Transcript Document

Introduction of Panel Members
Sarbanes-Oxley
Section 404
Overview
Insert
Worlds Image /
Scott Henderson
[email protected]
August 5, 2005
Client Specific Image
Here
1
The Birth of the Sarbanes-Oxley Act of 2002
 Corporate and accounting scandals involving a limited number of large,
prominent companies have resulted in a significant loss of public trust in
corporate accounting and reporting practices.
 In response, the U.S. Congress enacted the Sarbanes-Oxley Act of 2002 to
establish a higher corporate governance standard.
 The primary objectives of Sarbanes-Oxley are to:
Prevent accounting and reporting problems from recurring
Rebuild public trust in corporate practices and reporting
Define a higher level of responsibility, accountability and financial reporting
transparency
Provides penalties and fines for wrongdoings.
2
Sarbanes-Oxley Act – Quick Refresher
The Act was signed into law on July 30, 2002 and includes the
following eleven titled sections:
Title
Title
Title
Title
Title
Title
Title
Title
Title
Title
Title
I
II
III
IV
V
VI
VII
VIII
IX
X
XI
Creation of Public Company Accounting Oversight Board
Auditor Independence
Corporate Responsibility
Enhanced Financial Disclosures
Analyst Conflicts of Interest
Commission Resources and Authority
Studies and Reports
Corporate and Criminal Fraud Accountability
White Collar Crime Penalty Enhancements
Corporate Tax Returns
Corporate Fraud and Accountability
3
Enhanced Financial Disclosures - Section 404
Kodak management must now assess internal controls annually. This
requires:
 Section 404(a)(1) - An internal control report to be prepared by Kodak
management stating management’s responsibility for establishing and maintaining
an adequate internal control structure and procedures for financial reporting.
 Section 404(a)(2) - Management must assess effectiveness of internal control
structure and procedures for financial reporting as of the end of the most recent
fiscal year.
 Both Kodak AND individual members of company management are subject to
potentially significant criminal and civil penalties for noncompliance with this new
legislation.
4
Kodak Section 404 Compliance Plan Overview
Initial Scoping of Business Cycles, Functions and Legal Entities
Identification of Key Controls for Each Cycle and linkage to material financial
statement accounts– “Internal Control Framework Documents”
Documentation of Key Controls – assess design effectiveness
Management Testing of Key Controls – validate operating effectiveness
Identification and Correction of Material Control Gaps
Issue Management Report on Internal Controls
5
Kodak Scoping & Documentation Methodology
 Developed an inventory of expected key internal control activities for 11 different
business cycles and corporate functions, ensuring adequate coverage of financial
statement accounts and financial assertion categories.
 Documented and validated the design and operational effectiveness of controls for
55+ global Kodak locations (representing 300 + legal entities). Documentation
consisted of process narrative, framework and flowcharts for these controls.
 At the completion of our work, over 9,700 key controls were documented and
reviewed as a part of this process.
 Internal controls configured within approximately 260 global Kodak information
systems (2,200+ controls) were also documented.
 Internal controls were reviewed for approximately 125 different 3rd party service
provider operations.
 Over 350 key spreadsheet applications were reviewed to document and validate
key internal controls.
6
Kodak Testing Methodology
 Adopted the testing methodologies utilized by our external auditor to ensure
consistency of approach and the ability for partial reliance on management testing.
 Testing ranged from performing “inquiry and observation” walkthrough reviews to
full-sample detailed transactional testing.
 Re-testing was performed to validate remediation for initial control deficiencies
noted.
 On a cumulative basis, over 18,000 individual tests were performed by Kodak
personnel for the initial compliance period in 2004.
 Testing included visits to major third-party service provider locations to validate
control structure for key control point interfaces.
7
Kodak Testing Results
 Kodak testing results were comparable to our peer companies - i.e. initial control
deficiencies approximating 12 – 15% of the total controls inventory.
 Control deficiencies included items as simple as a missing date on an approval
report, issues requiring reporting to the Audit Committee of the Board of Directors
as”significant deficiencies” and control weaknesses requiring external disclosure as
a “material weakness”.
 Kodak reported the instance of 2 “material weaknesses” in its Report on Internal
Controls Over Financial Reporting as of December 31, 2004:
Internal Controls Surrounding the Accounting for Income Taxes
Internal Controls Surrounding the Accounting for Pension and Other
Postretirement Benefit Plans.
 Kodak received an unqualified audit opinion on its financial statements for the year
ended December 31, 2004.
8
Kodak Costs of Compliance
 External audit fees related to Kodak Section 404 internal controls activities - $7.1
million.
 Comparable costs were incurred for internal resources dedicated to Section 404
compliance activities.
The average cost of Section 404 compliance incurred by most multi-national
corporations was $1 million for each $1 billion of revenues.
 Full-time equivalent Kodak resources dedicated to 2004 Section 404 internal
control compliance activities – 45+. Additional co-source external resources were
engaged to assist with compliance activities.
 Estimated Kodak resource hours expended on 2004 Section 404 internal control
compliance activities – 55,000+.
9
Key Benefits Gained From Sarbanes-Oxley in 2004
 Strengthened global internal control environment. Reinforced the notion with all
business constituents that “good controls mean good business”.
 Helped Kodak identify and strengthen existing entity-wide governance and internal
controls improvement opportunities.
 Facilitated the identification of operational best practices and efficiency
opportunities:
Standardized business processes and controls
Working to streamline our legal entity structure
 Compliance with Sarbanes–Oxley in 2004 has positioned us well to comply with
comparable legislation currently being enacted elsewhere around the globe.
10
Sarbanes-Oxley – Opportunities for Improvement
 Year 1 was a learning opportunity for all parties involved in terms of expectations,
approach and results.
 More focus on risk-based approach vs. simply “executing the audit program”.
Implementation of “COSO II” and its risk based approach will help.
 Section 302 – the “forgotten” section of Sarbanes-Oxley.
 Need continued focus on top-level “tone at the top”, governance and corporate
culture issues and controls.
 Public perception and understanding of the implications of Sarbanes-Oxley is not
there yet – impacts on shareholder value vs. benefits gained.
11
Sarbanes–Oxley Compliance Actions in 2005
 Creation of a dedicated Global Internal Controls organization charged with
coordination of ongoing Sarbanes-Oxley compliance by 1,100 global business
process control owners.
 Remediation of identified 2004 material weaknesses by 9/30/05.
 Acquisition and implementation of a Sarbanes-Oxley compliance and reporting
software package.
 Initial year Sarbanes-Oxley compliance work for $2 billion of acquisitions
completed in 2005.
 Operationalization and simplification of the 2004 compliance approach.
Implementation of the PCAOB guidance in May 2005.
12