The Finance Role in Corporate Governance - PowerPoint PPT Presentation

Loading...

PPT – The Finance Role in Corporate Governance PowerPoint presentation | free to view - id: 1b2539-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

The Finance Role in Corporate Governance

Description:

Develop a common understanding of what corporate ... Benelux. Belgium. Netherlands. Luxembourg. Poland. Britain Eurafne. Frimley. CMSE. Regional Staff ... – PowerPoint PPT presentation

Number of Views:46
Avg rating:3.0/5.0
Slides: 66
Provided by: Delo238
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: The Finance Role in Corporate Governance


1
The Finance Role in Corporate Governance
  • November
  • 2005

2
Finance Role in Corporate Governance
  • Agenda
  • Introduction/Ground Rules
  • Governance - Overview
  • COSO Framework
  • Case Study
  • Sarbanes-Oxley
  • Overview of Act
  • 302/404 Detail
  • Implementation at ABC Company
  • Wrap-up

3
Finance Role in Corporate Governance
  • Introductions
  • Name
  • Current Position/Company

4
Finance Role in Corporate Governance
  • General Ground Rules
  • Breaks - Please return on time
  • Everyone is expected to share ideas
  • Be respectful
  • Ask questions
  • Express disagreements

5
Finance Role in Corporate Governance
  • Course Objectives
  • Develop a common understanding of what corporate
    governance means at ABC Company
  • Gain a practical understanding of the COSO model
    for internal controls
  • Be able to apply COSO to business processes
  • Understand the main requirements of the
    Sarbanes-Oxley Act of 2002
  • Gain an awareness of how ABC Company will address
    the requirements of the Act

6
Finance Role in Corporate Governance Related
Courses
Risk Controls Fundamentals Course Objectives
  • Understand risk and how it applies to business
  • Communicate using a common risk language
  • Identify, source and measure risk
  • Introduce a risk assessment tool
  • Apply internal controls to help achieve business
    objectives
  • Understand the application of risk management
    strategies in day-to-day operations

7
Finance Role in Corporate Governance Related
Courses
Business Process Improvement Course Objectives
  • Understand the basic quality principles
    underlying process improvement and process
    maintenance
  • Identify opportunities to improve existing
    processes and develop new processes
  • Use appropriate tools and techniques to
    understand current process and develop a new
    process
  • Learn some tools and techniques for planning and
    managing a process improvement opportunity
  • Learn how to communicate and gain commitment from
    others to implement the new or improved process
  • Understand measurement to determine success of
    the new process

8
Finance Role in Corporate Governance Related
Courses
  • Consider Risk Controls course
  • Consider Business Process Improvement course

9
Finance Role in Corporate Governance
  • Corporate Governance at ABC Company
  • ABC Company has always held ourselves to high
    standards
  • ABC Company finance has a heritage of control
    discipline
  • Many good governance practices are already in
    place at ABC Company

10
Finance Role in Corporate Governance
  • What are the components of good Corporate
    Governance?

11
Finance Role in Corporate Governance
  • Some components of good Corporate Governance
  • Code of Conduct
  • This We Believe
  • Independent (external) audits
  • Ethical culture
  • Good internal control environment
  • Independent Board
  • Transparency in financial reporting
  • Well documented processes
  • Competence (training and education)

12
Finance Role in Corporate Governance
  • One good definition of Corporate Governance is. .
    .
  • A hefty-sounding phrase that really just means
    oversight of a companys management - making sure
    the business is run well and investors are
    treated fairly.

From The Wall Street Journal (article by Judith
Burns)
13
Internal Controls - Myth or fact?
  • Myth or Fact?

14
Internal Controls - Myth or fact?
  • 1) Internal control starts with a strong set of
    policies and procedures.
  • Myth or Fact?
  • Myth
  • FACT Internal control starts with a strong
    control environment.

15
Internal Controls - Myth or fact?
  • 2) Management is the owner of internal controls.
  • Myth or Fact?

Fact
16
Internal Controls - Myth or fact?
Myth FACT Internal controls should be built
into, not onto, business processes.
  • 3) Internal controls are a necessary evil. They
    take time away from our core activities - making
    and selling products, and serving customers.
  • Myth or Fact?

17
Internal Controls - Myth or fact?
  • 4) Effective internal controls provide
    reasonable, but not absolute, assurance that the
    organizations objectives will be achieved.
  • Myth or Fact?

Fact
18
Internal Controls - Myth or fact?
  • 5) With downsizing and empowerment, we need
    different forms of control.
  • Myth or Fact?

Fact
19
Internal Control - Key Concepts
  • Internal control is a process. Its a means to
    an end, not an end in itself.
  • Internal control is effected by people. Its not
    simply policy manuals and forms, but people at
    every level of an organization.
  • Internal control can be expected to provide only
    reasonable assurance, not absolute assurance, to
    an entitys management and board.
  • Internal control is geared to the achievement of
    objectives.

20
Committee of Sponsoring Organizations (COSO)
  • Widely respected authority on internal controls
  • Self-regulation by industry
  • Created a framework for developing and evaluating
    internal controls the COSO model
  • This framework can be used to demonstrate
    compliance with the Sarbanes-Oxley act

21
Committee of Sponsoring Organizations (COSO)
  • COSO Definition of Internal Control
  • A process, effected by the Companys board of
    directors, management and other employees,
    designed to provide reasonable assurance that
    objectives will be achieved in the following
    categories
  • effectiveness and efficiency of operations
  • reliability of decision making information,
    including financial reporting
  • compliance with applicable laws and regulations

22
COSO Model
One common way to illustrate the five components
of COSO is as a pyramid, with the fifth
component, information and communication, being
done at all levels.
23
COSO Model
  • Control Environment Sets the tone for the
    organization. Includes integrity, ethical
    values, managements philosophy and operating
    style.
  • Risk Assessment Includes setting clear
    objectives and identification of risks, both
    internal and external, that will prevent a
    company from achieving its objectives.
  • Control Activities Process steps taken to
    achieve objectives, and include many typical
    controls such as segregation of duties, approval
    and authorizations, system controls, and
    reconciliations.
  • Monitoring ongoing reviews, separate
    evaluations, reporting and correcting
    deficiencies.
  • Information and communication Ensuring that
    timely, adequate information is captured and
    communicated, and fostering open communications
    up, down, and across the organization.

24
COSO Model - Hard/Soft Controls
25
Application of COSO Model
  • Example New Product Development Process

Stage-gate reviews, tracking against MEAs
Project team meetings, management updates
MEAs, A162s, stage-gate approvals
Development of success criteria
Company culture
26
Internal Control
COSO Component
  • Bank Reconciliations
  • Financial Policies
  • Risk Management
  • Standards of Conduct
  • Budgets
  • Project Success Criteria
  • Strategic Planning
  • Segregation of Duties
  • Weekly sales reports
  • Internal audits
  • Control Activity
  • Control Environment
  • Risk Assessment
  • Control Environment
  • Monitoring
  • Risk Assessment
  • Risk Assessment
  • Control Activity
  • Information Communication
  • Monitoring

27
Finance Role in Corporate GovernanceCASE STUDY
  • Four roles in case sales, finance, credit,
    planning
  • Discuss as a group
  • What controls are present
  • What risks remain
  • What controls should be added to mitigate risks
  • Write needed controls on flipcharts identify
    COSO category
  • Present to class

28
Sarbanes-Oxley Overview - Why?
  • Governments around the world are enacting
    legislation to enhance financial accountability
  • Sarbanes-Oxley Act - U.S. (2002)
  • Cromme Code - Germany (2003)
  • Loi de Sécurité Financière - France (2003)
  • King Code 2 - South Africa (2002)
  • Multilateral Instrument 52-109 - Canada (2004)
  • Sarbanes-Oxley Act
  • Applies to all public companies.
  • Requires the CEO and CFO to certify that the
    financial statements are a complete and accurate
    representation of the condition of the business.
  • Requires an annual internal control report,
    certified by management, stating that the
    internal control structure and procedures are
    sound, as verified through testing.
  • Requires the external auditor to attest to the
    soundness of the internal control structure to
    ensure that the financial results of the company
    are properly reported.

29
As a private company, we have elected to comply
with selected provisions of Sarbanes-Oxley.
  • Why has ABC Company elected to comply?
  • It is good business practice.
  • Increasingly, lenders and investment bankers are
    using the acts provisions as a due-diligence
    gold standard some Chicago banks are requiring
    CFOs and CEOs to certify financial statements in
    their loan covenants with private companies.
  • Anticipate that this will become a minimum
    standard requirement impacting banking and Merger
    Acquisition decisions.

30
Sarbanes Oxley Act
ABC Company will implement the following sections
31
Sarbanes Oxley Act Section 201
32
Sarbanes Oxley Act Section 201
  • External Auditor Independence
  • Prevents external auditors from performing nine
    services
  • Bookkeeping services
  • Appraisals or valuation services
  • Actuarial services
  • Financial information systems design and
    implementation
  • Management functions or HR services
  • Internal Audits
  • Broker-dealer, investment advisor, or
    investment banking services
  • Legal services
  • Expert services unrelated to auditing
  • Other services determined by PCAOB regulations

33
Sarbanes Oxley Act Section 201 at ABC Company
  • External Auditor Independence
  • All subsidiaries will ensure external auditor
    independence. This is effective July, 2003
  • The Corporate Controller has sent out guidelines
    for the services our external auditors can and
    can not do for our company
  • Corporate Tax gives guidance to subsidiaries
    identifying what types of tax services our
    auditors can provide, and when we need to hire
    other advisors
  • The audit partner can only be assigned to ABC
    Company for 5 years
  • This assures that the auditors (EY) maintain an
    unbiased position and are not influenced by other
    commercial dealings with ABC Company

34
Sarbanes Oxley Act Section 301
35
Sarbanes Oxley Act Section 302
36
Sarbanes Oxley Act Section 302
  • What is required of the CEO and CFO?
  • Each annual and quarterly report must be reviewed
    by both the CEO and CFO
  • They must certify that the reports do not contain
    any falsehoods or misleading statements or omit
    any material facts
  • They must certify that the reports are a fair
    representation of the financial condition and the
    results of the companys operations
  • The CEO and CFO must state that they are
    responsible for establishing and maintaining
    disclosure controls and procedures, evaluating
    the effectiveness of the controls within the last
    90 days, and have presented their conclusions to
    the effectiveness of those controls and
    procedures
  • The CEO and CFO must have disclosed to the
    external auditors and the Audit Committee all
    significant deficiencies in the design or
    operation of internal controls and any fraud,
    material or not, that involves management or
    other employees who have a significant role in
    the companys internal controls
  • The CEO and CFO must indicate whether or not
    there has been any significant change in internal
    controls since the previous report

37
Sarbanes Oxley Act Section 302 at ABC Company
  • All subsidiaries will certify their financial
    results annually. This was effective July, 2003.
  • Each General Manager and Financial Director signs
    a statement indicating the reported annual
    financial results are a true picture of their
    companys financial position.
  • All ABC Company operations are required to
    certify their results.

38
Sarbanes Oxley Act - Section 401
39
Sarbanes Oxley Act - Section 404
40
Sarbanes Oxley Act Section 404
  • Each annual report must contain an internal
    control report, which
  • States that management is responsible for
    establishing and maintaining internal controls
    over financial reporting
  • Legal compliance
  • Efficiency and effectiveness of operations
  • Assesses the effectiveness of such controls as of
    the end of the most recent fiscal year
  • The companys external auditors must attest to
    and report on managements assessment of its
    internal controls

Not in scope
The internal control report, required by 404, is
what gives management the assurance they need to
complete the 302 assertions.
41
Sarbanes-Oxley Section 404 at ABC Company
  • Project SOAR
  • Controls group within Global COE
  • Implementation in
  • conjunction with Global One.
  • Implementation targeted to begin after year-end
    2005/06.

42
Sarbanes Oxley Attest Readiness (SOAR) Model
  • PILLARS
  • Local Work
  • By Process

Control Framework Structure Content
  • BRICKS
  • Centralized
  • One time work

Accounts/Processes/Systems/Locations Matrix
Materiality Thresholds
COSO Model
43
Layer One The COSO Model
  • The Control Activities layer of the COSO model
    is key to controls developed for Sarbanes-Oxley
    404 compliance.

PILLARS
Control Framework Structure Content
  • BRICKS

Materiality Thresholds
Accounts/Processes/Systems/Locations Matrix
COSO Model
44
Layer Two Materiality Thresholds
External Testing Attestation
Control Framework Structure Content
Accounts/Processes/Systems/Locations
Materiality Thresholds
COSO Model
  • Material Thresholds define the scope of work
  • What work is required at which ABC Company
    locations?
  • Which financial line items are large enough that
    the auditors are concerned about controls?

45
Materiality defined
Locations
Financial Statement Line Items
  • Larger
  • Comprise over 80 of annual Account Revenue and
    Total Assets.
  • All entities are above 40mm in Account Revenue
  • Using SAP
  • All other
  • Limited scope for Sarbanes-Oxley
  • Special consideration
  • Entity-level risk assessment
  • Corporate finance business process risk
    assessment
  • History of misstatement, errors, or control
    breakdowns
  • Judgment of Corporate Controller and/or Director
    of Audit
  • Locations that do not cross the materiality
    threshold, but contribute more than 5 to the
    consolidated balance of a material financial
    statement line item
  • Material
  • A profit and loss or balance sheet line item
    greater than 5 of Operating Profit
  • All other
  • Not included for Sarbanes-Oxley
  • Special consideration
  • Additional qualitative factors, such as level of
    dependency on judgment, estimates, or actuarial
    assumptions

46
Companies fall into two categories
ABC Company Locations
Larger
All Other
  • Eurafne
  • Portugal
  • Turkey
  • Greece
  • Romania
  • Norway
  • Sweden
  • Russia
  • Ukraine
  • Czech Republic
  • Hungary
  • Slovakia
  • Egypt
  • Saudi Arabia
  • Kenya
  • Ghana
  • Nigeria
  • Morocco
  • Headquarters
  • Holding Cos.
  • Americas
  • Venezuela
  • Paraguay
  • Uruguay
  • El Salvador
  • Costa Rica
  • Ecuador
  • Peru
  • Chile
  • Colombia
  • North America
  • Puerto Rico
  • Barbados
  • Dominican Republic
  • Americas
  • Mexico
  • Brazil
  • Argentina
  • Asia-Pacific
  • Japan (incl. Japan Trading)
  • China
  • Indonesia (JHHP)
  • Korea
  • Australia
  • North America
  • Canada
  • ABC Company including
  • US Consumer
  • Headquarters
  • Regional Staffs
  • ABC Company Investments
  • Eurafne
  • Britain
  • France
  • Italy
  • Germany
  • Spain
  • Benelux
  • Belgium
  • Netherlands
  • Luxembourg
  • Poland
  • Britain Eurafne
  • Frimley
  • CMSE
  • Regional Staff
  • Europlant
  • South Africa
  • Switzerland
  • Algeria
  • Gulf Hub
  • Bulgaria
  • Croatia
  • Denmark
  • Asia - Pacific
  • New Zealand
  • India PPL
  • India KAPL
  • Taiwan
  • Hong Kong
  • Indonesia - SCJ
  • Philippines
  • Singapore
  • Malaysia
  • Pakistan
  • Vietnam
  • Thailand

Italics identify non GO-enabled entities.
All Other locations fall into two categories
those with SAP implemented and those on other
systems.
47
What does it mean if my country is in one column
or the other?
  • Large Subsidiaries
  • Documentation, Flow Chart, and Controls for all
    financially-significant sub-processes performed
    locally. This includes any IT General Controls
    for local systems (such as payroll).
  • All sub-processes will go through all four
    pillars annually beginning after year-end
    2005/06.
  • Complete work on documentation for Payroll,
    Benefits, Local Taxes and budgets in 2005/06.
  • Other Subsidiaries
  • Control activities documented for risks for four
    key sub-processes
  • All four pillars completed annually after
    year-end 2005/06 for the key sub-processes.
  • If you use SAP, you will also have to sign off on
    documentation for other processes annually, but
    will not be required to perform testing.

Scope is different for different sizes of
companies.
48
Layer Two Accounts/Processes/Systems/Locations
External Testing Attestation
Control Framework Structure Content
Materiality Thresholds
Accounts/Processes/Systems/Locations
COSO Model
  • Controls occur at the process level for a
    business, and in the systems that enable that
    process. We need to map the accounts to the
    processes that generate the numbers, then to the
    systems that enable the process for each location.

49
Layer Two Accounts/Systems/Processes/Locations
All controls occur at the process and system
level.
To ensure that proper controls are in place for
all material financial line items, all accounts
must be mapped to processes, and their IT enabler
must be identified for each location.
50
The processes that generate the financial numbers
4 key sub-processes The Big Four
Other local financially-significant sub-processes.
Large operations will test controls for all
financially-significant sub-processes. All Other
operations will test the Big Four.
51
Additional processes
Local processes, contd
Corporate Finance and BPT processes
52
Layer Three Control Frameworks
External Testing Attestation
Control Framework Structure Content
Materiality Thresholds
Accounts/Processes/Systems/Locations
COSO Model
  • Controls occur at the process level for a
    business, and in the systems that enable that
    process. We need to map the accounts to the
    processes that generate the numbers, then to the
    systems that enable the process for each location.

53
Controls Frameworks are the tie between the
Bricks and Pillars.
  • The Act requires that each financially
    significant process, those that generate numbers
    that are in the financial statements, must have
    specific documentation.
  • A small number of other processes, such as
    payroll, local taxes and budgets, are performed
    outside of SAP and will also have to be
    documented at the local level.
  • All Other companies will only complete Controls
    Frameworks for the Big Four. No additional
    documentation is needed.

54
Control Framework
A Control Framework has three parts ? Control
Objectives - DESCRIBES a controlled
environment. ?Risks - Tells WHAT can go
wrong. ?Control Activities - Explains HOW the
activity will be performed to reduce the risk.
SAMPLE
?
?
?
Control Frameworks will be maintained centrally,
in Racine, for all locations. These are the
global standards.
55
Bricks
  • Bricks represent the framework of the Sarbanes
    Oxley 404 effort. They are the structure for the
    effort.
  • Bricks are maintained centrally by the Global
    COE.
  • Base for the effort is the COSO model.
  • All ABC companies will participate, but the
    effort will be greater for the larger companies
    than for the smaller companies.
  • Control Frameworks are the link between the
    Bricks and Pillars.

56
PILLAR 1 Documentation
Documentation
Control Framework Structure Content
Accounts/Processes/Systems/Locations Matrix
Materiality Thresholds
COSO Model
Legislation requires a flowchart and narrative
for the process, and documentation of the
controls in place. The documentation developed
for Global One meets these requirements and will
be used as a standard for all processes.
57
Controls Assertions Localization
  • Sarbanes Oxley states that companies have to
    assess controls in two ways
  • Design Effectiveness Are the controls designed
    properly?
  • Operating Effectiveness Are the controls
    actually operating correctly?
  • ABC Company is doing this in two steps
  • The Controls group is analyzing proposed local
    controls (when different from Global Controls)
    for design effectiveness. Once approved, the
    controls will be designed effectively.
  • Each location needs to test for operating
    effectiveness.
  • How do we ensure that we have designed solid
    local control activities?

58
Pillar 2 Testing Assessment
PILLARS
Control Framework Structure Content
  • BRICKS

Materiality Thresholds
Accounts/Processes/Systems/Locations Matrix
COSO Model
59
Planning the Testing
  • In each operation, testing is best performed by
    someone who is independent from whoever is
    performing the work.
  • Options for testers include
  • Other departments in the company, e.g. someone in
    AP tests the AR controls AR tests the GL
    controls etc.
  • If there is another ABC company nearby, the
    companies can set up testing of each others
    processes.
  • Summer interns work well as does trained
    contract help
  • Other ideas?
  • When we need to attest the results, we will need
    to have more independent testing.

60
Sampling Size Chart
61
How to prepare?
  • If you are an SAP location, review control
    activities sent by the Controls group and ensure
    that controls are in place.
  • If you are an SAP location, review the
    documentation for processes, ensuring that it is
    in place for your company.
  • If you are not an SAP location, you will be
    contacted about the four main financial
    sub-processes. There will be risks that apply to
    all locations, and you will provide the control
    activities.
  • Contact the Controls group with any questions
  • Marie Kidder
  • Hsiu Hua (Emily) Liu

62
Pillars Management Review
PILLARS
Control Framework Structure Content
  • BRICKS

Accounts/Processes/Systems/Locations Matrix
Materiality Thresholds
COSO Model
This is a critical review of the testing and
assessment that have been done up to this point.
63
Pillars Management Assertion
PILLARS
Control Framework Structure Content
  • BRICKS

Accounts/Processes/Systems/Locations Matrix
Materiality Thresholds
COSO Model
This step is performed by the General Manager and
Finance Director for each subsidiary and by the
CEO and CFO for the entire company.
64
External Testing Attestation
  • This work would be done by our external auditors.
  • Review of all of our testing, assessment and
    assertions.
  • Re-perform testing of some key controls
  • Attest that our controls are properly designed
    and executed.

External Testing Attestation
Control Framework Structure Content
Materiality Thresholds
Accounts/Processes/Systems/Locations
COSO Model
  • We will contract for this work only when required
    by some external event.

But we must be ready.
65
Finance Role in Corporate Governance
Review Course Objectives
  • Develop a common understanding of what corporate
    governance means at ABC Company
  • Gain a practical understanding of the COSO model
    for internal controls
  • Be able to apply COSO to business processes
  • Understand the main requirements of the
    Sarbanes-Oxley act of 2002
  • Gain an awareness of how ABC Company will address
    the requirements of the Act
About PowerShow.com