Bernard Szlachta: /* SOX of 2002 Sections ⌘ */

2012-11-25T09:40:47Z

SOX of 2002 Sections ⌘

New page

{{Cat|OCEB B200.5 - Quality and GRC}}
{{OCEB Links}}

<slideshow style="nobleprog" headingmark="⌘" incmark="…" scaled="false" font="Trebuchet MS" >
;title: SOX
;author: Bernard Szlachta (NobleProg Ltd)
</slideshow>

== Sarbanes-Oxly Act ⌘==
* Response to Enron and Worldcom
* Protests shareholders by putting more restrictions on the management and transparency on financial reporting
* Effects only Publicly traded companies
* More '''rule-based''' (as oppose to '''principles-based'''

== SOX three key principles ⌘==
* Integrity
** Integrity in finacial records (complete and representative)
* Reliability
** Information reported is reliable and accurate
* Accountability
** Corporate executives are answerable for breaches of information integrity and reliability.

== SOX Compliance ⌘==
* all publicly traded companies in the US
* whole-owned subsidiaries of a US corporation
* Non-US companies publicly traded on US markets through American Depository Receipts (ADR)

=== Compliance requirements ⌘===
* information is valid and truthful
* CEO and CFO verify the data and accept accountability for any errors
* companies maintain accoutting framework (includes internal control)
* executives assume responsibility for the establishment and maintainance of the framework

== Consequences of noncomplainace ⌘==
* CEO is responsible
* CEO and CFO are liable to financial penalties and potential incarceration
* Not wilful deceit: 1mln and up-to 10 years in prison
* Intentional wrongdoing: $5mln, up to 20 years in prison

== SOX of 2002 Sections ⌘==
; Section 201 - Audit Firm Conflict of Interest, No Consulting Except Tax
* Consulting was more profitable than auditing services
* Response to Arthur Andersen
* PWC sold consulting division to IBM
;Section 203 - Five-Year Rotation of Audit Forms
: One company checks the accounts of another
; Section 204 - Auditor Reports to Audit Committee of Board
: Auditors finding should not be buried at lower levels of an organization
; Section 206 - CXO Conflict of Interest, One Year Removed from Audit Firm
: Removed a common practise of auditors jumping to their clients

== SOX of 2002 Sections ⌘==
; Section 302 - CEO and CFO Liable for Certifying Financial Results
: CEO cannot use ignorance as an excuse
; Section 306 - No Insider Trading During Blackout Period
: prevents executives from trading shares based on insider information not available to other shareholders
; Section 401 - Off-Balance-Sheet (OBS) Obligations and special Purpose Entities (SPEs)
: prevents companies to hide financial losses
; Section 402 - No Personal Loans to Executives
: Personal Loans are not tax (it is not an income)
; Section 403 - 48-Hour Notice of Executive Stock Transactions
: prevents backdating stock options
: before, companies did not have to declare option grants for weeks

== SOX of 2002 Sections ⌘==
; Section 404 - Internal Control Attestation
: most controversial
: controversy comes with interpretation (see Audit Standard Number 2 - PCAOB AS2)
: AS2 has been created as a part of SOX
: see more TODO put link here
; Section 409 - Real-Time Disclosure of Material Changes
: timely notification of material events
; Section 806 - Whistle-Blower Protection
: removes excuses for remaining silent when fraud is dectected
; Title VIII and Title IV - Five-Year Data Retention by Auditors and Hard Jail Time ==
: destroying data can result in jail term

== Section 401 Requirements ⌘==
# "Listing of off-balance-sheet (OBS) arrangements, transation and obligations (including contingent obligations) that may have a material effect, current or future on:
#* Financial conditions
#* Changes in financial results in operations
#* Liquidity capital expenditures
#* Capital resources
#* Significant components
#* Revenues
#* Expenses
# Disclosure of "the nature and business purpose of the OBS arrangements, why and how they are needed in running a business"

== Section 404 ⌘==
* Internal controls include:
** policies
** procedures
** training programs
** other processes beyond financial control
* Internal controls also include:
** "the safeguarding of assets against unauthorized acquisition, use, or disposition"
** companies need to document and test the adequacy of these internal process controls as well
* SEC used COSO for understanding of internal controls
* COSO defines internal control as 2 a process, affected by and entity's BoD, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the categories:
** Effectiveness and efficiency of operations
** Reliability of financial reporting
** Compliance with applicable laws and regulations
* Some claim that COSO ERM framework is outdated

== Section 409 Details ⌘==
* "real-time issuer disclosure.. on a rapid and current basis"
* reporting of material events, which affects financials reporting
* timely and real-time = '''four days'''
* uses 8-K form via EDGAR

;Events requiring reporting:
* change in control, significant acquisition or a bankruptcy
* entry or termination of a material agreement not made in the ordinary course of business
* termination or reduction of a business relationship with a customer that constitutes a specified amount of the revenues
* creation of a direct or contingent financial obligation material to the company
* events triggering a direct or contingent financial obligation material to the company (including default or acceleration of an obligation)
* exit activities (including material write-off or restructuring)
* any material impairment
* change in a rating agency decision, issuance of a credit watch, or change in a company outlook
* changing listing status (moving exchange, de-listing, etc...)
* changes in the status of previously issued audit report
* material limitations, restrictions or prohibitions (lockout periods, employee benefit, retirement and stock ownership plans)

SOX - Revision history

Bernard Szlachta: /* SOX of 2002 Sections ⌘ */