SCIT ITT MBA

Sarbanes-Oxley Act

Standards & Compliances

1

Index
Term and Intent Why Sox? Who the act applies to and Who impacted Administration Mission and Responsibilities of the PCAOB Key Sections and Table of Contents Sec 201 Sec 302 Sec 404 Sec 409 Sec 802 Sec 1520 Sec 806 Sec 807

Introduction
Mukesh Jawaharani Senior Manager Internal Audit
Qualification
Associate Chartered Accountant (ACA) Bachelor of Commerce (BCOM) Certified Information System Auditor (CISA) Certified Internal Auditor (CIA) Information System Audit ICAI (DISA) Certified Hacking Forensic Investigator (CHFI) International Standard Organization 27001 Implementation (ISO 27001) Certified Application Security Analyst

Member
ICAI CISA CIA

Term

Named for its sponsors Senator Paul Sarbanes and Representative Michael G. Oxley Sarbanes-Oxley Act of 2002

Intent

Corporate governance is transacted with full transparency To protect investors Improving the accuracy and reliability of corporate disclosures Formalizing and strengthening internal checks and balances within corporations Ensure that financial reporting exercises full disclosure

Why Sox ?
Investors and politicians got fed up by : Fraud Greed Plausible deniability by executives No way to truly gauge financial health of company Too little transparency into processes Lack of accountability

SOX the act

Established a new private-sector regulatory structure for the accounting

profession Created a list of prohibited non-audit services Required pre-approval of all non audit services Required rotation of auditors Required an auditor attestation of internal controls Mandated corporate responsibilities Mandated enhanced financial disclosures Established record retention requirements

Who the Act applies to

All public companies in the US International companies that have registered equity or debt securities with SEC The Accounting firms that provide auditing services to (a) and (b) It does not apply to privately companies It applies to Non US companies also if they are listed on American Stock Exchange

10

Who impacted

11

Indian companies listed on NYSE

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. HDFC Bank ICICI Bank Infosys Technologies MahanagarTelephone Rediff.com India Dr. Reddys Satyam Computer Sify Limited Tata Motors Videsh Sanchar Wipro Limited Sterlite Industries Tata Telecommunication Make My Trip Limited Banking Banking Information Technology Telecommunications Magazine Pharmaceutical Products Information Services Internet Provider Automotive Vehicles Telecommunications Information Technology Metal fabrications Telecommunication equipment Transportation Services

12

Administration

The Act is administered by the Securities and Exchange Commission (SEC) SEC deals with compliance, rules and requirements The Act also created The Public Company Accounting Oversight Board (PCAOB) It is in charge of overseeing, regulating, inspecting, and disciplining accounting firms in their roles as auditors of public companies

13

Mission of the PCAOB

The Board is a private, non-profit corporation whose mission is Oversee the audits of public companies Protect the interests of investors Protect public interest in the preparation of audit reports
The creation of the Board signaled the end of self-regulation of the auditing profession and the beginning of independent oversight

14

Responsibilities of the PCAOB

The Board has four primary responsibilities: Registration - All accounting firms that issue or prepare audit opinions on the financial statements of U.S. companies must register with the Board Inspection - The law requires the Board to inspect registered accounting firms. Following an inspection, the Board must issue an inspection report, and the firm must correct any weaknesses in its quality control system Investigate - The Board may conduct investigations and bring disciplinary proceedings when it believes that an accounting firm or its employees have violated the law or professional standards. The Board can impose fines, require remedial action or suspend or bar a firm or individuals from participating in public company audits Establish Standards - The Board is empowered to establish auditing, quality control, and ethics standards for public company audits

15

Key Sections

Section 201 outlines Prohibited Auditor Activities Section 302 describes the CEO's and CFO's new responsibilities regarding corporate reports Section 404 addresses the Management Assessment of Internal Controls Section 409 outlines Real Time Disclosure Section 802 describes Criminal penalties for altering documents Section 806 describes Whistleblower protection Section 807 describes Criminal penalties for fraud

16

Sec 201 Prohibited auditor service

Sec Ref: Sec 10A of the Securities Exchange Act of 1934

Applicable to whom: The registered public accounting firm (and any associated) that performs audit for any issuer company Requirement: Not to perform non audit services such as : Bookkeeping or accounting Financial information systems design and implementation Appraisal or valuation services Actuarial services Internal audit outsourcing services Management functions or human resources Broker or dealer, investment adviser, or investment banking services Legal services and expert services unrelated to the audit Any other service that the Board determines by regulation

17

What can be performed: It may engage in any non-audit service (tax services) that is not described. Obtain prior approved by the audit committee of the issuer

Exemption: The Board may, on a case by case basis, exempt any person, issuer, public accounting firm, or transaction from the prohibition on the

provision of services from above. The exemption may be granted to the

extent necessary or appropriate in the public interest and to protect investors interest

18

Sec 302 Responsibility for financial reports

Requires quarterly certification by the CEO / CFO of all companies filing

periodic reports regarding the completeness and accuracy of such reports as well as the nature and effectiveness of internal controls supporting the quality of information included in such reports

The Commission shall, by rule, require that the principal executive officer and the principal financial officer certify in each annual or quarterly report submitted that -

the signing officer has reviewed the report

based on the officers knowledge, the report does not contain any untrue statement of a material fact based on such officers knowledge, the financial statements, and other financial information included in the report, fairly present in all material respects the financial condition and results of operations of the issue
19

the signing officers

are responsible for establishing and maintaining internal controls have designed such internal controls to ensure that material information

relating to the issuer is known to them

have evaluated the effectiveness of the internal controls as of a date

within 90 days prior to the report

have presented in the report their conclusions about the

effectiveness of their internal controls based on their evaluation as of

that date

the signing officers have disclosed to the issuers auditors and the audit committee all significant deficiencies in the design or operation of internal

controls which could adversely affect the issuers ability to record, process, summarize, and report financial data and have identified for the issuers auditors any material weaknesses in internal controls;
20

 any fraud, whether or not material, that involves management or other

employees who have a significant role in the issuers internal controls the signing officers have indicated in the report whether or not there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses.

21

22

23

24

Sec 404 Management assessment of internal controls

Requires an annual report by management regarding internal controls and procedures for financial reporting, and an attestation as to the accuracy of that report by the companys auditors

The Commission shall prescribe rules requiring each annual report to contain an internal control report which shall
State the responsibility of management for establishing and maintaining

an adequate internal control structure and procedures for financial

reporting; and
Contain an assessment, as of the end of the most recent fiscal year of

the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.

25

Internal Control Evaluation And Reporting - with respect to the internal control assessment, each auditing firm that prepares the audit report for the issuer shall attest to, and report on the assessment made by the management

An attestation made under this subsection shall be made in accordance

with standards for attestation engagements issued or adopted by the

Board

Any such attestation shall not be the subject of a separate engagement.

26

Sec 409 Real time issuer disclosures

Sec Ref: Sec 13 of the Securities Exchange Act of 1934

Applicable to whom: Each issuer reporting u/s 13(a) or 15(d) Purpose:
They shall disclose to the public information concerning material

changes in the financial condition / operations which is necessary for the protection of investors and in the public interest
The disclosure should be in plain English It may include trend, qualitative information and graphic presentations

27

Sec 802 Criminal penalties for altering documents

Sec Ref: Sec 1519 Destruction, alteration or falsification of records in Federal investigations Applicable to whom: Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies or makes a false entry in any record, document or tangible object

Reasons: With the intent to impede (hinder), obstruct or influence the

investigation or proper administration of any matter

Penalty:
Fine

Imprisoned not more than 20 years

Both

28

Sec 1520 Destruction of corporate audit records

Applicable to whom: Any accountant who conducts an audit of an issuer of securities Reasons: They shall maintain all audit or review work papers for a period of 5 years from the end of the fiscal period in which the audit or review was concluded Penalty:
Fine
Imprisoned not more than 10 years Both

29

Sec 806 Protection for employees of Publicly traded companies who provide evidence of fraud

Sec Ref: Sec 1514A Civil action to protect against retaliation in fraud cases

Applicable to whom:
First party - The company which is registered with SEC or is required to

file report.
Second party - Any officer, employee, contractor, subcontractor or

agent of such company

Reasons: The company may not discharge, demote, suspend, threaten, harass or in any other manner discriminate against an second party in the

terms and conditions of employment

Reason of discrimination:
Any lawful act done by the him To provide information in an investigation regarding
30

 To assist in an investigation regarding any conduct which the employee reasonably believes constitutes Remedies: In General: An employee shall be entitled to all necessary relief Compensation: Reinstatement with same seniority status employee would had without discrimination Amount of payback with interest c. Reimbursement of damages sustained as result of discrimination (Litigation cost, expert witness fees or attorney fees)

31

Sec 807 Criminal penalties for defrauding shareholders of Publicly traded companies

Sec Ref: Sec 1348 Securities fraud Applicable to whom: Whoever knowingly executes or attempts to execute a scheme Reasons:
To defraud any person in connection with any security of an issuer To obtain by means of false or fraudulent pretenses, representations,

or promises, any money or property in connection with the purchase or sale of any security of an issuer
Issuer: Issuer means company who has securities registered u/s 12 of

the Securities Exchange Act of 1934 or files reports u/s 15(d) of the Securities Exchange Act of 1934
32

Penalty:
Fine Imprisoned not more than 25 years Both:

33

34