Transcript Document
Today’s Presentation
Sarbanes Oxley and Financial Reporting An NSTAR Perspective
1
Agenda
• SOX & Reporting
What’s Sarbanes-Oxley (SOX)?
Sox and NSTAR What are Controls?
What SOX means to you Financial Reporting Q&A Break 2
Sarbanes-Oxley Act (SOX)
• Why- Thank you…. Enron, Tyco, Worldcom, etc..etc….
• Effective Since June 2002 • CEO & CFO certification of company financial statements –
Quarterly certification for disclosure controls
(section 302)
–
Annual management report of the evaluation of Internal Controls over Financial Reporting
(section 404)
• Increased & enhanced financial statement disclosures • Strengthen corporate governance – Increase audit committee oversite • Expanded “Insider Accountability” – Code of Ethics for senior financial officers – Protection of whistleblowers 3
Objectives of SOX Act
• Restore public trust and confidence in the public securities market • Improve corporate governance and promote ethical business practices • Enhance transparency and completeness of financial statements and disclosures • Ensure that company executives are aware of material information emanating from a well-controlled environment • Hold company management accountable for material information that is filed with the SEC and released to investors • Achieve new levels of corporate excellence • Certifications required by corporate executives • Maintain trust and confidence of shareholders and financial community as a whole 4
So Why Is This Important?
Significant New Penalties False certification by CEO/CFO subject to a fine and/or prison Knowing violation: $1 million / 10 years Willful violation: $5 million / 20 years 5
SOX and NSTAR
6
NSTAR Control Environment
• Identified, documented and Tested: – 12 major financial cycles – >150 Business Processes – ~1,200 unique controls identified – ~450 “key” financial controls • Established the Corporate Controls Group to monitor the ongoing compliance efforts • Identified Organizational Liaisons throughout NSTAR responsible for the early identification and evaluation of changes in the control environment • Established policies and procedures 7
NSTAR’s Investment in Controls
• Project to identify controls over financial reporting began May 2003 and concluded with our initial report filed with the SEC in February 2005 • Over 45,000 internal NSTAR and 3,500 external consulting person-hours expended to identify, document, test, remediate and conclude on the adequacy and operating effectiveness of controls • Independent external auditor employed ~ 8,400 person-hours to validate management conclusion on the adequacy and operating effectiveness of controls • Initial report conclusion – “Adequate and effective controls over financial reporting” 8
How did NSTAR do?
• NSTAR’s management report indicated that the controls are adequate and they operate effectively • NSTAR’s independent auditor – PwC issues an unqualified opinion relative to management’s assertion • Not without some identified deficiencies though – but all minor in nature with one required communication to our Audit Committee 9
Controls
10
Why are Internal Controls Important?
• •
Operations Promotes efficiency and effectiveness of operations through standardized processes Ensures the safeguarding of assets through control activities
•
Compliance/Regulatory Helps maintain compliance with laws and regulations through periodic monitoring Financial
• • •
Promotes integrity of data used in making business decisions Assists in fraud prevention and detection through the creation of an auditable trail of evidence Ensures the safeguarding of assets through control activities
11
What are Controls?
Controls are activities implemented to achieve a particular objective What are the components of a control… Objective (Goal) – what do I want to accomplish Risk - what may stop us from achieving our goal Control activity – what can I do to mitigate the identified risk
Definition of Internal Controls for SOX:
An
Internal Control
is a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations Compliance with applicable laws and regulations
Reliability of financial reporting
For Sarbanes-Oxley purposes, we are concerned with the objective of Reliability of Financial Reporting 12
Operational Control Example
What is an
“Objective”
?
– Desired end result, goal Restore Customer Service within targeted timeframe What is
“Risk”
?
– What could go wrong that would prevent you from achieving an objective Reported outages are not communicated timely to crew responsible to restore service What is a
“Control Activity”
– Anything that helps ensure objectives are met Dispatch center notifies crew of outage immediately upon notification 13
Financial Control Example
What is an – Desired end result What is
“Objective” “Risk”
?
?
– What could go wrong What is a
“Control Activity”
– Anything that helps ensure objectives are met All time recorded is appropriately charged to capital or expense Time is charged inaccurately and resultant costs are charged incorrectly on the financial statements All time charges are reviewed for accuracy and approved by the supervisor 14
Types of Control Activities
Preventive – prevent inaccuracies
Detective – detect inaccuracies
Manual –performed by employees
Automated – performed by a system
15
Risk Rating Matrix
Significant Deficiency Reportable to Audit Committee by Management and Auditors Material Weakness Externally reportable in assertion and attestation opinion More than Remote Remote Inconsequential Control Deficiency (minor gap) Material Impact 16
What it means to you!
17
Controls You are Involved With
• Supervisors perform financial controls daily – Adherence to the Code of Conduct – Authorize Employee Time • Accurate payment of time to employees • Accurate time recording (identification of work performed) – Authorize contractor charges • Approve payment and accurate recording of the invoice – Safeguarding of NSTAR assets • Ensure that assets are used for business purposes only 18
Your Responsibilities
• Perform controls as communicated to you – Follow procedures – Review documentation presented to you • Communicate Changes – Circumstances may dictate doing work differently than identified (replacement of assets vs. repair) • Ask questions if not clear – Manager – Investment Planning – Corporate Controls Group 19