TrendsTalk: Sarbanes-Oxley and your Supplier Evaluation Process

1. TrendsTalk: Sarbanes-Oxley and your Supplier Evaluation Process Thank you for attending today�s TrendsTalk presentation on Sarbanes-Oxley and your Supplier Evaluation Process. Today, we will be discussing Sarbanes-Oxley, specifically what it is, what it means to a purchasing professional, the challenges that exist in achieving compliance, best practices other companies are leveraging today and then wrap up with a Q&A. Now I would like to introduce Moneesh Arora, who will be leading the presentation today. Moneesh Arora is VP of D&B�s Supply Management Solutions. He is responsible for the development and implementation of global sourcing and procurement strategies across D&B's Global 2000 customer base. His 14 years of experience in finance, strategic sourcing, supply management and technology integration serves him well in this role. In 2002, he served as the Compliance Champion for D&B. Most recently, Moneesh delivered the keynote for the Conference Board E-Procurement Conference on �Compliance � what is it and how do I achieve it?� Additionally, he has also sat on many panel discussions dealing with key trends in the industry, including the hot topic of compliance. With that, I will now turn the presentation over to Moneesh. Thank you Dan Today, Sarbanes-Oxley is top of mind for most companies. It is what keeps CEOs up at night. It was created because the increased skepticism about the accuracy and reliability of financial reporting. Lack of process surrounding supply chain transactions impact financial reporting. This results in understated or overstated reserves or understated or overstated liabilities as well as potential risk. Basically companies need to know their true net liability � including supplier, sourcing and purchasing guarantees, volume purchase commitments, assets acquired by supplier on company�s behalf and capacity reserves at supplier facilities. We will discuss the implications of Sarbanes-Oxley for procurement professionals. Specifically, do you have internal controls and processes in place to evaluate your suppliers? And more importantly, are you using them? Thank you for attending today�s TrendsTalk presentation on Sarbanes-Oxley and your Supplier Evaluation Process. Today, we will be discussing Sarbanes-Oxley, specifically what it is, what it means to a purchasing professional, the challenges that exist in achieving compliance, best practices other companies are leveraging today and then wrap up with a Q&A. Now I would like to introduce Moneesh Arora, who will be leading the presentation today. Moneesh Arora is VP of D&B�s Supply Management Solutions. He is responsible for the development and implementation of global sourcing and procurement strategies across D&B's Global 2000 customer base. His 14 years of experience in finance, strategic sourcing, supply management and technology integration serves him well in this role. In 2002, he served as the Compliance Champion for D&B. Most recently, Moneesh delivered the keynote for the Conference Board E-Procurement Conference on �Compliance � what is it and how do I achieve it?� Additionally, he has also sat on many panel discussions dealing with key trends in the industry, including the hot topic of compliance. With that, I will now turn the presentation over to Moneesh. Thank you Dan Today, Sarbanes-Oxley is top of mind for most companies. It is what keeps CEOs up at night. It was created because the increased skepticism about the accuracy and reliability of financial reporting. Lack of process surrounding supply chain transactions impact financial reporting. This results in understated or overstated reserves or understated or overstated liabilities as well as potential risk. Basically companies need to know their true net liability � including supplier, sourcing and purchasing guarantees, volume purchase commitments, assets acquired by supplier on company�s behalf and capacity reserves at supplier facilities. We will discuss the implications of Sarbanes-Oxley for procurement professionals. Specifically, do you have internal controls and processes in place to evaluate your suppliers? And more importantly, are you using them?

2. 2 Sarbanes-Oxley - a requirement that is also an opportunity �Most observers would agree that the Sarbanes-Oxley Act (SOA) is the single most important piece of legislation affecting corporate governance, financial disclosure and the practice of public accounting since the US securities laws of the early 1930s.� PWC �Companies that just see this as a reporting requirement will lose out. Companies that put together a supply chain risk management process with their partners will extract the biggest gain from their efforts.� AMR Research ��There is a hidden benefit in Sarbanes-Oxley, these new internal controls help run businesses more effectively�such as avoiding overspending, operational failures, fraud and litigation.� Edward Nusbaum, CEO, Grant Thornton Chief Executive, May 2003 We must recognize that while Sarbanes-Oxley is law that is also an opportunity for companies to run their businesses better. The Sarbanes-Oxley Act of 2002 is the foundation for the new responsibilities for corporate governance, management reporting, financial disclosures, internal controls and expanded responsibilities of auditors. Analysts agree that Sarbanes-Oxley Act (SOA) is considered the single most important piece of legislation affecting corporate governance, financial disclosure and the practice of public accounting since the US securities laws of the early 1930s.� PWC AMR Research states �Companies that just see this as a reporting requirement will lose out. Companies that put together a supply chain risk management process with their partners will extract the biggest gain from their efforts.� Edward Nusbaum, CEO of Grant Thornton says ��There is a hidden benefit in Sarbanes-Oxley, these new internal controls help run businesses more effectively�such as avoiding overspending, operational failures, fraud and litigation.� We must recognize that while Sarbanes-Oxley is law that is also an opportunity for companies to run their businesses better. The Sarbanes-Oxley Act of 2002 is the foundation for the new responsibilities for corporate governance, management reporting, financial disclosures, internal controls and expanded responsibilities of auditors. Analysts agree that Sarbanes-Oxley Act (SOA) is considered the single most important piece of legislation affecting corporate governance, financial disclosure and the practice of public accounting since the US securities laws of the early 1930s.� PWC AMR Research states �Companies that just see this as a reporting requirement will lose out. Companies that put together a supply chain risk management process with their partners will extract the biggest gain from their efforts.� Edward Nusbaum, CEO of Grant Thornton says ��There is a hidden benefit in Sarbanes-Oxley, these new internal controls help run businesses more effectively�such as avoiding overspending, operational failures, fraud and litigation.�

3. 3 Sarbanes-Oxley has redefined how we do business today Legal and regulatory focus on internal controls, including timely ability to access and analyze information Established disclosure controls and procedures Certify completeness and quality of disclosure and procedures Publicly file Internal Control report Real time disclosure obligations Accelerated filing deadlines New and increased criminal penalties New and expanded role of the audit committee Increased SEC review Good Internal Controls Is No Longer Best Practice �It Is The Law! Sarbanes-Oxley has redefined how we do business today. The act has resulted in changes in controls and compliance practices at nearly 85% of large multi-national companies. The Act brings a new legal and regulatory focus on internal controls, including the timely ability to access and analyze information with respect to a Company's finances and operations. The Act makes the CEO and CFO responsible for establishing and maintaining disclosure controls and procedures, which will ensure they are provided with all material information on a timely basis. The Act requires, on a quarterly and annual basis, that the CEO and CFO must individually certify that (a) the internal control system they have established provides them with all the material information they need on a timely basis, and (b) that they have evaluated the internal control system and found it sufficient (or they must identify the weaknesses). The Act requires that the Company's 10K include an "internal control report" containing an assessment of the company's internal control system; this assessment must in turn be reported on by the Company's external auditors. The Act requires 'real time' disclosure of any information concerning changes to a Company's financial condition or operations, including tend or qualitative information. This real time demands the SOX be considered an ongoing process, not a one-time initiative. The SEC has approved accelerated filing deadlines for the quarterly and annual reports (the deadlines to be phased in over the next three years). The Act substantially increases existing criminal penalties and creates new criminal penalties for violation of the securities laws and misconduct relating to fraudulent representations in the marketplace. These fines are hefty � up to $5 million and 20-years in prison for regulatory violations. The Act will effect material changes to the role (and composition) of the Audit Committee including that the audit committee is now responsible for the appointment, compensation and oversight of the work of the Company's auditor, with the Company's auditor now reporting directly to the Audit Committee. The Act requires increased and enhanced SEC review of�Company disclosures with more frequent audits required for companies who have had to restate their financials. Although only required for public companies today, it is destined to become best practices for private companies as well. We will focus on how to enable management assessment of internal controls and real-time disclosures, including timely ability to access and analyze accurate supplier information. It is important to mention that this should be considered one component of a company�s overall prescription to achieve compliance. Sarbanes-Oxley has redefined how we do business today. The act has resulted in changes in controls and compliance practices at nearly 85% of large multi-national companies. The Act brings a new legal and regulatory focus on internal controls, including the timely ability to access and analyze information with respect to a Company's finances and operations. The Act makes the CEO and CFO responsible for establishing and maintaining disclosure controls and procedures, which will ensure they are provided with all material information on a timely basis. The Act requires, on a quarterly and annual basis, that the CEO and CFO must individually certify that (a) the internal control system they have established provides them with all the material information they need on a timely basis, and (b) that they have evaluated the internal control system and found it sufficient (or they must identify the weaknesses). The Act requires that the Company's 10K include an "internal control report" containing an assessment of the company's internal control system; this assessment must in turn be reported on by the Company's external auditors. The Act requires 'real time' disclosure of any information concerning changes to a Company's financial condition or operations, including tend or qualitative information. This real time demands the SOX be considered an ongoing process, not a one-time initiative. The SEC has approved accelerated filing deadlines for the quarterly and annual reports (the deadlines to be phased in over the next three years). The Act substantially increases existing criminal penalties and creates new criminal penalties for violation of the securities laws and misconduct relating to fraudulent representations in the marketplace. These fines are hefty � up to $5 million and 20-years in prison for regulatory violations. The Act will effect material changes to the role (and composition) of the Audit Committee including that the audit committee is now responsible for the appointment, compensation and oversight of the work of the Company's auditor, with the Company's auditor now reporting directly to the Audit Committee. The Act requires increased and enhanced SEC review of�Company disclosures with more frequent audits required for companies who have had to restate their financials. Although only required for public companies today, it is destined to become best practices for private companies as well. We will focus on how to enable management assessment of internal controls and real-time disclosures, including timely ability to access and analyze accurate supplier information. It is important to mention that this should be considered one component of a company�s overall prescription to achieve compliance.

4. 4 Compliance is challenged during the supplier registration and evaluation process The manual qualification process is time consuming Inconsistent or incorrect supplier data leads to inaccurate reporting Lack of third party information to validate supply-based decisions Inability to uncover the risk associated with potential or existing suppliers Compliance is constantly challenged during the supplier registration and evaluation process Currently, most companies use a manual qualification process that is both time consuming and costly. There�s paper and lots of it. Inconsistent or incorrect supplier data also leads to inaccurate reporting. Surprisingly, this is a common problem for many companies with ERP systems, they invest in technology but not in maintaining the information. Additionally, companies do not leverage the third party information to validate all your supply-based decisions. Third party validation helps comply with the key components of SOX. And surprisingly, many companies do not have the ability to uncover the risk associated with an individual supplier and/or with a supplier�s corporate family. Ultimately, it is important to both. A critical supplier, linked to a struggling corporate family could put your inventory and revenues at risk. Compliance is constantly challenged during the supplier registration and evaluation process Currently, most companies use a manual qualification process that is both time consuming and costly. There�s paper and lots of it. Inconsistent or incorrect supplier data also leads to inaccurate reporting. Surprisingly, this is a common problem for many companies with ERP systems, they invest in technology but not in maintaining the information. Additionally, companies do not leverage the third party information to validate all your supply-based decisions. Third party validation helps comply with the key components of SOX. And surprisingly, many companies do not have the ability to uncover the risk associated with an individual supplier and/or with a supplier�s corporate family. Ultimately, it is important to both. A critical supplier, linked to a struggling corporate family could put your inventory and revenues at risk.

5. 5 Another huge challenge for companies is how quickly businesses change today In the next 60 minutes � 251 businesses will have a suit, lien or judgment filed against them 183 business telephone numbers will change or be disconnected 43 business addresses will change 36 directorship (CEO, CFO, etc.) changes will occur 33 new businesses will open their doors 8 companies will change their names 7 businesses will file for bankruptcy So in a year� 21% of CEO�s will change 20% of all addresses change 18% of telephone numbers will change 17% of business names will change Another huge challenge for companies is how quickly businesses change today In the next 60 minutes � 251 businesses will have a suit, lien or judgment filed against them � this is material information required for real time disclosure 7 businesses will file for bankruptcy - With the new regulations, companies are asking themselves, are any of these bankrupt suppliers material to my business � in which case I am obligated to report it. Now let�s take a look at the implications for a full year. 21% of CEO�s will change 20% of all addresses change 18% of telephone numbers will change 17% of business names will change In today�s environment, you are now required to keep track of this change and how it will impact your business. It is easy to understand why compliance, in particular real-time disclosure obligations is so challenging. Another huge challenge for companies is how quickly businesses change today In the next 60 minutes � 251 businesses will have a suit, lien or judgment filed against them � this is material information required for real time disclosure 7 businesses will file for bankruptcy - With the new regulations, companies are asking themselves, are any of these bankrupt suppliers material to my business � in which case I am obligated to report it. Now let�s take a look at the implications for a full year. 21% of CEO�s will change 20% of all addresses change 18% of telephone numbers will change 17% of business names will change In today�s environment, you are now required to keep track of this change and how it will impact your business. It is easy to understand why compliance, in particular real-time disclosure obligations is so challenging.

6. 6 A recent survey echoes the challenges supply management organizations face in conforming with the Sarbanes-Oxley Act A recent survey done by Aberdeen with 106 corporate executives echoes the challenges supply management organizations face in conforming with the Sarbanes-Oxley Act. As you can see here, 34% cite �accurate and timely visibility into spending� as well as �accurate and timely visibility into inventories�, �track and manage supplier conformance to non-price contract terms�. While companies have invested in technology, they have not invested in maintaining the integrity of their supplier information. You can not report what you can not see. Bottom line - technology alone is no longer a strategy, correct information, correctly reported is. A recent survey done by Aberdeen with 106 corporate executives echoes the challenges supply management organizations face in conforming with the Sarbanes-Oxley Act. As you can see here, 34% cite �accurate and timely visibility into spending� as well as �accurate and timely visibility into inventories�, �track and manage supplier conformance to non-price contract terms�. While companies have invested in technology, they have not invested in maintaining the integrity of their supplier information. You can not report what you can not see. Bottom line - technology alone is no longer a strategy, correct information, correctly reported is.

7. 7 The survey also asked what key business application strategies companies will use to address Sarbanes-Oxley Act requirements The survey also asked what key business application strategies companies will use to address Sarbanes-Oxley Act requirements. 41% replied that they needed to �identify existing features and functions of supply management systems� to help meet these requirements. This is exactly what we are going to talk about now - how to establish or enhance existing processes with your supply management systems to meet these new regulatory requirements. The survey also asked what key business application strategies companies will use to address Sarbanes-Oxley Act requirements. 41% replied that they needed to �identify existing features and functions of supply management systems� to help meet these requirements. This is exactly what we are going to talk about now - how to establish or enhance existing processes with your supply management systems to meet these new regulatory requirements.

8. 8 To have the confidence to meet the Sarbanes-Oxley requirements, procurement professionals are adopting some best practices: Ensuring the quality of supplier information Establishing standard controls and procedures for supplier registration process Qualifying suppliers better Understanding the risk associated with these suppliers Monitoring the stability of critical suppliers that can affect financial condition Ensuring contract terms and conditions To have the confidence to meet the Sarbanes-Oxley requirements, procurement professionals are adopting some best practices: Ensuring the quality of supplier information Establishing standard controls and procedures for supplier registration process Qualifying suppliers better and more frequently to meet real-time disclosures Understanding the risk associated with these suppliers � and is that risk material to a business Monitoring the stability of critical suppliers that can affect financial condition Ensuring compliance with contract terms and conditions By leveraging these best practices, you can make sure your CEO has more confidence in what he is signing. Now let�s start with the first best practice � quality supplier information. To have the confidence to meet the Sarbanes-Oxley requirements, procurement professionals are adopting some best practices: Ensuring the quality of supplier information Establishing standard controls and procedures for supplier registration process Qualifying suppliers better and more frequently to meet real-time disclosures Understanding the risk associated with these suppliers � and is that risk material to a business Monitoring the stability of critical suppliers that can affect financial condition Ensuring compliance with contract terms and conditions By leveraging these best practices, you can make sure your CEO has more confidence in what he is signing. Now let�s start with the first best practice � quality supplier information.

9. 9 Compliance starts with quality information � we define quality by the accuracy, completeness, timeliness and consistency of the information Compliance starts with quality information. Quality information leads to confident decisions. Confident decisions helps with piece of mind around Sarbanes-Oxley. We define quality by the accuracy, completeness, timeliness and consistency of the information. Specifically: Accuracy � having the right information on the right business Completeness � providing breadth and depth of data Timeliness � making frequent updates to keep the information fresh Cross-Border Consistency � which provides consistent data across the globe So you are probably asking yourself: How does your company manage their supplier information? How do you define quality? Well, at D&B, we know the answer - most companies don�t have a data strategy and don�t define quality in terms of information. Why? Because it is not their core competency � it is D&B�s. Your company is rightly focused on doing what is your core competency, similarly, we are focused on managing information. Compliance starts with quality information. Quality information leads to confident decisions. Confident decisions helps with piece of mind around Sarbanes-Oxley. We define quality by the accuracy, completeness, timeliness and consistency of the information. Specifically: Accuracy � having the right information on the right business Completeness � providing breadth and depth of data Timeliness � making frequent updates to keep the information fresh Cross-Border Consistency � which provides consistent data across the globe So you are probably asking yourself: How does your company manage their supplier information? How do you define quality? Well, at D&B, we know the answer - most companies don�t have a data strategy and don�t define quality in terms of information. Why? Because it is not their core competency � it is D&B�s. Your company is rightly focused on doing what is your core competency, similarly, we are focused on managing information.

10. 10 Our process of collecting and enhancing data is called DUNSRightTM and consists of Quality Assurance plus five quality drivers That�s why over 90% of the Fortune 1000 companies rely on D&B to manage their information. D&B has been collecting and enhancing data for over 160 years. This process is called DUNSRightTM and consists of Quality Assurance plus five quality drivers. Quality information behind every supplier decision - This is how D&B does it. The first driver, Global Data Collection, is a perfect example of our commitment to quality. We use multiple sources of data to create more robust and accurate information. Entity Matching: We take your information and match it against our database. Entity Matching ensures that disparate data elements are associated with the right business and that we make it quick and easy for customers to find. This ensures that you are not reporting duplicate information such as suppliers, inventory or revenues. Critical to our successful matching is the fact that every business in our database is uniquely identified by a single nine digit number, called the DUNS Number. Exclusive to D&B, a DUNS Number is never reassigned and follows a business through every phase of its life, including bankruptcy. No other numbering system is as established, recognized and globally accepted. This allows us to authenticate the businesses you are doing business with to meet SOX requirements. One of the reasons, the DUNS Number is so powerful is Corporate Linkage. Corporate Linkage reveals relationships between suppliers you may never have known existed. The benefits are enormous in helping you uncover potential risks or exposure in your supplier portfolio. If the corporate risk is material to your business, it must be reported. That�s the law. We also build Predictive Indicators to make your information more actionable. Predictive Indicators help you assess the level of risk associated with suppliers, risk that could dramatically impact your supply chain. Again, it a critical supplier is at risk, material to your financial condition, it must be reported. So you can easily see how DUNSRight helps you enable compliance to SOX - from supplier verification to reporting any material information about suppliers that may impact your company�s financial condition or operations. Consider this � if maintaining quality information was important before, it is critical now. D&B has best-in-class process that demands quality information as defined by ACT + C � accuracy, completeness, timeliness, and cross-border consistency. That�s why over 90% of the Fortune 1000 companies rely on D&B to manage their information. D&B has been collecting and enhancing data for over 160 years. This process is called DUNSRightTM and consists of Quality Assurance plus five quality drivers. Quality information behind every supplier decision - This is how D&B does it. The first driver, Global Data Collection, is a perfect example of our commitment to quality. We use multiple sources of data to create more robust and accurate information. Entity Matching: We take your information and match it against our database. Entity Matching ensures that disparate data elements are associated with the right business and that we make it quick and easy for customers to find. This ensures that you are not reporting duplicate information such as suppliers, inventory or revenues. Critical to our successful matching is the fact that every business in our database is uniquely identified by a single nine digit number, called the DUNS Number. Exclusive to D&B, a DUNS Number is never reassigned and follows a business through every phase of its life, including bankruptcy. No other numbering system is as established, recognized and globally accepted. This allows us to authenticate the businesses you are doing business with to meet SOX requirements. One of the reasons, the DUNS Number is so powerful is Corporate Linkage. Corporate Linkage reveals relationships between suppliers you may never have known existed. The benefits are enormous in helping you uncover potential risks or exposure in your supplier portfolio. If the corporate risk is material to your business, it must be reported. That�s the law. We also build Predictive Indicators to make your information more actionable. Predictive Indicators help you assess the level of risk associated with suppliers, risk that could dramatically impact your supply chain. Again, it a critical supplier is at risk, material to your financial condition, it must be reported. So you can easily see how DUNSRight helps you enable compliance to SOX - from supplier verification to reporting any material information about suppliers that may impact your company�s financial condition or operations. Consider this � if maintaining quality information was important before, it is critical now. D&B has best-in-class process that demands quality information as defined by ACT + C � accuracy, completeness, timeliness, and cross-border consistency.

11. 11 We collect the most complete data about suppliers and with one million daily updates to our database, you can be confident of the real time information We collect the most complete data about suppliers and with one million daily updates to our database, you can be confident of the real time information. We have information on over 85 million businesses, available from over 200 countries in over 95 languages and dialects. D&B uses numerous sources to collect information including: Business Owners, Government Sources, Public Records, Customer Files and Third Party Data, just to name a few. Our multiple source approach to collecting data allows us to: Confirm the accuracy of the data we collect Identify a new supplier Provide a more complete picture of a supplier Provide customers with access to suppliers around the globe This is what we do every day � maintain information on businesses, businesses that are your suppliers. Our breadth and depth of our database and the completeness of our DUNSRight process allows you to be confident you are meeting components of your SarBox obligations. NOTE: Every company has different criteria on exactly what your requirements are, so be sure to check with your auditors. We collect the most complete data about suppliers and with one million daily updates to our database, you can be confident of the real time information. We have information on over 85 million businesses, available from over 200 countries in over 95 languages and dialects. D&B uses numerous sources to collect information including: Business Owners, Government Sources, Public Records, Customer Files and Third Party Data, just to name a few. Our multiple source approach to collecting data allows us to: Confirm the accuracy of the data we collect Identify a new supplier Provide a more complete picture of a supplier Provide customers with access to suppliers around the globe This is what we do every day � maintain information on businesses, businesses that are your suppliers. Our breadth and depth of our database and the completeness of our DUNSRight process allows you to be confident you are meeting components of your SarBox obligations. NOTE: Every company has different criteria on exactly what your requirements are, so be sure to check with your auditors.

12. 12 Our D-U-N-S Number is a unique means of identifying and tracking a business globally so you can authenticate who you are doing business with While our DUNSRight process is a sequential process that has five key drivers, we are going to focus primarily on two of them � DUNS Number and Predictive Indicators. Our D-U-N-S Number is a unique means of identifying and tracking a business globally so you can authenticate who you are doing business with. The D-U-N-S Number is our nine-digit, globally recognized, unique business identifier. It is assigned at the site level and it remains with a business through every phase of its life. There are global policies around D-U-N-S Number assignment that provide for consistency in site identification. The D-U-N-S Number is unique to D&B and it is one of the many benefits of using D&B data. It is retained for the life of a business No two businesses ever receive the same D-U-N-S Number D-U-N-S Numbers are never recycled D-U-N-S Number not assigned until multiple data sources confirm a business�s existence � this enables authentication which is key to SOX. Retained when a company moves anywhere within the same country, unlike competitive numbering systems Acts as industry standard for business identification Recommended by United Nations, European Commission and over 50 industry groups While our DUNSRight process is a sequential process that has five key drivers, we are going to focus primarily on two of them � DUNS Number and Predictive Indicators. Our D-U-N-S Number is a unique means of identifying and tracking a business globally so you can authenticate who you are doing business with. The D-U-N-S Number is our nine-digit, globally recognized, unique business identifier. It is assigned at the site level and it remains with a business through every phase of its life. There are global policies around D-U-N-S Number assignment that provide for consistency in site identification. The D-U-N-S Number is unique to D&B and it is one of the many benefits of using D&B data. It is retained for the life of a business No two businesses ever receive the same D-U-N-S Number D-U-N-S Numbers are never recycled D-U-N-S Number not assigned until multiple data sources confirm a business�s existence � this enables authentication which is key to SOX. Retained when a company moves anywhere within the same country, unlike competitive numbering systems Acts as industry standard for business identification Recommended by United Nations, European Commission and over 50 industry groups

13. 13 Our Predictive Indicators indicate the likelihood of a supplier to perform in a specific way in the future which enables SOX real time disclosures Our Predictive Indicators indicate the likelihood of a supplier to perform in a specific way in the future which enables real time disclosures of suppliers that could have material impact on your financial condition. Managing the risk within your supplier portfolio is no longer a business option, it is a business requirement or more appropriately, law. Predictive Indicators, or scores, enable automation and eliminate the need to manually review every supplier application that comes in. Use Predictive Indicators to set business rules based on your risk tolerance, so that you can automatically accept and reject those applications that fall above or below your threshold. This frees up your valuable resources to focus on reviewing only those isolated applications. This helps with having established internal controls and procedures in place to evaluate your areas of risk. By using Predictive Indicators as part of your internal processes, you are reducing the subjectivity of decisions and ensuring consistency across your entire organization and compliance with your corporate risk policy. Since Predictive Indicators reduce the number of applications that go through labor-intensive manual review, you are able to make more decisions in less time. Not only will you improve the operational efficiency of your purchasing department, but faster turnaround time for applications. This is exactly the type of rigor the Sarbanes-Oxley Act is demanding. Our Predictive Indicators indicate the likelihood of a supplier to perform in a specific way in the future which enables real time disclosures of suppliers that could have material impact on your financial condition. Managing the risk within your supplier portfolio is no longer a business option, it is a business requirement or more appropriately, law. Predictive Indicators, or scores, enable automation and eliminate the need to manually review every supplier application that comes in. Use Predictive Indicators to set business rules based on your risk tolerance, so that you can automatically accept and reject those applications that fall above or below your threshold. This frees up your valuable resources to focus on reviewing only those isolated applications. This helps with having established internal controls and procedures in place to evaluate your areas of risk. By using Predictive Indicators as part of your internal processes, you are reducing the subjectivity of decisions and ensuring consistency across your entire organization and compliance with your corporate risk policy. Since Predictive Indicators reduce the number of applications that go through labor-intensive manual review, you are able to make more decisions in less time. Not only will you improve the operational efficiency of your purchasing department, but faster turnaround time for applications. This is exactly the type of rigor the Sarbanes-Oxley Act is demanding.

14. 14 Many companies are establishing processes and controls for supplier registration to ensure timely ability to access and analyze information, such as: Company search by name, identifier, location, etc Company identification and contact information Demographics information Financial information and references Supplier diversity information Insurance, federal tax and certification information Tier 2 supplier information One best practice that companies are doing is establishing processes and controls for supplier registration to ensure timely ability to access and analyze information. Information such as: Company search by name, identifier, location, etc Company identification and contact information Demographics information Financial information and references Supplier diversity information Insurance, federal tax and certification information Tier 2 supplier information One best practice that companies are doing is establishing processes and controls for supplier registration to ensure timely ability to access and analyze information. Information such as: Company search by name, identifier, location, etc Company identification and contact information Demographics information Financial information and references Supplier diversity information Insurance, federal tax and certification information Tier 2 supplier information

15. 15 By automating it over the Web so they can authenticate suppliers quickly Part of the Sarbanes-Oxley Act is understanding, verifying and authenticating your business partners. Because of this, many companies are standardizing their supplier registration process by automating it over the Web. It starts by enabling existing or prospective suppliers to linking from a company�s website directly to a supplier registration page. D&B offers a solution to increase the efficiency and compliance of your supplier registration process, this solution is called Supplier On Ramp. This solution helps companies easily collect consistent information surrounding the business address, demographics, financial information and reference as well as diversity status. Although we don�t name our customers, what we can say is that the world�s largest retailer and the world�s largest computer manufacturer have recognized the ability of this offering to help them achieve compliance. Interestingly enough, in one situation, the compliance team drove the decision making process around this solution. Part of the Sarbanes-Oxley Act is understanding, verifying and authenticating your business partners. Because of this, many companies are standardizing their supplier registration process by automating it over the Web. It starts by enabling existing or prospective suppliers to linking from a company�s website directly to a supplier registration page. D&B offers a solution to increase the efficiency and compliance of your supplier registration process, this solution is called Supplier On Ramp. This solution helps companies easily collect consistent information surrounding the business address, demographics, financial information and reference as well as diversity status. Although we don�t name our customers, what we can say is that the world�s largest retailer and the world�s largest computer manufacturer have recognized the ability of this offering to help them achieve compliance. Interestingly enough, in one situation, the compliance team drove the decision making process around this solution.

16. 16 Companies can request their suppliers to pre-qualify themselves by searching by their DUNS Number to get their own D&B information The concept behind Supplier On Ramp is simple. Suppliers who want to do business with a company pre-qualify themselves by searching by their DUNS Number or company name to get their own D&B information. Or if they don� t have a DUNS Number, they easily request one. The concept behind Supplier On Ramp is simple. Suppliers who want to do business with a company pre-qualify themselves by searching by their DUNS Number or company name to get their own D&B information. Or if they don� t have a DUNS Number, they easily request one.

17. 17 Or companies can quickly access supplier information by searching by various parameters, such as �all suppliers in their database� Or companies can quickly access supplier information by searching by various parameters, such as �all suppliers in their database�, all verified suppliers or suppliers ranked by supplier risk rating. Or companies can quickly access supplier information by searching by various parameters, such as �all suppliers in their database�, all verified suppliers or suppliers ranked by supplier risk rating.

18. 18 Upon getting results, companies can easily review the verified details surrounding an individual supplier Upon getting search results, companies can easily drill down to the verified details surrounding an individual supplier Upon getting search results, companies can easily drill down to the verified details surrounding an individual supplier

19. 19 Next companies request suppliers to fill in all relevant company information� Besides address information, the following information is requested to help in your decision making and/or compliance. Information such as trade name, CEO or President, URL or ownership information. Next companies request suppliers to fill in all relevant company information� Besides address information, the following information is requested to help in your decision making and/or compliance. Information such as trade name, CEO or President, URL or ownership information.

20. 20 This also allows you to gain detailed demographic information about their business, # of employees, geography, products and services, line of business, information regarding their involvement with government. This also allows you to gain detailed demographic information about their business, # of employees, geography, products and services, line of business, information regarding their involvement with government.

21. 21 Company Contract Information so they can be used to contact the supplier directly. Company Contract Information so they can be used to contact the supplier directly.

22. 22 Suppliers may also be required to provide some financial data like Net Worth and Total Assets (which can be verified by D&B) Suppliers may also be required to provide some financial data like Net Worth and Total Assets (which can be verified by D&B)

23. 23 As well as bank reference information � all this information is particularly relevant to assessing the material impact of a supplier on your businessAs well as bank reference information � all this information is particularly relevant to assessing the material impact of a supplier on your business

24. 24 Additionally, companies can pre-qualify based on supplier diversity information by searching on our supplier diversity database which contains more than 4 million diverse suppliers Additionally, companies can pre-qualify based on supplier diversity information by searching on our supplier diversity database which contains more than 4 million diverse suppliers

25. 25 Once a supplier has completed the registration process, it receives their own Supplier Qualifier Report, which helps qualify based on years in business� Once a supplier has completed the registration process, it receives their own Supplier Qualifier Report, which helps qualify based on years in business This report is forwarded directly from D&B to both company and supplier for evaluation. This information enables companies to qualify suppliers quickly and confidently based on established corporate criteria and third party information. Work with your auditors to you define the criteria. Once defined, you can evaluate existing and potential suppliers based on criteria such as years in business and revenues� Once a supplier has completed the registration process, it receives their own Supplier Qualifier Report, which helps qualify based on years in business This report is forwarded directly from D&B to both company and supplier for evaluation. This information enables companies to qualify suppliers quickly and confidently based on established corporate criteria and third party information. Work with your auditors to you define the criteria. Once defined, you can evaluate existing and potential suppliers based on criteria such as years in business and revenues�

26. 26 �by their assets and liabilities� �by their assets and liabilities��by their assets and liabilities�

27. 27 ...or by the level of risk associated with that supplier - our proprietary score predicts the likelihood of that supplier to go out of business within 12 months ...or by the level of risk associated with that supplier - our proprietary score predicts the likelihood of that supplier to go out of business within 12 months. A prospective supplier with a high risk score of 7, 8 or 9 indicates that it is likely to be out of business within the year. As mentioned, your suppliers can access it from an established supplier registration page or if needed, you can quickly assess a Supplier Qualifier Report from our website to meet real time disclosure obligations. This allows you to comply with Section 409 of SOX. ...or by the level of risk associated with that supplier - our proprietary score predicts the likelihood of that supplier to go out of business within 12 months. A prospective supplier with a high risk score of 7, 8 or 9 indicates that it is likely to be out of business within the year. As mentioned, your suppliers can access it from an established supplier registration page or if needed, you can quickly assess a Supplier Qualifier Report from our website to meet real time disclosure obligations. This allows you to comply with Section 409 of SOX.

28. 28 This helps companies avoid supply chain disruption by identifying critical suppliers with high scores, which can impact their financial condition or operations This material information helps companies avoid supply chain disruption by identifying critical suppliers with high scores, so they can act quickly with preventive measures. Again, any areas of risk that must now be identified and readily available for real time disclosure. You can also review the historical trend or risk shift associated with a supplier or of your entire supplier portfolio. This is exactly the qualitative and trend information that SarBox is demanding. Information that can impact your financial condition. This material information helps companies avoid supply chain disruption by identifying critical suppliers with high scores, so they can act quickly with preventive measures. Again, any areas of risk that must now be identified and readily available for real time disclosure. You can also review the historical trend or risk shift associated with a supplier or of your entire supplier portfolio. This is exactly the qualitative and trend information that SarBox is demanding. Information that can impact your financial condition.

29. 29 Another best practice is reviewing supplier relationships closely � for example, these suppliers appear to be separate and unrelated companies� Another best practice is reviewing supplier relationships closely � for example, these suppliers appear to be separate and unrelated companies�Another best practice is reviewing supplier relationships closely � for example, these suppliers appear to be separate and unrelated companies�

30. 30 But in reality are actually part of the same corporate family But in reality are actually part of the same corporate family� Companies need to define how they look at the risk associated with their supplier portfolio. Three options exist � to evaluate critical suppliers as individual companies, evaluate the corporate families of the critical suppliers or both. Obviously, depending on your corporate criteria, this can dramatically impact how you report your total risk exposure. But in reality are actually part of the same corporate family� Companies need to define how they look at the risk associated with their supplier portfolio. Three options exist � to evaluate critical suppliers as individual companies, evaluate the corporate families of the critical suppliers or both. Obviously, depending on your corporate criteria, this can dramatically impact how you report your total risk exposure.

31. 31 This allows them to identify how much they are spending with those suppliers to understand the total material impact to their business Corporate Linkage allows them to identify how much they are spending with those suppliers to understand their total risk exposure in their supplier portfolio or better said, what is material to the business. Entity matching and corporate linkage work together to enable customers to identify the spend from each individual site and aggregating it across the family tree. In this example, companies may be evaluating the risk associated with the individual spend of $500K � instead of the total exposure of $1.5M associated with the parent company. Understanding risk across a corporate family will enable customers to make different decisions depending on whether the corporate family is Enron or Microsoft. This is a perfect example of �areas of risk� and/or �liability to your financial condition� that Sarbanes-Oxley is looking for. Corporate Linkage allows them to identify how much they are spending with those suppliers to understand their total risk exposure in their supplier portfolio or better said, what is material to the business. Entity matching and corporate linkage work together to enable customers to identify the spend from each individual site and aggregating it across the family tree. In this example, companies may be evaluating the risk associated with the individual spend of $500K � instead of the total exposure of $1.5M associated with the parent company. Understanding risk across a corporate family will enable customers to make different decisions depending on whether the corporate family is Enron or Microsoft. This is a perfect example of �areas of risk� and/or �liability to your financial condition� that Sarbanes-Oxley is looking for.

32. 32 Understanding Corporate Linkage is even more important given the continual change in ownership from all the mergers and acquisitions today Understanding Corporate Linkage is even more important given the continual change in ownership from all the mergers and acquisitions today. Companies that have undergone mergers and redesigns over the last few years will like to have been victim of cultures, systems, processes being integrated quickly with minimal training. This rapid change and speed to integrate has implications for data integrity and ultimately real-time reporting for SarBox. Understanding Corporate Linkage is even more important given the continual change in ownership from all the mergers and acquisitions today. Companies that have undergone mergers and redesigns over the last few years will like to have been victim of cultures, systems, processes being integrated quickly with minimal training. This rapid change and speed to integrate has implications for data integrity and ultimately real-time reporting for SarBox.

33. 33 Many companies are also reviewing the supplier/ customer relationship and how they are conducting business with them and how much they are spending Many companies are also reviewing the supplier/ customer relationship. It is important to understand how they are conducting business with each other and how much they are spending with each other. SEC is now very interested in what could be perceived as offline transactions or agreements between customer with supplier to exchange services. For example, Company ABC would pay X for software and Company XYZ would advertise for X dollars on Company ABC. To be compliant, you must be able to accurately report the total relationship and associated indebtedness. Section 401 states that you must disclose all material off-balance sheet transactions, arrangements, relationship that may have an impact on your financial condition. Many companies are also reviewing the supplier/ customer relationship. It is important to understand how they are conducting business with each other and how much they are spending with each other. SEC is now very interested in what could be perceived as offline transactions or agreements between customer with supplier to exchange services. For example, Company ABC would pay X for software and Company XYZ would advertise for X dollars on Company ABC. To be compliant, you must be able to accurately report the total relationship and associated indebtedness. Section 401 states that you must disclose all material off-balance sheet transactions, arrangements, relationship that may have an impact on your financial condition.

34. 34 Similarly, many companies are even identifying potential conflict of interest between suppliers and employees Determine if employees, or their cohabitating family members, are also acting as suppliers for their company Understand which employees, or their cohabitating family members, are operating businesses that could potentially become suppliers of their company Similarly, many companies are even identifying potential conflict of interest between suppliers and employees. It is important to: Determine if employees, or their cohabitating family members, are also acting as suppliers for their company Understand which employees, or their cohabitating family members, are operating businesses that could potentially become suppliers of their company Both of these scenarios can have a material impact on your business or be considered an area of risk. You should work with your auditors to determine if this is a hot button for your company. Similarly, many companies are even identifying potential conflict of interest between suppliers and employees. It is important to: Determine if employees, or their cohabitating family members, are also acting as suppliers for their company Understand which employees, or their cohabitating family members, are operating businesses that could potentially become suppliers of their company Both of these scenarios can have a material impact on your business or be considered an area of risk. You should work with your auditors to determine if this is a hot button for your company.

35. 35 Lastly, companies are also tracking the terms and conditions of their individual supplier contracts since they can have material impact Effectively monitors whether a supplier adheres to contractual terms and conditions including: Rebates Price discounts based on volume SLA performance Ensures companies realize their negotiated savings or meet their cost reduction goals Lastly, companies will need to track progress against the terms and conditions of their individual supplier contracts since they can have material impact on your financial condition. As indicated in Section 401 � companies shall disclose all material off-balance sheet transactions. This includes contractual terms and conditions such as: Rebates Price discounts based on volume SLA performance CFOs need this level of information to do an accurate assessment Sarbanes-Oxley and just as importantly to better manage their company�s financial performance and risks. Lastly, companies will need to track progress against the terms and conditions of their individual supplier contracts since they can have material impact on your financial condition. As indicated in Section 401 � companies shall disclose all material off-balance sheet transactions. This includes contractual terms and conditions such as: Rebates Price discounts based on volume SLA performance CFOs need this level of information to do an accurate assessment Sarbanes-Oxley and just as importantly to better manage their company�s financial performance and risks.

36. 36 DUNSRight is an established process that helps you comply with key sections of Sarbanes-Oxley As we have just reviewed, our patented DUNSRight is an established process that helps you comply with areas of the Sarbanes-Oxley Act. Global data collection is all about collecting third party information on over 85 million businesses in over 200 countries. Entity matching eliminates duplicate supplier information such as suppliers, inventory and revenues and has built in controls and confidence codes. DUNS Number enables business and supplier authentication. Corporate Linkage identifies hidden areas of risk across your supplier portfolio. While Predictive Indicators and their scores indicate supplier risk, material impact on your financial condition and enable the ability to meet real time obligations. As we have just reviewed, our patented DUNSRight is an established process that helps you comply with areas of the Sarbanes-Oxley Act. Global data collection is all about collecting third party information on over 85 million businesses in over 200 countries. Entity matching eliminates duplicate supplier information such as suppliers, inventory and revenues and has built in controls and confidence codes. DUNS Number enables business and supplier authentication. Corporate Linkage identifies hidden areas of risk across your supplier portfolio. While Predictive Indicators and their scores indicate supplier risk, material impact on your financial condition and enable the ability to meet real time obligations.

37. 37 In summary, these best practices to enable compliance with Sarbanes-Oxley Assign a champion in your procurement organization to lead efforts Ensure quality information is the foundation of your compliance strategy, not technology Enable access and analyze timely supplier information Automate your supplier registration process to enable supplier authentication Monitor all suppliers on annual basis and critical suppliers on a monthly basis to be ready for any real-time disclosures Review established procedures with your company auditors In summary, leverage these best practices will enable compliance with Sarbanes-Oxley Assign a champion in your procurement organization to lead efforts Ensure quality information is the foundation of your compliance strategy, not technology Enable access and analyze timely supplier information Automate your supplier registration process to enable supplier authentication Monitor all suppliers on annual basis and critical suppliers on a monthly basis to be ready for any real time disclosure Review established procedures with your company auditors Remember, by leveraging these best practices, you can meet certain obligations of the Sarbanes-Oxley Act. SOX is an ongoing process. SOX is a new vocabulary. SOX is law. Sarbanes-Oxley is now how we all must conduct business today. In summary, leverage these best practices will enable compliance with Sarbanes-Oxley Assign a champion in your procurement organization to lead efforts Ensure quality information is the foundation of your compliance strategy, not technology Enable access and analyze timely supplier information Automate your supplier registration process to enable supplier authentication Monitor all suppliers on annual basis and critical suppliers on a monthly basis to be ready for any real time disclosure Review established procedures with your company auditors Remember, by leveraging these best practices, you can meet certain obligations of the Sarbanes-Oxley Act. SOX is an ongoing process. SOX is a new vocabulary. SOX is law. Sarbanes-Oxley is now how we all must conduct business today.

38. TrendsTalk: Sarbanes-Oxley and your Supplier Registration Process Now we will open the lines for the Q&A section of our placeware. Now we will open the lines for the Q&A section of our placeware.