1 / 12

“The Impact of Sarbanes Oxley, An Evolving Best Practice”

“The Impact of Sarbanes Oxley, An Evolving Best Practice” . Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association of Regulatory Utility Commissioners Committee on Water February 2008. American Water. Founded in 1886

gavril
Download Presentation

“The Impact of Sarbanes Oxley, An Evolving Best Practice”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “The Impact of Sarbanes Oxley,An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association of Regulatory Utility Commissioners Committee on Water February 2008

  2. American Water • Founded in 1886 • Largest investor-owned water and wastewater utility in the United States • Serves approximately 16.2 million people • Operations in 32 states and Ontario, Canada • Approximately 7,000 employees

  3. Agenda SOX Benefits to Companies Continuing Evolution of SOX • Initial SOX Compliance Experience • An Evolving Best Practice • Beyond SOX – Enterprise Risk Management • Controls Rationalization • Top Down Risk-Based Approach

  4. Benefit of SOX Compliance • According to a survey entitled “Oversight Systems Financial Executive Report” conducted with 222 Corporate finance leaders: • 74 percent said their company benefited from SOX • 79 percent reported “significantly stronger” or “somewhat stronger” internal controls as a result of SOX • 46 percent said SOX compliance benefits the company by ensuring accountability • 75 percent said they would vote to keep Section 404 if they were members of Congress

  5. Benefits of SOX Compliance • Positive influence on maintaining investor confidence (and long-term share price) through increased transparency and fewer surprises • Investors are requiring successful risk management • Rating agencies are increasingly focused on qualitative factors around risk management • More timely and reliable financial reporting • Improved overall control culture • Better business risk information for Audit Committees and Management • Enhancement of processes and the underlying control structure to drive operational effectiveness and cost efficiencies • Improved Corporate Governance Process • Back to the basics: strengthening foundational controls that had received less attention prior to SOX • Alignment of IT with the business • Elimination of outdated, redundant and ineffective processes and controls • Easier employee on-boarding process

  6. SOX Benefits to Customers and Regulators • Enhances capital attraction at appropriate rates • Avoids a risk penalty • Transparency • Enhances regulatory and public confidence • More pro-active Board of Directors Oversight • Greater financial accountability • Attracts and improves quality of employees

  7. Initial 404 Compliance Experience • Most companies faced various challenges around their initial SOX compliance exercise: • Reliance to heavily on manual controls and under utilized IT potential • Lack of a risk-based approach and performed repetitive, manual tasks • Had disparate IT systems, making access to data very difficult • Identified a very high number of key controls • Detect and manual controls were, in many instances, prevalent • Staffing issues • Lack of sufficient resources • Employees who lacked clear roles, responsibilities and goals • Sarbanes Oxley was key to companies rethinking many of these issues

  8. An Evolving Best Practice • Making the Business Better: Leverage 404 efforts to invest in a comprehensive control environment, drive efficiency and create value to the company strategic v a l u e Controls Automation& Continuous Controls Monitoring operations Process & Controls Improvement Top-Down Risk Assessment & Scoping e f f i c i e n c y financial Risk Convergence-Consistent Risk & Control Framework Risk Based Testing & Evaluation Optimization & Standardizationof Controls compliance Coverage of Fraud Risk & Controls Leveraging Monitoring Controls c o s t i n v e s t m e n t

  9. Beyond SOX: Enterprise Risk Management • Evolution of Enterprise Risk Coverage as a “Best Practice” • Coordinated approach to address strategic, financial, operational and compliance risks (leverage the SOX compliance documentation to extend risk assessment beyond financial reporting) • Enhanced risk assessment process, which fully considers the business strategy, business drivers and initiatives • Enhanced change management processes across the company • Entity-level controls are leveraged • Risk Management as a Competency • Embedded in the organization, its management processes and functions • SOX compliance seen as an evolving process, not a project • Achieved through a framework of activities to improve the management of an organization’s constantly evolving risk profile

  10. Controls Rationalization Objective: To create value and promote efficiency • Rationalization: Removing controls that are not significant or are unnecessarily redundant • Optimization: Selecting controls that are more efficient to test than other controls which mitigate the same risk (e.g., automated vs. manual controls), leveraging strong entity-level controls to reduce the need to rely solely on transaction-level controls • Improvement: Modifying, re-designing or re-engineering a process and underlying control structure to drive operational efficiency and effectiveness

  11. Financial Statement Risk Assessment Company-Level Controls High Risk Accounts, Processes, and Locations Pervasive Coverage Materiality All Other Accounts and Locations Top Down Risk-Based Approach • Top-down approach begins by identifying, understanding, and evaluating the design of company-level (entity level) controls. Entity-level controls include: • Controls within the control environment, such as tone at the top, organizational structure, commitment to competence, human resources policies and procedures; • Management’s risk assessment process; • Control to monitor other controls; and • The period-end financial reporting process. • PCAOB – FAQ 38

  12. In Closing • Benefits of SOX (beyond compliance) • Capital attraction • Improved processes and controls • Stakeholder confidence • Enhanced governance and culture • More engaged and informed audit committees and Board of Directors • Enhanced Customer Service • Continuing Evolution of SOX • New SEC Management Guidance and PCAOB Auditing Standards • The ability to leverage SOX efforts for Enterprise Risk Management and increased rigor over non-financial processes • Q&A

More Related