120 likes | 258 Views
Introduction of Panel Members. Sarbanes-Oxley Section 404 Overview. Insert Worlds Image / Client Specific Image Here. Scott Henderson james.henderson@kodak.com August 5, 2005. The Birth of the Sarbanes-Oxley Act of 2002.
E N D
Introduction of Panel Members Sarbanes-Oxley Section 404 Overview Insert Worlds Image / Client Specific Image Here Scott Henderson james.henderson@kodak.com August 5, 2005
The Birth of the Sarbanes-Oxley Act of 2002 • Corporate and accounting scandals involving a limited number of large, prominent companies have resulted in a significant loss of public trust in corporate accounting and reporting practices. • In response, the U.S. Congress enacted the Sarbanes-Oxley Act of 2002 to establish a higher corporate governance standard. • The primary objectives of Sarbanes-Oxley are to: • Prevent accounting and reporting problems from recurring • Rebuild public trust in corporate practices and reporting • Define a higher level of responsibility, accountability and financial reporting transparency • Provides penalties and fines for wrongdoings.
Sarbanes-Oxley Act – Quick Refresher • The Act was signed into law on July 30, 2002and includes the following eleven titled sections: Title I Creation of Public Company Accounting Oversight Board Title II Auditor Independence Title III Corporate Responsibility Title IV Enhanced Financial Disclosures Title V Analyst Conflicts of Interest Title VI Commission Resources and Authority Title VII Studies and Reports Title VIII Corporate and Criminal Fraud Accountability Title IX White Collar Crime Penalty Enhancements Title X Corporate Tax Returns Title XI Corporate Fraud and Accountability
Enhanced Financial Disclosures - Section 404 • Kodak management must now assess internal controls annually. This requires: • Section 404(a)(1) - An internal control report to be prepared by Kodak management stating management’s responsibility for establishing and maintaining an adequate internal control structure and procedures for financial reporting. • Section 404(a)(2) - Management must assess effectiveness of internal control structure and procedures for financial reporting as of the end of the most recent fiscal year. • Both Kodak AND individual members of company management are subject to potentially significant criminal and civil penalties for noncompliance with this new legislation.
Kodak Section 404 Compliance Plan Overview Initial Scoping of Business Cycles, Functions and Legal Entities Identification of Key Controls for Each Cycle and linkage to material financial statement accounts– “Internal Control Framework Documents” Documentation of Key Controls – assess design effectiveness Management Testing of Key Controls – validate operating effectiveness Identification and Correction of Material Control Gaps Issue Management Report on Internal Controls
Kodak Scoping & Documentation Methodology • Developed an inventory of expected key internal control activities for 11 different business cycles and corporate functions, ensuring adequate coverage of financial statement accounts and financial assertion categories. • Documented and validated the design and operational effectiveness of controls for 55+ global Kodak locations (representing 300 + legal entities). Documentation consisted of process narrative, framework and flowcharts for these controls. • At the completion of our work, over 9,700 key controls were documented and reviewed as a part of this process. • Internal controls configured within approximately 260 global Kodak information systems (2,200+ controls) were also documented. • Internal controls were reviewed for approximately 125 different 3rd party service provider operations. • Over 350 key spreadsheet applications were reviewed to document and validate key internal controls.
Kodak Testing Methodology • Adopted the testing methodologies utilized by our external auditor to ensure consistency of approach and the ability for partial reliance on management testing. • Testing ranged from performing “inquiry and observation” walkthrough reviews to full-sample detailed transactional testing. • Re-testing was performed to validate remediation for initial control deficiencies noted. • On a cumulative basis, over 18,000 individual tests were performed by Kodak personnel for the initial compliance period in 2004. • Testing included visits to major third-party service provider locations to validate control structure for key control point interfaces.
Kodak Testing Results • Kodak testing results were comparable to our peer companies - i.e. initial control deficiencies approximating 12 – 15% of the total controls inventory. • Control deficiencies included items as simple as a missing date on an approval report, issues requiring reporting to the Audit Committee of the Board of Directors as”significant deficiencies” and control weaknesses requiring external disclosure as a “material weakness”. • Kodak reported the instance of 2 “material weaknesses” in its Report on Internal Controls Over Financial Reporting as of December 31, 2004: • Internal Controls Surrounding the Accounting for Income Taxes • Internal Controls Surrounding the Accounting for Pension and Other Postretirement Benefit Plans. • Kodak received an unqualified audit opinion on its financial statements for the year ended December 31, 2004.
Kodak Costs of Compliance • External audit fees related to Kodak Section 404 internal controls activities - $7.1 million. • Comparable costs were incurred for internal resources dedicated to Section 404 compliance activities. • The average cost of Section 404 compliance incurred by most multi-national corporations was $1 million for each $1 billion of revenues. • Full-time equivalent Kodak resources dedicated to 2004 Section 404 internal control compliance activities – 45+. Additional co-source external resources were engaged to assist with compliance activities. • Estimated Kodak resource hours expended on 2004 Section 404 internal control compliance activities – 55,000+.
Key Benefits Gained From Sarbanes-Oxley in 2004 • Strengthened global internal control environment. Reinforced the notion with all business constituents that “good controls mean good business”. • Helped Kodak identify and strengthen existing entity-wide governance and internal controls improvement opportunities. • Facilitated the identification of operational best practices and efficiency opportunities: • Standardized business processes and controls • Working to streamline our legal entity structure • Compliance with Sarbanes–Oxley in 2004 has positioned us well to comply with comparable legislation currently being enacted elsewhere around the globe.
Sarbanes-Oxley – Opportunities for Improvement • Year 1 was a learning opportunity for all parties involved in terms of expectations, approach and results. • More focus on risk-based approach vs. simply “executing the audit program”. Implementation of “COSO II” and its risk based approach will help. • Section 302 – the “forgotten” section of Sarbanes-Oxley. • Need continued focus on top-level “tone at the top”, governance and corporate culture issues and controls. • Public perception and understanding of the implications of Sarbanes-Oxley is not there yet – impacts on shareholder value vs. benefits gained.
Sarbanes–Oxley Compliance Actions in 2005 • Creation of a dedicated Global Internal Controls organization charged with coordination of ongoing Sarbanes-Oxley compliance by 1,100 global business process control owners. • Remediation of identified 2004 material weaknesses by 9/30/05. • Acquisition and implementation of a Sarbanes-Oxley compliance and reporting software package. • Initial year Sarbanes-Oxley compliance work for $2 billion of acquisitions completed in 2005. • Operationalization and simplification of the 2004 compliance approach. Implementation of the PCAOB guidance in May 2005.