Internal Controls over Financial Reporting

advertisement
Governance Rules and
Expectations are
Changing…what does this mean
to your organization?
CAUBO 2004
Brian G. Brown
Director - Corporate Audit Services
AGRICORE UNITED
• Largest Agri-business in Western Canada
• Established by merger of United Grain
Growers Limited (UGG) and Agricore
Cooperative in November 2001
• Listed on the Toronto Stock Exchange
(“AU”)
AGRICORE UNITED
• 3 Core Businesses: Grain Handling, Crop
Inputs (Retail), Livestock Services
• 80 elevators, 200 retails, 10 feedmills, 4+
port terminals, 7 distribution centres, 8
special crops plants, 3 research facilities
• Joint Ventures, Investments, Subsidiaries
• Significant relationships with Scotiabank
(Credit), Swiss Re (Risk Management),
Archer Daniels Midland (Strategic Alliance)
AGRICORE UNITED (2003)
•
•
•
•
•
•
Sales $2.7 billion
Revenue from Services $410 million
Assets $1.6 billion
Net Loss = $2.4 million
Cash Flow from Operations $60 million
2500 Employees
INSTITUTE OF INTERNAL
AUDITORS
• Global governing body for the practice of
Internal Auditing
• 93,000 members worldwide in 243 affiliates
& chapters
• 11 chapters in Canada with 4000 members
• Professional Guidance including the
Standards for the Professional Practice of
Internal Auditing
• Certification - CIA, CFSA, CGAP, CCSA
What we are going to discuss today...
•
•
•
•
•
How did we get into this situation?
What are the new Canadian regulations?
Are there other Governance initiatives?
What’s coming?
How are Publicly-traded organizations
responding?
• What does this mean to Universities and other
public institutions?
• Are there any benefits?
• Do the regulations really matter?
History
– Canada was a world leader:
• MacDonald Commission - 1988
• TSX - “Where were the Directors?” - 1994
• COCO - 1995
– Other countries developed guidance:
• Cadbury - UK
• Treadway (COSO) - USA
– Late 1990’s:
• “5 Years to the Dey” - Canada
• NYSE Blue Ribbon Commissions
– Saucier Report (2001)
Why the recent increase in interest in
Corporate Governance?
Boondoggle after Boondoggle
(in the public and private sector)
• Enron
• Worldcom
• Livent
• Nortel
• HRDC
• Sponsorship Scandal
THE PUBLIC HAS LOST
CONFIDENCE!
Sarbanes Oxley (SOX) - USA’s immediate
response (January 2002)
• Section 302 (CEO/CFO CERTIFICATION)
• Section 404 - (INTERNAL CONTROL
EVALUATION AND EXTERNAL AUDITOR
ATTESTATION)
• Effective November 15, 2004 or July 15, 2005
More patience in Canada……what should
we do, if anything?
• OSC Chair/TSX
• Does Canada need
President exchange
tighter regulations?
public correspondence
• Business and various
• Principles or rules?
groups debate
• Effect on smaller listed
• Time-lines for
companies?
implementation
What are the new Canadian
Regulations…….(CSA/OSC)?
•
•
•
•
•
NI 51-102 - Continuous Disclosure
NI 52-107 - Accounting Principles
NI 52-108 - Auditor Oversight
NI 52-109 - CEO/CFO Certification
NI 52-110- Audit Committee
KEY POINTS - 51-102 Continuous
Disclosure:
• New filing deadlines:
– annual financial statements within 90 days of year-end
(previously 140 days)
– interim financial statements within 45 days of quarterend (previously 60 days)
• Auditor Review:
– Must disclose if no external auditor review of interim
statements
KEY POINTS - 52-107 Acceptable
Accounting Principles and Auditing
Standards
• Public companies that are not SEC (USA)
registrants
– financial statements must be in accordance with
Canadian GAAP
– must be audited in accordance with Canadian
GAAS
KEY POINTS - 52-108 Auditor Oversight
• Audit Report on public company financial
statements:
– prepared by an auditor registered with
Canadian Public Accountability Board (CPAB)
– auditor must be in compliance with CPAB
KEY POINTS - 52-109 CEO/CFO
Certification
“Bare” Certification (now in effect)
– quarterly certification of financial statements
and MD & A
– no misrepresentation or omission of material
fact
– fair representation (no GAAP reference) of:
• financial condition
• results of operations
• cash flows
KEY POINTS - 52-109 CEO/CFO
Certification
• Beginning with year-ends after January 1,
2005, additionally certify that:
– designed disclosure controls (quarterly)
– designed procedures and internal controls over
financial reporting (quarterly)
– evaluated the effectiveness of disclosure
controls (annually)
– reported changes in internal controls over
financial reporting
KEY POINTS - 52-109 CEO/CFO
Certification…….clarifications
• Certification of filings:
– CEO & CFO must certify they have reviewed
documents
• No Misrepresentation:
– based on their knowledge
– disclosure and internal controls must be
adequate to provide knowledge
• Fair Presentation
– based on their knowledge
– present fairly in all material respects the financial
condition, results of operations, and cash flows
– present fairly goes beyond GAAP requirements
KEY POINTS - 52-110 Audit Committees
•
•
•
•
•
•
Applies commencing with Annual Meetings after
July 1, 2004
written charter
composition - independence, financial literacy
external auditor relationship
pre-approve all non-audit services
procedures for receiving complaints and
anonymous submissions concerning accounting,
internal controls, or auditing matters
(whistleblower rule)
additional disclosure
What other issues/initiatives are affecting
governance?
•
•
•
•
•
•
Shareholder activitism (eg. CCGG)
CBCA
Banking, insurance regulations
Enterprise Risk Management
Accounting guidelines
Government scandals
What’s Coming in the near future?
OSC 58-201 Effective Corporate Governance
(ED Period ended, currently under review)
• Best Practices for effective governance
–
–
–
–
–
Board Composition, mandate, training, etc
Code of Business Conduct and Ethics
Nominations
Compensation
Board Assessment
What’s Coming in the near future?
• Certification of effectiveness of internal
controls over financial reporting
• External Auditor attestation
(OSC Exposure Draft expected
September 2003)
Impact on publicly-traded
organizations…………….
Time, Cost, Distraction,
Disclosure, Documentation……..
For what benefit?
Impact on publicly-traded
organizations…………….
4 key areas:
1. Certifications
2. Disclosure Procedures & Controls
3. Internal Controls over Financial Reporting
4. Whistleblowing
Certifications
• Establish sub-certification process involving key
executives/officers/others
– determine who will be involved
– how often and when
– format of the certificates
• Certifying all key financial info being disclosed
externally - it must be provided to the subcertifiers
SHARING LIABILITY???
Certifications - Impact
• Operating
management more
focused on financial
reporting
• Greater awareness of
implications
• Nervousness,
uncertainty
• Increased papertrail
• Monitoring, review,
and follow-up of the
sign-offs
• Increased Legal Dept
involvement
• Time and cost
Disclosure Procedures and Controls
What does this mean?
• Provide reasonable assurance that..
– Required disclosure recorded, processed, summarized
& reported on timely basis
– such information is accumulated and communicated to
management including the CEO & CFO
• Information that underlies the “numbers”….
–
–
–
–
Significant contracts
business developments
workforce relationships
legal proceedings
Disclosure Procedures and Controls
•
•
•
•
What do we need to do?
Establish a Disclosure Committee
Review current/existing practices for keeping
“Corporate Office”/CEO/CFO up to date
Review financial statement “closing”
procedures
Implement regular (eg. Quarterly) meetings
between Disclosure Committee and key
finance and operations management
Disclosure Procedures and Controls
•
•
•
•
•
What do we need to do?
Ensure continuous flow of communication from
operating divisions to “corporate”
Implement a “review process” for all relevant
external disclosure - link to sub-certifications
Document everything
Minute meetings
Develop an ongoing disclosure review process “evaluation” (eg. Internal Audit)
Internal Controls over Financial
Reporting
What are these?
• Provide reasonable assurance
regarding reliability of financial
reporting
• effected by BOD, management, &
other personnel
• focus tends to be on “detective”
controls - eg. Would fraud be caught?
Internal Controls over Financial
Reporting
• Must certify that controls have been
designed
– How do you know?
– How do you know if they are adequate?
• Anticipated future certification that controls
have been evaluated by management
MAJOR PROJECT!!
Identify, document, assess adequacy,
evaluate effectiveness
Internal Controls over Financial
Reporting - Project Outline
• Phase 1: Planning & Scoping
– identify internal skills and resources
– determine if external support is required and, if
so, whom
– establish a project team with mgmt support
– develop training plan
– develop project scope
– select control framework (eg. COSO)
Internal Controls over Financial
Reporting - Project Outline
• Phase 2: Risk Assessment and
Prioritization
– de-consolidate the financial statements
– identify key processes that drive financial
reporting
– establish criteria for risk assessment (including
materiality level)
– evaluate the identified processes and risk rank
(workshop approach)
Internal Controls over Financial
Reporting - Project Outline
• Phase 3: Documentation of Controls
– determine who is responsible for
documentation vs review of processes
– complete an inventory of existing
documentation
– establish schedules and deadlines
– establish documentation protocol/format
– train team leaders on documentation process
– complete documentation, including Control
Environment and Computer General Controls
Internal Controls over Financial
Reporting - Project Outline
• Phase 4: Evaluation and Testing
– review documentation and test controls for
effectiveness
• Phase 5: Identify & Correct Deficiencies
– review identified issues and develop
improvements
– establish remediation plan and assign
• Phase 6: Report on Controls
– report results to CEO/CFO
Whistleblowing
• Audit Committee must ensure procedures
are in place
– method for employees and others to “safely”
report concerns about financial reporting,
fraud, etc.
– determine who in the organization will be
responsible for investigating and reporting
– complaints must be tracked
– investigation and follow-up documented
– report statistics and significant issues to Audit
Committee
What about universities, public
institutions, and other not-for
profits?
Pause……..
then get on with it…...
Impact on universities and other public
organizations…..
• Private - sector regulations will become
“best practices”
• Stakeholders will expect all organizations to
have implemented many of these
requirements
• The public will be less tolerant to financial
errors/mis-statements, scandals, surprises,
etc.
All this work…..
Are there benefits beyond
compliance?
All this work……are there any benefits?
• Increased management awareness of
responsibilities for internal controls
• Potential operational process improvement
• Improved internal communications
• Deterrent to fraud
• Less surprises
Increased Public Confidence…..maybe
Will these initiatives matter?
Rules, regulations, structures,
documentation, certification,
reporting will help but…...
Nothing matters more than
INTEGRITY
Governance Rules and
Expectations are
Changing…what does this mean
to your organization?
CAUBO 2004
Brian G. Brown
Director - Corporate Audit Services
Questions?
Comments?
Download