1 / 28

Assessing and Reporting on Internal Controls: The Implications of Sarbanes-Oxley and Bill 198

Assessing and Reporting on Internal Controls: The Implications of Sarbanes-Oxley and Bill 198. Shelley Tremblay and Peter Laureshen PricewaterhouseCoopers Presentation to Petroleum Joint Venture Association (PJVA) March 16, 2004. Agenda. The New Reporting Environment

ada
Download Presentation

Assessing and Reporting on Internal Controls: The Implications of Sarbanes-Oxley and Bill 198

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Assessing and Reporting on Internal Controls: The Implications of Sarbanes-Oxley and Bill 198 Shelley Tremblay and Peter Laureshen PricewaterhouseCoopers Presentation to Petroleum Joint Venture Association (PJVA) March 16, 2004

  2. Agenda • The New Reporting Environment • U.S. Sarbanes-Oxley Act and Canadian Bill 198 Rules • Elements of an Internal Control Framework • Front line Feedback – PwC Survey Results • Challenges for Oil and Gas Companies • Conclusions

  3. The New Reporting Environment

  4. What is driving the new reporting requirements? The Recent Failures Dotcoms, Nortel, Cisco Enron Adelphia WorldCom Tyco Parmalat Hollinger Mutual Fund Industry The Responses U.S. Sarbanes-Oxley Act (2002) or “SOx” Canadian Bill 198 and Multilateral Instrument 52-109 (2003) or “CSOx”

  5. What has Changed?Truth or Consequences! The penalties for a CEO and/or CFO for providing a false certification of financial information under the Sarbanes-Oxley Act are now substantial ! Years in Jail: a) 1-2 years b) 3-5 years c) 10 -20 years d) 11-14 years e) 20-25 years Escaping from prison Kidnapping involving Ransom Incorrect SOx Certification Second Degree Murder Hijacking

  6. U.S. Sarbanes-Oxley Act and Canadian Bill 198 Rules

  7. U.S. Sarbanes-Oxley Act (“SOx”) The U.S. Sarbanes-Oxley Act of 2002 contains 11 Titles and 66 Sections. Title I – Public Company Accounting Oversight Board. PCAOB formed as branch of Securities and Exchange Commission (SEC). Public Auditing firms must register with PCAOB and are now brought under the regulation of the PCAOB. Title III – Corporate Responsibility. Section 302 establishes certification requirements for CEOs and CFOs of Annual and Quarterly reports filed with the SEC. Title IV – Enhanced Financial Disclosures. Section 404 (a) requires management to assess and report on internal controls, and Section 404 (b) requires the company’s External Auditor to attest to and report on management’s assertions on internal controls.

  8. PCAOB Auditing Standard for Attestation of Internal Control Report On March 9, 2004, the PCAOB adopted “Auditing Standard No.2, An Audit of Internal Control over Financial Reporting Performed in Conjunction with an Audit of Financial Statements”, the attestation standard referred to in Section 404(b). Implementation has been delayed for “Issuers” and “Accelerated Filers” and is now effective for companies whose fiscal years end on or after November 15, 2004 (original date was September 15, 2003, then June 15, 2004). For “Foreign Private Issuers” (including most Canadian companies), implementation is effective for companies with year-ends on or after July 15, 2005.

  9. Canadian Bill 198 In June 2003, the Ontario Securities Commission (“OSC”) and the Canadian Security Administrators (“CSA”) published for comment three new corporate governance rules, collectively referred to as Bill 198: • Multilateral Instrument 52-108 Auditor Oversight • Multilateral Instrument 52-109 Certification of Disclosure in Companies' Annual and Interim Filings (“CSOx”) • Multilateral Instrument 52-110 Audit Committees Multilateral Instrument 52-109 (CSOx) is basically adopting SOx Section 302 with an emphasis on Disclosure Controls and Procedures (DC&P). The issue of whether to implement a SOx Section 404 equivalent certification with an emphasis on Internal Controls over Financial Reporting (ICFR) and External Auditor attestation has been tabled pending further study.

  10. CSOx Rules - CEO/CFO Certification Interim Filings – CEO and CFO to certify that they: • Are responsible for Internal Controls over Financial Reporting (ICFR), and Disclosure Controls and Procedures (DC&P). • Have designed Internal Controls over Financial Reporting (ICFR) to provide reasonable assurance that financial statements are fairly presented in accordance with GAAP. • Have designed Disclosure Controls and Procedures (DC&P) to provide reasonable assurance that material information is made known to them by others within the issuer and its consolidated subsidiaries. • Have indicated in the MD&A any changes to Internal Controls over Financial Reporting (ICFR) that has materially affected, or is reasonably likely to materially affect, the issuer’s Internal Control over Financial Reporting.

  11. CSOx Rules - CEO/CFO Certification Annual Filings – In addition to certification in interim filings, CEO and CFO to certify that: • They have evaluated the effectiveness of Disclosure Controls and Procedures (DC&P). • They have presented their conclusions on those controls in the annual MD&A. Filings to be Certified • Annual Information Form (AIF), annual financial statements, annual MD&A, interim financial statements and interim MD&A

  12. CSOx Rules - Implementation Timeframe Phased-in approach to meeting requirements: Instrument comes into force on March 30, 2004. Annual certificates apply for financial years beginning on or after January 1, 2004. However, Transitional “Bare Certificate” can be filed for financial years ending on or before March 30, 2005. The “Bare Certificate” requires that the CEO and CFO certify that: • They have reviewed the filings. • The filings do not include any untrue statement of a material fact or omit to state a material fact. • The financial statements along with other financial information, fairly present financial conditions, results of operations and cash flows.

  13. Summary - Addressing the Requirements of SOx and CSOx Disclosure Requirements LEGEND Disclosure Controls and Procedures Operations Financial Reporting Compliance Internal Controls over Disclosure Requirements Internal Accounting Controls Internal Controls Over Financial Reporting (Including footnotes) Disclosure Controls and Procedures Controls and other procedures designed to ensure information required to be disclosed by issuer is recorded, processed, summarized and reported in a timely manner.

  14. Elements of an Internal Control Framework

  15. Definitions Disclosure Controls and Procedures (DC&P) • Provide reasonable assurance that: • information required to be disclosed is recorded, processed, summarized and reported within the time periods required. • such information is accumulated and communicated to the issuer’s management, including the CEO and CFO, in order to allow timely decisions regarding required disclosure. • Apply to material financial and non-financial information to be included in public reports so that investors are fully informed. • Broader than Internal Controls over Financial Reporting (ICFR), and inclusive of ICFR to the extent it impacts disclosures.

  16. Definitions (cont.) Internal Control over Financial Reporting (ICFR) • Provide reasonable assurance on the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with GAAP and addresses: • maintenance of records that accurately and fairly reflect the transactions and dispositions of the assets of the issuer • reasonable assurance that transactions are recorded to permit the preparation of financial statements in accordance with GAAP, and that receipts and expenditures are made in accordance with authorizations of management and directors; and • reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of assets that could have a material impact on the financial statements.

  17. The Five Components under the COSO Framework • Control Activities • Policies and procedures that ensure management directives are carried out. • Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties. • Monitoring • Assessment of a control system’s performance over time. • Combination of ongoing and separate evaluation. • Management and supervisory activities. • Internal audit activities. • Control Environment • Sets tone of organization-influencing control consciousness of its people. • Factors include integrity, ethical values, competence, authority, responsibility. • Foundation for all other components of control. • Information and Communication • Pertinent information identified, captured and communicated in a timely manner. • Access to internal and externally generated information. • Flow of information that allows for successful control actions from instructions on responsibilities to summary of findings for management action. • Risk Assessment • Risk assessment is the identification and analysis of relevant risks to achieving the entity’s objectives, forming the basis for determining control activities. All five components must be in place for a control to be effective.

  18. Front Line Feedback – PwC Survey Results • Results from January 22-23, 2004 PwC Survey of 120 SOx 404 Project Leaders from major corporations attending a Sarbanes-Oxley Conference held in New Jersey

  19. Front Line Feedback – Snap Shot • Nearly 75% of respondents have seen a significant increase in the level of effort required to comply with SOx 404 as compared to original estimates. About 1/3 of these saw increases of more than 75%. 2. Respondents reported difficulties in the following areas: • Level of Testing required 95% • Documentation 89% • Multiple Locations 65% • Evaluating Control Weaknesses 63% • Initial Scoping 59% • Outsourced Processes 46% • Global Support 35% • Specialty Processes e.g. treasury/tax 33%

  20. Front Line Feedback – Snap Shot • Respondents reported that the areas where their companies are most likely to need remedial work to fix problems prior to certification are: • Manual controls 72% • Computer controls (excluding security) 65% • Security 54% • Fraud 44% • Financial reporting 35% • Audit Committee 13%

  21. Front Line Feedback – Snap Shot • Respondents reported they intend to make improvements in the following areas in future to streamline compliance. • Risk identification and assessment 67% • Financial Reporting 50% • Internal Audit 46% • Compliance Management 46% • IT Security Strategy and Implementation 44% • IT Oversight and Operations 41% • Risk Mitigation Processes 33%

  22. The Challenges Ahead for Oil and Gas Companies

  23. Oil & Gas Exploration & Production Some Internal Control challenges for E&P Companies? • Production accounting (reconcile to measurement and delivery points; production allocations) • Revenue accounting (involving commodity trading, derivatives, inventory hedging) • Reserves estimates (conflicting US, Canada rules) • Joint Interest accounting (reliance on Land, DOI) • Accuracy of Division-of-Interest (DOI) across all IT systems (Production, Reserves, Revenue, JI Acct, Land, Budgeting)

  24. Oil & Gas Exploration & Production Joint Venture Arrangements • Assess significance of Non-operated Properties in terms of quantitative and qualitative materiality factors, and in relation to company’s significant accounts and disclosures. • Challenge is to obtain appropriate comfort over Internal Controls over Financial Reporting (ICFR) of Operators. • JV Audit Process • Controls over JV Billing Process • Validation of revenues vs. expenditures

  25. Oil & Gas Exploration & Production Oil and Gas Companies Recently in the News: • Royal Dutch Shell – Reserve estimates reduced by 20%. Cascading reserve reductions by companies and trusts with interests in Shell-operated properties. • El Paso - Reserve estimates reduced by 35-40%. Disclosed values of reserves exceeded Independent Reserve Estimates. • BP – Reduced reserves estimates by 2-3%.

  26. Conclusions

  27. Conclusions The world has changed for CEOs, CFOs, Directors, Audit Committees, Auditors, and for Management and Employees, albeit in different ways. The bar has been raised (or lowered), and …for some, the “bars” will close! The short-term challenges for corporations are project related. The longer term challenges are creating a sustainable compliance program that fully integrates compliance steps into routine management practices. Some companies are not going to make it. Some companies will have significant deficiencies, some companies will receive negative opinions from their auditors. The capital markets will determine the consequences.

  28. Contact Details Shelley Tremblay, Manager and Peter Laureshen, Manager PricewaterhouseCoopers LLP Suite 3100, 111 - 5th Avenue SW Calgary, Alberta, Canada T2P 5L3 Shelley: (403) 296-4007 Peter: (403) 509-7485 Email: shelley.tremblay@ca.pwc.com Email: peter.laureshen@ca.pwc.com PASC www.petroleumaccountants.com PJVA www.pjva.ca

More Related