What is Sarbanes – Oxley also known as? - E

advertisement
The Sarbanes – Oxley Act
What it Means to You
November 2004
David Kaufman
Acquis Background
• Company Type: Private management consulting firm
• Founded in 1998; profitable since inception; headquarters in New York City
• Client Profile: Main focus on Global Fortune 1000; core industries served
include Pharmaceutical, High-Tech, Financial Services, Travel, Government
• Examples of Collective Client Experience: Pfizer, Bank of TokyoMitsubishi, Cadbury, National Semiconductor, Mitsubishi International, NYC
Government, Interpublic Group, AstraZeneca
• Staff Background: 90% of consultants have worked on European and
North American initiatives, primarily in the travel area
2
Quick Facts
In 2003, corporations, conventions, and
associations spent $44.7 Billion on meetings
and conferences…
Meetings & Conventions Magazine, 2004 Report
…yet 68% of corporations have no
standard process to control this cost
American Express Global T&E Expense Management Study
3
What is Sarbanes-Oxley?
Congressional Act
Named after Senator
Paul Sarbanes and
Congressman Michael
Oxley
Sen. Paul Sarbanes
•
•
•
Rep. Michael Oxley
Enacted in 2002 to increase corporate responsibility and
accounting standards
Requires CFO / CEO signoff on financial statements
Companies must also attest to internal controls in place
4
Sarbanes – Oxley: Also Known As
We asked 100 people (including Paul
Sarbanes and Michael Oxley) :
What is Sarbanes – Oxley also known as?
5
SOX Applies to Which Companies?
•
•
•
Publicly traded companies in the US
Non-US public multinational companies
engaging in business in the US
Voluntary compliance for private firms
but seen as “Best Practice”
6
Section 404 Compliance Dates
Compliance dates have been extended
Accelerated Filers
Fiscal Year ending
on or after:
Non-Accelerated Filers
Original
New
Original
New
6/15/2004
11/15/2004
4/15/2005
7/15/2005
Accelerated Filer A U.S. company with market capitalization over $75 million that has
filed at least one annual report with the SEC
7
Key Elements of SOX
Requirement
Frequency
302
CFO / CEO certify completeness and
accuracy of statements. Identify control
weaknesses and changes to internal
controls.
Quarterly
Annual
Annual
404 (a)
Provide a report that demonstrates
appropriate internal controls and control
effectiveness.
404 (b)
Registered external auditors must attest
to controls report.
Annual
409
Rapid disclosure of changes in financial
conditions or operations.
Ad-Hoc
Section
8
Three Key Controls
•
•
•
Safeguarding assets - Controls to prevent
theft, fraud, waste, and abuse
Financial reporting - Controls to ensure the
appropriate reporting of expenses
Authorization - Controls to confirm the
appropriate approvals of expenditures
9
Why is SOX Important to Planners?
Affects almost every aspect of the meeting planning
process
RFP
•
•
•
•
•
•
•
•
Site
Selection
Planning /
organization
Meeting objectives
•
Executive approvals
•
Budgets
•
Locations
•
RFPs / Site selection criteria •
Standard contracts /
•
Negotiations
Preferred suppliers
Payment methods
On-site
Activities
Marketing
•
Announcements
•
Registration strategy •
Travel arrangements •
Event management
Miscellaneous
•
Expenses
10
Post
Meeting
Invoice payments
Account reconciliation
Financial reporting
Attendee evaluation
surveys
ROI calculation
What Should Planners Look At?
•
•
•
•
•
•
•
Interactions with travel agencies and event
management suppliers
Contracts, commitments, financial liabilities, and
operational risks
Current controls on manual processes
Allocation of costs to the correct budgets
Current use of technology
Safety of attendees
Extravagant meetings
11
What is Extravagant?
•
•
•
•
•
Roman themed party where guests are greeted by
chariots and gladiators
Events held in a Sardinian resort where rooms start at
$1200 a night
Flying Jimmy Buffett and his band to an island at a
cost of $250,000
A 7-day event including partying, jet skiing, sailing,
golfing, and feasting for 75 guests
Charging half the costs of the party to the company
$2.1MM birthday party for the former Tyco CEO’s wife
12
Case Study One
•
•
•
Susan is planning the annual
shareholders meeting
Tyler, her cousin, manages
sales for a major hotel
Susan’s company has a
strict event vendor selection
policy and Tyler’s hotel is not
a preferred vendor
Can Susan make an exception
and plan the event?
13
General Approach
•
•
•
•
•
Document end-to-end current processes
Identify important, manual, and risk prone
processes
Evaluate existing controls
Develop and execute strategy to remedy
deficiencies
Evaluate success and document risks
14
SOX Documentation
Documentation
of Processes
Covers initiation,
authorization, recording,
processing, and reporting of
transactions
• Process Flowcharts
• Policy Manuals
• Accounting Manuals
• Budget Guides
Documentation
of Controls
Identify process risks and
demonstrate appropriate control
activities and measures
•
•
•
•
Preventative / Detective
Control Matrices
If – Then Narratives
Process Redesign Docs
Are these current, complete, and readily available?
15
The COSO Framework
Committee of Sponsoring Organization (COSO)
has developed a framework for internal controls:
Control Environment
Risk Assessment
Control Activities
Information & Communication
Monitoring
•
•
Framework supported by the SEC and PCAOB
Most popular framework in the United States
16
Types of Controls
Less Effective
Complex / Multi-step
Single control
Post-event controls
Data analytics
Manual control
Most Effective
Simple / Single-step
Multiple controls
Real-time controls
Transaction monitoring
Automated control
What controls do you currently have in
place?
17
The Use of Technology
•
•
•
•
Enforce a consistent process for your
meeting planning spend
Automatically record a clear and
comprehensive audit trail of all activities
Provide evidence of compliance through
built-in reports and notifications
Increase planning and registration process
efficiency
18
Technology Providers
•
Meeting planning checklists
•
Standardized RFPs
•
Meetings-sourcing databases
•
Attendee management
•
Preferred supplier flags
•
Company policy / best
practices notification
19
Case Study Two
• Highly documented policy and process
• Extensive process controls on planning activities
Robert
• Uses Excel spreadsheets to track
meetings
• Manual RFP process
• Uses automated online RFP process
• Utilizes online resources to document planning
steps
• No formal preferred supplier policy
• Policies developed ad-hoc and not documented
Shelly
Who is SOX compliant?
20
Opportunities Beyond SOX
•
•
•
•
•
Building a true end-to-end process
Integration with Travel programs
Increased process efficiency with
technology
Improved vendor relationships
Strategic sourcing opportunities
21
Review Survey
We asked 100 auditors:
What type of documentation in the
meeting planning area will help
ease your concerns?
22
David Kaufman
Partner
Acquis Consulting Group
299 Broadway, 12th Floor
New York, NY 10007
212.233.5677
23
Download