SOX and Small Public Companies

15-1
15-2
15
Fraud and SOX Compliance
McGraw-Hill/Irwin
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
15-3
SOX Regulatory Framework
15-4
SEC Oversight
15-5
The Sarbanes-Oxley Act
 The
Sarbanes-Oxley Act. The full official title of the act is
“Public Company Accounting Reform and Investor
Protection Act of 2002.
 Title
I—Public Company Accounting Oversight Board.
The PCAOB consists of five members, only two of whom are
permitted to either be or have previously been certified
public accountants (CPAs). Furthermore, its chairperson
cannot have been a practicing CPA anytime in the five
years before serving on the board.
15-6
SOX and the PCAOB
15-7
SOX Titles II and III
 Title
II—Auditor Independence
 Prohibits
services
 Requires rotation of audit partners
 Title
III—Corporate Responsibility
 Mandates
audit committees
 CEO/CFO must certify reports
 SEC powers to bar executives for directorships
 SEC powers to seek equitable relief
 Reporting requirements for corporate attorneys
15-8
SOX Title IV
 Title
IV—Enhanced Financial Disclosures
 Requires
the disclosure of all material off-balance-sheet
transactions and reconciliation of pro forma financial
statements to GAAP.
 Forbids personal loans to directors and executives.
 Requires that senior management and directors disclose
report changes in securities ownership within 2 days.
 Requires the CEO & CFO to “certify” internal controls, and
that the auditor attest to and report on management’s
assessment of the internal control structure and procedures.
 Requires that companies disclose whether they have adopted
an ethics code for senior management and whether the audit
committee includes at least one financial expert.
15-9
SOX Titles V-VIII
 Title
V
 Requires
independence of financial analysts
 Title
VI and VII—Commission Resources and Authority and
Studies and Reports
 Title VIII—Corporate and Criminal Fraud Accountability
 Provides
for up to 20 years in prison for certain types of
interference with any kind of federal-related investigation.
 Requires auditors to retain their working papers for 5 years.
 Makes non-dischargeable fines, penalties, and certain civil
debts arising from violations of state and federal securities
fraud laws.
 Whistle-blower protection.
 Up to 25 years in jail for securities-related fraud.
15-10
SOX Titles IX and X
 Title
IX—White-Collar Crime Penalty Enhancements
 Increases
maximum penalty for wire and mail fraud from 5 to
20 years.
 Makes it a criminal offense for officers to willfully and
knowingly certify financial reports not in compliance with the
act. Possible 20 years in jail.
 Title
X—Corporate Tax Returns
 Recommend
that the CEO sign the corporate tax return.
15-11
SOX Title XI
 Title
XI—Corporate Fraud and Accountability
 Establishes
a potential 20-year prison term for anyone who
alters, destroys, mutilates, or conceals a record, document, or
other object or otherwise impedes an official proceeding.
 Empowers the SEC to petition federal courts for temporary
injunctions to freeze pending “extraordinary payments” to
certain individuals under investigation for possible violations of
federal securities law.
 Empowers the SEC to bar from serving as corporate officers
any individuals who violate certain rules that govern certain
manipulative, deceptive devices
 Increases penalties for filing a false or misleading SEC report
to up to $25 million dollars and up to 20 years in prison.
15-12
SOX Compliance
 SOX
Rules, Regulations, and Standards (SOX involves an
ongoing rulemaking and regulatory process).
 The Federal Criminal Sentencing Guidelines (point system
with mitigation for ethics and control processes).
 The COSO Reports
 Focus
 The
on basic control processes and risk management.
COBIT Standard
 Contains
high-level and detailed control objectives, audit
guidelines, and management guidelines.
 ISO
27002
 Contains
11 major topics, with over 5,000 controls in total.
 Comparison
of the Various Models for Control Practices.
15-13
SOX and Small Public
Companies
 Sox
404 Compliance with Small Public Companies
 Leadership
involvement and effective boards of directors
 Compensating for limited segregation of duties by
management reviews
 Compensating for limited IT by using ASPs
 How
Small Public Companies Can Achieve Efficiency in
Internal Control Processes
 Apply a risk-based approach
 Focus on changes
 Manage reporting objectives
 Right-sizing documentation