Corporate governance; today's governance codes: demanding, confusing and, ultimately, how effective?Earnings may be on the upswing Upswing An upward turn in a security's price after a period of falling prices. , but the turbulence touched off by recent accounting scandals Accounting scandals, or corporate accounting scandals are political and business scandals which arise with the disclosure of misdeeds by trusted executives of large public corporations. is still very much in the air, thanks to blowups like the one at HealthSouth Corp. Pressure to improve corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. has been unrelenting in the past year, and it isn't likely to ease anytime soon. Executives fretting fret·ting n. A hole, or worn or polished spot made on metals by abrasion or erosion. over governance are wrestling not only with corporate image but with something new and threatening--more layers of compliance. Last year's Sarbanes-Oxley Act See SOX. has set up a series of mandates and potential penalties that have sent shudders of agitation agitation /ag·i·ta·tion/ (aj?i-ta´shun) excessive, purposeless cognitive and motor activity or restlessness, usually associated with a state of tension or anxiety. Called also psychomotor a. and confusion coursing through corporate suites. Two articles in this section discuss establishing a meaningful code of conduct and creating a framework for complying with Section 404 of Sarbanes-Oxley, which requires a company's management to present an internal control assessment in the company's annual report. This compliance effort is costing finance professionals time, money and peace of mind, says Parson PARSON, eccl. law. One who has full possession of all the rights of a parochial church. 2. He is so called because by his person the church, which is an invisible body, is represented: in England he is himself a body corporate it order to protect and defend the Consulting, a financial management consultancy, but few financial executives expect it will bring fewer corporate accounting scandals. The firm found that harried senior finance executives are adding three hours, on average, to an already stretched workweek to comply with and make sense of the law. "To meet new reporting requirements and assume personal responsibility for the accuracy of financial results, finance executives are streamlining processes and dealing with more stress daily," says Rick Fumo, senior vice president of national practices at Parson Consulting. More than half of the study's respondents said that complying with Sarbanes-Oxley has swollen their finance budgets by up to 20 percent. Twenty percent maintain that compliance represents "one of the greatest challenges my department is facing right now," and more than 25 percent deemed the law "very confusing." Less than one-third (29 percent) of respondents reported their companies currently are in full compliance with Sarbanes-Oxley, and although 44 percent expect to be in full compliance within the next year, 5 percent say they will need more than a year. Yet corporate governance experts and activists are talking about companies providing more disclosure--and some even hint of still more regulation. "It has been many years since top executives have been so distrusted by investors and employees," says Bruce R. Ellig, author of The Complete Guide to Executive Compensation and advisor to corporate boards. "This is the time to err on the side of more, not less, disclosure." Furthermore, he warns, "Unless there is dramatic improvement in the next year, companies should not be surprised if there are new laws New Laws: see Las Casas, Bartolomé de. and regulations to 'help them' with the process." Meanwhile, a myriad of high-technology vendors have jumped into the fray fray 1 n. 1. A scuffle; a brawl. See Synonyms at brawl. 2. A heated dispute or contest. tr.v. frayed, fray·ing, frays Archaic 1. To alarm; frighten. 2. , claiming that their systems will help companies gain more visibility into their finances and improve their corporate reporting. While the clamor may be distracting dis·tract tr.v. dis·tract·ed, dis·tract·ing, dis·tracts 1. To cause to turn away from the original focus of attention or interest; divert. 2. To pull in conflicting emotional directions; unsettle. to executives, it's hard to dismiss the idea that highly evolved financial accounting systems would help some companies that don't have them. "I wonder how many chief executives have sat down with their chief information officer and actually looked at the nuts and bolts nuts and bolts pl.n. Slang The basic working components or practical aspects: "[proposing] of how their company's financial data is produced," says Steve Miranda, a vice president at Oracle Corp. "If they haven't, it's about time It's About Time may refer to:
Jim Morlan, CFO See Chief Financial Officer. of ViewSonic Corp. in Walnut, Calif., a $1 billion-plus maker of CRT (1) (C RunTime) See runtime library. (2) (Cathode Ray Tube) A vacuum tube used as a display screen in a computer monitor or TV. The viewing end of the tube is coated with phosphors, which emit light when struck by electrons. and LCD screens, projectors and related visual technology, isn't worried about Sarbanes-Oxley quite yet, since the company is still private. But he lauds Lauds is one of the two "major hours" in the Roman Catholic Liturgy of the Hours. It is to be recited in the early morning hours, preferably near dawn. Structure of the hour a recent "single instance" implementation, an upgrade of Oracle Financials that replaces an old system that had four different releases and differing implementations, for creating a financial overview that facilitates the reporting side of corporate governance. "We moved to single instance about a year ago, which automatically creates the opportunity for better corporate worldwide control," Morlan says. "We're getting uniformity, and a single chart of accounts. There's a single set of password controls and responsibility profiles for each of our users worldwide." He calls the relationship with an enterprise resource planning See ERP. (application, business) Enterprise Resource Planning - (ERP) Any software system designed to support and automate the business processes of medium and large businesses. (ERP (Enterprise Resource Planning) An integrated information system that serves all departments within an enterprise. Evolving out of the manufacturing industry, ERP implies the use of packaged software rather than proprietary software written by or for one customer. ) vendor--like Oracle, PeopleSoft or SAP--"virtually as key as with the outside auditors." Separately, audit committees are under more pressure than ever, and recruitment of current and former CFOs and retired audit partners to serve on audit panels has accelerated. Board expert Ralph Ward believes that "audit committees need to have their own budgets and perhaps have someone dedicated to them on staff" (see the interview on the following pages), but isn't sure that internal audit--which reports to management--is the appropriate resource. "You, as a member of the audit committee, have a right to call on any support group you want," says Roger Kenny, managing partner of Boardroom Consultants in New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of . Kenny believes that audit committees meetings are more meaningful and tense than ever, but that "the tenseness is a positive. We're also seeing greater evidence of real intemal audit--these things are being verified." Verification is a key component of compliance, yet even widespread compliance isn't seen as a panacea Some antidote or remedy that completely solves a problem. Most so-called panaceas in this industry, if they survive at all, wind up sitting alongside and working with the products they were supposed to replace. : Just 6 percent of those surveyed by Parson agree that "Sarbanes-Oxley will ensure that there will be fewer corporate scandals A corporate scandal is a scandal involving allegations of unethical behavior by people acting within or on behalf of a corporation. A corporate scandal sometimes involves accounting fraud of some sort. based on accounting practices in the future." That may be a way of saying that it's impossible to legislate To enact laws or pass resolutions by the lawmaking process, in contrast to law that is derived from principles espoused by courts in decisions. morality--or that human nature being what it is, some people, often those under duress duress (dy  `rĭs, d`–, d , will look for a way to sidestep side·step v. side·stepped, side·step·ping, side·steps v.intr. 1. To step aside: sidestepped to make way for the runner. 2. the rules for their own gain. Assessing the state of corporate boards Board expert Ralph Ward, editor and publisher of the influential newsletter Boardroom INSIDER and author of a new book, Saving the Corporate Board, talks to Editor-in-Chief Jeffrey Marshall about the evolving shape of boards and board practices. FE: What's your sense of how bad things are? Is there a direct relationship between dysfunctional boards and corporate scandals? Ward: I think the relationship is pretty apparent between the two. The problem is to say that this or that particular board at Enron or HealthSouth was asleep at the switch, but that doesn't really represent what's happening with corporate governance. I think that's a bit dishonest. Essentially, if you have a disaster in the works at a handful of companies, that doesn't mean that all of the other companies out there would be able to [avert] a disaster if it were coming. It's one of those thoughts that doesn't make us sleep easily at night, but I think it's closer to the truth. FE: You've noted that directors have a difficult if not impossible job, particularly with the way information is 'bombarding people these days. What are some of the biggest problems facing individual board members? Ward: Probably the first is that the members, especially outside directors, have no way of saturating themselves to the proper level with financials and general follow-up on the company. One of the things I know our readers complain about is getting bombarded with a huge wad of material for the board meetings, or else it's on a "just ask management and we'll tell you" basis. There's a depth problem, either too deep or too shallow. FE: And not too many people get the mix right... Ward: They don't, and also most boards haven't sat down and looked at it with management and said, "Here are the measures we need to see, here are the medians we want to be tracking -- this is the stuff we need to know to get a good blood-pressure reading on the company, to know that the internal controls are working." FE: Magazines like Business Week have developed annual rankings on best and worst corporate boards. Have those had an effect on reforming some of the bad apples? Ward: I think they have embarrassed some of the larger companies, but I don't think they're getting to the point of the issue. The best corporate boards out there are very likely at companies we've never heard of -- and conversely con·verse 1 intr.v. con·versed, con·vers·ing, con·vers·es 1. To engage in a spoken exchange of thoughts, ideas, or feelings; talk. See Synonyms at speak. 2. , some of the worst are probably at companies we've never heard of. A lot of it is how much media lineage LINEAGE. Properly speaking lineage is the relationship of persons in a direct line; as the grandfather, the father, the son, the grandson, &c. the company has gotten for a particular scandal. In the great wide world of business, [The Walt] Disney [Co.] still has a pretty terrific board of directors; no matter how much value may have been piddled away over the last few years, imagine what it would have been like if [CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. ] Michael Eisner Michael Dammann Eisner (born March 7, 1942) was CEO of The Walt Disney Company from September 22, 1984 to September 30, 2005. Early life Michael Eisner was born to a wealthy family in Mt. Kisco, New York, and raised on Park Avenue in Manhattan. hadn't come in. They've done some things they shouldn't have done, but compared to some other hard cases out there... FE: Boards used to be accused of rampant cronyism Cronyism Tammany Hall Manhattan Democratic political circle notorious for spoils system approach. [Am. Hist.: Jameson, 492] , but isn't that largely disappearing? Ward: I don't think so, yet. Very little happens fast in the corporate governance world. What's happened over the last year with the Sarbanes-Oxley legislation is shocking, because [things] hardly ever happen that fast in a governance environment. The rest of the time, you're talking about a very slow process. Even at companies that annually elect members of the board, you're not going to have a massive turnover of the board. FE: Most of the boards I'm aware of are smaller than in years past and have fewer insiders. Do these new demographics The attributes of people in a particular geographic area. Used for marketing purposes, population, ethnic origins, religion, spoken language, income and age range are examples of demographic data. just make the outside directors' job more difficult? Ward: I don't know Don't know (DK, DKed) "Don't know the trade." A Street expression used whenever one party lacks knowledge of a trade or receives conflicting instructions from the other party. . There are fewer board members. One counter-intuitive trend, if you look back over the last four or five years, is that the number of board meetings has been trending downward. Ten or 15 years ago, it was probably bimonthly bi·month·ly adj. 1. Happening every two months. 2. Happening twice a month; semimonthly. adv. 1. Once every two months. 2. Twice a month; semimonthly. n. pl. . Increasingly, it's becoming quarterly. That flies in the face of the fact that these people have to do a lot more work and have a lot more demands on them. A board of directors is simply a lousy lous·y adj. lous·i·er, lous·i·est 1. Infested with lice. 2. Extremely contemptible; nasty: a lousy trick. 3. tool for everything we're demanding of it nowadays. You elect people who are part-timers, who are amateurs at the corporation, who can give a few hours a month of attention to it--now you essentially want them to act as a new level of auditor, as a cop on the beat for a corporation... You would want them to take a strong personal interest in it, but at the same time they're supposed to be extremely independent of the corporation. If you sit down and describe what you want from a board, you're literally contradicting yourself with every other requirement. FE: You've written that "audit committee is an oxymoron." Certainly that's been true in many corporate scandals recently. But don't you sense some improvement there, even if it's coming at the point of a stick? Ward: There is improvement on the way, but I think it will be a couple of years before we can point to any solid results. One concern I've had with Sarbanes-Oxley and its implementation by the SEC and the stock exchanges is that it's been a lot of "thou shalt not Thou Shalt Not is the initial phrase of most of the Ten Commandments brought forth by Moshe the prophet. It can also mean:
FE: What about giving additional resources to the audit committee, perhaps from internal audit? Ward: I think audit committees need to have their own budgets and perhaps have someone dedicated to them on staff. Staff support of some kind will be a trend, but whether that would be someone from internal audit, I'm not so sure. Then you have the question, "Who does internal audit really work for?" Probably there will be some way of erecting a wall around someone on the staff who works with the audit committee to make sure they answer to, are paid by and have no other boss than the audit committee itself. But they still would have to be within the company, because otherwise you face the issue of having someone on the outside looking in. FE: The whole issue of having a "financial expert" on the audit committee has gotten a lot of attention. Do you think it's had much impact yet, or is it more evolutionary? Ward: It's sort of a phased-in issue. I know there is still dissatisfaction with defining "financial expertise" in this context. One of the throwaway throwaway See for your information (FYI). lines from a few months ago was that Warren Buffett Warren Buffett Known as "the Oracle of Omaha," Buffett is Chairman of Berkshire Hathaway and arguably the greatest investor of all time. His wealth fluctuates with the performance of the market, but for the last few years he has been reported to be worth over $30 billion, making wouldn't be considered a financial expert for a board, and if that's the case, there's something screwy screw·y adj. screw·i·er, screw·i·est Slang 1. Eccentric; crazy. 2. Ludicrously odd, unlikely, or inappropriate. screw with the definition. I think it's been loosened up a bit. It works on the personal level because if there is some oversight, if there is a strike suit filed against the company because of some chicanery, then someone on the audit committee--probably the chairman--is going to have to give testimony and prove his [her] "financial expertise." FE: In general, do you think it's worthwhile to have an outside CFO or a retired accounting partner on an audit committee to help vet the numbers? Ward: I think it's valuable, especially someone who can serve as the interpreter for the committee and the rest of the board. It's probably a great time to be a retired CFO or auditing firm partner. FE: I've certainly talked to recruiters who claim to be busy trying to find these people. Ward: One of the problems we're having here is the talent search aspect for boards of directors is quite a bit behind executive search. It's still very much a cottage industry cottage industry: see sweating system. . Search firms are just now starting to specialize in it because there had never been any money in it before. It's still a very inefficient market Inefficient Market A theory which asserts that the market prices of common stocks and similar securities are not always accurately priced and tend to deviate from the true discounted value of their future cash flows. This theory opposes the efficient market hypothesis. . There are a lot people out there who want to do the job, and a lot of demand to do it, but so far the twain isn't meeting very effectively. FE: You talk about totally rethinking the function of boards and what we want them to do. That sounds like a very high hill to climb, at least in the short term. Ward: It is, and you've raised a good point. It's very difficult to come up with an alternative to a system that's essentially written into law, and has been that way for 200 years. Even people who criticize boards of directors most strenuously stren·u·ous adj. 1. Requiring great effort, energy, or exertion: a strenuous task. 2. Vigorously active; energetic or zealous. don't have a good, clean-slate alternative for meeting what the board's supposed to do. What I discuss are incremental Additional or increased growth, bulk, quantity, number, or value; enlarged. Incremental cost is additional or increased cost of an item or service apart from its actual cost. fixes. There is an increasing drive toward shareholder democracy--an open ballot for electing board members. Currently, the board itself generally puts forward the slate for election at the next meeting. There is a move afoot to get some SEC and stock exchange regulations to allow investors who own a certain percentage of the company to nominate their own members. I think that is going to be the wave of the future, but how well it will address the underlying problems, I'm not sure. Certainly, these people have no interest in nominating a chuckle-head to the board, but they also have to meet the expertise and independence requirements for other outside directors. Another thing that is important is sitting down with the board and working out the nuts and bolts of making the board work better on a functional level. Boards really have never addressed things like timing and scheduling--the whole thing has been very catch-as-catch-can. It's often an afterthought af·ter·thought n. An idea, response, or explanation that occurs to one after an event or decision. afterthought Noun 1. . Could a board do a better job, use its time more efficiently and actually do more in fewer meetings? There are a lot of boards that [apparently] are, but no one has collected that body of knowledge. Business management has been developing into a science for half a century--there's nothing like that yet for boards of directors. They've got a lot of catching up to do. FE: If there's one thing you'd like to see happen to the board process in the next year, what would it be? Ward: I'd like to see more attention in the regulation-setting to board practices themselves. FE: So, more written rules? Ward: Not so much written rules as mandated procedures. There have been all kinds of [procedures] around auditing for many years that are required to make it independent and legally defensible de·fen·si·ble adj. Capable of being defended, protected, or justified: defensible arguments. de·fen . Maybe we need some of the same things for the board and corporate governance to give it legitimacy. One of the things I have been seeing, and I think is a good step, is the idea of charters for the audit committee, the compensation committee. Those need to written, those need to be published. If the committee doesn't have one, it has to at least give a reason why. I'd like to see the board [be required to] give a statement of how it functions, even offer a sample agenda. There's a lot more uniformity about how a finance department operates, how a planning department operates. Boards of directors are going to need that. They need to be [run as] less of an art and more of a science. DEVELOPING AN EFFECTIVE CODE OF CONDUCT Everett Gibbs I Executives often cite an ability to adapt to change as the most important factor for success in today's dynamic business environment. However, there is another equally important factor: an unwavering commitment to ethical and responsible business behavior. As many organizations already understand, a formal, written code of conduct is critical in order to transform ethical behavior into something more tangible for employees. Such a code is now a requirement for public companies, as mandated by the Sarbanes-Oxley Act and by the listing requirements Listing requirements Requirements, including minimum shares outstanding, market value, and income, that are laid down by an exchange for any stock to be listed for trading. of the major stock exchanges. Executing a successful code of conduct depends on three key elements: proper definition, effective communication and appropriate warning signals as monitoring tools. For years, companies have implemented corporate compliance programs that generally are based on a published code of conduct and follow the infrastructure outlined under the Federal Sentencing Guidelines The Federal Sentencing Guidelines are rules that set out a uniform sentencing policy for convicted defendants in the United States federal court system. The Guidelines are the product of the United States Sentencing Commission and are part of an overall federal sentencing reform for Organizations. To be effective, each program's underlying elements should reflect the unique aspects of the organization's culture and management's operating style. Typically, a code of conduct includes: * A statement by the CEO that the organization is committed to conducting business with integrity, in accordance with the highest ethical standards and in compliance with all applicable laws, rules and regulations. This establishes the required "tone from the top." * Practical examples of situations an individual might encounter, and guidance to help clarify how the code should be applied in each case. * A discussion of the roles the organization's policies, structure, risk management and internal controls play in ensuring compliance with the company's ethical standards, including the role of personal accountability for adhering to the code. * Recognition of the company's responsibilities to shareholders, employees, customers and other stakeholders Stakeholders All parties that have an interest, financial or otherwise, in a firm-stockholders, creditors, bondholders, employees, customers, management, the community, and the government. . * Prohibitions on and/or required disclosures related to conflicts of interest and restrictions on the use of confidential/proprietary information. * Corporate guidelines, including policies on expenses, asset usage, vacations, insider trading, etc. Communication, Disclosure and Enforcement Disclosure of the code of conduct has not been consistent among companies. These are suggestions based on today's best practices: * Write the code in a way that all employees can understand. * Circulate the code internally to all employees on a regular basis (annually, at a minimum). Require everyone to acknowledge that he or she has read it, understands his or her responsibility to comply with it, and will report through appropriate channels any observed violations. * Circulate the code externally to institutional investors Institutional Investor A non-bank person or organization that trades securities in large enough share quantities or dollar amounts that they qualify for preferential treatment and lower commissions. and other constituents. * Publish the code in the company's annual report and on its Web site. * Conduct periodic employee training on the code and "audits" of the staff's understanding of it. * Require periodic compliance self-assessments of selected employees using appropriate code provisions. A code without discipline lacks substance. Management must take disciplinary action for violations on a timely basis, and lessons learned from violations should be communicated to employees and reinforced through training. An internal reporting mechanism should be put in place for employees to ask questions about ethics issues and report violations or breaches of company policy without fear of retribution RETRIBUTION. 1. That which is given to another to recompense him for what has been received from him; as a rent for the hire of a house. 2. A salary paid to a person for his services. 3. The distribution of rewards and punishments. . Often, these reporting mechanisms take the form of an "integrity hotline," although some companies are establishing Web sites to receive reports and give reporting employees or outside parties the option of remaining anonymous. Management should have protocols in place to handle reported violations consistently, including use of legal counsel, coordination with law enforcement and timely reporting to senior management and the board, consistent with the Sarbanes-Oxley requirements for reporting fraud. Watching for Ethics Warning Signs A company's board of directors has three responsibilities with respect to the code of conduct. First, it must determine that the code is consistent with values that most stakeholders hold in the highest esteem. Second, it must comply with the code. Third, it must provide appropriate oversight to ensure management is operating the business in a manner consistent with the code. * Directors should watch for the following key warning signs. If these and other "red flags" are noted, the board should investigate to determine whether there are integrity issues requiring attention at the highest levels of the organization. Where there is smoke, there may be fire: * The extent to which the code of conduct is emphasized and reinforced by management in operating the company. There is little value to a code that is published but not consistently reinforced by management. * The manner in which management engages the board. Management's relationship with the board could be a sign of how it engages its people. For example: * Management brings only good news and highly structured presentations to board meetings, and the board rarely hears bad news until it is too late. * Management only presents the board with plans for approval and rarely seeks input as plans are being developed. Insufficient time is devoted to forward-looking issues. * The CEO controls the board's agenda, board meetings are highly regimented and orchestrated or·ches·trate tr.v. or·ches·trat·ed, or·ches·trat·ing, or·ches·trates 1. To compose or arrange (music) for performance by an orchestra. 2. , and directors have little opportunity to discuss issues and concerns. If these signs exist, are they an indicator of how management works with subordinates? Does the CEO really listen to his or her people? If not, does that behavior permeate permeate /per·me·ate/ (-at?) 1. to penetrate or pass through, as through a filter. 2. the constituents of a solution or suspension that pass through a filter. per·me·ate v. the organization? * Circumstances within the organization or aspects of its culture that could lead to unethical unethical said of conduct not conforming with professional ethics. or dysfunctional behavior. Unless effectively managed and checked, past successes and growth--along with sustained pressures to perform--can breed a "warrior culture." This can lead to a cavalier cavalier (kăv'əlĭr`), in general, an armed horseman. In the English civil war the supporters of Charles I were called Cavaliers in contradistinction to the Roundheads, the followers of Parliament. attitude that spawns reckless initiatives, unhealthy internal competition, institutional resistance to bad news, a general lack of change readiness, unrealistic stretch sales and profit goals, variable compensation plans linked to those goals and insufficient attention to protecting the company's brand image. * Direct or anecdotal evidence anecdotal evidence, n information obtained from personal accounts, examples, and observations. Usually not considered scientifically valid but may indicate areas for further investigation and research. that the CEO and senior management lack credibility with employees. Such evidence might surface in employee surveys conducted by an independent consultant, or in other ways. Management may consistently make excuses for poor results and be unwilling to acknowledge its own errors. If the board notes that the CEO and executive management are unable to discern or are unwilling to admit when a strategy or its execution is not working, it can safely bet that employees have noted it as well. * Direct or anecdotal evidence that certain business activities might be on the verge On the Verge (or The Geography of Yearning) is a play written by Eric Overmyer. It makes extensive use of esoteric language and pop culture references from the late nineteenth century to 1955. of running out of control. For example, is there evidence of a pattern of high-pressure sales practices, bullying negotiation tactics, disregard of regulatory authority Noun 1. regulatory authority - a governmental agency that regulates businesses in the public interest regulatory agency administrative body, administrative unit - a unit with administrative responsibilities or similar activities? If these conditions persist, could they lead to problems, even illegal acts or brand erosion? * Identification of problem areas or process failures that may be a symptom of a potential ethics issues. When a significant problem or process failure occurs, is it a symptom of an ethical breakdown? If not, does it indicate a lack of clarity that, if addressed, might have helped mitigate the problem or even have avoided it? * Requests to waive To intentionally or voluntarily relinquish a known right or engage in conduct warranting an inference that a right has been surrendered. For example, an individual is said to waive the right to bring a tort action when he or she renounces the remedy provided by law for such conflicts of interest or other significant ethics requirements. The board should pay close attention to requests from management to waive significant code provisions, including the immediate and long-term effects if a waiver is granted. * The effectiveness of management's follow-up on instances of code violations and noncompliance noncompliance failure of the owner to follow instructions, particularly in administering medication as prescribed; a cause of a less than expected response to treatment. noncompliance issues reported by "whistleblowers" and third parties. The board should be informed of financial reporting issues raised by "whistleblowers," as well as any lack of adherence to policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental demanded by regulators and auditors. Any subsequent investigation, findings and the remedies taken should be disclosed to the board. Ultimately, the best test of a code of conduct's effectiveness is whether it is practiced. When management's preferences, value judgments and operating styles are consistent with the highest standards of ethical behavior, the organization is better positioned to sustain a quality reputation that attracts and retains the customers, talent and capital required to grow the business and create enterprise value. In every industry, strong corporate ethics breed positive business results. Everett Gibbs is managing director for Protiviti (www.protiviti.com), an internal audit and risk consulting firm Noun 1. consulting firm - a firm of experts providing professional advice to an organization for a fee consulting company business firm, firm, house - the members of a business organization that owns or operates one or more establishments; "he worked for a with more than 30 offices in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. , Europe and Asia. To reach the nearest Protiviti office, call 888.556.7420. Sarbanes-oxley 404: a compliance game plan. George P. Herrmann For public company finance executives, compliance with Section 404 of the Sarbanes-Oxley Act requires disciplined project management and a thorough consideration of the appropriate roles to be played by management and its advisors and auditors. "Former CFO Pleads Guilty to Violating Sarbanes-Oxley." "SEC Suspends Partners Over Their Audit Work." "Financial Restatements, New Accounting Systems Identified as Red Flags." Headlines like these can disrupt the sleep of CEOs, board members, CFOs and other corporate finance executives. Their waking nightmare is to pick up a copy of The Wall Street Journal and find their company's name beside terms like "restated earnings," "accounting irregularities," "subpoenas" and "Justice Department." Although the stiff penalties outlined in the Sarbanes-Oxley Act initially captured the attention of CFOs, they and their staffs are now scrambling to address the far-reaching but less-understood challenge of complying with the new law, and Section 404 in particular. Section 404 requires management to explicitly take responsibility for establishing and maintaining an adequate internal control structure. The Securities and Exchange Commission (SEC) has acted swiftly to enact and clarify a majority of the new law's mandates since it was signed last summer. This includes the executive certification of quarterly and annual reports, stricter standards for external auditor The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. independence, tighter time frames for filing 10-Qs and 10-Ks, the need for a "financial expert" on a company's audit committee, greater disclosure of off-balance-sheet arrangements and many other rules. Uncertainty persists, however, along with the challenge of keeping abreast of ongoing guidance on the new law. In particular, uncertainty surrounding Section 404 continues as finance executives await clarification on many implementation issues In the Business world, companies frequently set-up a connection between which they transfer data. When the connection is being set-up, it is referred to as implementation. When issues occur during this phase, they are known as implementation issues. . This should dissipate dis·si·pate v. dis·si·pat·ed, dis·si·pat·ing, dis·si·pates v.tr. 1. To drive away; disperse. 2. as the SEC provides further guidance and the Public Company Accounting Oversight Board The Public Company Accounting Oversight Board (or PCAOB) (sometimes called "Peekaboo") is a private-sector, non-profit corporation created by the Sarbanes-Oxley Act, a 2002 United States federal law, to oversee the auditors of public companies. (PCAOB PCAOB Public Company Accounting Oversight Board ) gets up to speed with its new chairman, former New York Federal Reserve Board President William McDonough
William A. McDonough (b. 1951, Tokyo, Japan) is an American architect and founding principal of William McDonough + Partners, whose career is focused on . The SEC and the PCAOB have made it very clear that they (not the AICPA AICPA See American Institute of Certified Public Accountants (AICPA). ) will issue the auditing standards regarding the review of internal controls and Section 404 attestation The act of attending the execution of a document and bearing witness to its authenticity, by signing one's name to it to affirm that it is genuine. The certification by a custodian of records that a copy of an original document is a true copy that is demonstrated by his or her . These rules have not yet been issued. While there is some uncertainty around implementation, the bulk of the work will be a rather straightforward (but significant) effort of documenting and assessing controls across the enterprise. The following practices should help finance executives address Section 404 compliance in a way that is proactive, effective and promotes transparency and good corporate governance. Take action now. As it now stands, companies with fiscal year-ends Fiscal Year-End The completion of a one-year, or 12-month, accounting period. Notes: The reason that a company's fiscal year often differs from the calendar year and does not close on Dec 31, is due to the nature of company's needs. falling after September 15 must comply with the internal controls assessment rule this year--a process that requires significant time. There are four distinct phases to 404 compliance. First, companies should take an inventory of internal controls--where are they sufficient and deficient--and then assess those controls against a framework such as that of the Committee of Sponsoring Organizations (COSO COSO Committee of Sponsoring Organizations of the Treadway Commission COSO Church of Spiral Oak COSO Corporate South COSO Class of Service Override COSO Combat Oriented Supply Operations (USAF) ). Second, companies should document how the controls have been assessed and what, if any, policies and procedures will be used to remedy any control deficiencies. Third, companies must test to ensure that the controls and any remedies work as intended. Fourth, management must pull the prior three phases of activities into a formal report. Under the new law, external auditors will then attest To solemnly declare verbally or in writing that a particular document or testimony about an event is a true and accurate representation of the facts; to bear witness to. To formally certify by a signature that the signer has been present at the execution of a particular writing so as to that report, which can be a time-consuming process, depending on how well the company assesses, documents, tests and reports. A good benchmark for calendar year-end companies is to complete initial assessment and documentation by the end of August, to give their external auditors enough time to do their attestation work. Institute a formal project management approach. The scope of this effort should not be underestimated, and companies should bring sound project-management discipline to the project. Establish a project management office or, at the very least, assign a project manager who can work through each compliance phase and identify the details and milestones necessary to ensure that all deadlines are met. An ideal candidate is a project management professional or someone with comparable experience, such as the project management of a large-scale system implementation. Adhering to deadlines is critical now, even with year-end six months down the road. External auditors want to conduct preliminary testing as soon as the process is evaluated, to avoid time and scope problems in their year-end attestations. Be cautious not to be too distant from the project leader or to outsource total responsibility for the effort. Outside help and advice is important, but having your own team closely managing and taking responsibility is the best approach--the internal control environment is a function and responsibility of management. In addition, a company's CFO is individually responsible for making the assertion on the effectiveness of the control environment. Be mindful mind·ful adj. Attentive; heedful: always mindful of family responsibilities. See Synonyms at careful. mind of auditor independence issues. Some external auditors, eager to do much more than preliminary testing, have embraced an aggressive interpretation of the independence issues at the heart of Section 404. For example, many external auditors will provide control-assessment software tools at no cost for client companies to use in their compliance efforts. Right now, that's acceptable, pending possible future guidance from the SEC or direction from the PCAOB. Some external auditors go so far as to offer to serve as the "smart arms and legs" of the client company's project management office. That conflicts with the spirit, if not the letter, of the new law's independence rules because external auditors would be attesting to work that they themselves have performed. Companies with a focus on good governance The terms governance and good governance are increasingly being used in development literature. Governance describes the process of decision-making and the process by which decisions are implemented (or not implemented). are choosing to ensure their auditor's independence by distancing their external auditor from the documentation and assessment work related to Section 404. Communicate closely with external auditors. A wise approach to auditor independence rules does not mean curbing communications with external auditors. On the contrary, management and external audit partners should continually interact throughout the compliance process. That line of communication helps assure companies that their assessments, documentation, testing and reporting are headed in the right direction, and it should lighten light·en 1 v. light·ened, light·en·ing, light·ens v.tr. 1. a. To make light or lighter; illuminate or brighten. b. To make (a color) lighter. 2. the attestation load (not to mention the cost of that work) external auditors bear at year-end. Question out-of-the-box offers. Due to the significant effort involved, in many cases it may be necessary to seek outside compliance assistance. Corporate finance executives, however, should be skeptical of shrink-wrapped "silver bullets silver bullet - magic bullet " and cost estimates that contain exact totals of work hours. Are there neat software tools that can bolster compliance efforts? Yes. Can you pull off the shrink-wrap, load the software, hit "enter" and automatically comply with Section 404? Not by a long shot. It is the talent, experience and time commitment of the people on the project that will determine its success. CFOs should raise their eyebrows when an outside firm proclaims up front that this should be a 10,000-hour engagement. Until a company completes a thorough assessment of internal controls, it is extremely difficult to take seriously any estimate of hours or dollars. For the fortunate minority of organizations with the most defined and effective control environment, a fee estimate might be reasonable. But for the majority of public companies, any specific estimate provided before the assessment phase seem highly unrealistic. All of the practices above have a common thread: management's responsibility for the internal control structure. Any successful project should result in management having a better understanding of its own processes and controls. A truly successful project will also be more than a one-time compliance event - it should be the start of an ongoing process of self-assessment, monitoring and improvement. George P. Herrmann is CEO of Jefferson Wells International, a professional services (job) professional services - A department of a supplier providing consultancy and programming manpower for the supplier's products. firm serving more than half of the Fortune 500 in the areas of internal audit and information technology controls, accounting/finance, technology and tax. Visit www.jeffersonwell.com/sarbanes. |
|
||||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion