The Impact of IAS and Sarbanes Oxley on UK Organisations
Michelle MadenERP and Supply Chain Solutions LeaderOracle Corporation
Michael CoyleSenior ManagerPricewaterhouseCoopers
Agenda
UK GovernanceInternational Accounting StandardsSarbanes-Oxley Act
Corporate Governance and Compliance
Recent financial scandals have placed the entire performance of all companies under greater scrutiny than has been known for long timeIn short too many many companies have suffered too many surprisesConfidence in management’s ability to manage is at an all time low
RESULT: More Regulation!
Strong Responses are evolving to drive Governance
Corporate Governance
Business Systems The Board Executive Impact
• Accounting Boards placing new demands
• More Disclosure• Common Rules• Transparency• Faster Reporting
• Code of Governance driven by regulatory committees
• Board Composition• Role of Non-Exec
Directors• Compensation• Ethics
• Personal Responsibility on CEO/CFO
• Accuracy• Controls
Recent Legal and Regulatory Response: UK
July 2003 The Revised Combined Code on Corporate Governance was issued (following recommendations contained in the Higgs Report and the Smith Report on audit committees published in January 2003) July 2003 FSA will now exercise powers to arrest suspectsJuly 2003 DTI companies will have a choice of IFRS or UK GAAP.
The Combined Code The Combined Code on Corporate Governance
July 2003
Increased focus on
Independence testsfor NEDs
Transparency of procedures for appointments
Performance evaluation
Role of the Audit Committee
Time availability of NEDS
Review of whistleblowing arrangements
Disclosure Requirements
Independence testsfor NEDs
Transparency of procedures for appointments
Performance evaluation
Role of the Audit Committee
Time availability of NEDS
Review of whistleblowing arrangements
What does Good Governance really mean?
Based on calculations on share price performance between May 1998 and May 2003, the 15 companies who achieved above average marks on the governance study generated significantly superior returns compared to the below average companies. On average, the above average companies achieved a share price return of over 36% over 5 years, while the below average companies achieved just over 23%. Source: Governance Metrics International
Annual Total Returns vs Governance Ratings
1-Yr.
3-Yr. 5-Yr.10-Yr.
1-Yr. 3-Yr. 5-Yr. 10-Yr.
-15%
-10%
-5%
0%
5%
10%
15%
Avg
. To
tal
Ret
urn
Bottom 10% Companies Top 10% Companies
1-, 3-, 5- and 10-Year Avg. Annual Total Returns vs. Top- and Bottom-10% Companies by Overall Rating
Annual Returns vs Director Independence
1-Yr.
3-Yr.
5-Yr.1-Yr.
3-Yr.
5-Yr. 1-Yr.
3-Yr.
5-Yr.
-8%
-6%
-4%
-2%
0%
2%
4%
6%
8%
10%
12%
14%Avg
.To
tal
Ret
urn
Not Disclosed 0-49.9% Independent 50-100% Independent
1-, 3-, 5-Year Avg. Annual Total Returns vs. Director Independence
International International Accounting StandardsAccounting Standards
Attracting investment through transparency
What is IAS About?
A full new set of financial standardsMajor differences with local standardsWill become the a legal requirement for all EU listed companies (and subsidiaries) to produce consolidated accounts to IAS by 2005 (2003 in Greece)More global: also affecting APAC (Australia), Africa and US are moving towards it…
What about local standards?IAS can be used at present for Austria, Belgium, Finland, Germany IAS must be used in 2003: Greece IAS can be used should existing legislation be enacted in full: FranceLegislation to allow IAS is under development: Luxembourg, NetherlandsIAS are expected to be introduced as national standards in the period to 2005: Denmark, Ireland, Sweden
However…
IAS cannot be used and there are no plans for it to replace national standards: Italy, Portugal, Spain
What about the UK?
On 17 July 2003, the DTI announced that all UK companies are to be permitted to use IAS from 2005.
1 Jan 2004 31 Dec 2005
Opening IFRS balance sheet for
• SEC registrants• Any other entity requiring three years of income statements• Not published
Opening IFRS balance sheet (date of transition) for• Most companies•Recognise and measure all items using IFRS•Not published
First IFRS annual reporting date
Select policiesUse standards
in force at this date
First IFRS financial statements
1 Jan 2003
June 2005 -Interim IFRS reporting
What are the deadlines?
• Telefonica - 2001 results• 2.11 billion euro profit under Spanish rules• 7.18 billion euro loss under US GAAP
• France Telecom – 2001 results – 5.2 billion euros operating income under French
rules – 8.0 billion euro operating loss under US GAAP
What’s the impact?
More Examples
Property and construction company – profit up 8%
Financial Services Company– profit down by 35%
Safety and Security service co– profit down to zero, net assets tripled
Software provider Co– profits doubled, net assets up 22%
Utility Co– profit down by 9%, net debts up 55%
Impact of IAS
Labour intensive and error-prone consolidation nightmaresCompliance to multiple rule-sets would impact both executive decision making and business systems
Books may need to be managed simultaneously under multiple accounting standards
Greater transparency into internal operations including all subsidiariesWill drive management direction to converge with external reporting albeit with competitive implications
New reports need to be made public
Changes in policies, processes and system setups to complyReported results would possibly change due to new accounting treatments leading to change in shareholder perspectives of the business
New standardised accounting rules need to be adopted
Impact on BusinessesIAS Imperative
What do Customers need to do now?
Establish a plan of Action:– Identify and understand differences IAS vs Local– Revise policies and procedures– Examine and critique your processes for IAS
compliance– Train Staff– Take advice from their auditors – Align internal and external reporting– Assess adequacy of systems/change or re-configure– Control and monitor risks
New Valuation Approaches
Consistency of Data from AllLocations World Wide
Inventory
Financial Instruments
Fixed Assets
Employee Benefits
Subsidiary Reporting
Segment Reporting
25
Reporting Impact: IASMigrate and Unify Corporate Reporting…and More
System needs to be capable of analysing not just Income and Expense but Balance Sheet itemsSubstantial analysis will be required if not dealt with in the underlying systemsFlexibility required in rolling up balances in a variety of ways
Segment Reporting
Inter segment Pricing Basis
Equity & JV Investments
Non Cash Expenses
Depreciation & Amortization
Assets & Liabilities at Cost
Assets & Liabilities at BS value
Operating Result
Revenue (External / Inter Seg.)
SecondaryPrimaryFor each Segment, report:
Major Changes and Consideration
Could result in different asset “lives” in local and IAS book:
– Depreciable life– Depreciable basis– Revaluation– Capitalization
System will need to allow for the different treatmentReconciliation required of movements from the beginning of the period including impairment adjustmentsDifficult to achieve through spreadsheets or consolidation systems
Fixed Assets
Valuation methods after initial purchase:
– Standard: cost less accumulated depreciation and impairment
– Allowed: revaluation method at fair value. Must be applied to all assets of a same class. Result must be applied to prior opposite reserves first, then to P&L.
Major Changes and Consideration
Major Changes and Consideration
Potentially the need to deal with 2 types of costing
– IAS– Local Tax and GAAP
Very difficult to handle by spreadsheet or consolidation system alone
Inventory
FIFO or weighted average allowed by IASAccounting treatment of reversal of write-downs in a later period is credited to income by reducing that period’s cost of goods sold.Must be reported at year end
How Business Systems Simplify IAS Challenges?
Visibility– Access to accurate, relevant and real-time information
across the organization
Control– Centralise and secure policies, processes, and
procedures
Efficiency– Consolidate and reconcile data quickly
Want to find out more?
Please contact your Oracle representative or contact me directly:
[email protected] 924 6614
SarbanesSarbanes--Oxley ActOxley ActA Response to the Deterioration A Response to the Deterioration
in Public Confidencein Public Confidence
Sarbanes Oxley ActFocus: Quality & Reliability of Financial InformationWho Needs to Comply?
All Companies Issuing Securities in the United States
What are the Driving Tenets?Corporate Responsibility for Quality of StatementsAuditor Independence from Corporate ManagementPublic Company Accounting Oversight BoardIndependence of Audit FirmsEnhanced Fiscal DisclosureObjectivity and Independence of Securities AnalystsSEC Resource, Enforcement and Penalty Enhancement
Senate Report 107-205, Public Company Accounting Reform andInvestor Protection Act of 2002, named the “Sarbanes-Oxley Act of 2002”
Sarbanes Oxley ActImpact on IT & Management
Section 103: Your auditor must (and therefore, you should) maintain all audit-related records, including electronic ones, for seven years. Section 201: Firms that audit your company’s books can no longer provide you with IT-related services. Section 301: You must provide systems or procedures that let whistle-blowers communicate confidentially with company’s audit committee. Section 302: Your CEO and CFO must sign statements verifying the completeness and accuracy of financials reports. Section 404: CEO’s, CFO’s and outside auditors must attest to the effectiveness of internal controls for financial reportingSection 409: Companies must report material changes in their financial conditions “on a rapid and current basis.” The act calls it “real-time disclosure” but doesn’t define what that means.
Computerworld, April 14, 2003
And….the big one
Sec 906 Corporate Responsibly for Financial Reports -Failure of corporate officers to certify financial reports“Whoever wilfully certifies any statement…..knowing that the periodic report accompanying the statement does not comport with all the requirements shall be fined not more than $5,000,000 , or imprisoned not more than 20 years, or both.”
What is an Internal Control?
Providing Reasonable Assurance of:
Effectiveness and Efficiency of Operations
Reliability of Financial Reporting
Compliance with Laws and Regulations
or else…
Visibility,Visibility, ControlControl, & Efficiency, & Efficiency
How are Your Internal Controls?
Do you have the necessary checks and balances in your processes?
Are your processes transparent?
Are your processes well documented?
Where are your exposures?
How much will it cost for your external auditors toattest to your controls?
Visibility,Visibility, ControlControl, & Efficiency, & Efficiency
To Document, Test, & Certify Internal ControlsInternal and External Auditors will Need:
Workflow Management ToolsDocument Management ToolsSystem Configuration ToolsSurvey ToolsProcedure Documentation ToolsProcess Control LimitsSampling & Statistical ToolsProject Management Tools
Visibility,Visibility, ControlControl, & Efficiency, & Efficiency
New ProductNew ProductNavigating the Way:Navigating the Way:
Internal Controls ManagerOracle Internal Controls Manager is a Oracle Internal Controls Manager is a
comprehensivetool for executives, controllers, internal audit
departments, and public accounting firms to use to document and test internal controls and monitor
ongoing compliance.
To Document, Test, & Certify Internal ControlsOracle is Introducing:
Workflow Management ToolsDocument Management ToolsSystem Configuration ToolsSurvey ToolsProcedure Documentation ToolsProcess Control LimitsSampling & Statistical ToolsProject Management Tools
WorkflowFilesiSetupiSurveyTutorPerformance MgmtAudit Manager Repts.Project Collaboration
Oracle Internal Controls ManagerOracle Internal Controls Manager
Oracle Internal Controls ManagerSolution
Expose Internal Audits to Sarbanes Oxley CertifiersHost & integrate Risk and Issues Library (COSO)Compare Internal Policies to External GuidelinesTurn Internal Policies into System ProcessesCompare Actual Practices to Internal PoliciesAssociate processes, risks, controls, locationsHighlight Application Control PointsValidate Financial Values
– from the consolidated level…– to the transactional level at every subsidiary
Visibility,Visibility, ControlControl, & Efficiency, & Efficiency
Business Flow
Tutor, Financials, Internal Controls Manager
Establish Program Office
Establish Program Office
Internal Controls Manager
Enterprise Roles
CFOInternal Auditor
CEO
Controller
Specific audit projects can be undertaken, either as a scheduled activity or as the result of an trigger event
Establish Risk & Controls Library
Establish Risk & Controls Library
Identify and analyze all the business processes that are specific to that particular entity
Document Business Processes
Document Business Processes
Scope Audit ProjectsScope Audit Projects
Identify the nature of the audit project, the scope of testing and resources required
Test Internal ControlsTest Internal Controls
Test whether internal controls are operating as designed
Document FindingsDocument Findings
Document all testing procedures and the results of the test
Provide Assurance Report
Provide Assurance Report
Based o results of audit projects, issue assurancereport
Recommend ChangesRecommend Changes
Propose new internal controls or modify controlin place to mitigate risk
Create a library of all the recurring risks that can be associated to each business process within the entity
Establish Enterprise Structure
Establish Enterprise Structure
Conduct AssessmentsConduct Assessments
Conduct a survey of management on their opinion of the adequacy of internal controls
Establish an organization structure that allows segregation of duties and alerts management of possible infringements
Legal Counsel
Independent Consultant
Oracle Internal Controls ManagerBusiness Flow
Managing the Risk and Managing the Risk and Control LibraryControl Library
Risk Library: Deconstructing Processes
Risk Library: Process + Risk + Control +…
Risk Library: Controls & their properties
Conducting Conducting AssessmentsAssessments
Risk Assessment Questionnaire
Web Based Surveys
Assessment and Evaluation
Testing ControlsTesting Controls
Testing Controls
Assurance ReportingAssurance Reporting
Assurance Reporting
Assurance Reporting
Assurance Reporting
Oracle Internal ControlsInternal Controls ManagerBenefits
More Efficient Internal Control Testing– Exposing the native controls of the applications
in an auditor’s context
Higher Certainty in Your Risk Assessment– Providing verification mechanisms as part of the
applications themselves
Lower External Audit Verification Costs– Allowing external audit independent verification
of the same controls
Visibility,Visibility, ControlControl, & Efficiency, & Efficiency
What Analysts and Partners Are Saying…
"Businesses are scrambling to define the new requirements for compliance and governance, and there is a need -- now
more than ever -- for companies to look to technology to assist in their compliance efforts."
Lee Geishecker, research vice president, Gartner, Inc.
"When combined with third party assistance relating to systems processes and controls, Oracle Internal Controls Manager provides companies a framework for Sarbanes-
Oxley compliance, and helps monitor audit and control activities on an ongoing basis."
Jim Barrett, partner, PricewaterhouseCoopers Security & Privacy Practice.
What Our Customers Are Saying…
“Oracle's approach to business systems involvingconsolidation of data and shared service centers
assists us in meeting our corporate governance goals”-- Phil Chronican, Chief Financial Officer, Westpac Banking Corporation
“In a highly regulated sector such as reinsurance, a robust corporate regime with effective financial system controls was a clear priority.The goal was to increase our control of finances and to speed our processes… Oracle is playing an important role in that process.”-- Liz Catchpole, Chief Financial Officer, SwissRe Life and Health Business Group
“With Oracle in place, our management now has a much better viewof the company. We only need to enter information once and can
then easily monitor and keep track of everything we do.”-- Roberto Albert, Treasurer, Duferco