EDGE. Who s Afraid of Sarbanes-Oxley?

Similar documents
Legal Alert: Congress Passes The Sarbanes Oxley Act of 2002

CRS Report for Congress

What Real Estate Lawyers Need to Know About the Sarbanes-Oxley Act of 2002

Congress Passes the Sarbanes-Oxley Act of 2002

Draft: Document Retention and Destruction Policy. 1. Policy and Purposes

Accountant Liability in the Current Regulatory Environment: Risk Control Is a Full Time Job!

THE SARBANES-OXLEY ACT OF 2002 Summary of Key Provisions of Interest to Internal Auditors

ARNOLD & PORTER ADVISORY

DOCUMENT RETENTION AND DESTRUCTION POLICY (CVGS FOUNDATION)

KERNS, PITROF, FROST & PEARLMAN, L.L.C.

SARBANES OXLEY ACT OF 2002 (PL ) AND IMPACT ON THE IT AUDITOR

SARBANES-OXLEY ACT OF 2002 WHAT YOU NEED TO KNOW NOW

CREATE FOUNDATION Document/Records Retention Policy

Albany County Land Bank Corporation, Inc. Document Retention Policy

NONPROFIT GOVERNANCE POLICIES AND PROCEDURES REVISITED: TRENDS, DEVELOPMENTS, AND MORE

CAPITAL AREA UNITED WAY

Concrete Foundations Association Document Retention and Destruction Policy

Sarbanes-Oxley Simplified

Sarbanes-Oxley Act of 2002

RECORDS RETENTION POLICY

CONDUCTING INTERNAL INVESTIGATIONS GATHERING EVIDENCE AND PROTECTING YOUR COMPANY

Act language and concepts. David T. Mittelman

Whistleblower Policy

Sarbanes-Oxley Act. The U.S. Sarbanes-Oxley Act of 2002: 2004 Update for Non-U.S. Issuers.

Sarbanes-Oxley Act of Regulation BTR Regulation G Attorney Conduct Rules

OWENS COMMUNITY COLLEGE FOUNDATION DOCUMENT RETENTION POLICY MAY 13, 2009

DOCUMENT AND RECORD RETENTION POLICY

REPORTING UNETHICAL BEHAVIOR AND FINANCIAL AND ACCOUNTING CONCERNS (WHISTLEBLOWER POLICY)

) ) ) ) ) ) ) ) ) ) )

Chapter 01. The Role of the Public Accountant in the American Economy. McGraw-Hill/Irwin

The Sarbanes Oxley Act and non-us issuers: Considerations for international companies

SARAH E. COGAN, CYNTHIA COBDEN, BRYNN D. PELTZ, DAVID E. WOHL & MARISA VAN DONGEN

Auditing and Assurance Services, 15e (Arens) Chapter 2 The CPA Profession. Learning Objective 2-1

SARBANES-OXLEY: A BRIEF OVERVIEW. On July 30, 2002, the United States Congress passed, by a nearly unanimous

The Sarbanes-Oxley Act and Corporate Governance

TORONTO PORT AUTHORITY CODE OF BUSINESS CONDUCT AND ETHICS. November 29, 2005

HIPAA PRIVACY AND SECURITY AWARENESS

CANADA GOOSE HOLDINGS INC.

Code of Conduct. This Code of Conduct covers all associates. When appropriate, it also covers all members of the Company's Board of Directors.

EGYPTIAN ELECTRIC COOPERATIVE ASSOCIATION POLICY BULLETIN NO. 214A

) ) ) ) ) ) ) ) ) ) )

NewYork-Presbyterian Hospital Sites: All Centers Hospital Policy and Procedure Manual Number: D160 Page 1 of 8

THE SARBANES-OXLEY ACT OF 2002 AND THE IMPACT ON PUBLIC EMPLOYEE RETIREMENT SYSTEMS

STURM, RUGER & COMPANY, INC. CODE OF BUSINESS CONDUCT AND ETHICS

Report on Inspection of KPMG LLP. Public Company Accounting Oversight Board

PLDT Inc. CODE OF BUSINESS CONDUCT AND ETHICS

Code of Ethics for Directors

Defending Corporations and Individuals in Government Investigations Ethics & Whistleblower Issues In Investigations

Legal Alert: Document Retention and Destruction Policies

INTEGRATED DEVICE TECHNOLOGY, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER

Audit and Risk Committee Charter

54TH LEGISLATURE - STATE OF NEW MEXICO - FIRST SESSION, 2019

Impact of Sarbanes Oxley (SOX) Act on Corporate Governance Practices

The Inter-American Investment Corporation s INTEGRITY FRAMEWORK

GYMBOREE HOLDING CORPORATION CODE OF ETHICS FOR SENIOR FINANCIAL OFFICERS

Anti-Fraud Policy. The following non-exhaustive list provides a few examples of fraud that this Policy is designed to prevent and detect:

COPYRIGHTED MATERIAL. The scene is an elegant Minneapolis restaurant. Five professionals are having lunch

H 7789 S T A T E O F R H O D E I S L A N D

Approval version. G l o b a l P o l i c y : F r a u d R e s p o n s e a n d W h i s t l e b l o w i n g P o l i c y. Board of Directors.

WILLIAMS SCOTSMAN INTERNATIONAL, INC. CODE OF CONDUCT AND ETHICS

This memorandum updates and supersedes our similarly titled memorandum dated January 10, 2003.

SMART COMMUNICATIONS, INC. CODE OF BUSINESS CONDUCT AND ETHICS

Chapter Four. AICPA Code of Professional Conduct. McGraw-Hill/Irwin. Copyright 2011 by The McGraw-Hill Companies, Inc. All rights reserved.

THEMATIC COMPILATION OF RELEVANT INFORMATION SUBMITTED BY UNITED STATES OF AMERICA ARTICLE 12 UNCAC PRIVATE SECTOR AND PUBLIC-PRIVATE PARTNERSHIPS

October Sponsors/Co-Sponsors:

MENTAL HEALTH MENTAL RETARDATION OF TARRANT COUNTY. Board Policy. Number A.3 July 31, 2001 COMPLIANCE PLAN

BOYD GAMING CORPORATION. CODE OF BUSINESS CONDUCT AND ETHICS (As Amended July 19, 2017)

CHARTIS. Name of Insurance Company to which Application is made (herein called the Insurer ) HEDGE FUND INSURANCE APPLICATION

COMPANY POLICY CODE OF BUSINESS CONDUCT AND ETHICS

Fried, Frank, Harris, Shriver & Jacobson August 26, 2003

Telephone Telephone

WHISTLEBLOWERS. Agenda. Qui Tam Timeline. Sarbanes-Oxley. Qui Tam Timeline. Star Wars. Civil War WWII

ANDRE AGASSI FOUNDATION FOR EDUCATION RECORD RETENTION AND DOCUMENT DESTRUCTION POLICY

SALLY BEAUTY HOLDINGS, INC. CODE OF BUSINESS CONDUCT AND ETHICS. General Policy and Procedures

Legal Alert: Sarbanes-Oxley Act Certification Requirements and Best Practices September 12, I. Introduction

WHISTLEBLOWERS. Agenda

THE HARTFORD DIRECTORS, OFFICERS AND ENTITY LIABILITY INSURANCE APPLICATION (FOR EMERGING MARKET) NEW YORK

Code of Ethics for Directors

NOTICE GENERAL INFORMATION TO BE COMPLETED BY ALL APPLICANTS

WYOMING PRIMARY CARE ASSOCIATION (WYPCA) Document Destruction and Whistle-Blower/Code of Conduct Policy

Sarbanes Oxley Act, 2002 An Indian Perspective

Charging, Coding and Billing Compliance

The Role of the Public Accountant in the American Economy

) ) ) ) ) ) ) ) ) ) ) )

Dubai Financial Services Authority 2011 Regional Audit Conference

SOUTH NASSAU COMMUNITIES HOSPITAL One Healthy Way, Oceanside, NY 11572

T he US Supreme Court s recent decision in Janus Capital Group, Inc. v. First Derivative

ARNOLD & PORTER UPDATE

Tax Action Memo TAM-1358

CHECKFREE CORPORATION CODE OF BUSINESS CONDUCT FOR DIRECTORS, OFFICERS AND ASSOCIATES

2 4 Generally accepted auditing standards are the Statements on Auditing Standards issued by the Auditing Standards Board.

PCAOB Inspections: Auditor Violations and Client Characteristics

Nova Law Review. Sarbanes-Oxley: A Primer for Public Companies, and Their Officers and Directors, and Audit Firms. Robert C.

Audit Quality and Investor Protection: The Need for Ongoing Vigilance

Financial Accounting, 1e Chapter 6: Ethics, Internal Control, and IFRS Test Item File

This policy applies to all employees, including management, contractors, and agents. For purpose of this policy, a contractor or agent is defined as:

The Effect of the Sarbanes-Oxley Act of 2002 on Earnings Quality

) ) ) ) ) ) ) ) ) ) ) )

SARBANES OXLEY OVERVIEW

Sarbanes-Oxley Affects Your Private Company Clients

Transcription:

CAPITAL Legislative & Regulatory Update EDGE Who s Afraid of Sarbanes-Oxley? Accountability legislation creates additional document retention requirements and responsibilities for records managers Bob Tillman Oxley already has opened a lot of executive s eyes to the critical importance of records and information management in corporate America. In light of the legislation s profound importance, it is vital to consider how the new rules impact records and information management now and in the future. The Sarbanes-Oxley Act of 2002 represents the most meaningful and consequential corporate accountability legislation passed by the federal government since the 1930s. Signed into law July 30, 2002, by President George W. Bush, this Act will change the way corporate America does business. Sarbanes-Oxley is a sweeping reform aimed at protecting investors by improving the accuracy and reliability of corporate disclosures made pursuant to securities laws. The legislation was in large part a response to the issues of accountability raised by the Enron and Arthur Andersen investigations and will most directly impact the accounting industry, publicly traded companies, and investment banking firms. The law creates a new oversight board for accounting firms that audit publicly traded companies. It also addresses auditor independence, corporate responsibility at publicly traded companies, financial disclosures of publicly traded companies, and financial analysts conflicts of interest. It creates new boundaries between analysts and dealers in investment banking firms and establishes new corporate accountability rules. Sarbanes-Oxley also creates protections for whistleblowers at publicly traded companies and imposes new criminal penalties relating to fraud, conspiracy, and impeding investigations. It requires organizations to certify the accuracy of their financial statements and instructs them to retain all documents that support those numbers. How the federal government will enforce the provisions of the Act remains to be seen, but Sarbanes- Corporate Oversight and Responsibility The Act creates the Public Company Accounting Oversight Board to oversee the audit of public companies subject to securities laws in order to protect investors interests and further the public interest in the preparation of informative, accurate, and independent audit reports. When it is established, the Board s authority will include registering public accounting firms that prepare audits for publicly traded companies establishing or adopting auditing, quality control, ethics, independence, or other standards for preparing audit reports conducting inspections of registered pubic accounting firms conducting investigations and disciplinary proceedings, and imposing sanctions on registered public 16 The Information Management Journal November/December 2002

accounting firms. (The Securities and Exchange Commission, however, can override the Board s sanctions.) enforcing compliance with the Sarbanes-Oxley Act, rules of the Board, professional standards, and securities laws The Public Company Accounting Oversight Board is not yet a viable entity and, according to Frank Moore of Smith, Bucklin and Associates, an association management and professional services firm, it will be at least a few years before everything is in place and the Board begins investigating. When that happens, the Board can impose sanctions for violations $1,000 for individuals and up to $2 million for corporations, per violation or occurrence. Accounting firms that prepare or issue any audit report of a publicly traded company are required to register with the Board. The Board is authorized to establish rules governing these registered public accounting firms and to assure that these firms comply with Board rules. Further, each registered public accounting firm must prepare and maintain for a period of not less than seven years, audit work papers, and other information related to any audit report, in sufficient detail to support the conclusions reached in [the audit report]. Sarbanes-Oxley defines audit report as a document or other record prepared following an audit performed by an issuer for purposes of compliance with the requirements of the securities laws; and in which a public accounting firm either sets forth the opinion of that firm regarding a financial statement, report, or other document; or asserts that no such opinion can be expressed. In addition, the Board may require registered firms to retain for inspection purposes records whose retention is not otherwise required. The Board will conduct annual investigations of any act or practice by a registered public accounting firm or associated employee. The Board is also authorized to require the production of audit work papers and any other document or information in the possession of a registered public accounting firm or any associated person that is relevant or material to an investigation Sarbanes-Oxley Guidelines Angie Fares, RHIA, CRM and to suspend or bar any individual from association with a registered public accounting firm or suspend or revoke the registration of any public accounting firm for failure to produce any documents requested. Registered public accounting firms would be required to describe in each audit report 1) the scope of the auditor s testing of the internal control Sarbanes-Oxley affects every organization and every records manager. Records managers can prepare their organizations for Sarbanes-Oxley compliance by considering or enacting the following key steps: 1. Review retention schedules to ensure that retention guidelines for accounting records, audit work papers, financial statements, and supporting documentation are consistent with the new requirements. 2. Review voice mail and e-mail retention policies to ensure that any material associated with key investigations or audits is being retained and that the appropriate operating systems necessary for restoration and retrieval are also being maintained. Review current procedures for categorizing or indexing e-mail and voice mail.those who are not categorizing e-mail or training employees to select documents for retention need to be aware that they may need to retain all e-mail for no less than five years and possibly up to seven years in order to be able to retrieve e-mail associated with audits and investigations. All associated operating systems and search tools also must be maintained. Because voice mail is not typically backed up, sorted, or indexed, it may be necessary to consider training key employees to forward voice mail to e-mail for preservation. 3. Review current practices for originating and storing documents. Consider whether all communications, documents, and workflows should both originate and be stored on central servers rather than on hard drives where document retention and destruction rules are difficult to enforce. 4. Review whistleblower reporting mechanisms. It may be necessary to provide phone lines that do not have caller identification or e-mail boxes that screen the identity of the sender to protect the employee from potential harassment, discrimination, or disciplinary action. 5. Meet with the internal audit department to review audit plans for key systems used to generate financial statements. Make sure the regularly scheduled audits are performed on the systems and data to ensure data integrity, change control, and user access security. If e-mail and voice mail are being categorized or selectively retained (i.e., employee subjectively selects which ones he/she thinks should be kept), then audits should be periodically performed to ensure that employees are correctly categorizing and retaining important communications. November/December 2002 The Information Management Journal 17

CAPITAL EDGE structure and procedures of the publicly traded company and includes in the report the findings of the auditor from such testing ; 2) an evaluation of whether such internal control structure and procedures include maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the issuer, provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the issuer are being made only in accordance with authorizations of management and directors of the issuer ; and 3) a description, at a minimum, of material weaknesses in such internal controls, and of any material noncompliance found on the basis of such testing. Sarbanes-Oxley also addresses conflicts of interest that may arise when a securities analyst employed by a broker or dealer engaged in investment banking activities recommends equity securities in research reports and public appearances. It authorizes the Securities and Exchange Commission (SEC) to issue rules that restrict the pre-publication clearance or approval of research reports and to define periods during which brokers or dealers participating in public offerings should not publish or otherwise distribute research reports. A research report is defined by the legislation as a written or electronic communication that includes an analysis of equity securities of individual companies or industries, and that provides information reasonably sufficient upon which to base an investment decision. The Act also requires the SEC to issue rules that establish structural and institutional safeguards within registered brokers or dealers to assure that securities analysts are separated by appropriate informational partitions within the firm from the review, pressure, or oversight of those whose involvement in investment banking activities might potentially bias their judgment or supervision. Subscribe Today! Sharpen Your Edge Look to The Information Management Journal for Timely coverage of issues affecting the records and information management profession Technology trends and new products and services What you need to know to become a more valuable part of your organization This professional journal, published by ARMA International, provides critical insight and analysis for information management professionals. The Journal offers the latest news and views about the management of records, information, and knowledge as corporate assets and contributors to organizational success. Subscribe now and see why the Journal is widely read and respected by information management professionals worldwide. Subscribe online at www.arma.org Corporate and Criminal Fraud Accountability Perhaps the most broadly applicable provisions of the legislation are found in Title VIII, the Corporate and Criminal Fraud Accountability Act of 2002, which establishes penalties for altering documents. These provisions are intended to close loopholes revealed in the prosecution of the Enron and Arthur Andersen cases. Title VIII amends the obstruction of justice provisions of the U.S. Code by adding language and new code sections relating to the destruction, alteration, or falsification of records in federal investigations and bankruptcy. These provisions are not limited to registered public accounting firms, publicly traded companies, or investment banking firms; they apply to every individual and/or organization that retains records. However, like most provisions for criminal activity, they require that the elements of knowledge and intent be proven in order to warrant a violation. A provision added to the code imposes a fine and/or imprisonment of up to 20 years for whoever know- 18 The Information Management Journal November/December 2002

CAPITAL EDGE ingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence an investigation or proceeding by a federal department or agency or any case filed in bankruptcy. It should be noted that this language would apply to an instance, as occurred in the Arthur Andersen case, where documents are destroyed before a subpoena is issued, but after officials are aware an investigation is underway and are anticipating a subpoena. A second provision imposes a fine and/or imprisonment of not more than 10 years for failure by any accountant who conducts an audit of a publicly traded company to maintain all audit and review workpapers for a period of five years from the end of the fiscal period in which the audit or review was concluded. The five-year time period equals the statute of limitations for most federal crimes. It also applies the fine and/or imprisonment to whoever knowingly violates the duty imposed on any accountant. Supporting documentation for an audit could potentially include faxes, The SIMPLE Records Manager allows you to establish a professional records management program utilizing state of the art tools. The software is designed to manage both active and archival records and prepare and maintain a retention schedule. Ideal for managing legal, medical, government, education, insurance and corporate files. With the Key Word Search feature you can search and locate files with the touch of a key... it s just that SIMPLE. Record Management Software, Inc. 774 Post Road Suite 230 Scarsdale, NY 10583 Voice: 800.432.8160 info@recordsmanagementsoftware.com www.recordmanagementsoftware.com voice mail, e-mail, and written communications. After July 26, 2003, organizations will be required to file and report electronic records, including e-mails. Organizations that have not already done so should implement an e-mail retention program and the operating systems necessary to restore and retrieve e-mails for five years or longer. It is not necessary to save every deleted and sent e-mail produced by every employee, but employees should not be left to decide on their own which e-mail messages should be saved and which should not. The new rules demand that records managers familiarize themselves with information technology concepts in order to implement and maintain the records and information management policies that Sarbanes- Oxley necessitates. Finally, title VIII requires the U.S. Sentencing Commission to amend the Federal Sentencing Guidelines to ensure that the enhancements and specific offense characteristics relating to obstruction of justice are adequate in cases where the destruction, alteration, or fabrication of evidence are involved. The intent was to allow the commission to increase penalties in obstruction of justice cases where evidence is destroyed. In this instance, evidence will include documents and other records in all forms. To encourage employees to report fraud to authorities, Title VIII also establishes new whistleblower protections for employees of publicly traded companies who, among other things, lawfully provide information, cause information to be provided, or otherwise assist in an investigation regarding any conduct which the employee reasonably believes violates specific sections of the U.S. Code or any SEC rules or regulations. An Accountability Wake-Up Call In Title XI, the Corporate Fraud Accountability Act of 2002, Congress tried to answer the issues raised by the Enron/Arthur Andersen scandal. Title XI adds a new provision to the U.S. Code addressing tampering with a witness, victim, or informant. It imposes a fine and/or imprisonment for not more than 20 years for anyone who corruptly alters, destroys, mutilates, or conceals a record, document, or other object, or attempts to do so, with the intent to impair the object s integrity or availability for use in an official proceeding or otherwise obstructs, influences, or impedes any official proceeding, or attempts to do so. According to Moore, Section 1519 of this provision does not discriminate between audit records and other records; it applies to any company public or private and all records. Along with written communications, this provision also encompasses e-mail, voice mail, and all other forms of communication. It also covers both ongoing investigations and investigations under consideration. This particular provision has farreaching implications for records managers. Obviously, organizations and employees are forbidden to deliberately tamper with, destroy, or hide evidence. However, under Section 1102, organizations that fail to man- 20 The Information Management Journal November/December 2002

age their records in such a way that they are retrievable also could potentially be in violation. If a corporation maintains a poor records management program and is unable to retrieve records pertinent to an investigation, then records managers or executives could be fined or incarcerated. It is important to understand that if a record cannot be found or retrieved, the legal onus is on the organization to prove its innocence. Whether a record was lost intentionally or as a result of sloppy records management is of no concern to government investigators. Thus, organizations large and small should consider this legislation a wake-up call to clean up, reorganize, or revise their records management procedures. To not do so is to risk their company s well-being. regulations and/or flesh out existing ones. In fact, once the Board is established, Moore says he expects that it will issue additional resolutions. Organizations must keep apprised of current and new provisions. Clearly, Sarbanes-Oxley and the corporate accounting scandals that necessitated it have made records management much more difficult, but they also have made the profession more important than ever before. Bob Tillman is Director of Public Relations and Advocacy for ARMA International. He may be contacted at btillman@arma.org. Quality Archive Storage Systems from a leader in rack manufacturing Implications for RIM The Sarbanes-Oxley Act has put more focus than ever on the effectiveness of records and information management programs. It requires that records management process within all organizations be reviewed and modified immediately to comply with the new legal landscape. All records management professionals should understand the broad application of the obstruction of justice provisions added to the criminal code. While knowledge and intent are required to prove a violation, safeguards may be re-emphasized or incorporated into document retention policies to avoid the appearance of impropriety or violation. In addition, the U.S. Code provisions regarding records management suggest the importance of clear lines of communication between records managers, corporate management, and counsel, as well as an organization-wide awareness of both the law and the organization s records management policies. Legal experts say Sarbanes-Oxley leaves the door open for the SEC or the Public Company Accounting Oversight Board to introduce more UNITED STEEL PRODUCTS CO. A DIVISION OF UNITED STEEL ENTERPRISES, INC. P.O. Box 407, E. Stroudsburg, PA 18301 (570) 476-1010 ext. 2119 FAX: (570) 476-4494 e-mail: gsmith@usprack.com Multiple Catwalk & High Bay Storage Rack & Shelving Systems Durable, High-Gloss Powder Coat Finish Systems Available for Box, Open File and Media Storage CAD Engineered Layouts Installation A Complete Line of Accessories A Wide Range of Sizes & Capacities the storage rack company www.usprack.com November/December 2002 The Information Management Journal 21

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback