430 likes | 934 Views
Sarbanes Oxley Act (Sox) Corporate and Auditing Accountability, Responsibility and Transparency Act of 2002. Rick Stephan Hayes, Ph.D., CPA California State University at Los Angeles. Reasons for New Legislation. Objectives.
E N D
Sarbanes Oxley Act (Sox)Corporate and Auditing Accountability, Responsibility and Transparency Act of 2002 Rick Stephan Hayes, Ph.D., CPA California State University at Los Angeles
Objectives • In response to the Arthur Anderson, Enron and WorldCom debacle, the Sarbanes-Oxley Act seeks to: • Restore the public confidence in both public accounting and publicly traded securities • Assure ethical business practices through heightened levels of executive awareness and accountability
Sarbanes-Oxley Act Yes 522 No 3 Not voting 9 Legalizing Marijuana** Yes 93 No 310 Not voting 31 **House of Representatives only Congressional Votes Securities Litigation Reform Act Yes 387 No 130 Not voting 15 Authorizing Force against Iraq Yes 373 No 156 Not voting 12
Criminal Penalties • Escaping from prison 1 to 2 yearsKidnapping involving ransom 3 to 5 yearsSecond degree murder 11 to 14 years • Air piracy 20 to 25 years Sarbanes-Oxley Certification 10 to 20 years
SOX: Who is affected and how? • Executives: • Responsibility for financial reporting and keeping the markets informed • Certifications: - 302 “Disclosure controles & procedures” - 404 “Internal controls for financial reporting” - 906 “CEO/CFO’s written statement on fairness” • Implement Code of Ethics and whistleblower procedure • Supervisory Board: • Enhanced oversight • Appointment of a “financial expert” • Auditors: • Independence • Attestation on internal controls • Definition of “internal control over financial reporting”: • Encompasses subset of internal controls addressed in the COSO Report that pertains to financial reporting objectives • Including controls over safeguarding assets
Titles of the Act Establishes audit governing board……… • Public Company Accounting Oversight Board • Auditor Independence • Corporate Responsibility • Enhanced Financial Disclosures • Analyst Conflicts of Interest • Commission Resources and Authority • Studies and Reports • Corporate and Criminal Fraud Accountability • White Collar Crime Penalty • Corporate Tax Returns • Corporate Fraud and Accountability
TITLE I – PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD • Creation of the Public Company Oversight Board (the Board) • Created as a non-profit organization, the 5 member Board oversees audits of public companies; it is under the authority of the SEC but above other professional accounting organizations such as the AICPA
General Provisions of SOx • PCAOB To make rules governing audits of public companies • PCAOB To oversee audits and audit firms • PCAOB independent of Federal Government • PCAOB Self-funded through fees assessed on CPA firms and publicly traded companies • Regulations not applicable to Not For Profit or some foreign listed companies
PCAOB Governing Members • Five Members, three of whom must NOT be CPAs • If the chair is a CPA, that person must be out of the business of auditing for the prior 5 years
PCAOB’s Duties • Write audit standards, temporarily they have adopted the AICPA’s • Register public CPA firms to do audits • Set Quality Control standards for audits • Do peer reviews of CPA firms – at least every three years • Investigate and discipline • Set Continuing Professional Education requirements for auditors • Review company disclosures and financial statements at least every three years
PCAOB’s Audit Standards PCAOB has passed 15 audit standards as of December 2010. They also enforce as “temporary standards” the existing audit standards by the Audit Standards Board called Statements of Audit Standards (SAS)
PCAOB’s Audit Standards (Not in Text) • AS No. 1: References in Auditors’ Reports to the Standards of the Public Company Accounting Oversight Board • AS No. 3: Audit Documentation • AS No. 4: Reporting on Whether a Previously Reported Material Weakness Continues to Exist • AS No. 5: An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements • AS No. 6: Evaluating Consistency of Financial Statements • AS No. 7: Engagement Quality Review
PCAOB’s Audit Standards (Not in Text) • AS No. 8: Audit Risk • AS No. 9: Audit Planning • AS No. 10: Supervision of the Audit Engagement • AS No. 11: Consideration of Materiality in Planning and Performing an Audit • AS No. 12: Identifying and Assessing Risks of Material Misstatement • AS No. 13: The Auditor's Responses to the Risks of Material Misstatement • AS No. 14: Evaluating Audit Results • AS No. 15: Audit Evidence
TITLE II – AUDITOR INDEPENDENCE • Can’t do other types of work for clients, including: • Bookkeeping • Systems design • Valuation services • Actuarial services • Internal audit • Management functions • Other work needs pre-approval by audit committee • Can’t do audit if CEO, CFO from their firm, 1 year wait period
TITLE II (cont.) • A conflict of interest arises and an Registered Public Accounting Firm (RPAF) may not perform audit services for any issuer employing – in the capacity of CEO, controller, CFO or any other equivalent title – a former audit engagement team member – there is a “cooling-off period” for one year • i.e., an employee of an RPAF who works on an audit of an issuer may not turn around and directly go to work for that issuer – they must wait one year
Provisions for Audit firms • Maintain audit papers for 7 years • Managing Partner rotation every 5 yrs. • Second partner rotation every 5 yrs. • Audit manager rotation every 7 years • Reports to audit committee • All material deficiency findings • Disclose fees for all types of services in proxy statement • Review disclosures of firm • Attest to Internal Control of firm
CPAs Report to Audit Committee • All critical accounting policies • Alternate treatments • Internal Control findings • Engagement letter • Independence letter • Management representation letter • Material weaknesses
SOx requires every public accounting firm to use quality control policies relating to (i) monitoring of professional ethics and independence from entities on which the firm issues audit reports; (ii) consultation within the firm on accounting and auditing questions; (iii) supervision of audit work; (iv) hiring, professional development, and advancement of personnel; (v) the acceptance and continuation of audit engagements; (vi) internal inspection
TITLE III – CORPORATE RESPONSIBILITY • Audit Committee (committees est. by the board of a company for the purpose of overseeing financial reporting) Independence • Establishes minimum independence standards for audit committees • Independence of the audit committee crucial in that it must (1) oversee and compensate RPAF to perform audit, and (2) establish procedures for addressing complaints by the issuer regarding accounting, internal control, etc. (this lays the foundation for anonymous whistleblowing) • CEOs and CFOs must certify in any periodic report the truthfulness and accurateness of that report – creates liability • Under certain conditions of re-statement of financials due to material non-compliance, CEOs and CFOs will be required to forfeit certain bonuses and profits paid to them as a result of material mis-information
SUMMARY OF SARBANES OXLEY PROVISIONS AFFECTING DIRECTORS, CEOs AND CFOs • Listed company audit committee independence requirements and responsibilities (Section 301) • CEO and CFO financial statement-related certifications (Sections 302 and 906) • Unlawful for any officer or director or person acting under the direction thereof to fraudulently influence, coerce, manipulate or mislead any independent accountant engaged to audit the financial statements of an issuer for purposes of rendering the financial statements materially misleading (Section 303) • If there is a material restatement of an issuer’s reported financial results due to the material noncompliance of the company, as a result of misconduct, the CEO and CFO shall reimburse the issuer for any bonus or incentive or equity-based compensation received within the 12 months following the filing with the financial statements subsequently required to be restated (Section 304)
SOx Company Audit Committee • Under SOx Sec 301 public company audit committees are directly responsible for the appointment, compensation, and oversight of the work of any registered public accounting firm employed by their company (including resolution of disagreements between management and the auditor regarding financial reporting). • Audit firm reports directly to the audit committee. Auditors may also have to discuss accounting complaints with the Audit Committee.
Audit Committee Independent Directors Audit committee members should not receive fees other than for board service and should not be an “affiliated person” of the company. Financial Expert At least one member of its audit committee must be a "financial expert" (expertise in US GAAP). Auditor Oversight Responsible for oversight of external reporting, internal controls and auditing, and the appointment and compensation of the auditor. Whistle-Blower Communications Confidential and anonymous submissions by employees.
Corporate Provisions • Corporate Officers • Can’t influence audit • No stock transactions during blackout periods when employees cannot trade • In pro-formas, no material untrue statements, reconciliation and equality with GAAP • No officer loans • File any trading information within two business days • Code of ethics • Disclose off-balance sheet financing • Disclose any non-GAAP financial measures
SOX: Section 302 certification • Section 302 requires: • Quarterly certification by the CEO / CFO regarding the completeness and accuracy of quarterly reports as well as the nature and effectiveness of disclosure controls and procedures (DC&P) supporting the quality of information included in such reports • Actions: • Enhance DC&P assessment and turn into consistent and continous process • Ensure coverage of entire organization (incl. all material subsidiairies) • Embed into regular review and monitoring processes
Corporate Provisions • Corporate Officers • Certify that they have • Reviewed the reports • Reviewed internal control • Certify that there are no material weaknesses • Certify that there is no fraud • Report fairly presents the financial condition of the company
Management Responsibility for Audit Report - SOx Sox Requires that the principal executive officer or officers and the principal financial officer or officers, certify in each report filed with the SEC the following: • the signing officer has reviewed the report; • the report does not contain any untrue statement of a material fact or omit to state a material fact; • the financial statements, and other financial information, fairly present in all material respects the financial condition of the company; • the signing officers • are responsible for establishing and maintaining internal controls; • have evaluated the effectiveness of the company’s internal controls; and • have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation;
Corporate Responsibility for Audit Report under SOx (cont.) Requires that the principal executive officer or officers and the principal financial officer or officers, certify in each report filed with the SEC the following: • the signing officers have disclosed to the company’s auditors and the audit committee of the board of directors — • all significant deficiencies in the design or operation of internal controls which could adversely affect the company’s ability to record, process, summarize, and report financial data and have identified for the company’s auditors any material weaknesses in internal controls; and • any fraud, whether or not material, that involves management or other employees who have a significant role in the company’s internal controls;
SOX:Section 404 Assessment • Management’sassessment must be based on procedures sufficient both to evaluate design and test operating effectiveness • Management must maintain evidential matter, including documentation, to provide reasonable support for the assessment (both design and testing) of effectiveness • Any material weakness in internal control over financial reporting precludes management from reporting that internal control is effective • Reiteration of guidance regarding independence: • Auditors may assist management in documenting internal controls. • Management must be actively involved in the process; cannot delegate assessment responsibility to the auditor
SOX:Meeting SEC Expectations • Compliance with COSO control standards (or other accepted standards; IT Governance Institute recently recommended CobiT for general IT controls assessment) • Clear documentation of internal controls as well as the testing processes • Evidence that management have evaluated the adequacy of the design and the effectiveness of operation of the procedures and controls • Evidence that the auditor has adequately evaluated the design and operation of financial controls • Evidence that the audit committee and/or disclosure committee have taken a keen interesting the effectiveness of controls
TITLE V – ANALYST CONFLICTS OF INTEREST • National Securities Exchanges and registered securities associations must adopt rules designed to address conflicts of interest that can arise when securities analysts recommend securities in research reports • To improve objectivity of research and provide investors with useful and reliable information
TITLE VIII – CORPORATE AND CRIMINAL FRAUD ACCOUNTABILITY • To knowingly destroy, create, manipulate documents and/or impede or obstruct federal investigations is considered felony, and violators will be subject to fines or up to 20 years imprisonment, or both • All audit report or related workpapers must be kept by the auditor for at least 5 years – PCAOB AS 3 says 7 years. • Whistleblower protection – employees of either public companies or public accounting firms are protected from employers taking actions against them, and are granted certain fees and awards (such as Attorney fees)
Penalties General penalties • If alter, destroy, cover-up or falsify documents with objective to hinder investigation – fines and up to 20 years
TITLE IX – WHITE-COLLAR CRIME PENALTY ENHANCEMENTS • Financial statements filed with the SEC by any public company must be certified by CEOs and CFOs; all financials must fairly present the true condition of the issuer and comply with SEC regulations • Violations will result in fines less than or equal to $5 million and /or a maximum of 20 years imprisonment • Mail fraud/wire fraud convictions carry 20 year sentences (previously 5 year sentences) • Anyone convicted of securities fraud may be banned by SEC from holding officer/director positions in public companies
Penalties – Corporate Officers • Give back to firms any bonuses, incentive compensation or equity based compensation earned within 12 months • Give back profit on sales during blackout period • False certification - $1m and up to 10 yrs. • Willful false cert. - $5 m and up to 20 yrs. • Company can hold up any payments to officers
Penalties Audit firms • Temporary suspension from industry • Temporary or permanent revocation of license • Can’t go to another firm if suspended or license revoked • Fines of up to $100,000 personal for each violation, firm up to $2 m • If intentional up to $750,000 personal, firm up to $15 m • Destroy working papers within 5 years – fine and up to 10 years.
TITLE X – CORPORATE TAX RETURNS • Federal income tax returns must be signed by the CEO of an issuer
TITLE XI – CORPORATE FRAUD ACCOUNTABILITY • Destroying or altering a document or record with the intent to impair the object’s integrity for the intended use in a securities violation proceeding, or otherwise obstructing that proceeding, will be subject to a fine and/or up to 20 years imprisonment • The SEC has the authority to freeze payments to any individual involved in an investigation of a possible security violation • Any retaliatory act against whistleblowers or other informants is subject to fine and/or 10 year imprisonment