U.S. Securities and Exchange Commission
Disclosure Required by Sections 404, 406, and 407 of the Sarbanes-Oxley Act of 2002: Proposed Rule
I am providing comments in that I currently work for a city whose Public Employees Retirement Fund (CalPERS) is alleging to have been defrauded by both Enron and World Com. By defrauding Public Employee Retirement Funds, including CalPERS, you in turn defraud cities and other pubic agencies who are members, who in turn defraud the employees. So it was not only the employee retirement funds of Enron and/or World Com who have been impacted by the alleged Fraudulent Financial Statements and disclosures of both Enron and World Com!
What I cannot believe is that after all of this time, the failure to implement into law the recommendations of the Treadway Commission. This study clearly addressed the oversight roles and responsibilities of the audit committee as to their duties to be informed, vigilant and effective overseers of the financial reporting process and the company's internal controls. The study also mentioned reviewing compliance to the company's code of conduct. Finally, about coordinating the efforts of the independent and internal auditors.
I find it inexcusable for the failure of the members of the audit committees of both Enron and World Com to have performed their duties. I do not know if there was a culture of if they don't ask (members of audit committees) we don't tell (both the independent auditors and internal auditors). Did both the independent and internal auditors volunteer to orient/educate on an ongoing basis the members of the audit committee? Many large CPA firms have publications on the roles and responsibilities of audit committees. I know for a fact that Ernst & Young, LLP does. Did Arthur Andersen provide/volunteer any publications about audit committees to the audit committees of companies they audited? What disturbs me is the article in the Wall Street Journal "World Com Internal Auditors". The article seems to indicate that the head of internal auditing reported to the Chief Financial Officer. Did Arthur Andersen fail to bring to the attention of the audit committee that in order to maximize the independence of internal auditors (employees of the company), that he head of internal auditing should report directly with the audit committee as well as, meeting at least once a year privately with the audit committee? Even if bringing this to the attention of the audit committee, did Arthur Andersen volunteer this fact or they did not because it was not required by law to have internal audit unit reporting directly to audit committees. Have other CPA firms taken the same position of not emphasizing the placement of internal auditing directly reporting to the audit committee?
Proposed Disclosure About Financial Experts Serving on a Company's Audit
I believe the public has a right to know who and how many Financial Experts serve on a company's audit committee. Without know the names, the presents a problem of accountability for the members of the audit committee! If only one Financial Expert serves on the audit committee, this would be critical to know as to when they leave a company, as well as, how long it takes a company to replace the Financial Expert. I believe that at least two Financial Experts should serve on an audit committee to give it balance and a means of check and balances. However, I would not want the presence of Financial Experts to in any manner be used as an excuse for the rest of the members of an audit committee to become complacent and fail to pursue ongoing understanding the companies business operations. If the other members find finances boring, step down or face the consequences later for their lack of perfomance. Audit Committees should be about performance and accountability, not image or poltics.
The backgrounds of Financial Experts should also be disclosed in that the public has a right to know the level of financial expertise being represented by the company's as to the make up of the audit committee.
The backgrounds of Financial Experts should include a thorough understanding of the accounting and reporting process. Knowledge and understanding of the roles that both the independent and internal auditors can have on the integrity (checks and balances) of company operations as to adherence to codes of conduct, internal controls (both operational and accounting), as well as, being used as a means to orient and educate on an ongoing basis the members of an audit committee. The more the audit committee knows the more the understanding of independent and internal auditors and the greater assurances of maximizing the independence of both the independent and internal auditors. This is a natural process to strengthen audit committees and independent and internal auditors. This would also limit any attempts of influence of members of senior management, specifically Chief Executive and Chief Financial Officers.
The Financial Experts need to have a working knowledge of the company/industry operations for the audit committees they are members of.
I do not believe that Financial Experts should be held to any higher level of liability than the other members of the audit committee. They all have the same responsibility to have a proactive attitude to learn the companies operations, or they should not be members of an audit committee! Complacency should never be a defense that "I did not know"!
Proposed Code of Ethics Disclosure
A business ethics and conduct code should apply to all individuals of a company, from the board of directors on down. A business ethics and conduct should be enforced, otherwise it is reduced to nothing more than mere words on a sheet of paper. To this end, I recommend that we do not reinvent the wheel. When the Defense Industry suffered from the lack of public confidence as evidenced by the June 1986 final report to the President of the United States, A Quest for Excellence, by the President's Blue Ribbon Commission on Defense Management (Packard Commission), the report included as an appendix the Defense Industry Initiatives on Business Ethics and Conduct. The Initiatives also included the Defense Industry Questionnaire on Business Ethics and Conduct. The Auditing Standards Division of the American Institute of Certified Public Accountants developed attestation standards to the Defense Industry Questionnaire on Business Ethics and Conduct. This is evidenced by a copy I have of the June 1, 1990 AICPA Professional Standards, Volume 1. This would also save time for the AICPA to develop attestation standards for publically traded companies!
I would recommend that a similar Questionnaire on Business Ethics and Conduct be used for all publically traded companies and be attested to by the company's independent auditors! These documents can be modified/amended to apply to publically traded companies. If the AICPA did not keep a copy of the June 1, 1990 AICPA Professional Standards, Volume 1, I am more than willing to provide copies to the U.S. Securities and Exchange Commission, as well as, the AICPA!
A publically traded company's business ethics and conduct code should prescribe to similar principles to that required of the defense industry. The Defense Industry's was as follows:
Written Code of Business Ethics and Conduct
Employees' Ethical Responsibilities
Corporate Responsibility to Employees
Corporate Responsibility to the Government.
Corporate Responsibility to the Defense Industry
I am sure that the above principles included in the Initiatives, as well as, the Questionnaire could be modified to fit for use by publically traded companies.
It should be noted that the requirement of attestation on the Questionnaire appears to be for only three years. I would recommend that this be permanent. I am not aware that business ethics and conduct applies for only three years. Such conduct is not limited to any number of yeas, but should always be ongoing!
Management's Internal Controls and Procedures for Financial Reporting
Critical to any system of internal control is the Control Environment. The Control Environment describes the corporate culture of a company. The Control Environment sets the standard of the integrity of the financial reporting process, both internal and external. The Control Environment set the "tone at the top" as to the expectations of corporate integrity. The Overseers of the Control Environment starts with the Audit committee. Internal Control (operational and accounting) has everything to do with how transactions are process and recorded. The financial reporting process can be compromised by the manipulation of the operational controls or the accounting controls. You cannot adequately discuss internal controls without discussing the role that internal auditors have in the review of compliance of internal controls. It is critical that the head of internal auditing be required to be accountable to and report directly to the audit committee. This ensures the maximum independence that can be given to the internal auditors when employees of the company. If the internal audit unit reports and is accountable to either the Chief Executive or Chief Financial Officer, knowledgeable third parties will perceive that offices of the Chief Executive Officer and/or the Chief Financial Officer are above audit, it that is appears that could manipulate the results of what is reported to the audit committee. If the head of internal audit reports to either of these officers, it could place the head of internal auditing in an uncomfortable position when the head of internal auditing meets privately with the audit committee. However, since neither the Chief Executive and/or the Chief Financial Officer have anything to conceal or hide from the audit committee, they should be more than supportive to have the head of internal auditing reporting directly to the audit committee.
Internal controls can also be impacted by the failure to adhere to a company's business ethics and conduct code.
The independent auditors could attest to compliance by testing the assurances in Client Representation Letter required by most independent auditors. Client Representation Letters address such issues as management is responsible for the fair presentation financial statements, there has been no fraud involving employees or members of management that have an impact on the financial statements (Fraudulent Financial Reports), etc.
Since the issue is on integrity of internal controls, I would recommend that the Client Representation Letter be signed by the Financial Expert(s) on the Audit Committee, Head of internal auditing, Chief Executive Officer, Chief Financial Officer, and Chief Accounting Officer. In this way, if a company is found to have committed financial statement fraud, it will have taken collusion among some or all of the above.
I hope that the above comments to the proposed regulations assist in the improvement of the Financial Reporting standards and overall accountability for publically traded companies.
If you have any questions to the above, please contact me via e-mail.