SOX 404(b): A Practical Approach for Smaller Public Companies

July 30, 2009

Guy M. GrossPartnerMcGladrey & Pullen LLP

Michael HartleyPartner McGladrey & Pullen LLP

Eileen A. KamerickSVP, CFO, and Chief Legal Officer Tecta America Corp.

Robert J. WildPartner, CorporateKatten Muchin Rosenman LLP

2

Meet our Speakers

• Michael Hartley, Partner, McGladrey & Pullen LLP

• Guy Gross, Partner, McGladrey & Pullen LLP

• Bob Wild, Partner, Katten Muchin Rosenman LLP

• Eileen Kamerick, SVP, CFO and Chief Legal Officer, Tecta America Corp.

Overview

3

Auditor Attestation

• What can you expect from your Independent Auditor?

• What involvement should Audit Committee have?

• What were some of the lessons learned from initial ICFR attestation?

Overview

4

Effectiveness of Section 302

Source: Lord & Benoit SOX Consulting Firm www.section404.org using AuditAnalytics.

Implementation

5Source: Lord & Benoit www.section404.org and AuditAnalytics www.auditanalytics.com

Implementation

6

17.6%101Accounting for deferred, stock based compensation, debt, warrants, derivatives

5.0%29Restatements, regulatory compliance

5.2%30Accounting for income taxes (SFAS 109)

8.2%47Accounting for expenses (payroll, SG&A, leases)

10.3%59Controls over inventory/cost of sales

10.4%60Controls over property, intangibles and depreciation

10.8%62Revenue recognition issues

11.3%65Accounting for Liabilities, payable, reserves and accrual estimates

13.2%76Accounting for Accounts/loans receivable, investments cash issues

13.9%80Untimely or inadequate account reconciliations

16.2%93Foreign, related party, affiliate, merger, acquisition, consolidation issues

16.7%96General ledger close process

19.1%110Audit Committee – Ineffective, non-existent or understaffed

20.5%118Information technology, software, security & access issues

33.4%192Reliance on outside auditors for material adjustments

54.1%311Ineffective design of controls not mitigated with compensating controls

68.5%394Departures from FASB/GAAP/Disclosures

78.1%449Issues with competency, training, tone at top, ethics

96.5%555Ineffective accounting procedures

% of Companies

Companies DisclosingMaterial Weaknesses Issue

Material Weaknesses Identified Management Report Disclosures

Disclosures Note: this table provides a list of issues identified by the 575 companies that disclosed in their Management Report that their Internal Controls over Financial Reporting (ICFRs) were ineffective. Because some disclosures identify more than one material weakness, the same company can be listed for more than one issue. As a result, the aggregate of percentages displayed above is over 100%. Source: Lord & Benoit www.section404.org using AuditAnalytics Peer Group Builder

Implementation

7

Characteristics of a Smaller Public Company• Personnel constraints and limitations on segregation

of duties

• Potential for management override of controls

• Manual controls versus automated controls

• Less complex IT transaction processing systems

Implementation

8

Utilization of COSO’s Guidance for Smaller Public CompaniesEntity Level Controls

• Implementation of and reliance on entity level controls

• Use of entity level controls to mitigate other potential control deficiencies

• Use of operating controls as internal controls

• Audit committee oversight

Implementation

9

Utilization of COSO’s Guidance for Smaller Public CompaniesIT controls in a less complex environment

• Concentrate on security, access, and change management IT controls

• Only identify those controls that impact the financial reporting process

COSO’s guidance for smaller reporting companies can be purchased at www.cpa2biz.com

Implementation

10

Working With Your External Auditor

• Identification of controls within the financial reporting process only

• Know your risks, get concurrence on risks and how it impacts the financial statement audit

• Utilization of control testing to reduce substantive audit testing

Implementation

11

Oversight Responsibilities

• Integrity of Internal Control over Financial Reporting (ICFR)• Manage the interaction of management, internal audit and

external auditor related to ICFR• Selection, Qualification and Performance of internal audit

function• Understand from management the internal control

environment and framework for management’s assessment• Understand external auditor audit plan for attestation on ICFR• Review any material weaknesses, significant deficiencies, and

deficiencies with external auditor and management• Address whistleblower complaints related to ICFR

Corporate Governance

12

ICFR Fundamentals

Exchange Act definition of ICFR“The term internal control over financial reporting is definedas a process designed by, or under the supervision of, the issuer's principal executive and principal financial officers, or persons performing similar functions, and effected by the issuer's board of directors, management and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles and includes those policies and procedures that....” (Exchange Act Rule 13a-15(f))

Corporate Governance

13

ICFR Fundamentals (continued)

SOX 302 CEO and CFO Certification5. The registrant's other certifying officer(s) and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant's auditors and the audit committee of the registrant's board of directors (or persons performing the equivalent functions): All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the registrant's ability to record, process, summarize and report financial information; and Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant's internal control over financial reporting. (SK 601(b)(31))

Definition of Financial ExpertIncludes as to ICFR“An understanding of internal control over financial reporting...” (SK 407(d)(5)(iii)(D))

Corporate Governance

14

ICFR Fundamentals (continued)

Listing Standards Relating to ICFR Responsibilities of Audit Committees• Complaints. Each audit committee must establish

procedures for:

– The receipt, retention, and treatment of complaints received by the listed issuer regarding accounting, internal accounting controls, or auditing matters; and

– The confidential, anonymous submission by employees of the listed issuer of concerns regarding questionable accounting or auditing matters.

(Exchange Act Rule 10A-3(b)(3))

Corporate Governance

15

ICFR related Audit Committee Charter Provisions(from the AC Charter of NASDAQ OMX (NASDAQ:NDAQ)

Statement of PolicyThe primary function of the Audit Committee is to assist the Board of Directors in fulfilling its oversight responsibilities by reviewing the financial information, which will be provided to the shareholders and others, the systems of internal controls, which management and the Board of Directors have established, and the NASDAQ OMX Group’s audit, financial reporting and the legal and compliance process.

Corporate Governance

16

AC Charter Provisions (Continued)

Responsibilities and Processes3. The Committee shall discuss with the internal auditors and the independent auditors the overall scope and plans for their respective audits including the adequacy of staffing, compensation, and resources. Also, the Committee shall discuss with management, the internal auditors, and the independent auditors the adequacy and effectiveness of the NASDAQ OMX Group’s internal controls, including systems to monitor and manage business risk, and legal and ethical compliance programs and financial reporting. Further, the Committee shall meet separately with the internal auditors and the independent auditors, with and without management present, to discuss the results of their examinations. The internal auditors shall report directly to the Committee and have free and open access to information deemed necessary by them to perform their assessments. The Committee shall provide oversight over the system of internal controls, relying upon management's and the internal and independent auditor’s representations and assessments of the controls.

Corporate Governance

17

AC Charter Provisions (Continued)

Responsibilities and Processes

7. The Committee shall have responsibility for, and oversight of, a confidential and anonymous process and procedures for the receipt, retention and treatment of submissions regarding accounting, internal accounting controls or audit matters. All such relevant submissions must be reported to the Committee.

Corporate Governance

18

Audit Committee Liability Considerations • Fiduciary Duty

• Business Judgment Rule protections

– lack of conflict of interest

– good faith

– due care

Corporate Governance

19

Initial Stage in 2004

• First year of 404 implementation for accelerated filers—chaotic and expensive

• Audit fees tripled (or more)• Very little certainty on how to apply the new rules—

external auditors had very different approaches• PCAOB newly formed and just beginning to get a

handle on the 404 process• Not clear how much external auditor could “assist” the

company in complying with 404 or even discussing how to meet the requirements

CFO Perspective

20

Initial Stage in 2004 (continued)

• Heavy focus on documentation

• IT controls became focus as process mapping comes to the fore and many controls were IT based—particularly when segregation of duties issues involved

• Management assessment and auditor’s assessment of management’s assessment were separate and distinct from the audit process—cumbersome

• Record number of restatements—Wall Street shrugged it off—is that good?

CFO Perspective

21

Evolution of 404

• What has changed/improved?

• External audit fees have come down—perhaps not enough, but have moderated

• AS 5—focus on integrated audit—much more productive

• Greater reliance on management assertion and testing by internal audit

CFO Perspective

22

Evolution of 404 (continued)

• Number of restatements for immaterial matters has moderated

• ICFR is now the job of not just the CFO/internal audit but also the CEO—attestation by CEO and focus of the Board

• More companies fail 404 for tax control issues (particularly following implementation of Fin 48) than any other issue

CFO Perspective

23

Benefits and Limitations of 404

• Better controlled companies generally perform better

• Helps companies identify risks and control issues to design risk mitigation and internal audit programs

• 404 only “backward looking” and not effective enterprise risk management tool

– focus limited to accounting fraud and integrity of financials

– no protection from overinvestment in the housing segment and the current economic crisis

CFO Perspective

24

Skillsets of Audit Committee

• Difficult to serve on an Audit Committee unless a financial expert (or close)

• “Professionalizing” of the Audit Committee with the coming of 404—many more in-depth technical GAAP and internal control discussions with management and external auditors

Audit Committee Chair/Member Perspective

25

Roles of Audit Committee

• Fiduciary ensuring that financial statements serve the financial statement reader

• Assessing deficiencies and discussing/debating them with management and external auditors

• Approving audit fees and fees for non-audit work, as is now required

• Direct oversight of internal audit—IA must report to the AC Chair

• Monitoring whistleblower and hotline calls

Audit Committee Chair/Member Perspective

26

Q and A

Questions and Answers

Guy M. GrossPartner, McGladrey & Pullen LLPp_847.517.7070 x6357 f_847.517.7067 guy.gross@rsmi.com

Michael HartleyPartner, McGladrey & Pullen LLPp_312.634.3476 f_312.634.3410 michael.hartley@rsmi.com

Eileen A. KamerickSVP, CFO, and Chief Legal Officer Tecta America Corp.p_847.581.3888 f_847.581.3880ekamerick@tectaamerica.com

Robert J. WildPartner, CorporateKatten Muchin Rosenman LLPp_312.902.5567 f_312.577.8878robert.wild@kattenlaw.com

Contact Information

27