Title: Governance Rules and Expectations are Changingwhat does this mean to your organization
1Governance Rules and Expectations are
Changingwhat does this mean to your organization?
- CAUBO 2004
- Brian G. Brown
- Director - Corporate Audit Services
2AGRICORE UNITED
- Largest Agri-business in Western Canada
- Established by merger of United Grain Growers
Limited (UGG) and Agricore Cooperative in
November 2001 - Listed on the Toronto Stock Exchange (AU)
3AGRICORE UNITED
- 3 Core Businesses Grain Handling, Crop Inputs
(Retail), Livestock Services - 80 elevators, 200 retails, 10 feedmills, 4 port
terminals, 7 distribution centres, 8 special
crops plants, 3 research facilities - Joint Ventures, Investments, Subsidiaries
- Significant relationships with Scotiabank
(Credit), Swiss Re (Risk Management), Archer
Daniels Midland (Strategic Alliance)
4AGRICORE UNITED (2003)
- Sales 2.7 billion
- Revenue from Services 410 million
- Assets 1.6 billion
- Net Loss 2.4 million
- Cash Flow from Operations 60 million
- 2500 Employees
5INSTITUTE OF INTERNAL AUDITORS
- Global governing body for the practice of
Internal Auditing - 93,000 members worldwide in 243 affiliates
chapters - 11 chapters in Canada with 4000 members
- Professional Guidance including the Standards for
the Professional Practice of Internal Auditing - Certification - CIA, CFSA, CGAP, CCSA
6What we are going to discuss today...
- How did we get into this situation?
- What are the new Canadian regulations?
- Are there other Governance initiatives?
- Whats coming?
- How are Publicly-traded organizations responding?
- What does this mean to Universities and other
public institutions? - Are there any benefits?
- Do the regulations really matter?
7History
- Canada was a world leader
- MacDonald Commission - 1988
- TSX - Where were the Directors? - 1994
- COCO - 1995
- Other countries developed guidance
- Cadbury - UK
- Treadway (COSO) - USA
- Late 1990s
- 5 Years to the Dey - Canada
- NYSE Blue Ribbon Commissions
- Saucier Report (2001)
8Why the recent increase in interest in Corporate
Governance?
- Boondoggle after Boondoggle
- (in the public and private sector)
- Enron
- Worldcom
- Livent
- Nortel
- HRDC
- Sponsorship Scandal
-
9THE PUBLIC HAS LOST CONFIDENCE!
10Sarbanes Oxley (SOX) - USAs immediate response
(January 2002)
- Section 302 (CEO/CFO CERTIFICATION)
- Section 404 - (INTERNAL CONTROL EVALUATION AND
EXTERNAL AUDITOR ATTESTATION) - Effective November 15, 2004 or July 15, 2005
11More patience in Canadawhat should we do, if
anything?
- OSC Chair/TSX President exchange public
correspondence - Business and various groups debate
- Time-lines for implementation
- Does Canada need tighter regulations?
- Principles or rules?
- Effect on smaller listed companies?
12What are the new Canadian Regulations.(CSA/OSC)?
- NI 51-102 - Continuous Disclosure
- NI 52-107 - Accounting Principles
- NI 52-108 - Auditor Oversight
- NI 52-109 - CEO/CFO Certification
- NI 52-110- Audit Committee
13KEY POINTS - 51-102 Continuous Disclosure
- New filing deadlines
- annual financial statements within 90 days of
year-end (previously 140 days) - interim financial statements within 45 days of
quarter-end (previously 60 days) - Auditor Review
- Must disclose if no external auditor review of
interim statements
14KEY POINTS - 52-107 Acceptable Accounting
Principles and Auditing Standards
- Public companies that are not SEC (USA)
registrants - financial statements must be in accordance with
Canadian GAAP - must be audited in accordance with Canadian GAAS
15KEY POINTS - 52-108 Auditor Oversight
- Audit Report on public company financial
statements - prepared by an auditor registered with Canadian
Public Accountability Board (CPAB) - auditor must be in compliance with CPAB
16KEY POINTS - 52-109 CEO/CFO Certification
- Bare Certification (now in effect)
- quarterly certification of financial statements
and MD A - no misrepresentation or omission of material fact
- fair representation (no GAAP reference) of
- financial condition
- results of operations
- cash flows
17KEY POINTS - 52-109 CEO/CFO Certification
- Beginning with year-ends after January 1, 2005,
additionally certify that - designed disclosure controls (quarterly)
- designed procedures and internal controls over
financial reporting (quarterly) - evaluated the effectiveness of disclosure
controls (annually) - reported changes in internal controls over
financial reporting
18KEY POINTS - 52-109 CEO/CFO Certification.clarif
ications
- Certification of filings
- CEO CFO must certify they have reviewed
documents - No Misrepresentation
- based on their knowledge
- disclosure and internal controls must be adequate
to provide knowledge - Fair Presentation
- based on their knowledge
- present fairly in all material respects the
financial condition, results of operations, and
cash flows - present fairly goes beyond GAAP requirements
19KEY POINTS - 52-110 Audit Committees
- Applies commencing with Annual Meetings after
July 1, 2004 - written charter
- composition - independence, financial literacy
- external auditor relationship
- pre-approve all non-audit services
- procedures for receiving complaints and anonymous
submissions concerning accounting, internal
controls, or auditing matters (whistleblower
rule) - additional disclosure
20What other issues/initiatives are affecting
governance?
- Shareholder activitism (eg. CCGG)
- CBCA
- Banking, insurance regulations
- Enterprise Risk Management
- Accounting guidelines
- Government scandals
21Whats Coming in the near future?
- OSC 58-201 Effective Corporate Governance (ED
Period ended, currently under review) - Best Practices for effective governance
- Board Composition, mandate, training, etc
- Code of Business Conduct and Ethics
- Nominations
- Compensation
- Board Assessment
22Whats Coming in the near future?
- Certification of effectiveness of internal
controls over financial reporting - External Auditor attestation
- (OSC Exposure Draft expected
- September 2003)
23Impact on publicly-traded organizations.
- Time, Cost, Distraction, Disclosure,
Documentation..
For what benefit?
24Impact on publicly-traded organizations.
- 4 key areas
- 1. Certifications
- 2. Disclosure Procedures Controls
- 3. Internal Controls over Financial Reporting
- 4. Whistleblowing
25Certifications
- Establish sub-certification process involving key
executives/officers/others - determine who will be involved
- how often and when
- format of the certificates
- Certifying all key financial info being disclosed
externally - it must be provided to the
sub-certifiers - SHARING LIABILITY???
26Certifications - Impact
- Operating management more focused on financial
reporting - Greater awareness of implications
- Nervousness, uncertainty
- Increased papertrail
- Monitoring, review, and follow-up of the
sign-offs - Increased Legal Dept involvement
- Time and cost
27Disclosure Procedures and Controls
- What does this mean?
- Provide reasonable assurance that..
- Required disclosure recorded, processed,
summarized reported on timely basis - such information is accumulated and communicated
to management including the CEO CFO - Information that underlies the numbers.
- Significant contracts
- business developments
- workforce relationships
- legal proceedings
28Disclosure Procedures and Controls
- What do we need to do?
- Establish a Disclosure Committee
- Review current/existing practices for keeping
Corporate Office/CEO/CFO up to date - Review financial statement closing procedures
- Implement regular (eg. Quarterly) meetings
between Disclosure Committee and key finance and
operations management
29Disclosure Procedures and Controls
- What do we need to do?
- Ensure continuous flow of communication from
operating divisions to corporate - Implement a review process for all relevant
external disclosure - link to sub-certifications - Document everything
- Minute meetings
- Develop an ongoing disclosure review process -
evaluation (eg. Internal Audit)
30Internal Controls over Financial Reporting
- What are these?
- Provide reasonable assurance regarding
reliability of financial reporting - effected by BOD, management, other personnel
- focus tends to be on detective controls - eg.
Would fraud be caught?
31Internal Controls over Financial Reporting
- Must certify that controls have been designed
- How do you know?
- How do you know if they are adequate?
- Anticipated future certification that controls
have been evaluated by management - MAJOR PROJECT!!
- Identify, document, assess adequacy, evaluate
effectiveness
32Internal Controls over Financial Reporting -
Project Outline
- Phase 1 Planning Scoping
- identify internal skills and resources
- determine if external support is required and, if
so, whom - establish a project team with mgmt support
- develop training plan
- develop project scope
- select control framework (eg. COSO)
33Internal Controls over Financial Reporting -
Project Outline
- Phase 2 Risk Assessment and Prioritization
- de-consolidate the financial statements
- identify key processes that drive financial
reporting - establish criteria for risk assessment (including
materiality level) - evaluate the identified processes and risk rank
(workshop approach)
34Internal Controls over Financial Reporting -
Project Outline
- Phase 3 Documentation of Controls
- determine who is responsible for documentation vs
review of processes - complete an inventory of existing documentation
- establish schedules and deadlines
- establish documentation protocol/format
- train team leaders on documentation process
- complete documentation, including Control
Environment and Computer General Controls
35Internal Controls over Financial Reporting -
Project Outline
- Phase 4 Evaluation and Testing
- review documentation and test controls for
effectiveness - Phase 5 Identify Correct Deficiencies
- review identified issues and develop improvements
- establish remediation plan and assign
- Phase 6 Report on Controls
- report results to CEO/CFO
36Whistleblowing
- Audit Committee must ensure procedures are in
place - method for employees and others to safely
report concerns about financial reporting, fraud,
etc. - determine who in the organization will be
responsible for investigating and reporting - complaints must be tracked
- investigation and follow-up documented
- report statistics and significant issues to Audit
Committee
37What about universities, public institutions, and
other not-for profits?
- Pause..
- then get on with it...
38Impact on universities and other public
organizations..
- Private - sector regulations will become best
practices - Stakeholders will expect all organizations to
have implemented many of these requirements - The public will be less tolerant to financial
errors/mis-statements, scandals, surprises, etc.
39All this work..
- Are there benefits beyond compliance?
40All this workare there any benefits?
- Increased management awareness of
responsibilities for internal controls - Potential operational process improvement
- Improved internal communications
- Deterrent to fraud
- Less surprises
- Increased Public Confidence..maybe
41Will these initiatives matter?
- Rules, regulations, structures, documentation,
certification, reporting will help but...
42Nothing matters more than INTEGRITY
43Governance Rules and Expectations are
Changingwhat does this mean to your organization?
- CAUBO 2004
- Brian G. Brown
- Director - Corporate Audit Services
44Questions?Comments?