Printer Friendly
The Free Library
14,587,945 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Section 404 compliance and 'tone at the top'.


At the March meeting of the Committee on Corporate Reporting (CCR 1. CCR - condition code register.
2. CCR - (Database) concurrency control and recovery. ), FEI FEI

Fédération Équestre Internationale.  invited the Section 404 project leaders from our CCR companies to participate in a one-day session on year-one implementation issues In the Business world, companies frequently set-up a connection between which they transfer data. When the connection is being set-up, it is referred to as implementation. When issues occur during this phase, they are known as implementation issues. . The discussion included leading practices in areas such as organization structure, scope, deficiency management, use of external resources, relationship with the external auditor The examples and perspective in this article or section may not represent a worldwide view of the subject.
Please [ improve this article] or discuss the issue on the talk page. , communication to the audit committee and management reports, to name a few. Also addressed were unintended consequences For the "Law of unintended consequences", see Unintended consequence

Unintended Consequences is a novel by author John Ross, first published in 1996 by Accurate Press.  and challenges to sustainability as companies move from "project" to "process."

The discussion led to a recent publication by our research affiliate, the Financial Executives Research Foundation (FERF FERF Financial Executives Research Foundation
FERF Far End Reporting Failure
FERF Far End Receive Failure ), "Sarbanes-Oxley Section 404 Implementation: Practices of Leading Companies." It also served as the basis for CCR's letter to the Securities and Exchange Commission (SEC), filed on April 1, in advance of an April 13 roundtable held by the SEC to solicit feedback on first-year implementation issues. I was asked to participate on that roundtable, along with four other CCR members (and several other FEI members).

[ILLUSTRATION OMITTED]

A recurring theme throughout the day at the SEC was the need for moving to a "risk-based" approach to Section 404 scoping, documenting and testing. That clearly didn't happen in year one. Many companies noted that they attempted to scope Section 404 by starting with their significant risk areas and determining where they should be spending the most time. Unfortunately in most cases, the external auditors nixed that approach in favor of a "coverage" approach.

That is, they wanted to ensure that a high percentage of locations and accounts were covered (such as coverage of 90 percent of locations or 80 percent of revenue, etc.) rather than focus on those areas with the most risk. This broad-based approach was the cause of much of the expense in the first year of implementation.

For smaller companies, taking a risk-based approach is imperative. Many of the controls are informal, though equally effective. If we look at where the issues occurred at the companies that caused Sarbanes-Oxley to be enacted, they clearly centered on the "control environment" aspect of the Committee of Sponsoring Organizations, or COSO COSO Committee of Sponsoring Organizations of the Treadway Commission
COSO Church of Spiral Oak
COSO Corporate South
COSO Class of Service Override
COSO Combat Oriented Supply Operations (USAF)  (FEI is one of the original sponsoring organizations) internal control framework--more specifically, the "tone at the top."

What is "tone at the top?" It is the shared set of values that an organization has emanating from the most senior executives. It can be reinforced with written codes and other policies and documents, but, more importantly, it reflects the "actions" of these executives. Are they "walking the talk?"

For example, Enron had a robust code of ethics Code of Ethics can refer to:
  • Ethical code, a code of professional responsibility, noting what behaviors are "ethical".
  • Code of Ethics (band), a 90's Christian New Wave/Pop band
 that was routinely bypassed for senior executives (the board provided Enron's CFO See Chief Financial Officer.  with an exemption from the conflict of interest code, for instance). Therefore, the tone was that "although we have a written code, it does not need to be followed." The culture of the organization almost encouraged breaking the rules and pushing the envelope--anything to keep the stock price propped up.

Similarly, at WorldCom, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board.  Bernie Ebbers may not have uttered the exact words "commit fraud to keep our stock price up," but he implied it when he gave the message that "the stock price can't go down. The Street is expecting a certain number--deliver it."

How does one go about scoping, documenting, testing and monitoring "tone at the top?" Start with the written information, codes of conduct, whistleblower whis·tle·blow·er or whis·tle-blow·er or whistle blower  
n.
One who reveals wrongdoing within an organization to the public or to those in positions of authority: "The Pentagon's most famous whistleblower is . .  policies, training programs, schedules of authorizations (who can approve what in the organization), communication from senior management to employees and other policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental  that govern behavior in the organization. These policies and procedures should be consistent and understandable.

Additionally, they should be clear enough so that employees understand what the appropriate behavior is in a given situation. The CEO should be communicating the importance of these regularly, both through words and actions. How does the company ensure that all employees understand the values, codes and policies? One way could be for every employee to attest that he or she has read and understood the codes and policies on a yearly basis. This could be done via an intranet--perhaps by a webcast explaining the various codes and policies, with a sign-off afterward.

How does the company ensure that the codes, policies and values are effective? Online, anonymous surveys of all employees and focus groups could be a way to "test" and monitor this effectiveness. Questions should include whether the employee believes that the company's senior management acts with integrity; they shouldn't just be about the codes and policies. Employees receive a much louder message through the actions of senior management than through written policies.
COPYRIGHT 2005 Financial Executives International
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2005, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:president'sPAGE; Sarbanes-Oxley Section 404
Author:Cunningham, Colleen
Publication:Financial Executive
Geographic Code:1USA
Date:Jun 1, 2005
Words:760
Previous Article:Barbara A. Klein.(balanceSHEET)(personal profile of senior vice president of CDW Corp.)(Biography)
Next Article:From the editor.
Topics:



Related Articles
PCAOB issues internal control standards ED.(financial Reporting)(Brief Article)
Defining moment for good governance: research from both Financial Executives Research Foundation and Robert Half international find that...
Ask FERF (financial executives research foundation) about ... private company compliance with section 404.(resources)
Is software the solution for Sarbanes-Oxyley.(FinancialReporting)
Compliance: European firms lag on Sarbanes-Oxley.(businessBRIEFS)(Brief Article)
What will you do in Sarbanes-Oxley's second year?(financial reporting)
A silver lining: Sarbanes-Oxley compliance may reveal hidden dividends for insurers.(Sarbanes-Oxley Act of 2002)
Section 404 implementation: is the gain worth the pain?(compliance)
Assessing company-level controls: another hurdle on the road to compliance.
Under the gun: Sarbanes-Oxley compliance requires significantly more investment than public insurers anticipated. Now mutuals may have to comply as...

Terms of use | Copyright © 2009 Farlex, Inc. | Feedback | For webmasters | Submit articles