The Sarbanes-Oxley Act of 2002 was passed in response to the various corporate
financial reporting scandals of the late 1990's. The Act includes various
far-reaching provisions that will have a significant impact on corporate
governance and management of SEC reporting companies, those that wish to be SEC
reporting (anticipating an IPO) and those that might wish to sell to an SEC
reporting company. In other words, the Act must be understood and its impact
considered by virtually any company with revenue of $10 million or
greater.
How Sarbanes-Oxley will impact your business?
There are six significant components to the Sarbanes-Oxley Act. As an executive
or business owner, you should be aware of the following Sarbanes-Oxley
provisions:
Reporting
The Sarbanes-Oxley Act has significantly raised the level of management
accountability. Management must now certify that financial statements are
presented fairly and have NO untrue statements or omissions of material facts.
Moreover, management must now take clear responsibility for having adequate
systems of internal controls to protect the integrity of the numbers.
The responsibility means Management MUST pay greater attention the Company's
internal control systems. In particular, Section 404 of the act requires
management to report annually on the effectiveness of internal control over
financial reporting. The company's outside auditors must now attest to and
report on management's assertion of internal control effectiveness in addition
to reporting on the fairness of the financial statements.
The Audit Committee
The Sarbanes-Oxley Act strengthens the role of the audit
committee in overseeing the financial management of the business. The audit
committee is now directly and solely responsible for appointing and compensating
the company's auditors. It must also pre-approve all other services performed
by the auditors on behalf of the company. The committee is to be the principal
point of contact for auditors. All critical accounting policies and
practices, accounting irregularities and control deficiencies are to be
reported by the auditors directly to the committee.
The Audit committee must now be comprised solely of independent directors. One
member of the audit committee should be a financial expert. The company must
report whether it has a financial expert on its audit committee.
Conduct
The Sarbanes-Oxley Act seeks to expand insider accountability, +
encouraging companies to adopt their own code of ethics for senior financial
management and proving protection of corporate whistle blowers.
Enforcement
The Sarbanes-Oxley Act creates a Public Company Accounting
Oversight Board (PCAOB) to oversee the audits of public companies. Part of the
PCAOB oversight will include inspections (or audits) of the auditors to ensure
the compliance of accounting firms with professional standards. The PCAOB is
created in addition to the Financial Accounting Standards Board (FASB) and
American Institute of CPAs (AICPA) that have traditionally set accounting and
professional standards, respectively. In addition, attorney's are now
compelled to act as whistle blowers to the CEO or the Audit Committee in
instances where their clients or employers are in material violation of security
laws or there is a breech of fiduciary duty.
Penalties
In stepping up the accountability of officers in connection with
financial statement presentation, Sarbanes-Oxley also has stepped up penalties
for non-compliance. It is now a criminal offense to issue a fraudulent
management certification or to corrupt, alter or destroy documents or audit
records.
Hereinafter, should financial statements ever be re-stated after issue, CEO's
and CFO's will have to, by law, surrender monetary bonuses that were paid based
upon the statements that are restated.
Independence
The Sarbanes-Oxley Act reinforces the notion that the company's
independent auditors are to be independent. Under the Act, auditors are prohibited
from offering the range and depth of services to a business they audit. If they
are engaged to attest, they can no long keep the books, design the systems,
perform internal audits or perform legal services for the same client. Partner's
of audit firms must now be rotated off the account every five years, and audit
personnel are prohibited from accepting employment with the company until they
are at least one year removed from the engagement.
Lessons Learned from the S&L Scandals of a Decade Ago:
Congressional reaction to our most recent corporate scandals has
long precedent. The stock market crash of 1929 gave rise the the Securites Acts
of 1933 and 1934 that established the Securities and Exchange Commission, which
today governs the processes involved in becoming and then being a publicly-traded
company.
The most recent wide spread scandals, the Savings & Loan crisis of the late
1980's led to increased scrutiny and new reporting burdens for the banking
industry. In 1991, the Internal Audit group within the Federal Deposit Insurance
Corporation, which provided oversight for these new regulations, performed did a
follow-up study on the implementation. This study concluded with the following
observations:
Companies must recognize the new business environment and accept
responsibility; it isn't going away, at least for the foreseeable future.
Superficial compliance back fires. It eventually costs the company more
money in fines, loss of reputation in addition to the eventual cost of
compliance in an unfavorable environment.
A company stands to have considerable gains in goodwill among employees,
investors and customers when it embraces the inevitable and promotes Promote
the positive aspects of compliance: efficiency and openness.
Companies must prepare for the cost of compliance and plan on "doing it
right" the first time.
Companies must embrace the idea that compliance represents a change in the
way of doing business.
As companies plan for the changes required by Sarbanes-Oxley, they should
consider the lessons learned by banks a decade ago as they responded to their
increased reporting and attestation burden.
The Axiomate Solution for Sarbanes-Oxley Compliance
Axiomate's core competency is due diligence, specifically
infrastructure assessment. We are skilled at identifying, reviewing,
documenting and assessing the efficiency (and adequacy) of systems and processes
within a business. The compliance work required by Section 404 of the
Sarbanes-Oxley Act calls upon Axiomate's skills.
Our Team of accountants,
financial officers, business process engineers, ERP system experts [importantly
we have experience in both design and implementation] and IT professionals will
deliver a functional / value-adding blue-print of your internal control systems.
This blueprint provides the foundation for Sarbanes-Oxley assessment and
compliance
work.
The Axiomate Team will identify
all of the routine and non-routine transactions within your business, mapping
them to point of impact on your financial reporting. Each transaction type will
be evaluated as a source of errors of importance, fraud, defalcation, material
mis-statement, or financial engineering. This assessment will define your risks
of adversely impacting the integrity of your financial reporting and your
company.
For each transaction type, we will identify all control points and control
efficiencies that govern the transaction. All human and
automated processes impacting each control are also documented. We then chart
the support each control provides for management's representations on the
financial statement. Relevant controls contribute one or more of the following
objectives:
An asset or liability exists at a point in time;
The transaction occurred within the period reported;
The asset, liability, expense or revenue item is measured or valued appropriately;
The financial statements are complete without undisclosed items or omissions;
The company has the rights to all assets and the obligations of all liabilities; and
All amounts are presented and classified appropriately.
The Axiomate Approach
Our Sarbanes-Oxley work is performed in two distinct, sequential phases:
Internal Control Environment Survey ("ICES") The Axiomate Team will complete
a preliminary review of your transaction and
control environment. In this phase we identify all routine and the most
important non-routine transactions as well as the basic controls. We then
assess the likelihood of these transaction types exposing the company to errors
of importance or financial mis-statement.
This initial stage positions management and Axiomate to best understand the
nature, extent and cost associated with further internal control evaluation and
remediation work. Upon completion, the company will have a comprehensive
blueprint of its internal control environment (the Internal Control Environment
Survey or "ICES") and a firm quote for the second phase.
Internal Control Environment Database ("ICED")
Expanding upon the results of Phase 1, our team develops a more comprehensive
assessment of internal control processes, policies, procedures, methods and
effectiveness (collectively, the control environment.) In this stage, we will
identify, document and review all transactions, control points, personnel and
system interactions. We produce a comprehensive road map of all transaction
flows within a company cross-referenced to people, systems and impact on
financial presentation.
A company's control environment includes not only the stated controls governing
a transaction, but also the overall attitudes, actions and awareness of its
staff, from line employees to senior management, to the importance of controls.
We evaluate and document this more subtle, but most important, component of the
control environment.
Testing is an essential aspect of control assessment. With the transactions
and control maps and documentation, we develop a thorough test plan. After
review with senior management our skilled, multi-disciplinary team executes the
test plan to prove both strengths and weakness of the control environment. This
process also provides extremely valuable input for remediation work that may be
required.
At conclusion, Axiomate delivers a comprehensive report of our findings,
including suggestions for improvement, along with a thoroughly documented
internal control map. This map will be in database form that provides an
excellent starting point for future S-O compliance work. The ICED materials
also assist the company in considering the impact of future organization and
system changes on the internal control environment.