policies and
procedures that:
– pertain to the maintenance of records that in reasonable detail
accurately and fairly reflect the issuer’s transactions and asset
dispositions,
– provide reasonable assurance that transactions are recorded as
necessary to permit preparation of financial statements in accordance
with GAAP, and that receipts and expenditures are being made only in
accordance with authorizations of management and directors, and
– provide reasonable assurance regarding prevention or timely detection
of unauthorized acquisition, use or disposition of assets that could have a
material effect on the financial statements.
22
IV. What are they?
Disclosure Controls vs. Internal Control
 Disclosure controls and procedures are designed to ensure that both
financial information and material non-financial information are
included in company’s reports
 Substantial overlap but not identical:
Disclosure
Controls
Internal
Control
23
IV. What are they?
Overall Framework
Effectively designed and operating disclosure controls and
procedures and internal control over financial reporting will include
an overall framework of policies, processes, people and reports:
Policies
Processes
People
Disclosure Controls and
Procedures
Code of Ethics
Instructions, Timelines and
education and training
Certification process
Document Retention Policy
Documented upstream process
(standard unit reporting
packages and sign offs)
Entity level controls (Reg FD
Disclosure Policy,
Whistleblower policy; Insider
Trading Policy)
Accounting policies
Documentation, performance
and evaluation
Disclosure Review
Committee, Board, Audit
Committee
Financial reporting and
disclosure process
Documentation, performance,
evaluation and audit of
internal control
Audit of financial statements
GAAP experts
Internal Controls
Board and committee charters
Reports
Disclosure Review Committee
Checklists
SEC compliance and reporting
experts
Accountable unit managers
and process owners
Sub-certifications
Internal audit function
Audit committee members
Disclosure preparation and
review sign offs (standard unit
reporting packages and sign
offs)
Evaluation reports; D&O
Questionnaires
Report of Independent
Accountants
Internal audit reports
Minutes of audit committee
meetings and record of
disclosure committee meetings
held
24
V. What are the SEC/PCAOB
Requirements?
25
V. What are the SEC/PCAOB Requirements?
Summary
A. Maintain
– Every reporting company must maintain disclosure controls and procedures and internal
control over financial reporting.
B. Evaluate
– Management, with participation of CEO and CFO, must
•
•
•
evaluate effectiveness of disclosure controls as of the end of each quarterly period.
evaluate as of end of each quarter any material change in internal control over financial reporting that
occurred during quarter.
evaluate effectiveness of internal control over as of end of fiscal year.
– Auditor evaluation of internal control as part of an integrated audit
C. Disclose
– In 10-Q and 10-K CEO’s and CFO’s conclusions about the effectiveness of disclosure
controls and procedures.
– In 10-Q and 10-K any material change in internal control over financial reporting that
occurred during quarter.
– In 10-K, management report on internal control over financial reporting and independent
auditor’s attestation report.
D. Certify
– CEO and CFO must certify as to company’s disclosure controls and procedures and internal
control over financial reporting in each 10-Q & 10-K.
26
V. What are the SEC/PCAOB Requirements?
A. Maintenance—Disclosure Controls
Maintenance of Disclosure Controls and Procedures
 Rule 13a-15(a) requires reporting companies to maintain
disclosure controls and procedures
 An adequate basis for the 302 and 906 certifications by
the CEO and CFO necessarily includes that
– disclosure controls and procedures be put in place,
– they be effective, and
– the procedures and steps taken in compliance with such
procedures be documented
 A discussion of best practices will follow
27
V. What are the SEC/PCAOB Requirements?
A. Maintenance—Internal Control
Maintenance of Internal Control
 Rule 13a-15(a) requires reporting companies to maintain
internal control over financial reporting
 Since 1977 most public companies have had basic
processes in place as §13(b)(2) of Exchange Act requires
companies to have “internal accounting controls”
 Foamex—settled SEC investigation regarding inadequate
internal controls
28
V. What are the SEC/PCAOB Requirements?
B. Evaluation—Disclosure Controls
Quarterly Evaluation of Disclosure Controls
 Management, with participation of CEO and CFO, must
evaluate effectiveness of disclosure controls and
procedures as of the end of each fiscal quarter
 No prescribed standards for determining whether or not
disclosure controls are effective
29
V. What are the SEC/PCAOB Requirements?
B. Evaluation—Internal Control
Annual Evaluation of Internal Control
 Management, with participation of CEO and CFO, must
evaluate the effectiveness as of end of each fiscal year
– Must base its evaluation on a suitable, recognized framework
(COSO)
 Compliance Dates:
– Large Accelerated Filers and Accelerated Filers – compliance
began with fiscal year ending on or after November 14, 2004
– Non-accelerated Filers – provide management’s report beginning
with fiscal year ending on or after December 15, 2007
30
V. What are the SEC/PCAOB Requirements?
B. Evaluation—Internal Control
Annual Evaluation of Internal Control (cont'd)
 On June 20, 2007, the SEC published interpretative
guidance addressing the manner in which management
should conduct a top-down, risk based evaluation of the
effectiveness of internal control
 On the same date, a second SEC Release amended
Rules 13a-15(c) and 15d-15(c) to provide that an
evaluation conducted in accordance with the SECs
guidance is a safe harbor for compliance.
– This release removed the requirement for an audit of
management’s assessment
31
V. What are the SEC/PCAOB Requirements?
B. Evaluation—Internal Control
Annual Evaluation of Internal Control (cont'd)
 Identify Financial Reporting Risks and Controls
–
–
–
–
–
Identify financial reporting risks
Identify controls that adequately address these risks
Consider entity-level controls
Role of information technology general controls
Back-up to support assessment
 Evaluate the Operating Effectiveness of Controls
– Determine the evidence needed to support assessment
– Implement procedures to evaluate the operating of controls
– Establish the evidence supporting the assessment
32
V. What are the SEC/PCAOB Requirements?
B. Evaluation—Internal Control
Annual Evaluation of Internal Control (cont'd)
 Documentation—
– In conducting an evaluation, company must maintain evidential
matter, including documentation, to provide reasonable support
for management’s assessment. Instruction 2 to S-K Item 308
and 308T.
 This evidential matter should provide reasonable support
for:
– the evaluation of whether the controls are designed to prevent
or detect material misstatements or omissions;
– the conclusion that the tests were appropriately planned and
performed; and
– the conclusion that the results of the tests were appropriately
considered.
33
V. What are the SEC/PCAOB Requirements?
B. Evaluation—Internal Control
Quarterly Evaluation of Changes in Internal Control
 Management, with participation of CEO and CFO, must
evaluate any change:
– that occurred during each quarter, and
– that has materially affected, or is reasonably likely to materially
affect, internal control over financial reporting
34
V. What are the SEC/PCAOB Requirements?
B. Evaluation—Internal Control—PCAOB AS No. 5
New PCAOB Auditing Standard No. 5—
 On July 27, 2007, the SEC approved PCAOB AS No. 5.
which supersedes PCAOB AS No. 2.
 Genesis for Change
– Feedback from companies on cost of audits
– Desire to move back to more principles based (versus ruled
based) accounting (old standard perceived as too detailed and
prescriptive)
– Desire to reinforce need for professional judgment
– Unintended consequence of old standard promoting a “one size
fits all” approach
– Align management’s and auditor’s approach
 Effective for audits of years ending on or after November
15, 2007
35
V. What are the SEC/PCAOB Requirements?
B. Evaluation—Internal Control—PCAOB AS No. 5
 Plan the Audit
– Understand, define, and focus on Materiality
– Understand the Business, its complexity, and its associated risks and then scope the
audit accordingly
 When planning an integrated audit, the auditor should evaluate whether the
following matters are important to the company’s financial statements and
internal control over financial reporting and, if so, how they will effect the
auditor’s procedures:
Knowledge of I/C obtained from
prior engagements
Industry developments
Matters related to the
company's business
Changes in operations
Preliminary judgments regarding
materiality
Previously identified control
deficiencies
Legal or regulatory matters
Extent of evidence available
regarding effectiveness of I/C
Preliminary judgments regarding
internal controls
Knowledge regarding risks
related to the company
Relative complexity of the
company's operations
36
V. What are the SEC/PCAOB Requirements?
B. Evaluation—Internal Control—PCAOB AS No. 5
 Risk Assessment
– Emphasis on Fraud Controls
•
•
•
Considered part of top down approach — considered to include fraud risk
assessment already performed for financial audit purposes
Fraud risk assessment should be one step (integrated) for the financial statement
and internal controls over financial reporting opinions
Fraud considered the higher risk (versus error) and should get more attention
– Focus on “Top-Down”/”Risk-Based” Approach
•
•
Scope audit area to commensurate risk
Integrate Fraud considerations and consider as key risk
Financial Statement Level
Entity Level Controls
Significant Accounts and Disclosures
Relevant Assertions
37
V. What are the SEC/PCAOB Requirements?
B. Evaluation—Internal Control—PCAOB AS No. 5
 Gives more consideration to Entity Level Controls
 Uses professional judgment – no “checkbox”
 Eliminates the requirement for Auditor to issue an opinion on
management’s assessment of internal controls
– Still requires Auditors to assess the effectiveness of the company’s
internal controls
 Requires the Auditor to report any discovered significant deficiencies,
but requires the Auditor to scope the audit only to assess whether
any material weaknesses exist or could exist
 For multi-location companies allows Auditor to eliminate sites that
cannot impact Materiality
 Emphasizes more up front work through walk-throughs for Auditors
– Management may rely on self-assessments and monitoring
 Emphasizes using the company’s or others work in both
understanding the control environment and its design and testing its
operation effectiveness
38
V. What are the SEC/PCAOB Requirements?
B. Evaluation—Internal Control—PCAOB AS No. 5
 Internal control deficiencies fall into three categories:
– Control deficiency—is a deficiency in the design or operation of a
control that does not allow management or employees to prevent or
detect misstatements on a timely basis.
– Significant deficiency—is a control deficiency, or combination
thereof, that is less severe than a material weakness, yet important
enough to merit attention by those responsible for oversight of the
company’s financial reporting.
– Material weakness—is a deficiency, or combination thereof, such
that results there if reasonable possibility (formerly more than remote
likelihood) that a material misstatement of financial statements will not
be prevented or detected on a timely basis.
 If there is a “material weakness,” management cannot conclude
that internal control over financial reporting is effective.
39
V. What are the SEC/PCAOB Requirements?
B. Evaluation—Internal Control
How do you know whether an internal control issue rises to the level of a
material weakness?
 Useful Analog: Rule 10b-5 definition of “Materiality”
– Substantial likelihood that a reasonable shareholder would consider the omission or
representation important in making an investment decision OR
– Substantial likelihood that a fact “would be viewed by the reasonable investor as
having significantly altered the ‘total mix’ of information made available.” See Basic
v. Levinson; TSC Industries, Inc. v. Northway, Inc.
 “Materiality” traditionally quantified with reference to auditing standards (SAS
47): 5% of pre-tax income or net income, 1/2% of total assets, 1/2% of total revenue
 But see SAB 99—reliance on quantitative benchmarks to assess materiality
for financial statements and performing audits is inappropriate; misstatements
are not immaterial simply because below a # threshold.
 AS 5 specifically includes the following list of indicators
– Identification of fraud, whether or not material, on the part of senior management
– Restatement of financials to reflect the correction of a material misstatement
– Identification by the auditor of a material misstatement in the current period that
would not have been detected by the company’s internal controls
– Ineffective audit committee oversight of financial reporting and internal controls
40
V. What are the SEC/PCAOB Requirements?
B. Evaluation—Internal Control
Activities-level Deficiencies
Box 1. Is the potential magnitude less than
material to annual or interim financial
statements?
Yes
No
Box 2. Are there complementary or
redundant controls that were tested and
evaluated that achieve the same control
objective?
Yes
No
Box 3. Are there compensating controls
that were tested and evaluated that reduce
the magnitude of a misstatement of annual
or interim financial statements to less than
material?
Yes
Box 5. Is the matter
important enough to merit
attention by those
responsible for oversight
of financial reporting?
No
Box 4. Does the evaluation of risk factors
result in a judgment that there is not a
reasonable possibility that controls will fail
to prevent or detect a material misstatement
of annual or interim financial statements?
No
Deficiency
No
Significant
Deficiency
Yes
Yes
Box 6. Would a prudent
official conclude that the
deficiency is a material
weakness considering
both annual and interim
financial statements?
No
Material
Weakness
Yes
41
V. What are the SEC/PCAOB Requirements?
B. Evaluation—Internal Control
IT General Control Deficiencies
Box 1. Are there complementary or redundant
ITGCs that were tested ad evaluated that achieve
the same control objective?
Yes
No
Box 2. Are there control deficiencies at the
application level evaluated in Chart 2 that are
related to or caused by the ITGC deficiency?
No
Yes
Box 3. Are the control deficiencies at the application
level related to or caused by the ITGC deficiency
classified as a material weakness?
Yes
Material
Weakness
No
Box 5. Is the matter important
enough to merit attention by those
responsible for oversight of
financial reporting?
No
Deficiency
No
Significant
Deficiency
Yes
Yes
Box 5. Would a prudent official
conclude that the deficiency is a
material weakness considering
both annual and interim financial
statements?
42
V. What are the SEC/PCAOB Requirements?
B. Evaluation—Internal Control
Entity-level Control Deficiencies
Box 1. Is the deficiency an indication of a material
weakness?
No
Yes
Box 2. Are there complementary or redundant
programs or controls or compensating controls that
were tested and evaluated that result in a judgment
that the deficient control will not fail to prevent or
detect a material misstatement of annual or interim
financial statements?
Yes
No
Box 3. Does the evaluation of risk factors result in a
judgment that there is not a reasonable possibility
that controls will fail to prevent or detect a material
misstatement of annual or interim financial
statements?
No
Material
Weakness
Yes
Box 4. Is the matter
important enough to merit
attention by those
responsible for oversight
of financial reporting?
No
Deficiency
No
Significant
Deficiency
Yes
Yes
Box 5. Would a prudent
official conclude that the
deficiency is a material
weakness considering
both annual and interim
financial statements?
43
V. What are the SEC/PCAOB Requirements?
C. Disclosure—Disclosure Controls
Disclose Management’s Assessment of Disclosure Controls
 Company must disclose in each 10-Q and 10-K
management’s conclusions regarding the effectiveness of
disclosure controls as of the end of the period
 If disclosure controls and procedures are not effective,
disclosure should include
– the reasons why and the nature of the deficiency,
– how management is addressing the deficiency, including the
nature of any improvements and enhancements that were made
or are being implemented,
– the timeline for any further improvements and
– any efforts to mitigate the weakness in the interim.
44
V. What are the SEC/PCAOB Requirements?
C. Disclosure—Internal Control
Management’s Annual Report on Internal Control
 10-K must include a management report that:
– says management is responsible for establishing and maintaining
adequate internal control over financial reporting
– identifies framework used to evaluate effectiveness
– provides management’s assessment of effectiveness as of end of
fiscal year (including disclosure of any material weakness)
– says that auditors have issued attestation report on the
company’s internal control over financial reporting
 No prescribed location for the management’s report
45
V. What are the SEC/PCAOB Requirements?
C. Disclosure—Internal Control
Auditor’s Attestation Report
 10-K must include an auditor’s attestation report
containing its opinion on the effectiveness of the
company’s internal controls
– An opinion on management’s assessment of the effectiveness of
internal controls is no longer necessary
 Four types of opinions:
–
–
–
–
Unqualified opinion
Disclaimed opinion
Opinion that is qualified in scope
Adverse opinion
 Opinion in auditor attestation does not necessarily impact
opinion on financial statements and vice versa
46
V. What are the SEC/PCAOB Requirements?
C. Disclosure—Internal Control
Disclose Changes in Internal Control
 10-Q and 10-K must disclose any change in internal
control that occurred during quarter that materially
affected or is reasonably likely to materially affect internal
control over financial reporting.
– SEC says not required to disclose any changes made in
preparation for first management report, BUT issuers should
“carefully consider” disclosing any material weakness and steps
taken to correct it.
47
V. What are the SEC/PCAOB Requirements?
D. Certification
Certification by CEO and CFO in each 10-Q and 10-K:
 based on their knowledge, the report does not contain any material misstatements or
omissions
 based on their knowledge, financial statements and financial info fairly present in all
material respects issuer’s financial condition and results of operations
 responsible for establishing and maintaining disclosure controls and procedures [and
internal control over financial reporting]
– designed such disclosure controls and procedures to ensure that material information is made
known to them, particularly during period covered by report
– designed such internal control over financial reporting to provide reasonable assurance re
reliability of financial reporting and preparation of financial statements per GAAP
– evaluated effectiveness of disclosure controls and procedures as of end of period covered by
report and reported their conclusions in the report
– disclosed in the report any change in internal control over financial reporting that occurred
during quarter that has materially, or is reasonably likely to material affect, internal control over
financial reporting
 disclosed, based on their most recent evaluation, to the auditors and audit committee:
– All significant deficiencies and material weaknesses in internal control over financial reporting
that are reasonably likely to adversely affect issuer’s ability to record, process, summarize and
report financial information; and
– Any fraud, whether or not material, involving management or employees who have significant
role in internal control over financial reporting
48
VI. What are best practices with respect to
disclosure controls?
49
VI. What are best practices with respect to disclosure controls?
A.
B.
C.
D.
E.
Form a disclosure review committee
Prepare written compliance policies and procedures
Document compliance with policies and procedures
Implement a Regulation FD Disclosure Policy
Training and education
50
VI. What are best practices with respect to disclosure controls?
A. Disclosure Review Committee
 Disclosure Review Committee
– Responsibilities –
•
•
•
•
Review of Exchange Act filings, earnings and press releases, analyst
communications, website
Considering the materiality of information
Determining disclosure obligations
Coordinating reviews of CEO, CFO, independent accountants, internal
audits and the audit committee
– Members – SEC recommends principal accounting officer or
controller, general counsel and principal risk management and
investor relations officers. Also typically include CEO and CFO.
– Charter
51
VI. What are best practices with respect to disclosure controls?
B. Written Compliance Policies and Procedures
 Written compliance policies and procedures
– Should be sufficiently detailed, but not overly burdensome
– This documentation should
•
•
•
•
Identify the personnel responsible for each section of the report,
Identify the other key participants involved in the report’s preparation,
Detail how the information necessary to prepare the report is collected
and communicated, and
Describe how drafts are reviewed and revised, including the degree of
review by outside auditors, counsel, the board of directors and the
Audit Committee.
– A disclosure committee charter, a formal written compliance policy,
certifications and sub-certifications and related materials and
checklists can form the basis of a company’s written policies and
procedures.
52
VI. What are best practices with respect to disclosure controls?
C. Document Compliance with Policies and Procedures
 Document Compliance with Policies and Procedures
– Sub-certifications
•
•
–
–
–
–
Many, but not all companies, use them
Should be tailored to areas of responsibility
Instruction Sheets for Reviewers and Preparers
Timetables
Responsibility Checklists
8-K Procedures
53
VI. What are best practices with respect to disclosure controls?
D. Disclosure Policy and E. Training & Education
 Disclosure Policy
– designed to ensure compliance with Reg. FD
– Siebel repealed—SEC action alleging failure to file 8-K re
selective disclosure of material information may violate Rule 13a15 requirement that company maintain disclosure controls and
procedures
– Flowserve case—SEC action involving the reaffirmation of
earnings guidance
 Training and Education
54
VII. Common Issues
55
VII. Common Issues
1) Should old drafts of Exchange Act filings be saved as
part of the documentation process?
2) What issues related to internal control over financial
reporting and disclosure controls and procedures
should an acquiring company be concerned about?
What kinds of representations and warranties should it
obtain?
3) Is an acquiring reporting company required to include a
target’s internal control over financial reporting and
disclosure controls and procedures in the scope of its
evaluation, disclosure and certification?
4) What issues are presented by the use of third party
service providers such as ADP which perform
accounting related functions?
56
VIII. Where is Corporate Governance
Headed?
57
VIII. Where is Corporate Governance Headed?
 Majority Voting for Directors
– SEC and ISS Position
– Voluntary Corporate Action
– Possible Regulatory Action
 Focus Executive Compensation—Disney
 Executive Compensation Disclosure Release
–
–
–
–
–
–
–
–
Plain English
Compensation, Discussion and Analysis
Revised Compensation Tables
Perks
Disclosure of Pledged Stock by Directors and Executives
New Centralize/Enhanced Corporate Governance Section
Higher Threshold for Disclosure of Related Party Transactions
Enhanced Form 8-K Disclosure
58
VIII. Where is Corporate Governance Headed?
 Stock Option Backdating and “Spring-Loading”
 Other Corporate Governance Pressures
–
–
–
–
–
Activist Hedge Funds, Pension Funds and Private Equity Investors
Direct Nomination (and Removal) of Directors
100% Independent Board
Separation of Positions of Chairman and CEO
Increased Allowance of Shareholder Proposals Restricting Corporate
Activities
59
Thank you
60
Related documents
“Free Lunch”: Teaching Internal Medicine Residents about
“Free Lunch”: Teaching Internal Medicine Residents about
here
here
Prevention & Disclosure of Medical Error
Prevention & Disclosure of Medical Error
Communicate - Shelton State Community College
Communicate - Shelton State Community College
Reports are due following the completion of each quarter, by April
Reports are due following the completion of each quarter, by April
Information Disclosure Specialist Consultant
Information Disclosure Specialist Consultant
Energy Security and Climate Change
Energy Security and Climate Change
DISCLOSURE PURSUANT TO UTAH PUBLIC OFFICERS’ AND EMPLOYEES’ ETHICS ACT
DISCLOSURE PURSUANT TO UTAH PUBLIC OFFICERS’ AND EMPLOYEES’ ETHICS ACT
Disclosure of Financial Interest
Disclosure of Financial Interest
DP11 Flow chart for disclosureFinal, 44 kb
DP11 Flow chart for disclosureFinal, 44 kb