Sarbanes-Oxley SOX Overview

1. Sarbanes-Oxley (SOX) Overview Postal Customer Council

2. Agenda SOX Overview What SOX Means for the Postal Service What SOX Means for Our Customers Questions? 2

3. SOX OverviewWhat is SOX? The Sarbanes-Oxley Act of 2002 (SOX) is administered to: Improve confidence in financial reporting through increased corporate governance Reduce fraudulent practices and accounting inconsistencies We must comply with the Sarbanes-Oxley Act by September 30, 2010 as a result of the Postal Accountability and Enhancement Act of 2006 3 The Sarbanes � Oxley Act of 2002, also known as the 'Public Company Accounting Reform and Investor Protection Act,� came about in the wake of a series of major corporate accounting scandals in the 1990s and early 2000s � think Enron, WorldCom, and Tyco. It is intended and administered to: Increase confidence in financial reports by improving transparency and corporate governance Prevent and reduce fraudulent practices and accounting inconsistencies As a result of the Postal Accountability and Enhancement Act of 2006, the US Postal Service must be fully compliant with all requirements of Sarbanes � Oxley by September 30, 2010.The Sarbanes � Oxley Act of 2002, also known as the 'Public Company Accounting Reform and Investor Protection Act,� came about in the wake of a series of major corporate accounting scandals in the 1990s and early 2000s � think Enron, WorldCom, and Tyco. It is intended and administered to: Increase confidence in financial reports by improving transparency and corporate governance Prevent and reduce fraudulent practices and accounting inconsistencies As a result of the Postal Accountability and Enhancement Act of 2006, the US Postal Service must be fully compliant with all requirements of Sarbanes � Oxley by September 30, 2010.

4. What SOX Means for the Postal ServiceCertification Requirements The Postal Service must certify the strength of its internal controls over financial reporting Certification requires: A quarterly certification (Section 302), started December 31, 2007 An annual certification (Section 404), as of September 30, 2010 Senior management must: State its responsibility for establishing and maintaining adequate internal controls for financial reporting Make an assertion on the effectiveness of the internal controls for financial reporting Provide annual certifications for FY 2010 and beyond Our external auditor annually certifies all internal controls 4 SOX requires the US Postal Service to certify the strength and effectiveness of its internal controls over financial reporting SOX has a number of stringent requirements to reach certification of compliance: Each quarter, the Postmaster General (PMG) and Chief Financial Officer (CFO) must certify the effectiveness of the Postal Service�s internal controls over it�s financial reporting � this is the 302 certification Each fiscal year, the PMG and CFO must certify the effectiveness of all controls for the year in question � this is the 404 certification, and is the most important facet of SOX compliance When certifying their internal controls, management is stating several things: They are responsible for establishing and maintaining robust internal controls over financial reporting The controls are in fact working as intended They will continue to monitor and maintain the controls After each annual certification, the Postal Service�s independent external auditor must double check all controls, and certify the accuracy of the PMG�s and CFO�s statementSOX requires the US Postal Service to certify the strength and effectiveness of its internal controls over financial reporting SOX has a number of stringent requirements to reach certification of compliance: Each quarter, the Postmaster General (PMG) and Chief Financial Officer (CFO) must certify the effectiveness of the Postal Service�s internal controls over it�s financial reporting � this is the 302 certification Each fiscal year, the PMG and CFO must certify the effectiveness of all controls for the year in question � this is the 404 certification, and is the most important facet of SOX compliance When certifying their internal controls, management is stating several things: They are responsible for establishing and maintaining robust internal controls over financial reporting The controls are in fact working as intended They will continue to monitor and maintain the controls After each annual certification, the Postal Service�s independent external auditor must double check all controls, and certify the accuracy of the PMG�s and CFO�s statement

5. What SOX Means for the Postal ServiceSOX Accomplishments 5 SOX certification efforts began in FY 2007, and will continue past September 30, 2010, annually. FY 2007 was a preparation year, as the Postal Service took time to determine the state of its internal controls and determine where they needed to be. It was also the period in which the actual organizations that would be performing and guiding SOX certification were set up and trained The rest of SOX certification occurs in three phases: Document Test Report FY 2008 was the documentation period, in which we documented our existing controls, identified potential control gaps and risks to compliance, and began to remediate / repair the gaps FY 2009 was the initial testing period, in which FY 2008 gaps were remediated, our documentation was updated to reflect the remediation efforts, and the new control structure was tested for certification readiness � think of it as a dry run for certification testing FY 2010 is the Report / Full Assessment period. Here, we will finish any outstanding items from FY 2009, then undergo certification testing to make certain that our new internal control structure is adequately able to prevent fraud and inaccuracy. The PMG and CFO will sign the certification, and our external auditor will verify our results SOX certification efforts began in FY 2007, and will continue past September 30, 2010, annually. FY 2007 was a preparation year, as the Postal Service took time to determine the state of its internal controls and determine where they needed to be. It was also the period in which the actual organizations that would be performing and guiding SOX certification were set up and trained The rest of SOX certification occurs in three phases: Document Test Report FY 2008 was the documentation period, in which we documented our existing controls, identified potential control gaps and risks to compliance, and began to remediate / repair the gaps FY 2009 was the initial testing period, in which FY 2008 gaps were remediated, our documentation was updated to reflect the remediation efforts, and the new control structure was tested for certification readiness � think of it as a dry run for certification testing FY 2010 is the Report / Full Assessment period. Here, we will finish any outstanding items from FY 2009, then undergo certification testing to make certain that our new internal control structure is adequately able to prevent fraud and inaccuracy. The PMG and CFO will sign the certification, and our external auditor will verify our results

6. What SOX Means for the Postal ServiceFY 2010 SOX Milestones 6 Complete first round of FY 2010 testing Remediation of gaps from first round testing Complete second round of FY 2010 testing Remediation of gaps from second round testing Finalize testing of Q4 quarterly and annual key controls PMG and CFO conclude on effectiveness of internal controls over financial reporting as of September 30, 2010 Here we can see the major activities for FY 2010 The end goal is to ensure that the internal control structure built throughout the last several years is able to meet SOX certification standards As such, there will be multiple rounds of testing to ensure that any last issues or risks can be addressed before management signs the 404 certification and the external auditors go to work. It is important to note that SOX efforts do NOT stop at September 30, 2010. SOX compliance is a continuous process of strengthening, testing, and maintaining our internal controls over financial reporting � the �Document, Test, Report� graphic is meant to represent the ongoing nature of the work.Here we can see the major activities for FY 2010 The end goal is to ensure that the internal control structure built throughout the last several years is able to meet SOX certification standards As such, there will be multiple rounds of testing to ensure that any last issues or risks can be addressed before management signs the 404 certification and the external auditors go to work. It is important to note that SOX efforts do NOT stop at September 30, 2010. SOX compliance is a continuous process of strengthening, testing, and maintaining our internal controls over financial reporting � the �Document, Test, Report� graphic is meant to represent the ongoing nature of the work.

7. What SOX Means for the Postal ServiceThe Mission and Objectives Through SOX compliance, USPS will: Provide consistent documentation of our processes and systems Increase accountability and ownership of controls Complete all certification requirements Improve the effectiveness of our controls and systems, thereby strengthening the business as a whole 7 The primary objective of the Postal Service�s SOX efforts, beyond simply meeting regulatory requirements, is to strengthen our business practices to thrive in a competitive environment. By reaching SOX compliance, and creating robust, trust-worthy financial reporting that is an ingrained part of what the Postal Service is, we will: Provide consistent and trustworthy reports Increase management�s accountability and ownership of controls, thereby improving the performance of those controls Complete all certification requirements, and Improve the strength and coherence of the entire system of financial reporting, thereby strengthening the business as a whole and improving our bottom line performanceThe primary objective of the Postal Service�s SOX efforts, beyond simply meeting regulatory requirements, is to strengthen our business practices to thrive in a competitive environment. By reaching SOX compliance, and creating robust, trust-worthy financial reporting that is an ingrained part of what the Postal Service is, we will: Provide consistent and trustworthy reports Increase management�s accountability and ownership of controls, thereby improving the performance of those controls Complete all certification requirements, and Improve the strength and coherence of the entire system of financial reporting, thereby strengthening the business as a whole and improving our bottom line performance

8. What SOX Means for the Postal ServiceWhat SOX Is and What SOX Is Not SOX is about: Good business practices Accountability and ownership of controls Effectively designing and executing controls Ensuring financial processes are timely, accurate, and authorized SOX is not about: Cutting mail routes Going to five delivery days a week Consolidating distribution centers Closing post offices 8 It is important to fully understand what SOX is and what it isn�t SOX is: A method to ensure good business practices by improving accountability and ownership of financial controls as well as the design and execution of controls A method to ensure that all of our financial processes are performed in a timely, accurate, and authorized manner An approach to make our financial reporting systems that much stronger SOX is NOT: A method of cutting operating costs of changing postal operations by, for example, cutting mail routes, going to five delivery days per week, consolidating distribution centers, or closing select post officesIt is important to fully understand what SOX is and what it isn�t SOX is: A method to ensure good business practices by improving accountability and ownership of financial controls as well as the design and execution of controls A method to ensure that all of our financial processes are performed in a timely, accurate, and authorized manner An approach to make our financial reporting systems that much stronger SOX is NOT: A method of cutting operating costs of changing postal operations by, for example, cutting mail routes, going to five delivery days per week, consolidating distribution centers, or closing select post offices

9. What SOX Means for the Postal ServiceOur Vision The SOX vision is a strategic transformation beyond compliance to improve business performance Our goal is to continuously improve our processes and financial performance 9 The strategic vision for what SOX will mean to the Postal Service is to move beyond simple compliance and use the requirements of SOX certification to strengthen the business as a whole and create optimized and sustainable business practices to improve service to our customers and create value for the organizationThe strategic vision for what SOX will mean to the Postal Service is to move beyond simple compliance and use the requirements of SOX certification to strengthen the business as a whole and create optimized and sustainable business practices to improve service to our customers and create value for the organization

10. What Does SOX Mean for Customers? The majority of SOX efforts will take place away from customer-facing roles The standard of service will not change � SOX will make the Postal Service a better run business Customers can support SOX efforts in several ways, including: Accurately preparing mailings Completing postage statements Submitting documentation electronically 10 What does all this mean for the customer? It is critical to note that, throughout the SOX process, the Postal Service�s focus will always be on moving the mail as quickly, efficiently, and accurately as possible Most efforts to implement SOX requirements will happen well away from the customer, in Accounting Service Centers or Postal Headquarters. As such, customers should expect to see little difference once compliance has been reached � the standard of service our customers have come to expect from us will not change In fact, the implementation of SOX will make the Postal Service a more effective, trustworthy, better run, and cost-effective business That said, there are a number of ways that our customers can help us reach SOX compliance. These include: Making sure that all your mailings, bulk or otherwise, are accurately prepared with the correct address, postage, and postage statements Making sure that your postage statements are fully completed and submitted Taking advantage of the new electronic offerings from the Postal Service, including Intelligent Mail, to ease mail entry and tracking, and to cut back on your paper records. In this way, your records will be automatically managed and you will help to protect the environment.What does all this mean for the customer? It is critical to note that, throughout the SOX process, the Postal Service�s focus will always be on moving the mail as quickly, efficiently, and accurately as possible Most efforts to implement SOX requirements will happen well away from the customer, in Accounting Service Centers or Postal Headquarters. As such, customers should expect to see little difference once compliance has been reached � the standard of service our customers have come to expect from us will not change In fact, the implementation of SOX will make the Postal Service a more effective, trustworthy, better run, and cost-effective business That said, there are a number of ways that our customers can help us reach SOX compliance. These include: Making sure that all your mailings, bulk or otherwise, are accurately prepared with the correct address, postage, and postage statements Making sure that your postage statements are fully completed and submitted Taking advantage of the new electronic offerings from the Postal Service, including Intelligent Mail, to ease mail entry and tracking, and to cut back on your paper records. In this way, your records will be automatically managed and you will help to protect the environment.

11. Any Questions? 11