Governance Rules and Expectations are Changingwhat does this mean to your organization

1
Governance Rules and Expectations are
Changingwhat does this mean to your organization?

• CAUBO 2004
• Brian G. Brown
• Director - Corporate Audit Services

2
AGRICORE UNITED

• Largest Agri-business in Western Canada
• Established by merger of United Grain Growers
  Limited (UGG) and Agricore Cooperative in
  November 2001
• Listed on the Toronto Stock Exchange (AU)

3
AGRICORE UNITED

• 3 Core Businesses Grain Handling, Crop Inputs
  (Retail), Livestock Services
• 80 elevators, 200 retails, 10 feedmills, 4 port
  terminals, 7 distribution centres, 8 special
  crops plants, 3 research facilities
• Joint Ventures, Investments, Subsidiaries
• Significant relationships with Scotiabank
  (Credit), Swiss Re (Risk Management), Archer
  Daniels Midland (Strategic Alliance)

4
AGRICORE UNITED (2003)

• Sales 2.7 billion
• Revenue from Services 410 million
• Assets 1.6 billion
• Net Loss 2.4 million
• Cash Flow from Operations 60 million
• 2500 Employees

5
INSTITUTE OF INTERNAL AUDITORS

• Global governing body for the practice of
  Internal Auditing
• 93,000 members worldwide in 243 affiliates
  chapters
• 11 chapters in Canada with 4000 members
• Professional Guidance including the Standards for
  the Professional Practice of Internal Auditing
• Certification - CIA, CFSA, CGAP, CCSA

6
What we are going to discuss today...

• How did we get into this situation?
• What are the new Canadian regulations?
• Are there other Governance initiatives?
• Whats coming?
• How are Publicly-traded organizations responding?
• What does this mean to Universities and other
  public institutions?
• Are there any benefits?
• Do the regulations really matter?

7
History

• Canada was a world leader
• MacDonald Commission - 1988
• TSX - Where were the Directors? - 1994
• COCO - 1995
• Other countries developed guidance
• Cadbury - UK
• Treadway (COSO) - USA
• Late 1990s
• 5 Years to the Dey - Canada
• NYSE Blue Ribbon Commissions
• Saucier Report (2001)

8
Why the recent increase in interest in Corporate
Governance?

• Boondoggle after Boondoggle
• (in the public and private sector)
• Enron
• Worldcom
• Livent
• Nortel
• HRDC
• Sponsorship Scandal

9
THE PUBLIC HAS LOST CONFIDENCE!
10
Sarbanes Oxley (SOX) - USAs immediate response
(January 2002)

• Section 302 (CEO/CFO CERTIFICATION)
• Section 404 - (INTERNAL CONTROL EVALUATION AND
  EXTERNAL AUDITOR ATTESTATION)
• Effective November 15, 2004 or July 15, 2005

11
More patience in Canadawhat should we do, if
anything?

• OSC Chair/TSX President exchange public
  correspondence
• Business and various groups debate
• Time-lines for implementation

• Does Canada need tighter regulations?
• Principles or rules?
• Effect on smaller listed companies?

12
What are the new Canadian Regulations.(CSA/OSC)?

• NI 51-102 - Continuous Disclosure
• NI 52-107 - Accounting Principles
• NI 52-108 - Auditor Oversight
• NI 52-109 - CEO/CFO Certification
• NI 52-110- Audit Committee

13
KEY POINTS - 51-102 Continuous Disclosure

• New filing deadlines
• annual financial statements within 90 days of
  year-end (previously 140 days)
• interim financial statements within 45 days of
  quarter-end (previously 60 days)
• Auditor Review
• Must disclose if no external auditor review of
  interim statements

14
KEY POINTS - 52-107 Acceptable Accounting
Principles and Auditing Standards

• Public companies that are not SEC (USA)
  registrants
• financial statements must be in accordance with
  Canadian GAAP
• must be audited in accordance with Canadian GAAS

15
KEY POINTS - 52-108 Auditor Oversight

• Audit Report on public company financial
  statements
• prepared by an auditor registered with Canadian
  Public Accountability Board (CPAB)
• auditor must be in compliance with CPAB

16
KEY POINTS - 52-109 CEO/CFO Certification

• Bare Certification (now in effect)
• quarterly certification of financial statements
  and MD A
• no misrepresentation or omission of material fact
• fair representation (no GAAP reference) of
• financial condition
• results of operations
• cash flows

17
KEY POINTS - 52-109 CEO/CFO Certification

• Beginning with year-ends after January 1, 2005,
  additionally certify that
• designed disclosure controls (quarterly)
• designed procedures and internal controls over
  financial reporting (quarterly)
• evaluated the effectiveness of disclosure
  controls (annually)
• reported changes in internal controls over
  financial reporting

18
KEY POINTS - 52-109 CEO/CFO Certification.clarif
ications

• Certification of filings
• CEO CFO must certify they have reviewed
  documents
• No Misrepresentation
• based on their knowledge
• disclosure and internal controls must be adequate
  to provide knowledge
• Fair Presentation
• based on their knowledge
• present fairly in all material respects the
  financial condition, results of operations, and
  cash flows
• present fairly goes beyond GAAP requirements

19
KEY POINTS - 52-110 Audit Committees

• Applies commencing with Annual Meetings after
  July 1, 2004
• written charter
• composition - independence, financial literacy
• external auditor relationship
• pre-approve all non-audit services
• procedures for receiving complaints and anonymous
  submissions concerning accounting, internal
  controls, or auditing matters (whistleblower
  rule)
• additional disclosure

20
What other issues/initiatives are affecting
governance?

• Shareholder activitism (eg. CCGG)
• CBCA
• Banking, insurance regulations
• Enterprise Risk Management
• Accounting guidelines
• Government scandals

21
Whats Coming in the near future?

• OSC 58-201 Effective Corporate Governance (ED
  Period ended, currently under review)
• Best Practices for effective governance
• Board Composition, mandate, training, etc
• Code of Business Conduct and Ethics
• Nominations
• Compensation
• Board Assessment

22
Whats Coming in the near future?

• Certification of effectiveness of internal
  controls over financial reporting
• External Auditor attestation
• (OSC Exposure Draft expected
• September 2003)

23
Impact on publicly-traded organizations.

• Time, Cost, Distraction, Disclosure,
  Documentation..

For what benefit?
24
Impact on publicly-traded organizations.

• 4 key areas
• 1. Certifications
• 2. Disclosure Procedures Controls
• 3. Internal Controls over Financial Reporting
• 4. Whistleblowing

25
Certifications

• Establish sub-certification process involving key
  executives/officers/others
• determine who will be involved
• how often and when
• format of the certificates
• Certifying all key financial info being disclosed
  externally - it must be provided to the
  sub-certifiers
• SHARING LIABILITY???

26
Certifications - Impact

• Operating management more focused on financial
  reporting
• Greater awareness of implications
• Nervousness, uncertainty

• Increased papertrail
• Monitoring, review, and follow-up of the
  sign-offs
• Increased Legal Dept involvement
• Time and cost

27
Disclosure Procedures and Controls

• What does this mean?
• Provide reasonable assurance that..
• Required disclosure recorded, processed,
  summarized reported on timely basis
• such information is accumulated and communicated
  to management including the CEO CFO
• Information that underlies the numbers.
• Significant contracts
• business developments
• workforce relationships
• legal proceedings

28
Disclosure Procedures and Controls

• What do we need to do?
• Establish a Disclosure Committee
• Review current/existing practices for keeping
  Corporate Office/CEO/CFO up to date
• Review financial statement closing procedures
• Implement regular (eg. Quarterly) meetings
  between Disclosure Committee and key finance and
  operations management

29
Disclosure Procedures and Controls

• What do we need to do?
• Ensure continuous flow of communication from
  operating divisions to corporate
• Implement a review process for all relevant
  external disclosure - link to sub-certifications
• Document everything
• Minute meetings
• Develop an ongoing disclosure review process -
  evaluation (eg. Internal Audit)

30
Internal Controls over Financial Reporting

• What are these?
• Provide reasonable assurance regarding
  reliability of financial reporting
• effected by BOD, management, other personnel
• focus tends to be on detective controls - eg.
  Would fraud be caught?

31
Internal Controls over Financial Reporting

• Must certify that controls have been designed
• How do you know?
• How do you know if they are adequate?
• Anticipated future certification that controls
  have been evaluated by management
• MAJOR PROJECT!!
• Identify, document, assess adequacy, evaluate
  effectiveness

32
Internal Controls over Financial Reporting -
Project Outline

• Phase 1 Planning Scoping
• identify internal skills and resources
• determine if external support is required and, if
  so, whom
• establish a project team with mgmt support
• develop training plan
• develop project scope
• select control framework (eg. COSO)

33
Internal Controls over Financial Reporting -
Project Outline

• Phase 2 Risk Assessment and Prioritization
• de-consolidate the financial statements
• identify key processes that drive financial
  reporting
• establish criteria for risk assessment (including
  materiality level)
• evaluate the identified processes and risk rank
  (workshop approach)

34
Internal Controls over Financial Reporting -
Project Outline

• Phase 3 Documentation of Controls
• determine who is responsible for documentation vs
  review of processes
• complete an inventory of existing documentation
• establish schedules and deadlines
• establish documentation protocol/format
• train team leaders on documentation process
• complete documentation, including Control
  Environment and Computer General Controls

35
Internal Controls over Financial Reporting -
Project Outline

• Phase 4 Evaluation and Testing
• review documentation and test controls for
  effectiveness
• Phase 5 Identify Correct Deficiencies
• review identified issues and develop improvements
• establish remediation plan and assign
• Phase 6 Report on Controls
• report results to CEO/CFO

36
Whistleblowing

• Audit Committee must ensure procedures are in
  place
• method for employees and others to safely
  report concerns about financial reporting, fraud,
  etc.
• determine who in the organization will be
  responsible for investigating and reporting
• complaints must be tracked
• investigation and follow-up documented
• report statistics and significant issues to Audit
  Committee

37
What about universities, public institutions, and
other not-for profits?

• Pause..
• then get on with it...

38
Impact on universities and other public
organizations..

• Private - sector regulations will become best
  practices
• Stakeholders will expect all organizations to
  have implemented many of these requirements
• The public will be less tolerant to financial
  errors/mis-statements, scandals, surprises, etc.

39
All this work..

• Are there benefits beyond compliance?

40
All this workare there any benefits?

• Increased management awareness of
  responsibilities for internal controls
• Potential operational process improvement
• Improved internal communications
• Deterrent to fraud
• Less surprises
• Increased Public Confidence..maybe

41
Will these initiatives matter?

• Rules, regulations, structures, documentation,
  certification, reporting will help but...

42
Nothing matters more than INTEGRITY
43
Governance Rules and Expectations are
Changingwhat does this mean to your organization?

• CAUBO 2004
• Brian G. Brown
• Director - Corporate Audit Services

44
Questions?Comments?