september 2002

September 2002

Corporate Governance: Can You Afford To Wait?

The information provided here is of a general nature and is not intended to address the specific circumstances of any individual or entity.©2002 KPMG LLP, the U.S. member firm of KPMG International, a Swiss association. All rights reserved.

A U D I T C O M M I TT E E

I N S T I T U T E

2

Accounting and legal perspectives on the Sarbanes-Oxley Act of 2002

Houston DallasEric Blumrosen Randy Ray

Partner, Gardere Wynne Sewell LLP Partner, Gardere Wynne Sewell LLP

[email protected] [email protected]

Clyde Pehl Glen Davison

Partner, KPMG LLP Partner, KPMG [email protected] [email protected]


I N S T I T U T E

3

Corporate Governance: Can You Afford To Wait?Sarbanes-Oxley Act of 2002

Corporate Responsibility for Financial Reports (302)

Final rules adopted by SEC on August 27 and released August 29 (33-8124)

Certifications must be in all annual and quarterly reports, including annual and quarterly reports of small business issuers and annual reports of foreign private issuers.

Statements involving disclosure controls and procedures and internal controls required as part of certifications only with respect to reports that cover periods ending on or after August 29, 2002.

Certifications will follow report signatures

Adds new Item 307 to Regulation S-K regarding controls and procedures


I N S T I T U T E

4



Rule 13a-14 and Rule 15d-14

* * * * (b) The certification included in each report specified in paragraph (a)

of this section must be in the form specified in the report and consist of a statement of the certifying officer that:

– (1) He or she has reviewed the report being filed;

– (2) Based on his or her knowledge, the report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by the report;

– (3) Based on his or her knowledge, the financial statements, and other financial information included in the report, fairly present in all material respects the financial condition, results of operations and cash flows of the issuer as of, and for, the periods presented in the report;


I N S T I T U T E

5


Corporate Responsibility for Financial Reports (302), continued

(4) He or she and the other certifying officers are responsible for establishing and maintaining disclosure controls and procedures (as such term is defined in paragraph (c) of this section) for the issuer and have:

– (i) Designed such disclosure controls and procedures to ensure that material information relating to the issuer, including its consolidated subsidiaries, is made known to them by others within those entities, particularly during the period in which the periodic reports are being prepared;

– (ii) Evaluated the effectiveness of the issuer's disclosure controls and procedures as of a date within 90 days prior to the filing date of the report ("Evaluation Date"); and

– (iii) Presented in the report their conclusions about the effectiveness of the disclosure controls and procedures based on their evaluation as of the Evaluation Date;


I N S T I T U T E

6



(5) He or she and the other certifying officers have disclosed, based on their most recent evaluation, to the issuer's auditors and the audit committee of the board of directors (or persons fulfilling the equivalent function):

– (i) All significant deficiencies in the design or operation of internal controls which could adversely affect the issuer's ability to record, process, summarize and report financial data and have identified for the issuer's auditors any material weaknesses in internal controls; and

– (ii) Any fraud, whether or not material, that involves management or other employees who have a significant role in the issuer's internal controls; and

(6) He or she and the other certifying officers have indicated in the report whether or not there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their most recent evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses.


I N S T I T U T E

7



Final SEC Regulations Adopted

Disclosure controls and procedures

– Designed to ensure required information is recorded, processed, summarized and reported timely

– Complements existing internal controls over financial reporting by ensuring commensurate procedures for gathering, analyzing and disclosing all information required to be disclosed in Exchange Act reports

– Should capture information that is relevant to an assessment of the need to disclose developments and risks to issuer’s business


I N S T I T U T E

8



Regulation S-K

Item 307 Controls and Procedures.

(a) Evaluation of disclosure controls and procedures. Disclose the conclusions of the registrant’s principal executive officer or officers and principal financial officer or officers, or persons performing similar functions, about the effectiveness of the registrant’s disclosure controls and procedures (as defined in 240.13a-14(c) and 240.15d-14(c)) based on their evaluation of these controls and procedures as of a date within 90 days of the filing date of the quarterly or annual report that includes the disclosure required by this paragraph.

(b) Changes in internal controls. Disclose whether or not there were significant changes in the registrant’s internal controls or in other factors that could significantly affect these controls subsequent to the date of their evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses.


I N S T I T U T E

9


Corporate Responsibility for Financial Reports (302),

continued

Section 906 also has a certification requirement for CEOs and CFOs

“the periodic report containing the financial statements fully complies with the requirements of section 13(a) or section 15(d) of the Securities Exchange Act of 1934 . . . and that information contained in the periodic report fairly presents, in all material respects, the financial condition and results of operations of the issuer.”

Effective July 30, 2002

Appears to apply only to annual and quarterly reports (especially given final SEC rules on Section 302 certifications)


I N S T I T U T E

10



Section 906 also has a certification requirement for CEOs and CFOs

Criminal penalties—

– If officer certifies knowing that the report does not comport with all the requirements in the certification, penalties of not more than $1 million fine or prison for not more than 10 years, or both

– If officer willfully certifies knowing that the report does not comport with all the requirements in the certification, penalties of not more than $5 million fine or prison for not more than 20 years, or both

Given final SEC rules on Section 302 certifications, placement should probably follow Section 302 certifications after report signatures


I N S T I T U T E

11


Audit Committee Defined

A committee (or equivalent body) established by and amongst the board of directors of an issuer for the purpose of overseeing –

the accounting and financial reporting processes of the issuer; and

audits of the financial statements of the issuer.


I N S T I T U T E

12


Public Company Audit Committee (301)

Audit Committee is “directly responsible for the appointment, compensation and oversight” of the auditor

– Audit Committee responsible for resolving disagreements between management and the auditor regarding financial reporting

– Auditor reports directly to the audit committee


I N S T I T U T E

13


Public Company Audit Committee (301), continued

Act establishes independence definition for audit committee members

– No fees to members other than for board service

– May not be an “affiliated person” of the issuer or any subsidiary

– NYSE proposal matches this tightened definition


I N S T I T U T E

14


Public Company Audit Committee (301), continued

Audit Committees to establish protocol to address “whistle blower” communications

– Receipt, retention and treatment of complaints to Company regarding accounting, internal controls, or auditing matters

– Confidential and anonymous submissions by employees of concerns regarding questionable accounting or auditing matters

Must have authority and funding to engage independent counsel and outside advisors


I N S T I T U T E

15


Disclosure of Audit Committee Financial Expert (407)

SEC to require disclosure that the audit committee has at least 1 financial expert, or if not, why not

Financial expert to be defined by the SEC considering the following elements

– Public Accountant or Auditor

– CFO, Controller, CAO or similar

– Understanding of GAAP and financial statements

– Experience in

• Preparation or auditing of financial statements of similar issuers

• Accounting for estimates, accruals and reserves

• Internal controls

– An understanding of Audit Committee functions


I N S T I T U T E

16


Non-Audit Services (201-202)

– Act reaffirms that firms can provide tax and other non-audit services that are not “prohibited”

– Unlawful for firms to provide audit clients “Prohibited Services” and “any other service Audit Committee has not approved in advance”

– De minimus exception

– Audit Committee must preapprove all permissible non-audit services and disclose approval in periodic reports


I N S T I T U T E

17


The Act identifies eight categories of “Prohibited Activities” (201)

Bookkeeping and related services

Financial information systems

Appraisals & valuations

Actuarial services

Internal audit outsourcing

Management functions or human resources

Broker, dealer or investment advisor services

Legal services & expert services

In addition, the Board may adopt regulations prohibiting other services


I N S T I T U T E

18


The Act established the Public Company Accounting Oversight Board to oversee audits of companies subject to securities laws and other matters

The board is a nonprofit D.C. corporation

Not an agency of U.S. Government

Board Structure and Policies

Consists of five members appointed by SEC

– In consultation with Secretary of Treasury and Chairman of Federal Reserve Board

– Two (but no more than two) of five Board members must be CPA’s

– All members serve on a full time basis

– Members’ terms in office are for 5 years (limited to two terms)


I N S T I T U T E

19


Duties of the Board are to (101):

Oversee the audit of public companies

Register public accounting firms that prepare audit reports for SEC issuers

Establish or adopt auditing, quality control, ethics, independence and other standards related to the preparation of audit reports


I N S T I T U T E

20


Duties of the Board are to (continued) (101):

Conduct inspections of registered public accounting firms

Conduct investigations and disciplinary proceedings involving registered public accounting firms and associated members and, where justified, impose sanctions


I N S T I T U T E

21


Employment of auditing firm personnel (206)

– Unlawful for registered public accounting firm to perform an audit if the company’s CEO, CFO, CAO, Controller (or equivalent) was employed by the audit firm and participated in the company’s audit during the 1- year period preceding the date of initiation of the current audit


I N S T I T U T E

22


Management Assessment of Internal Controls (404)

Annual report must contain a report from management on internal control that

– States management’s responsibility for establishing and maintaining an adequate internal control structure and procedures for financial reporting

– Contains an assessment of the effectiveness of internal control related to financial reporting

External auditor to attest to management's assertion concerning its assessment of internal control as part of audit

Exemption for investment companies registered under section 8 of 1940 Investment Company Act


I N S T I T U T E

23

Corporate Governance: Can You Afford to Wait?Sarbanes-Oxley Act of 2002

Rules of Professional Responsibility for Attorneys (307)

• Requires attorney to report evidence of following to chief legal counsel or CEO:

- a “material violation of securities laws” or

- a “breach of fiduciary duty or similar violation by the company or an agent

• If there is not an appropriate response, attorney must report the evidence to the audit committee, another committee composed of independent directors, or the full board

• Applies to attorneys “appearing and practicing before the Commission in any way in the representation of issuers”

• Not effective until SEC adopts implementing rules

- Will not know full impact until rules are adopted

- Final rules are required by January 26, 2003


I N S T I T U T E

24


Disclosure in Periodic Reports (401)

GAAP financial statements required in financial reports filed with the SEC must reflect all material correcting adjustments identified by a registered public accounting firm

Annual and quarterly financial reports must disclose all material off-balance sheet transactions, arrangements, obligations, and other relationships with unconsolidated entities or other persons that have a material current or future effect (—subject to new SEC rules)

Pro forma financial information included in any periodic or other report filed with SEC, or in other public disclosure or press or other release, must be presented in a manner that—

– does not contain an untrue statement of a material fact or omit to state a material fact necessary in order to make the pro forma financial information, in light of the circumstances under which it is presented, not misleading; and

– reconciles it with the financial condition and results of operations of the issuer under GAAP

– (—subject to new SEC rules)


I N S T I T U T E

25


Other provisions

SEC to review company filings on a regular basis, but at least every 3 years (408)

“Real Time” disclosure of material changes in financial condition required (409)


I N S T I T U T E

26


Disclosures of Transactions Involving Management and Principal Stockholders (403)

Final rules adopted by SEC on August 27 and released August 29

Effects stock transactions by directors, executive officers, and 10% stockholders

Transactions must be reported in two business days

– Replaces old 10th day of following month

– Must be received by SEC on second business day after transaction

All transactions with the issuer must now be reported on Form 4 (instead of Form 5)

Electronic filing will not be required until July 30, 2003, but encouraged in order to meet quick filing deadline


I N S T I T U T E

27

The new criminal sanctions for actions by public companies, their management, or their directors under Sarbanes-Oxley

Thomas Hagemann

Partner, Gardere Wynne Sewell LLP

[email protected]


I N S T I T U T E

28

A public company perspective on Sarbanes-Oxley

Houston

Greg Armstrong,

Chairman and CEO

Plains All American Pipeline L.P.

Dallas

Edward W. Rose,

President

Cardinal Investment Company, Inc.


I N S T I T U T E

29

An open discussion among the panel and audience of Sarbanes-Oxley and corporate

governance issues faced by public companies, management and directors.

Moderated by

Edward Rhyne

Partner, Gardere Wynne Sewell LLP

[email protected]

september 2002

Documents