The Sarbanes – Oxley Act What it Means to You November 2004 David Kaufman Acquis Background • Company Type: Private management consulting firm • Founded in 1998; profitable since inception; headquarters in New York City • Client Profile: Main focus on Global Fortune 1000; core industries served include Pharmaceutical, High-Tech, Financial Services, Travel, Government • Examples of Collective Client Experience: Pfizer, Bank of TokyoMitsubishi, Cadbury, National Semiconductor, Mitsubishi International, NYC Government, Interpublic Group, AstraZeneca • Staff Background: 90% of consultants have worked on European and North American initiatives, primarily in the travel area 2 Quick Facts In 2003, corporations, conventions, and associations spent $44.7 Billion on meetings and conferences… Meetings & Conventions Magazine, 2004 Report …yet 68% of corporations have no standard process to control this cost American Express Global T&E Expense Management Study 3 What is Sarbanes-Oxley? Congressional Act Named after Senator Paul Sarbanes and Congressman Michael Oxley Sen. Paul Sarbanes • • • Rep. Michael Oxley Enacted in 2002 to increase corporate responsibility and accounting standards Requires CFO / CEO signoff on financial statements Companies must also attest to internal controls in place 4 Sarbanes – Oxley: Also Known As We asked 100 people (including Paul Sarbanes and Michael Oxley) : What is Sarbanes – Oxley also known as? 5 SOX Applies to Which Companies? • • • Publicly traded companies in the US Non-US public multinational companies engaging in business in the US Voluntary compliance for private firms but seen as “Best Practice” 6 Section 404 Compliance Dates Compliance dates have been extended Accelerated Filers Fiscal Year ending on or after: Non-Accelerated Filers Original New Original New 6/15/2004 11/15/2004 4/15/2005 7/15/2005 Accelerated Filer A U.S. company with market capitalization over $75 million that has filed at least one annual report with the SEC 7 Key Elements of SOX Requirement Frequency 302 CFO / CEO certify completeness and accuracy of statements. Identify control weaknesses and changes to internal controls. Quarterly Annual Annual 404 (a) Provide a report that demonstrates appropriate internal controls and control effectiveness. 404 (b) Registered external auditors must attest to controls report. Annual 409 Rapid disclosure of changes in financial conditions or operations. Ad-Hoc Section 8 Three Key Controls • • • Safeguarding assets - Controls to prevent theft, fraud, waste, and abuse Financial reporting - Controls to ensure the appropriate reporting of expenses Authorization - Controls to confirm the appropriate approvals of expenditures 9 Why is SOX Important to Planners? Affects almost every aspect of the meeting planning process RFP • • • • • • • • Site Selection Planning / organization Meeting objectives • Executive approvals • Budgets • Locations • RFPs / Site selection criteria • Standard contracts / • Negotiations Preferred suppliers Payment methods On-site Activities Marketing • Announcements • Registration strategy • Travel arrangements • Event management Miscellaneous • Expenses 10 Post Meeting Invoice payments Account reconciliation Financial reporting Attendee evaluation surveys ROI calculation What Should Planners Look At? • • • • • • • Interactions with travel agencies and event management suppliers Contracts, commitments, financial liabilities, and operational risks Current controls on manual processes Allocation of costs to the correct budgets Current use of technology Safety of attendees Extravagant meetings 11 What is Extravagant? • • • • • Roman themed party where guests are greeted by chariots and gladiators Events held in a Sardinian resort where rooms start at $1200 a night Flying Jimmy Buffett and his band to an island at a cost of $250,000 A 7-day event including partying, jet skiing, sailing, golfing, and feasting for 75 guests Charging half the costs of the party to the company $2.1MM birthday party for the former Tyco CEO’s wife 12 Case Study One • • • Susan is planning the annual shareholders meeting Tyler, her cousin, manages sales for a major hotel Susan’s company has a strict event vendor selection policy and Tyler’s hotel is not a preferred vendor Can Susan make an exception and plan the event? 13 General Approach • • • • • Document end-to-end current processes Identify important, manual, and risk prone processes Evaluate existing controls Develop and execute strategy to remedy deficiencies Evaluate success and document risks 14 SOX Documentation Documentation of Processes Covers initiation, authorization, recording, processing, and reporting of transactions • Process Flowcharts • Policy Manuals • Accounting Manuals • Budget Guides Documentation of Controls Identify process risks and demonstrate appropriate control activities and measures • • • • Preventative / Detective Control Matrices If – Then Narratives Process Redesign Docs Are these current, complete, and readily available? 15 The COSO Framework Committee of Sponsoring Organization (COSO) has developed a framework for internal controls: Control Environment Risk Assessment Control Activities Information & Communication Monitoring • • Framework supported by the SEC and PCAOB Most popular framework in the United States 16 Types of Controls Less Effective Complex / Multi-step Single control Post-event controls Data analytics Manual control Most Effective Simple / Single-step Multiple controls Real-time controls Transaction monitoring Automated control What controls do you currently have in place? 17 The Use of Technology • • • • Enforce a consistent process for your meeting planning spend Automatically record a clear and comprehensive audit trail of all activities Provide evidence of compliance through built-in reports and notifications Increase planning and registration process efficiency 18 Technology Providers • Meeting planning checklists • Standardized RFPs • Meetings-sourcing databases • Attendee management • Preferred supplier flags • Company policy / best practices notification 19 Case Study Two • Highly documented policy and process • Extensive process controls on planning activities Robert • Uses Excel spreadsheets to track meetings • Manual RFP process • Uses automated online RFP process • Utilizes online resources to document planning steps • No formal preferred supplier policy • Policies developed ad-hoc and not documented Shelly Who is SOX compliant? 20 Opportunities Beyond SOX • • • • • Building a true end-to-end process Integration with Travel programs Increased process efficiency with technology Improved vendor relationships Strategic sourcing opportunities 21 Review Survey We asked 100 auditors: What type of documentation in the meeting planning area will help ease your concerns? 22 David Kaufman Partner Acquis Consulting Group 299 Broadway, 12th Floor New York, NY 10007 212.233.5677 23