1 / 39

Helping Your Audit Committee Implement Complaint Handling

Helping Your Audit Committee Implement Complaint Handling. The Institute of Internal Auditors Webcast Series on Sarbanes-Oxley Act June 10, 2003 1:00 – 2:30 pm Eastern Time. The IIA Webcast Moderator. Jim Key, CIA Managing Partner Shenandoah Group, L.L.P. Disclaimer.

carolos
Download Presentation

Helping Your Audit Committee Implement Complaint Handling

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Helping Your Audit Committee Implement Complaint Handling The Institute of Internal Auditors Webcast Series on Sarbanes-Oxley Act June 10, 2003 1:00 – 2:30 pm Eastern Time

  2. The IIA Webcast Moderator Jim Key, CIA Managing Partner Shenandoah Group, L.L.P

  3. Disclaimer The views expressed in this web cast are solely those of the panelists and moderators and do not necessarily reflect the views or policies of the Institute of Internal Auditors or its directors, officers, employees and members.

  4. Emerging Trends and Best Practices in Implementing SOA • May 21 – Section 404 Readiness Review: How to document your system of internal control. • June 10 - Helping your audit committee implement complaint handling • July 8 – Leveraging the COSO framework to meet Section 404 requirements • August 12 – Project Administration – Setting and revising priorities in the wake of the “Final 404 Rules” • September 9 – Internal Audit support of Audit Committees – What works best • September 30 – The Road Ahead – Meeting the challenges in complying with The Sarbanes-Oxley Act

  5. Sarbanes-Oxley: Implications and Impact for Internal Audit • Seminar Offering: 2.5 Days • Chicago, July 30 – August 1 • Seattle, August 4 – 6 • West Palm Beach, August 25 – 27 • Phoenix, September 10 – 12 • San Francisco, September 24 – 26 • Orlando, December 10 – 12 • New York, December 17 - 19

  6. Other Resources • IIA Web Page www.theiia.org • Click on Guidance • Click on Tools and Resources for Corporate Governance • IIA Position Papers • Responses to exposure drafts • IIA Research Foundation Master Key Series • The Sarbanes-Oxley legislation • Stock listing exchanges key requirements

  7. SOA Section 301.4 Each audit committee shall establish procedures for: • The receipt, retention, and treatment of complaints received…regarding questionable accounting or auditing matters. • The confidential, anonymous submission by employees…of concern regarding questionable accounting or auditing matters.

  8. Timeline to Implement 301.4 • Under the final rule effective April 25, 2003, listed issuers must be in compliance with the new listing rules by the earlier of their first annual shareholders meeting after January 15, 2004 or October 31, 2004.

  9. Agenda 1:00 Welcome and Overview 1:10 How to Get Started –Maureen Mohlenkamp 1:20 Large Enterprise Approach –Kimberly Gavaletz 1:30 Small Company Handling Options – Don Eichenauer 1:40 Break 1:45 Questions and Answers – Panel 2:25 Wrap up – Jim Key

  10. Helping the Audit CommitteeImplement Complaint Handling Maureen Mohlenkamp Senior Manager Ethics and Corporate Compliance Deloitte & Touche LLP

  11. Reporting Systems are Strongly Encouraged • Federal Sentencing Guidelines require companies to have in place and publicize a reporting system. • “The hallmark of an effective program is that the organization exercises due diligence in seeking to prevent and detect criminal conduct by its employees and other agents.”

  12. Reporting Systems are Strongly Encouraged • Sarbanes-Oxley requires companies to establish “…procedures for the receipt, retention, and treatment of complaints received by the issuer regarding accounting, internal accounting controls, or auditing matters, as well as the confidential and anonymous submission by employees of the issuer of concerns regarding questionable accounting or auditing matters.”

  13. How to Report Complaints or Ask Questions 1- 800 Office Phone Interoffice Slide under door US Mail Fax In person E-mail or Web based

  14. A Helpline Reporting System • Provides a confidential place for employees to clarify policy and discuss or report concerns • Provides a communications channel beyond the rumor mill • Directs employee questions to the appropriate resource • Is an opportunity to provide guidance before a poor decision is made • Provides an early warning system of issues or problem locations • Is the last internal stop for whistleblowers

  15. Implementing a Helpline: Some Things to Consider • One line vs. two lines • Answered: • In-house • External • Both • Cost of outside services for a large company may be about $1 per employee per year • Outside services allow 24/7/365 service • Available to non-employees • International access • Locations and hours of your workforce

  16. Planning • Who answers the phone • Hours of operation • Types of calls you will take • Handling anonymous calls • Impact of collective bargaining agreements • Standards of quality in the process • Protecting confidentiality • Non-retaliation policy • Scope of the issues to be addressed

  17. Wallet cards Posters Screensavers Letters References in training sessions Intranet Newsletters Payroll inserts Brochures Employee orientation Code of Conduct Contests/games Planning Communicating the process to employees and others Investigative process including referrals (Ethics/ Compliance Office, IA, HR, OGC, Security, local management, outside investigators)

  18. Planning • Reporting requirements and protocols • Call tracking systems • Document retention • Reporting back to the caller • Measuring effectiveness of the system • Surveys • Focus groups • Check with existing callers • Call volume • Internal monitoring • Exit interviews • External assessments • Walk the halls • Ultimate effectiveness measure =NO SURPRISES!

  19. Planning • Reporting general results to employees • Testing the outsource company • Training those who answer the phone • Don’t turn helpline on until you’re ready

  20. Planning • Remember a helpline or reporting mechanism is just one piece of an effective ethics and compliance program • Standards and procedures to prevent criminal conduct • Oversight by high-level person(s) • Care in delegation of substantial discretionary authority to individuals • Effective communication of standards and procedures • Reasonable steps taken to achieve compliance (e.g., reporting mechanisms, helpline) • Consistent enforcement of disciplinary mechanisms • Appropriate response after detection of an offense

  21. Internal Audit Role • Conduct audits of ethics/compliance program • Be represented on the Ethics/ Compliance Committee • Partner with Ethics/Compliance on: • Program design and implementation • Annual Risk Assessment • Annual Audit Plan

  22. Large Enterprise ApproachHelping the Audit Committee Handle Complaint Calls: A Working Model Kimberly Gavaletz VP, Internal Audit Lockheed Martin Corporation

  23. Components • Tone at the Top • Infrastructure Culture of Ethics & Integrity

  24. Tone at the Top • Chairman of the Board • Board of Directors • Management • Employees Ethics Excellence Can-Do Integrity People Teamwork Values

  25. Infrastructure • Board of Directors: • Audit & Ethics Committee (A&E) • Code of Conduct • www.lockheedmartin.com • Ethics Officer • Reports to CEO and A&E Committee • Already Handles Overall Ethics Complaint Process • Hotline, Ethics Officers in Business Areas

  26. Infrastructure • Quarterly Ethics Steering Committee • Chaired by COO • Business Areas & Corporate Represented • Includes VP, Corporate Internal Audit • Annual Mandatory Ethics Training • Ongoing Internal Auditing Involvement • Policies/Training/Compliance/DII Auditing • Investigation Support • Monthly Meetings (Audit & Ethics Officers)

  27. Complaint Handling Code of Conduct Modified to Include: How to Contact the Audit and Ethics Committee The Audit and Ethics Committee of the Lockheed Martin Board of Directors has created a process for employees to use to transmit complaints to the Committee about accounting, internal controls, or auditing matters. This includes the confidential or anonymous submission of concerns regarding questionable accounting or auditing matters. If you wish to raise a question or concern or report a violation to the Audit and Ethics Committee, you should contact the Office of Ethics and Business Conduct at Corporate Headquarters. Your concern will be promptly communicated to the Chair of the Audit and Ethics Committee of the Board.

  28. Complaint Handling Process • Primary Contact: Corporate Ethics Officer • Works with Legal, Internal Audit and Others as Appropriate to Investigate the Complaint • Chairman of A&E Committee Notified of: • All Complaints Directed to the Audit Committee • Items Not Specifically Directed to A&E involving: • Integrity of Financials • Significant Matters • Investigation Results to A&E Committee

  29. Complaint Process Flow Audit & Ethics Chairman Ethics Officer Audit & Ethics Committee Hotline Business Area Ethics Offices Reported to A&E: - Any Items Requested to go to A&E - - Other Significant Items -

  30. Small Company Handling Options Donald T. Eichenauer, CPA Partner Bonadio & Co., LLP

  31. Responsibilities • Audit Committee complaint responsibilities: • Receipt • Retention • Treatment • Fiduciary responsibility and significant liability regarding complaint handling rests with the audit committee.

  32. Audit Committee Dilemma at Many Companies Once received, what do they do with the complaint?

  33. Not all Public Companies • Have an Independent Ethics and Compliance Office • Have an in-house internal audit department • Have an audit committee that is comfortable with handling the process through internal audit or other internal departments

  34. Some Audit Committees have Responded by Establishing Complaint Procedures that Include • Providing home e-mail addresses of audit committee members • Helpline forwarded to • audit committee member • internal audit • staff of CFO • other internal department

  35. Issues to Consider • Are the internal departments involved truly independent? • Will the process protect confidentiality? • How is the course of treatment of the complaint determined? • How is the administrative function and retention handled? • Does the process instill the confidence of employees? • Is the process sufficiently independent of management? • Is the best interest of the company and the audit committee achieved?

  36. Processes Established to Assist Audit Committees Fulfill Their Responsibilities

  37. I – Independent Complaint Management Complaints forwarded to independent third-party for: • Logging & control • Filtering and review with audit committee • Forwarding for handling/investigation • Ongoing monitoring • Retention of complaint & documentation of handling

  38. II – Independent Complaint Process Oversight • Complaints forwarded to internal audit or compliance department • Complaints logged and filtered by a committee including independent third-party • Committee initiates handling and reports complaints to the audit committee

  39. Summary • Any helpline implementation requires planning, promoting, and monitoring • Complaint process must meet independence test • Tone at the Top is critically important

More Related