the sarbanes-oxley (sox) – implications for business and technology dallas, texas june 16, 2004

The Sarbanes-Oxley (SOX) – Implications for Business and

Technology

Dallas, TexasJune 16, 2004

SOX Panelists

3© 2004 BearingPoint, Inc.

SOX – Implications for Business and Technology

Kapila K. Anand

National Industry Director Real Estate & Hospitality Advisory Services

KPMG LLP



Richard Barrett-Cuetara, Esq. Cowles & Thompson, P.C.

Hospitality and Lodging



Emily Calloway, Director, Corporate Accounting

Starwood Hotels & Resorts, Inc.



Monica Huber, Senior Manager

World Class Finance, Enterprise Solutions

BearingPoint

SOX – What is it? What’s new?


How SOX came to be…………….


The Spirit of the Sarbanes-Oxley Act

What are the driving forces behind SOX?

Restoring investor trust and confidence in the public markets

Increase the integrity of data reported to the public

Address perceived inequities arising from corporate and accounting scandals


What has recently changed?

The SEC issued final rules in June 2003 for Section 404 and in March 2004 for Section 409 which included the following amendments and modifications:

Section 404 – Management Assessment of Internal Controls

Changes the effective date from fiscal years ending on or after September 15, 2003 to June 15, 2004

Modifies definition of internal control

Requires companies to provide a statement identifying the framework used by management to evaluate the effectiveness of internal control over financial reporting

Provides that management is precluded from determining that a company’s internal control over financial reporting is effective if one or more material weaknesses in such controls is identified

Provides that companies are not required to perform quarterly evaluations of internal controls over financial reporting that are as extensive as the annual reviews. Requires that companies evaluate any changes in internal controls over financial reporting that could have a material impact over such controls

Provides that evaluation of disclosure controls is still required on a quarterly basis but the date of such evaluation is set at the end of the fiscal period rather than within 90 days of the report. Provides high level guidance on the level of this required quarterly evaluation


What has recently changed?

Section 409 – Real Time Disclosure Expanding the number of events that are reportable on Form 8-K (add eight new

items to the form, transfer two items from the periodic reports and expand disclosures under two existing Form 8-K items)

Shortened the Form 8-K filing deadline for most items to four business days after the occurrence of an event


The next big SOX topic will be Section 409:Real-Time Disclosures

What Real-time reporting of material events that could affect a company’s financial performance.

When August 23, 2004

The Need Real-time analytics over batch systems

Ability to report on a wide range of events within 4 business days (revised 3/25/2004)

Real-time notification and event driven alerts

Major deep integration of information assets

Triggering Event Examples Loss of major client (bundled service purchaser or significant component of product portfolio)

Increased exposure to “in trouble” industry (significant portion of portfolio)

Impact of external party changes (e.g., regulators, auditors)

Write-offs of significant number of loans or portfolios

Cost over-runs on IT or other major capital project

Implication Sarbanes-Oxley reaches well beyond just documenting and testing controls and processes. SOX will require material changes to most companies’ financial systems architectures.

The SOX Investment


Where is the Money Going? Excerpts from Wall Street Journal Article(Companies Complain About Cost Of Corporate-Governance Rules, 2/10/2004)

To comply with section 404 public companies are spending large dollars:

A survey of 321 companies … shows that businesses with more than $5 billion in revenue expect to spend an average of $4.7 million each implementing the new 404 rule this year, according to FEI, which represents top corporate officials.

Even before the most expensive Sarbanes-Oxley rules take effect, companies say their audit costs are increasing by as much as 30% or more this year

Companies also are paying steep fees to fund a new accounting-oversight board -- as much as $2 million apiece annually for some large businesses

"We are seeing a significant drain," says Bill Kiernan, Magma's controller. "We would not be doing this level of documentation or going through this extensive an exercise were it not for Sarbanes-Oxley.”

Magma Design Automation Inc., a chip designer in Santa Clara, Calif., which has seen its legal and accounting bills soar. Last quarter, Magma blamed the new rules in shaving a penny off its earnings-per-share -- reporting nine cents instead of 10 cents. The company, which posted $75 million in revenue for fiscal 2003, saw its legal fees jump 105% in the first quarter of 2004.


Two approaches have emergedin the marketplace

Most companies are focused on simply complying with the act in order to “check the box”. The people they are hiring to assist them in these efforts reflects this focus.

Most of the current (section 404) SOX work is being handled by:

Audit Firms - Attestation & Testing, Controls Documentation

Temporary Resource Companies - Controls Documentation

Characteristics of this approach

Majority (>80%) approach

Achieved 302 compliance

Focused assessment for 404 compliance

Targeted remediation

Targeted use of technology (e.g., auditor tools for self assessment)

Few functional disciplines involved (e.g., Finance, Legal, Audit)

Protectionists


Two approaches have emerged in the marketplace

These companies are hiring a mixture of:

Audit Firms – Attestation & Testing

Consulting Firms – Documentation Support, Systems Integration, Finance Process improvement

Software Vendors – Systems Installation, Support

Characteristics of this approach

Recognize opportunity to make real change in Finance

Targeted activities aligned with SOX timeline (302, 404, 409, etc.), multi phase approach

Extend remediation activity to include document management

Expanded use of technology as part of overall program

Multi discipline effort

Transformers

Some companies are recognizing this as an opportunity to transform their organizations and processes into world class operations to support real time reporting and disclosure.


SOX touches the whole organization and often involves external parties

Companies expect to document an average of 79% of their processes and expect external auditors will test an average of 57% of those processes. (FEI Survey 2/2004)

These companies expected a mean of 12,265.4 internal people hours needed to comply with Section 404/Management Report on Internal Controls

In addition these companies expected 3,059.1External hours (EXCLUDING auditor’s fee for attestation) needed to comply with Section 404/Management Report on Internal Controls

- Audit Committee

- System Integrators

- Partners

- Audit

- Board

External Organizations

- Audit

- Marketing

- Sales

- IT

- HR

- Legal

- Finance

Internal Organizations

Financial Systems

Internal ControlsFinancial

Reporting ProcessPolicies &

ProceduresGovernance

Most firms will be required to do this in depth level of review. To miss the opportunity to positively effect the processes would be a large opportunity lost.

The Sarbanes-Oxley compliance project engages the whole organization, from the Boardroom to the front-line

SOX – How does it affect me?


Discussion Questions

OK, so SOX is a fact of life for all companies today, what are issues facing companies regarding current compliance efforts and what long-term impact will the SOX have, if any?

How does SOX specifically affect the hotel industry specifically? Are compliance efforts more complicated in the distributed ownership environment?

Is IT in denial regarding SOX compliance? What role do IT controls play in the SOX compliance efforts?

Does SOX provide an opportunity for companies to drive forward to operational excellence on both the business & IT sides of the house? Or is it simply something that companies "have" to do, and is a tactical exercise in compliance?

What role does awareness training and communication play in achieving SOX compliance?

Does SOX provide a common framework for financial computing and reporting? Or is the act so broad that each company may implement it in its own way?

What are the expected penalties for non-compliance?

Are role and responsibilities clearly defined in the IT area?

How will SOX change the business of doing business?

How are companies planning to leverage their ERP systems to achieve SOX compliance?

How are they tying their compliance tool into the rest of their financial infrastructure?

If have invested in compliance tools to achieve short-term compliance (e.g. 302 & 404) will these tools be viable for longer-term compliance efforts?

Is ROI part of your SOX compliance mandate? If so, do you understand how to calculate it?

Appendix


Maintaining an Ethical Work Environment

Audit Committee Members of the audit committee must be members of the Board of Directors, and they must be independent

Directors and Officers

Acceleration of Section 16 reporting requirements Forfeiture of certain bonuses and profits Personal loan prohibited for any director or executive officer Improper influence on the conducts of audits

Disclosure Requirements

Real-time company disclosure Pro forma figures contains true statements of material fact and

adheres to GAAP

Whistleblowers Protection of whistleblowers from discharge or discrimination in terms of employment

Criminal Fraud Accountability

Destruction, alterations, or falsification of records in federal investigation and bankruptcy

Criminal penalties for defrauding shareholders

Quantifying the ROI from Process Improvements & Automation


Some Examples

Straight Hours Saved

Quantified by: Duration of Original Task(s) – New duration of task(s)

— Time Saved * Cost of FTE (~$200,000)

Reduced overtime travel and food expenses

— Estimate these costs

Other Related Benefits

Reduction in Operational Risk

Reduction in possibility of human error

— Time historically spent on activities related to reconciliation's / pursuing issues

— Reduced costs through eliminating need for time consuming reconciliation

Other Less Tangible Savings

How time is reallocated

— Increased Analytical Time

— Picking up new tasks that were previously not completed due to time constraints

Employee Satisfaction

— Recognition of management team listening to issues

— Lead to reduced turnover

— Higher level of motivation

Reduced Dependence on External Consultants and Temporary Employees


Sample of ROI

Prior to Process Improvement

Value AddOvertimeReconciliationExternal Staff

Post Process Improvement

Through automation significant costs were removed from employees daily activities freeing them up to focus on more value added activities

Totals Cost / Month Desc. Of Cost

Hours Saved / Month for value add tasks 152 $6,080.00 Hourly Cost per $80,000/year employee Hours of External Staff / Month on value add tasks 43 $5,375.00 Hourly Cost per external Consultant * hoursHours Saved / Month on reconciliation time 900 $36,000.00 Historical Monthly Avg. time spent * affected usersCost Savings / Month $47, 455.00Cost Savings / Year $569,460.00

Time Savings

Distribution of Staff Tasks


Sample ROI

Retention Savings

* Based on an assumption of improved work environment results in 10% less attrition of workers effected

Description of Benefit Est. Value or Benefit / YearBenefits of retraining employees who are knowledgeable about the organization for other positions $3000 / employeeProductivity benefits of effective training $9000 / employeeBenefits associated with maintaining employee motivation – willingness to work overtime, willingness to learn new job functions $200 / employeeCost of attrition related to hiring and on-boarding. 210,000 / employeeBenefits associated with employee retention and turnover - Benefits associated with removing employees with performance problems – improved customer satisfaction, improved employee satisfaction, improved management effectiveness. $200 / employeeTotal Savings / * 3 Employees $667,200

Through improving the staff’s quality of work life the group has realized significant reduction in turnover and the associated cost savings

the sarbanes-oxley (sox) – implications for business and technology dallas, texas june 16, 2004

Documents

business days

sox panelists

public companies

companys internal control

big sox topic

financial reportingprovides

existing form

new items