WIXLIB

Compliance Challenges for Foreign Private Issuersis necessary.” This is due to Moody’s belief that “Category B materialweaknesses call into question not only management’s ability toprepare accurate financial reports but also its ability to control thebusiness.”In January 2005, Fitch Ratings released a similar report entitledSarbanes-Oxley 404 — Fitch’s Approach to Evaluating Managementand Auditor Assessments of Internal Controls. In its report, FitchRatings went even further to claim that significant deficiencies mayplay a role in its rating decisions and that it would ask companiesabout the existence of significant deficiencies. Fitch briefly stated thatalthough “significant deficiencies are not required to be reported onForm 10-K, such control weaknesses should be considered and mayhave rating implications.” Although neither of these studies weresponsored by the SEC or the Public Company Accounting OversightBoard (PCAOB), they provide interesting insight into the possibleimplications of a discovered material weakness.Further research has been done on the impact of material weaknesseson a company’s stock price. During Financial Executives International’sJanuary 2005 conference on section 404, the following observationwas made: “Preliminary results of a [Stanford Law School andCornerstone Research] study of disclosures made by 141 companiesthat revealed material weaknesses in their internal controls betweenNovember 2003 and October 2004, found that companies that gavedetailed disclosure regarding the material weakness suffered less of astock price drop than those that did not give details.”In addition, a November 3, 2004 article by the Wall Street Journalentitled “Grasping Internal Controls,” stated that the correlation ofmaterial weakness disclosures to stock price fluctuations has beenvaried. The article noted that companies generally experienced a 5percent to 10 percent decrease in their stock prices immediately afterdisclosing a material weakness.Accelerated Filer ChallengesAs they conduct their section 404 readiness activities, FPIs face severalchallenges. Applicability of these challenges will vary by company dueto the unique business environments and regulation in each country,and each company’s own corporate culture. Companies should consulttheir local professional advisors to ascertain the impact of thesechallenges on their section 404 readiness project. Key challengesinclude:1.Existence of appropriate audit committees2.Ineffective financial closing and reporting processes3.Ability to evaluate controls over service organizations4.Existence of effective internal audit departments5.Existence of monitoring controls in complex multiple-locationenvironments6.Potential shortage of U.S. GAAP competencies7.Management’s experience in assessing internal control overfinancial reporting8.Language considerations9.Existence of general computer controls10. Information technology system issues11. Complexity of assessing internal control in multiple geographicallocations12. Effective fraud prevention programsNote: The issues identified above do not represent a complete list of allchallenges that may lead to a material weakness in internalcontrol over financial reporting.Relief for Foreign Private IssuersIn a February 7, 2005 SEC press release, Chairman WilliamDonaldson indicated that the SEC is considering a delay in theeffective date of section 404 for FPIs. The Chairman said, “Thebenefits of 404 reports are too important not to do it right. Anappropriate delay for these issuers might be desirable if, bywaiting for smaller companies to have better guidance and forforeign private issuers to work through conversion to IFRS[International Financial Reporting Standards], it achieves moreeffective implementation of the internal control reportingrequirements. I have asked the staff to consider recommending tothe Commission an appropriate delay.”In the event that the SEC again delays the effective date ofsection 404, Deloitte highly recommends that FPIs do not changethe timing or scope of their section 404 work. Thisrecommendation is supported by the SEC’s Chief AccountantDonald Nicolaisen, who stated in the same press release that “If adelay is provided, these companies should use the time tocontinue documenting and testing their internal controls. Therequirement to report on internal controls will not go away and, ifthe staff does recommend a delay, we expect that it will be thelast time that we do so.”2

Compliance Challenges for Foreign Private IssuersKey Challenges1. Existence of appropriate audit committeesPCAOB’s Auditing Standard No. 2, An Audit of Internal Control OverFinancial Reporting Performed in Conjunction with an Audit ofFinancial Statements (the “Standard”) requires the independentauditor to assess the effectiveness of the audit committee’s oversightin its evaluation of the control environment (paragraphs 55-59). Thefollowing factors should be considered in the assessment of the auditcommittee: Independence of the audit committee members frommanagement Clarity with which audit committee responsibilities are articulatedand the degree to which they are understood by management andthe audit committee Interaction of the audit committee with the independent auditor,internal audit, and senior financial executives Whether the audit committee raises difficult questions thatindicates its understanding of critical accounting policies andjudgmental accounting estimates Whether the audit committee has been responsive to issues raisedby the independent auditorParagraph 59 goes onto say that “Ineffective oversight by the auditcommittee of the company’s external financial reporting and internalcontrol over financial reporting should be regarded as at least asignificant deficiency and is a strong indicator that a materialweakness in internal control over financial reporting exists.”ChallengeCompanies operating in certain parts of the world (e.g., Latin America,Asia Pacific, and parts of Europe) may not be required to establishaudit committees. Additionally, in certain circumstances even when anaudit committee exists, it is often not independent of management,nor does it oversee financial reporting to the extent that is required bythe Standard.For example, in Japan, two types of corporate structures exist withinthe Japanese Commercial Code: 1) Corporate Auditor System and 2)Company of Committee. Under the Corporate Auditor System, whichis the most popular system in Japan, the board of directors and theaudit committee are comprised primarily of officers of the companyand are not required to be outside directors.Provisions have been made in the Standard for companies whose legalstructure does not require an audit committee, or an audit committeecomprised of independent directors. In the case of a company that hasno audit committee, the expectations and requirements of the auditcommittee included in the Standard would apply to the entire board ofdirectors. The independent auditor would be required to assess theeffectiveness of the audit committee, or equivalent body, includingwhether the audit committee operates independently, even though itsmembers are not independent directors (i.e., independence in spirit,not form).2. Ineffective financial closing and reporting processesThe Standard requires the independent auditor to evaluate the periodend financial reporting process. As described in paragraph 78 of theStandard, “the period-end financial reporting process is always asignificant process because of its importance to financial reporting andto the auditor’s opinions on internal control over financial reportingand the financial statements.” Period-end financial reporting processes(as described in paragraph 76) include: The procedures used to initiate, authorize, record, and processjournal entries in the general ledger Other procedures used to record recurring and nonrecurringadjustments to the annual and quarterly financial statements, suchas consolidating adjustments, report combinations, andclassifications Procedures for drafting annual and quarterly financial statementsand related disclosuresChallengeIn certain instances, companies have not designed appropriate controlsto address risks associated with the financial reporting process. CertainFPIs may not ordinarily perform a “hard close” for the purposes oftheir financial statements on a regular basis (i.e., monthly or quarterly).Consequently, significant adjustment types, such as those related toaccruals, allowances, deferred items, provisions, impairments, fairvalue adjustments, and the provision of income taxes, are performedoccasionally and, in some circumstances, only at year end. Accordingly,some FPIs may only have one opportunity to demonstrate to theindependent auditor that the financial close and reporting process isoperating effectively.In addition, some of these companies maintain their accounts andrecords in accordance with local Generally Accepted AccountingPrinciples (GAAP) (e.g., local GAAP or IFRS); and seldom do they useU.S. GAAP as their primary basis of accounting. As a result, thepreparation of U.S. GAAP financial statements, including the requireddisclosures, is principally a compliance exercise for preparing the Form20-F. In many cases, companies have not designed controls to addressrisks associated with the financial reporting process. This situation isfurther complicated in Europe with the first-time implementation ofthe IFRS in 2005, which will require significant changes andenhancements in the overall financial closing and reporting process.3

Compliance Challenges for Foreign Private Issuers3. Ability to evaluate controls over service organizationsThe Standard requires that if a service organization’s services are partof a company’s information system (as described in paragraph B19 ofthe Standard), “then they are part of the information andcommunication component of the company’s internal control overfinancial reporting,” and therefore should be assessed. Bothmanagement and the independent auditor should consider theactivities of the service organization in determining the evidencerequired to support his or her assessment of internal control overfinancial reporting.Paragraph B21 of the Standard and question 25 of the PCAOB’s StaffQuestions & Answers Auditing Internal Control Over FinancialReporting June 23, 2004 (revised July 27, 2004) state that a “Type IISAS 70” report should be obtained in circumstances where it is notpossible to obtain direct evidence supporting the design and operatingeffectiveness of the controls at the service organization.SAS 70 ReportA SAS 70 report is derived from the Statement of AuditingStandards No. 70, Service Organizations (SAS 70). A SAS 70Type I report simply describes the control activities at the serviceorganization. A SAS 70 Type II report includes the coverage of aType I report, and also tests the operating effectiveness ofservice organization control activities.ChallengeIn some countries, the internal audit function is primarily focused onoperating risks and the internal audit personnel may lack the requiredcompetency, knowledge, and experience to effectively evaluateinternal control over financial reporting. Some companies don’t have aformal internal audit function, let alone one that conducts its workbased on a recognized internal control framework. Furthermore,because the internal audit function frequently reports directly tomanagement, rather than to the audit committee (if one exists), theinternal auditors may lack objectivity in the performance of their work.Therefore, the independent auditor may not be able to leverageinternal audit’s testing to support their audit of internal control overfinancial reporting.5. Existence of monitoring controls in complex multiple-locationenvironmentsAs part of its internal control assessment, management is required toevaluate and test the company’s monitoring activities (a component ofthe internal control framework published by the Committee ofSponsoring Organizations of the Treadway Commission (COSO)).Management is required to implement appropriate monitoringcontrols that extends to and includes all relevant control activitieswhich management has identified and desi

the Japanese Commercial Code: 1) Corporate Auditor System and 2) Company of Committee. Under the Corporate Auditor System, which is the most popular system in Japan, the board of directors and the . Compliance Challenges for Foreign Private Issuers.File Size: 280KB