Governance Rules and Expectations are Changing…what does this mean to your organization? CAUBO 2004 Brian G. Brown Director - Corporate Audit Services AGRICORE UNITED • Largest Agri-business in Western Canada • Established by merger of United Grain Growers Limited (UGG) and Agricore Cooperative in November 2001 • Listed on the Toronto Stock Exchange (“AU”) AGRICORE UNITED • 3 Core Businesses: Grain Handling, Crop Inputs (Retail), Livestock Services • 80 elevators, 200 retails, 10 feedmills, 4+ port terminals, 7 distribution centres, 8 special crops plants, 3 research facilities • Joint Ventures, Investments, Subsidiaries • Significant relationships with Scotiabank (Credit), Swiss Re (Risk Management), Archer Daniels Midland (Strategic Alliance) AGRICORE UNITED (2003) • • • • • • Sales $2.7 billion Revenue from Services $410 million Assets $1.6 billion Net Loss = $2.4 million Cash Flow from Operations $60 million 2500 Employees INSTITUTE OF INTERNAL AUDITORS • Global governing body for the practice of Internal Auditing • 93,000 members worldwide in 243 affiliates & chapters • 11 chapters in Canada with 4000 members • Professional Guidance including the Standards for the Professional Practice of Internal Auditing • Certification - CIA, CFSA, CGAP, CCSA What we are going to discuss today... • • • • • How did we get into this situation? What are the new Canadian regulations? Are there other Governance initiatives? What’s coming? How are Publicly-traded organizations responding? • What does this mean to Universities and other public institutions? • Are there any benefits? • Do the regulations really matter? History – Canada was a world leader: • MacDonald Commission - 1988 • TSX - “Where were the Directors?” - 1994 • COCO - 1995 – Other countries developed guidance: • Cadbury - UK • Treadway (COSO) - USA – Late 1990’s: • “5 Years to the Dey” - Canada • NYSE Blue Ribbon Commissions – Saucier Report (2001) Why the recent increase in interest in Corporate Governance? Boondoggle after Boondoggle (in the public and private sector) • Enron • Worldcom • Livent • Nortel • HRDC • Sponsorship Scandal THE PUBLIC HAS LOST CONFIDENCE! Sarbanes Oxley (SOX) - USA’s immediate response (January 2002) • Section 302 (CEO/CFO CERTIFICATION) • Section 404 - (INTERNAL CONTROL EVALUATION AND EXTERNAL AUDITOR ATTESTATION) • Effective November 15, 2004 or July 15, 2005 More patience in Canada……what should we do, if anything? • OSC Chair/TSX • Does Canada need President exchange tighter regulations? public correspondence • Business and various • Principles or rules? groups debate • Effect on smaller listed • Time-lines for companies? implementation What are the new Canadian Regulations…….(CSA/OSC)? • • • • • NI 51-102 - Continuous Disclosure NI 52-107 - Accounting Principles NI 52-108 - Auditor Oversight NI 52-109 - CEO/CFO Certification NI 52-110- Audit Committee KEY POINTS - 51-102 Continuous Disclosure: • New filing deadlines: – annual financial statements within 90 days of year-end (previously 140 days) – interim financial statements within 45 days of quarterend (previously 60 days) • Auditor Review: – Must disclose if no external auditor review of interim statements KEY POINTS - 52-107 Acceptable Accounting Principles and Auditing Standards • Public companies that are not SEC (USA) registrants – financial statements must be in accordance with Canadian GAAP – must be audited in accordance with Canadian GAAS KEY POINTS - 52-108 Auditor Oversight • Audit Report on public company financial statements: – prepared by an auditor registered with Canadian Public Accountability Board (CPAB) – auditor must be in compliance with CPAB KEY POINTS - 52-109 CEO/CFO Certification “Bare” Certification (now in effect) – quarterly certification of financial statements and MD & A – no misrepresentation or omission of material fact – fair representation (no GAAP reference) of: • financial condition • results of operations • cash flows KEY POINTS - 52-109 CEO/CFO Certification • Beginning with year-ends after January 1, 2005, additionally certify that: – designed disclosure controls (quarterly) – designed procedures and internal controls over financial reporting (quarterly) – evaluated the effectiveness of disclosure controls (annually) – reported changes in internal controls over financial reporting KEY POINTS - 52-109 CEO/CFO Certification…….clarifications • Certification of filings: – CEO & CFO must certify they have reviewed documents • No Misrepresentation: – based on their knowledge – disclosure and internal controls must be adequate to provide knowledge • Fair Presentation – based on their knowledge – present fairly in all material respects the financial condition, results of operations, and cash flows – present fairly goes beyond GAAP requirements KEY POINTS - 52-110 Audit Committees • • • • • • Applies commencing with Annual Meetings after July 1, 2004 written charter composition - independence, financial literacy external auditor relationship pre-approve all non-audit services procedures for receiving complaints and anonymous submissions concerning accounting, internal controls, or auditing matters (whistleblower rule) additional disclosure What other issues/initiatives are affecting governance? • • • • • • Shareholder activitism (eg. CCGG) CBCA Banking, insurance regulations Enterprise Risk Management Accounting guidelines Government scandals What’s Coming in the near future? OSC 58-201 Effective Corporate Governance (ED Period ended, currently under review) • Best Practices for effective governance – – – – – Board Composition, mandate, training, etc Code of Business Conduct and Ethics Nominations Compensation Board Assessment What’s Coming in the near future? • Certification of effectiveness of internal controls over financial reporting • External Auditor attestation (OSC Exposure Draft expected September 2003) Impact on publicly-traded organizations……………. Time, Cost, Distraction, Disclosure, Documentation…….. For what benefit? Impact on publicly-traded organizations……………. 4 key areas: 1. Certifications 2. Disclosure Procedures & Controls 3. Internal Controls over Financial Reporting 4. Whistleblowing Certifications • Establish sub-certification process involving key executives/officers/others – determine who will be involved – how often and when – format of the certificates • Certifying all key financial info being disclosed externally - it must be provided to the subcertifiers SHARING LIABILITY??? Certifications - Impact • Operating management more focused on financial reporting • Greater awareness of implications • Nervousness, uncertainty • Increased papertrail • Monitoring, review, and follow-up of the sign-offs • Increased Legal Dept involvement • Time and cost Disclosure Procedures and Controls What does this mean? • Provide reasonable assurance that.. – Required disclosure recorded, processed, summarized & reported on timely basis – such information is accumulated and communicated to management including the CEO & CFO • Information that underlies the “numbers”…. – – – – Significant contracts business developments workforce relationships legal proceedings Disclosure Procedures and Controls • • • • What do we need to do? Establish a Disclosure Committee Review current/existing practices for keeping “Corporate Office”/CEO/CFO up to date Review financial statement “closing” procedures Implement regular (eg. Quarterly) meetings between Disclosure Committee and key finance and operations management Disclosure Procedures and Controls • • • • • What do we need to do? Ensure continuous flow of communication from operating divisions to “corporate” Implement a “review process” for all relevant external disclosure - link to sub-certifications Document everything Minute meetings Develop an ongoing disclosure review process “evaluation” (eg. Internal Audit) Internal Controls over Financial Reporting What are these? • Provide reasonable assurance regarding reliability of financial reporting • effected by BOD, management, & other personnel • focus tends to be on “detective” controls - eg. Would fraud be caught? Internal Controls over Financial Reporting • Must certify that controls have been designed – How do you know? – How do you know if they are adequate? • Anticipated future certification that controls have been evaluated by management MAJOR PROJECT!! Identify, document, assess adequacy, evaluate effectiveness Internal Controls over Financial Reporting - Project Outline • Phase 1: Planning & Scoping – identify internal skills and resources – determine if external support is required and, if so, whom – establish a project team with mgmt support – develop training plan – develop project scope – select control framework (eg. COSO) Internal Controls over Financial Reporting - Project Outline • Phase 2: Risk Assessment and Prioritization – de-consolidate the financial statements – identify key processes that drive financial reporting – establish criteria for risk assessment (including materiality level) – evaluate the identified processes and risk rank (workshop approach) Internal Controls over Financial Reporting - Project Outline • Phase 3: Documentation of Controls – determine who is responsible for documentation vs review of processes – complete an inventory of existing documentation – establish schedules and deadlines – establish documentation protocol/format – train team leaders on documentation process – complete documentation, including Control Environment and Computer General Controls Internal Controls over Financial Reporting - Project Outline • Phase 4: Evaluation and Testing – review documentation and test controls for effectiveness • Phase 5: Identify & Correct Deficiencies – review identified issues and develop improvements – establish remediation plan and assign • Phase 6: Report on Controls – report results to CEO/CFO Whistleblowing • Audit Committee must ensure procedures are in place – method for employees and others to “safely” report concerns about financial reporting, fraud, etc. – determine who in the organization will be responsible for investigating and reporting – complaints must be tracked – investigation and follow-up documented – report statistics and significant issues to Audit Committee What about universities, public institutions, and other not-for profits? Pause…….. then get on with it…... Impact on universities and other public organizations….. • Private - sector regulations will become “best practices” • Stakeholders will expect all organizations to have implemented many of these requirements • The public will be less tolerant to financial errors/mis-statements, scandals, surprises, etc. All this work….. Are there benefits beyond compliance? All this work……are there any benefits? • Increased management awareness of responsibilities for internal controls • Potential operational process improvement • Improved internal communications • Deterrent to fraud • Less surprises Increased Public Confidence…..maybe Will these initiatives matter? Rules, regulations, structures, documentation, certification, reporting will help but…... Nothing matters more than INTEGRITY Governance Rules and Expectations are Changing…what does this mean to your organization? CAUBO 2004 Brian G. Brown Director - Corporate Audit Services Questions? Comments?