Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Get Control Over Disclosure Controls and Procedures and Internal Control over Financial Reporting Alex Frutos Jackson Walker L.L.P. 901 Main Street, Suite 6000 Dallas, Texas 75202 [email protected] Phone: (214) 953-6012 www.jw.com Strategic Compliance Group, Inc. Hands-on Seminar Implementing Sarbanes-Oxley Section 404 Under the “New Rules” October 29, 2007 Agenda I. II. III. IV. V. VI. A Review Impact of the SOX Why do legal professionals care? What are they? What are the SEC/PCAOB requirements? What are best practices with respect to disclosure controls and procedures? VII. Common issues VIII. Where is Corporate Governance Headed? 1 I. A Review 2 I. A Review Corporate Environment Leading to Reform Corporate Governance Then – Mainly a Matter of State Statute and Common Law – Federal Law Focused on Disclosure High profile corporate failures Contributing factors – – – – – – Poor audit oversight Failed board and management oversight Officer self-dealing Wall Street/analyst community Flawed controls and disclosure processes Insufficient regulatory oversight Political environment – Public outcry made it easy for Congress to pass anything – Legal framework was assumed inadequate 3 I. A Review Underlying Principals to SOX – Prohibitions and standards for corporate governance – Mandate of more diligent oversight by boards, committees and outside auditors – Greater accountability of executive officers – Mandate heightened controls and audit and review requirements – Increased financial and other disclosure 4 I. A Review Overview of The Sarbanes-Oxley Act Prohibition on Loans to Directors and Executives (§402) Disgorgement of Bonus and Profits (§304) No insider trading during Pension Blackout Periods (§306) Code of Ethics for Senior Officers (§406) CEO and CFO Certifications (§§302 and 906) Public Company Accounting Oversight Board (§§102 and 109) Independent Audit Committee, Financial Experts and Procedures for Receipt of Complaints (§§301 and 407) Internal Control over Financial Reporting (§404) Prohibition on Non-Audit Services (§201) Improper Influence on Audits (§303) Whistleblower Protection (§806) Increased Attorney Responsibilities (§307) 5 II. Impact of the SOX 6 II. Impact of the SOX Principles underlying Regulation of Corporate Governance – Historically = Disclosure and State Corporate law – Now = Federal Corporate Law, Prohibitions and Standards Corporate Regulation –State vs Federal Law – State Law • • • Historical focus on formation and capitalization Viewed as inadequate or unwilling to set standards “Race to the bottom” by Delaware, Pennsylvania and Nevada – Emergence of Federal Corporate Law as reaction to Abuses • • • ’33/’34 Acts – Stock Market Collapse Williams Act/FCPA (1977) – Foreign Bribery Scandals Sarbanes-Oxley Act – Enron/Andersen/etc. 7 II. Impact of the SOX Liability and Other Implications – Requires issuers to review their relationship with their auditors to ensure continued independence; – Implements more stringent rules for U.S. attorneys; – Protects whistleblowers; and – Imposes new sanctions and penalties on persons who violate certain provisions of the U.S. securities laws. Impact of SOX – – – – – – – – More disclosure Much greater expense Material weaknesses Late filers More restatements Going private and going dark transactions Foreign listings Calls for rollback 8 II. Impact of the SOX Market Reaction to Disclosure of Material Weaknesses and Restatements Average share price movement after disclosure of material weakness – – – – 1 day after disclosure, 0.67% drop After 7 days, 0.90% drop After 30 days 1.96% drop After 60 days 4.06% drop Larger drop when deadlines pass without management report or auditor opinion on effectiveness of internal controls being filed – – – – After 1 day, 2.13% drop After 7 days, 2.89% drop After 30 days, 3.81% drop After 60 days, 7.01% drop Median one-year stock return of companies that filed restatements in 2006 was -6% or 20% lower than the Russell 3000 Median one-year stock return of companies that disclosed material weaknesses in 2006 was -4% or 18% lower than the Russell 3000 9 II. Impact of the SOX Announced Restatements Number of Restatements U.S. Public Companies 1600 1400 1200 1000 800 600 400 200 0 1420 1255 513 2003 627 379 2004 2005 2006 2007* Source: Glass Lewis, company filings. * Through June 28, 2007 10 II. Impact of the SOX Restatements 1,420 (9.8%) of U.S. public companies and 118 (9.1%) of foreign U.S. listed companies restated their financial statements in 2006 – 9% restated in 2005 and 4.7% in 2004 2,931 U.S. companies (about 23%) filed at least one restatement during the last four years 683 companies (5%) restated two or more times in the last four years – 146 companies restated multiple times in 2006, up from 89 in 2005 – 25 companies in 2006 filed 3 or more restatements, up from 7 in 2005 One third of larger companies and two thirds of microcap companies that restated still claimed to have effective internal control Restatements by companies with >$75 million revenue down 20% 2006 over 2005 while companies with <$75 million in revenue up 49% over same period Restatements by companies required to comply with 404 declined 14% and restatements by non-accelerated filers rose 40% 11 II. Impact of the SOX Common Causes of Restatements Restatements by Error Category 457 Equity 258 398 Expense recognition 462 378 Misclassification 327 174 Acquisitions / investments 126 164 171 Revenue recognition 155 154 Tax accounting 131 Capital assets 103 124 124 Other comprehensive income 277 All other 189 0 50 100 150 200 250 2005 300 350 400 450 500 2006 Source: Glass Lewis, company filings. 12 II. Impact of the SOX Common Causes of Restatements Stock-option back-dating grant practices – 128 companies filed 8-Ks announcing restatements for this practice, including 117 that filed the restatement in 2006 – 271 companies have disclosed internal or government investigations Accounting for convertible securities (243 restatements in 2006) Cash flow misclassifications (99) Hedge accounting (65) Lease accounting (45 in 2006, down from 249 in 2005) Securitizations (19) Segments (18) 13 II. Impact of the SOX Fraud Frequency by Type Aiding and Abetting 2% Manipulation of A/R 3% Bribery & Kickbacks 3% Goodwill 1% Investments 1% Asset Misappropriation 4% Manipulation of Reserves 7% Revenue Recognition 41% Manipulation of Liabilities 7% Manipulation of Assets 8% Deloitte, Ten things about financial statement fraud, A review of SEC enforcement releases, 2000-2006, June 2007 Manipulation of Expenses 11% Improper Disclosures 12% 14 II. Impact of the SOX Frequent Staff Comments Revenue Non-GAAP measures 3rd party valuations Segments Financial statement classification Intangible assets Reserves Financial instruments Discontinued operations Asset Retirement Stock Compensation Disclosure controls & procedures MD&A 15 II. Impact of the SOX Overview of Civil and Criminal Causes of Action Civil and criminal causes of action for reporting violations arise principally under Section 10 (15 U.S.C. Section 78j) and Section 32 (15 U.S.C. Section 78ff) of the Securities Exchange Act of 1934 – Private cause of action under Rule 10b-5 for material misstatements and omissions in connection with the purchase and sale of a security. – Separate private cause of action under Section 18 of the Exchange Act for material misstatements and omissions in SEC reports, but most cases are brought under Rule 10b-5 because Section 18 has a more stringent reliance requirement, a short statute of limitations, and a good faith defense. Unlike Rule 10b-5, scienter is not an element of a Section 18 claim. – SEC can also bring a variety of civil enforcement actions for material misstatements and omissions in SEC reports and other public statements. – U.S. Attorney can assert criminal liability based on the “willful” violation provisions of Section 32 of the Exchange Act. When it does so, it frequently asserts criminal liability under other federal anti-fraud statutes. 16 III. Why do legal professionals care? 17 III. Why do legal professionals care? For lawyers, this area comes up in the following contexts: Reviewing press release and other public disclosures and Exchange Act filings, in particular Item 307 and 308 disclosure M&A and debt and equity financing transactions Discussions with auditors over which deficiencies are significant vs. which deficiencies are material weakness If things go terribly wrong, in-house and outside counsel advise and represent – audit committees in conducting independent investigations and responding to SEC investigations – attorney’s in meeting their elevated reporting obligations – companies that are subject to lawsuits 18 IV. What are they? 19 IV. What are they? What are disclosure controls and procedures and internal control over financial reporting? Concepts evolved from Sarbanes-Oxley Act §§302, 906 and 404 Both defined in Rules 13a-15 and 15d-15 of the Exchange Act 20 IV. What are they? Disclosure Controls and Procedures Disclosure Controls and Procedures— – Controls and procedures designed to ensure that information required for Exchange Act reports is recorded, processed, summarized and reported within the time periods specified by the SEC – Include those controls and procedures designed to ensure that information required for Exchange Act reports is accumulated and communicated to management, including CEO and CFO, to allow timely decisions regarding required disclosures. Covers Exchange Act reports: 8-K’s, 10-Q’s, 10-K’s, proxy statements and information statements No prescribed disclosure controls and procedures. Each company to adopt its own. 21 IV. What are they? Internal Control over Financial Reporting Internal Control over Financial Reporting— Process designed by, or under the supervision of, the CEO and CFO and effected by the board of directors and management, to provide reasonable assurance regarding – the reliability of financial reporting and – the preparation of financial statements for external purposes in accordance with GAAP. Internal control over financial reporting includes those policies and procedures that: – pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the issuer’s transactions and asset dispositions, – provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with GAAP, and that receipts and expenditures are being made only in accordance with authorizations of management and directors, and – provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of assets that could have a material effect on the financial statements. 22 IV. What are they? Disclosure Controls vs. Internal Control Disclosure controls and procedures are designed to ensure that both financial information and material non-financial information are included in company’s reports Substantial overlap but not identical: Disclosure Controls Internal Control 23 IV. What are they? Overall Framework Effectively designed and operating disclosure controls and procedures and internal control over financial reporting will include an overall framework of policies, processes, people and reports: Policies Processes People Disclosure Controls and Procedures Code of Ethics Instructions, Timelines and education and training Certification process Document Retention Policy Documented upstream process (standard unit reporting packages and sign offs) Entity level controls (Reg FD Disclosure Policy, Whistleblower policy; Insider Trading Policy) Accounting policies Documentation, performance and evaluation Disclosure Review Committee, Board, Audit Committee Financial reporting and disclosure process Documentation, performance, evaluation and audit of internal control Audit of financial statements GAAP experts Internal Controls Board and committee charters Reports Disclosure Review Committee Checklists SEC compliance and reporting experts Accountable unit managers and process owners Sub-certifications Internal audit function Audit committee members Disclosure preparation and review sign offs (standard unit reporting packages and sign offs) Evaluation reports; D&O Questionnaires Report of Independent Accountants Internal audit reports Minutes of audit committee meetings and record of disclosure committee meetings held 24 V. What are the SEC/PCAOB Requirements? 25 V. What are the SEC/PCAOB Requirements? Summary A. Maintain – Every reporting company must maintain disclosure controls and procedures and internal control over financial reporting. B. Evaluate – Management, with participation of CEO and CFO, must • • • evaluate effectiveness of disclosure controls as of the end of each quarterly period. evaluate as of end of each quarter any material change in internal control over financial reporting that occurred during quarter. evaluate effectiveness of internal control over as of end of fiscal year. – Auditor evaluation of internal control as part of an integrated audit C. Disclose – In 10-Q and 10-K CEO’s and CFO’s conclusions about the effectiveness of disclosure controls and procedures. – In 10-Q and 10-K any material change in internal control over financial reporting that occurred during quarter. – In 10-K, management report on internal control over financial reporting and independent auditor’s attestation report. D. Certify – CEO and CFO must certify as to company’s disclosure controls and procedures and internal control over financial reporting in each 10-Q & 10-K. 26 V. What are the SEC/PCAOB Requirements? A. Maintenance—Disclosure Controls Maintenance of Disclosure Controls and Procedures Rule 13a-15(a) requires reporting companies to maintain disclosure controls and procedures An adequate basis for the 302 and 906 certifications by the CEO and CFO necessarily includes that – disclosure controls and procedures be put in place, – they be effective, and – the procedures and steps taken in compliance with such procedures be documented A discussion of best practices will follow 27 V. What are the SEC/PCAOB Requirements? A. Maintenance—Internal Control Maintenance of Internal Control Rule 13a-15(a) requires reporting companies to maintain internal control over financial reporting Since 1977 most public companies have had basic processes in place as §13(b)(2) of Exchange Act requires companies to have “internal accounting controls” Foamex—settled SEC investigation regarding inadequate internal controls 28 V. What are the SEC/PCAOB Requirements? B. Evaluation—Disclosure Controls Quarterly Evaluation of Disclosure Controls Management, with participation of CEO and CFO, must evaluate effectiveness of disclosure controls and procedures as of the end of each fiscal quarter No prescribed standards for determining whether or not disclosure controls are effective 29 V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control Annual Evaluation of Internal Control Management, with participation of CEO and CFO, must evaluate the effectiveness as of end of each fiscal year – Must base its evaluation on a suitable, recognized framework (COSO) Compliance Dates: – Large Accelerated Filers and Accelerated Filers – compliance began with fiscal year ending on or after November 14, 2004 – Non-accelerated Filers – provide management’s report beginning with fiscal year ending on or after December 15, 2007 30 V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control Annual Evaluation of Internal Control (cont'd) On June 20, 2007, the SEC published interpretative guidance addressing the manner in which management should conduct a top-down, risk based evaluation of the effectiveness of internal control On the same date, a second SEC Release amended Rules 13a-15(c) and 15d-15(c) to provide that an evaluation conducted in accordance with the SECs guidance is a safe harbor for compliance. – This release removed the requirement for an audit of management’s assessment 31 V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control Annual Evaluation of Internal Control (cont'd) Identify Financial Reporting Risks and Controls – – – – – Identify financial reporting risks Identify controls that adequately address these risks Consider entity-level controls Role of information technology general controls Back-up to support assessment Evaluate the Operating Effectiveness of Controls – Determine the evidence needed to support assessment – Implement procedures to evaluate the operating of controls – Establish the evidence supporting the assessment 32 V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control Annual Evaluation of Internal Control (cont'd) Documentation— – In conducting an evaluation, company must maintain evidential matter, including documentation, to provide reasonable support for management’s assessment. Instruction 2 to S-K Item 308 and 308T. This evidential matter should provide reasonable support for: – the evaluation of whether the controls are designed to prevent or detect material misstatements or omissions; – the conclusion that the tests were appropriately planned and performed; and – the conclusion that the results of the tests were appropriately considered. 33 V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control Quarterly Evaluation of Changes in Internal Control Management, with participation of CEO and CFO, must evaluate any change: – that occurred during each quarter, and – that has materially affected, or is reasonably likely to materially affect, internal control over financial reporting 34 V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control—PCAOB AS No. 5 New PCAOB Auditing Standard No. 5— On July 27, 2007, the SEC approved PCAOB AS No. 5. which supersedes PCAOB AS No. 2. Genesis for Change – Feedback from companies on cost of audits – Desire to move back to more principles based (versus ruled based) accounting (old standard perceived as too detailed and prescriptive) – Desire to reinforce need for professional judgment – Unintended consequence of old standard promoting a “one size fits all” approach – Align management’s and auditor’s approach Effective for audits of years ending on or after November 15, 2007 35 V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control—PCAOB AS No. 5 Plan the Audit – Understand, define, and focus on Materiality – Understand the Business, its complexity, and its associated risks and then scope the audit accordingly When planning an integrated audit, the auditor should evaluate whether the following matters are important to the company’s financial statements and internal control over financial reporting and, if so, how they will effect the auditor’s procedures: Knowledge of I/C obtained from prior engagements Industry developments Matters related to the company's business Changes in operations Preliminary judgments regarding materiality Previously identified control deficiencies Legal or regulatory matters Extent of evidence available regarding effectiveness of I/C Preliminary judgments regarding internal controls Knowledge regarding risks related to the company Relative complexity of the company's operations 36 V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control—PCAOB AS No. 5 Risk Assessment – Emphasis on Fraud Controls • • • Considered part of top down approach — considered to include fraud risk assessment already performed for financial audit purposes Fraud risk assessment should be one step (integrated) for the financial statement and internal controls over financial reporting opinions Fraud considered the higher risk (versus error) and should get more attention – Focus on “Top-Down”/”Risk-Based” Approach • • Scope audit area to commensurate risk Integrate Fraud considerations and consider as key risk Financial Statement Level Entity Level Controls Significant Accounts and Disclosures Relevant Assertions 37 V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control—PCAOB AS No. 5 Gives more consideration to Entity Level Controls Uses professional judgment – no “checkbox” Eliminates the requirement for Auditor to issue an opinion on management’s assessment of internal controls – Still requires Auditors to assess the effectiveness of the company’s internal controls Requires the Auditor to report any discovered significant deficiencies, but requires the Auditor to scope the audit only to assess whether any material weaknesses exist or could exist For multi-location companies allows Auditor to eliminate sites that cannot impact Materiality Emphasizes more up front work through walk-throughs for Auditors – Management may rely on self-assessments and monitoring Emphasizes using the company’s or others work in both understanding the control environment and its design and testing its operation effectiveness 38 V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control—PCAOB AS No. 5 Internal control deficiencies fall into three categories: – Control deficiency—is a deficiency in the design or operation of a control that does not allow management or employees to prevent or detect misstatements on a timely basis. – Significant deficiency—is a control deficiency, or combination thereof, that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company’s financial reporting. – Material weakness—is a deficiency, or combination thereof, such that results there if reasonable possibility (formerly more than remote likelihood) that a material misstatement of financial statements will not be prevented or detected on a timely basis. If there is a “material weakness,” management cannot conclude that internal control over financial reporting is effective. 39 V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control How do you know whether an internal control issue rises to the level of a material weakness? Useful Analog: Rule 10b-5 definition of “Materiality” – Substantial likelihood that a reasonable shareholder would consider the omission or representation important in making an investment decision OR – Substantial likelihood that a fact “would be viewed by the reasonable investor as having significantly altered the ‘total mix’ of information made available.” See Basic v. Levinson; TSC Industries, Inc. v. Northway, Inc. “Materiality” traditionally quantified with reference to auditing standards (SAS 47): 5% of pre-tax income or net income, 1/2% of total assets, 1/2% of total revenue But see SAB 99—reliance on quantitative benchmarks to assess materiality for financial statements and performing audits is inappropriate; misstatements are not immaterial simply because below a # threshold. AS 5 specifically includes the following list of indicators – Identification of fraud, whether or not material, on the part of senior management – Restatement of financials to reflect the correction of a material misstatement – Identification by the auditor of a material misstatement in the current period that would not have been detected by the company’s internal controls – Ineffective audit committee oversight of financial reporting and internal controls 40 V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control Activities-level Deficiencies Box 1. Is the potential magnitude less than material to annual or interim financial statements? Yes No Box 2. Are there complementary or redundant controls that were tested and evaluated that achieve the same control objective? Yes No Box 3. Are there compensating controls that were tested and evaluated that reduce the magnitude of a misstatement of annual or interim financial statements to less than material? Yes Box 5. Is the matter important enough to merit attention by those responsible for oversight of financial reporting? No Box 4. Does the evaluation of risk factors result in a judgment that there is not a reasonable possibility that controls will fail to prevent or detect a material misstatement of annual or interim financial statements? No Deficiency No Significant Deficiency Yes Yes Box 6. Would a prudent official conclude that the deficiency is a material weakness considering both annual and interim financial statements? No Material Weakness Yes 41 V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control IT General Control Deficiencies Box 1. Are there complementary or redundant ITGCs that were tested ad evaluated that achieve the same control objective? Yes No Box 2. Are there control deficiencies at the application level evaluated in Chart 2 that are related to or caused by the ITGC deficiency? No Yes Box 3. Are the control deficiencies at the application level related to or caused by the ITGC deficiency classified as a material weakness? Yes Material Weakness No Box 5. Is the matter important enough to merit attention by those responsible for oversight of financial reporting? No Deficiency No Significant Deficiency Yes Yes Box 5. Would a prudent official conclude that the deficiency is a material weakness considering both annual and interim financial statements? 42 V. What are the SEC/PCAOB Requirements? B. Evaluation—Internal Control Entity-level Control Deficiencies Box 1. Is the deficiency an indication of a material weakness? No Yes Box 2. Are there complementary or redundant programs or controls or compensating controls that were tested and evaluated that result in a judgment that the deficient control will not fail to prevent or detect a material misstatement of annual or interim financial statements? Yes No Box 3. Does the evaluation of risk factors result in a judgment that there is not a reasonable possibility that controls will fail to prevent or detect a material misstatement of annual or interim financial statements? No Material Weakness Yes Box 4. Is the matter important enough to merit attention by those responsible for oversight of financial reporting? No Deficiency No Significant Deficiency Yes Yes Box 5. Would a prudent official conclude that the deficiency is a material weakness considering both annual and interim financial statements? 43 V. What are the SEC/PCAOB Requirements? C. Disclosure—Disclosure Controls Disclose Management’s Assessment of Disclosure Controls Company must disclose in each 10-Q and 10-K management’s conclusions regarding the effectiveness of disclosure controls as of the end of the period If disclosure controls and procedures are not effective, disclosure should include – the reasons why and the nature of the deficiency, – how management is addressing the deficiency, including the nature of any improvements and enhancements that were made or are being implemented, – the timeline for any further improvements and – any efforts to mitigate the weakness in the interim. 44 V. What are the SEC/PCAOB Requirements? C. Disclosure—Internal Control Management’s Annual Report on Internal Control 10-K must include a management report that: – says management is responsible for establishing and maintaining adequate internal control over financial reporting – identifies framework used to evaluate effectiveness – provides management’s assessment of effectiveness as of end of fiscal year (including disclosure of any material weakness) – says that auditors have issued attestation report on the company’s internal control over financial reporting No prescribed location for the management’s report 45 V. What are the SEC/PCAOB Requirements? C. Disclosure—Internal Control Auditor’s Attestation Report 10-K must include an auditor’s attestation report containing its opinion on the effectiveness of the company’s internal controls – An opinion on management’s assessment of the effectiveness of internal controls is no longer necessary Four types of opinions: – – – – Unqualified opinion Disclaimed opinion Opinion that is qualified in scope Adverse opinion Opinion in auditor attestation does not necessarily impact opinion on financial statements and vice versa 46 V. What are the SEC/PCAOB Requirements? C. Disclosure—Internal Control Disclose Changes in Internal Control 10-Q and 10-K must disclose any change in internal control that occurred during quarter that materially affected or is reasonably likely to materially affect internal control over financial reporting. – SEC says not required to disclose any changes made in preparation for first management report, BUT issuers should “carefully consider” disclosing any material weakness and steps taken to correct it. 47 V. What are the SEC/PCAOB Requirements? D. Certification Certification by CEO and CFO in each 10-Q and 10-K: based on their knowledge, the report does not contain any material misstatements or omissions based on their knowledge, financial statements and financial info fairly present in all material respects issuer’s financial condition and results of operations responsible for establishing and maintaining disclosure controls and procedures [and internal control over financial reporting] – designed such disclosure controls and procedures to ensure that material information is made known to them, particularly during period covered by report – designed such internal control over financial reporting to provide reasonable assurance re reliability of financial reporting and preparation of financial statements per GAAP – evaluated effectiveness of disclosure controls and procedures as of end of period covered by report and reported their conclusions in the report – disclosed in the report any change in internal control over financial reporting that occurred during quarter that has materially, or is reasonably likely to material affect, internal control over financial reporting disclosed, based on their most recent evaluation, to the auditors and audit committee: – All significant deficiencies and material weaknesses in internal control over financial reporting that are reasonably likely to adversely affect issuer’s ability to record, process, summarize and report financial information; and – Any fraud, whether or not material, involving management or employees who have significant role in internal control over financial reporting 48 VI. What are best practices with respect to disclosure controls? 49 VI. What are best practices with respect to disclosure controls? A. B. C. D. E. Form a disclosure review committee Prepare written compliance policies and procedures Document compliance with policies and procedures Implement a Regulation FD Disclosure Policy Training and education 50 VI. What are best practices with respect to disclosure controls? A. Disclosure Review Committee Disclosure Review Committee – Responsibilities – • • • • Review of Exchange Act filings, earnings and press releases, analyst communications, website Considering the materiality of information Determining disclosure obligations Coordinating reviews of CEO, CFO, independent accountants, internal audits and the audit committee – Members – SEC recommends principal accounting officer or controller, general counsel and principal risk management and investor relations officers. Also typically include CEO and CFO. – Charter 51 VI. What are best practices with respect to disclosure controls? B. Written Compliance Policies and Procedures Written compliance policies and procedures – Should be sufficiently detailed, but not overly burdensome – This documentation should • • • • Identify the personnel responsible for each section of the report, Identify the other key participants involved in the report’s preparation, Detail how the information necessary to prepare the report is collected and communicated, and Describe how drafts are reviewed and revised, including the degree of review by outside auditors, counsel, the board of directors and the Audit Committee. – A disclosure committee charter, a formal written compliance policy, certifications and sub-certifications and related materials and checklists can form the basis of a company’s written policies and procedures. 52 VI. What are best practices with respect to disclosure controls? C. Document Compliance with Policies and Procedures Document Compliance with Policies and Procedures – Sub-certifications • • – – – – Many, but not all companies, use them Should be tailored to areas of responsibility Instruction Sheets for Reviewers and Preparers Timetables Responsibility Checklists 8-K Procedures 53 VI. What are best practices with respect to disclosure controls? D. Disclosure Policy and E. Training & Education Disclosure Policy – designed to ensure compliance with Reg. FD – Siebel repealed—SEC action alleging failure to file 8-K re selective disclosure of material information may violate Rule 13a15 requirement that company maintain disclosure controls and procedures – Flowserve case—SEC action involving the reaffirmation of earnings guidance Training and Education 54 VII. Common Issues 55 VII. Common Issues 1) Should old drafts of Exchange Act filings be saved as part of the documentation process? 2) What issues related to internal control over financial reporting and disclosure controls and procedures should an acquiring company be concerned about? What kinds of representations and warranties should it obtain? 3) Is an acquiring reporting company required to include a target’s internal control over financial reporting and disclosure controls and procedures in the scope of its evaluation, disclosure and certification? 4) What issues are presented by the use of third party service providers such as ADP which perform accounting related functions? 56 VIII. Where is Corporate Governance Headed? 57 VIII. Where is Corporate Governance Headed? Majority Voting for Directors – SEC and ISS Position – Voluntary Corporate Action – Possible Regulatory Action Focus Executive Compensation—Disney Executive Compensation Disclosure Release – – – – – – – – Plain English Compensation, Discussion and Analysis Revised Compensation Tables Perks Disclosure of Pledged Stock by Directors and Executives New Centralize/Enhanced Corporate Governance Section Higher Threshold for Disclosure of Related Party Transactions Enhanced Form 8-K Disclosure 58 VIII. Where is Corporate Governance Headed? Stock Option Backdating and “Spring-Loading” Other Corporate Governance Pressures – – – – – Activist Hedge Funds, Pension Funds and Private Equity Investors Direct Nomination (and Removal) of Directors 100% Independent Board Separation of Positions of Chairman and CEO Increased Allowance of Shareholder Proposals Restricting Corporate Activities 59 Thank you 60