Categories
Governance

Foreign acquisitions and the FCPA

The Metropolitan Corporate Counsel, a publication dedicated to legal issues relevant to corporate lawyers, recently interviewed Alfredo Avila, Assistant General Counsel at Monsanto about how they approach FCPA compliance for acquisitions.

Monsanto recently acquired a US-based company with a Turkish subsidiary, and found during the due diligence the sub had made inappropriate payments to Turkish government officials. In 2005, Monsanto disclosed their own inappropriate payments made to Indonesian government officials and submitted to a three year monitoring program as a result, and Mr Avila talks about how their prior experience has affected policies going forward, including for this latest acquisition.

On the subject of codes of conduct:

Codes of conduct and compliance policies are important but are only the first step in assessing a compliance program. Monsanto believes that the biggest deterrent against unethical behavior is strong leadership.

I agree that codes of conduct are but the first step in ensuring compliance with the FCPA and other anti-corruption legislation. As an internal auditor, you want to assess whether the code of conduct has been read and signed by every relevant employee of the organization, and ensure that the code is complete and addresses issues covered by the FCPA. Typically new employees will receive the code of conduct when they join the company. Keeping the documentation to prove that everyone has agreed to the code is critical.

Assessing leadership is a much tougher job for an auditor. You will get a sense throughout your meetings and communications with senior management of their commitment to ethical business practices, and from there form an opinion. Of course if you already know there were past incidents of non-compliance, leadership is called into question and probably requires more substantive audit procedures to ensure compliance since the preceding events.

On the topic of embedding compliance into policies:

We had to reevaluate our policies for petty cash, travel and entertainment, inventory, delegation of authority and so forth from the perspective of the document trail. It made us formalize some practices into policies and reevaluate policies to make sure we captured enough detail so that an independent third party could find all his inquiries answered within the four corners of a document. That forced us to reconfigure policies and also reconfigure our expense recording so that our documentation captured more information. While this takes a little bit more time on the front end, it answers many more questions on the back end and contributes to creating a transparent culture.

Preparation and retention of documentation related to expenses is key to proving compliance with the FCPA. Any payments made to government officials, if they’re legitimate, will have appropriate evidence. I like the part at the end about creating a transparent culture because culture plays a huge role in establishing ethical traditions that can prevent situations like the ones experienced by Monsanto and their acquisition.

Read the full interview for more.

Categories
Governance

SEC delays Sarbanes-Oxley requirements for small businesses

The Securities and Exchange Commission (SEC) has provided small businesses another 1-year delay to comply with Sarbanes-Oxley Section 404 requirements. Section 404 is the part of Sarbox that requires management to attest to the effectiveness of internal controls over financial reporting.

“This will help ease the burden on small firms and help encourage more small businesses to become public companies – while still ensuring transparency and honest accounting,” said Senator John Kerry (D-MA), chairman of the Senate Committee on Small Business and Entrepreneurship.

I see how this eases the regulatory burden on small entities, thereby indirectly encouraging small businesses to go public where they might otherwise not, but it remains to be seen how this “still ensures transparency and honest accounting”. How does not requiring companies to fully examine their systems of internal control and have management sign off on their effectiveness ensure anything?

It has been nearly five and a half years since Sarbanes-Oxley was implemented in the wake of the Enron meltdown and the delay applies to companies worth $75-million or less. When will smaller public companies be held to the same standard as larger ones?

Since the law was passed in 2002, the SEC has delayed compliance four times for small businesses. Currently, small companies … are expected to comply with the management guidance part of the law this year and the auditing section by 2009.

Legislators worked quickly to draft and pass Sarbanes-Oxley to protect investors in the aftermath of accounting scandals. Is it reasonable that it will be 7 years before it is in place for the smaller public companies in the US?

Categories
Governance

Audit committees recognize IT risks should be a focus

Dan Meyer at Tick Marks has brought my attention to a KPMG survey that reports audit committees are becoming more concerned about IT risks on financial reporting.

90% believed that IT oversight deserved more time at audit committee meetings. By constrast, 80% of committee members were satisfied with audit committee oversight of management judgments and estimates and 60% felt that committees were spending sufficient time on these issues.

Good to see audit committees are looking into this area with greater scrutiny. IT is often an area where firms of all sizes could benefit from increased focus and constantly thinking of ways to improve their controls and processes.

But what about the 20% that is satisfied with audit committee oversight of management judgments and estimates, but do not believe sufficient time is being spent on the issue? How can you feel an area needs more time and yet be satisfied with the oversight? This is why looking at surveys is fun.

“The ACI survey findings demonstrate a huge gap between the importance that audit committees place on IT risk and how much time they spend focused on it during their already busy meetings,” Smith said. “Since audit committees generally have only basic IT experience, there may be a reluctance to invite chief information officers and chief technology officers to their meetings, in part, because there is a lack of common vocabulary.”

Audit committees need to have at least one member who has a high level of knowledge in IT as it relates to financial reporting. There is no excuse for lacking someone with a good grasp on the IT risks the organization faces. And CIOs and CTOs aren’t enough – CFOs need to have a more than basic understanding, and even lower down in the accounting department.

I’m really pleased that the CICA has been so proactive towards training CAs on this topic. IT is one of the six topics covered in the professional exam process. (The others are audit/assurance, performance measurement, tax, finance, and organizational effectiveness, control and risk management.) Clearly there is some overlap between the last competency and IT.

An in-depth discussion of the six CA competencies is published by the Institute and available here (pdf).

Categories
Governance

Hollinger audit committee had “no finance experts”

The Conrad Black trial has been good theatre, and the latest coming out of Chicago doesn’t disappoint.

Testifying at the trial of former Hollinger chairman Conrad Black, a former member of the company’s audit committee has testified that it kept watch over company finances for four years without any financial experts.

Economist Marie-Josee Kravis, sat on the committee during the time that Black allegedly helped steal $60m (£30m) from the company.

She said that no one on the audit committee between May 1999 and May 2003 had the financial experience required by its governing charter.

Kravis is referring in part (I’m assuming) to the best practices of an audit committee as outlined by the AICPA, which stipulate at least one member of the audit committee be designated a financial expert. The decision tree to determine whether a member qualifies as a financial expert can be found here (PDF).

Basically a financial expert is someone who is an accountant or auditor, has taken an accounting or auditing program or course, has experience in auditing or as a controller or financial officer of a company, has experience assessing a company’s financial statements, or has experience supervising the accounting function in a company.

On top of that, they must be familiar with GAAP, the function of an audit committee, internal controls, and how those apply to the company in question.

My question is: Why would you want anyone who doesn’t meet those standards on the audit committee?

Categories
Governance

Alberta kiboshes plan for single Canadian securities regulator

So much for mobile, accessible capital for growing Canadian businesses…

Alberta Premier Ed Stelmach poured cold water yesterday on federal Finance Minister Jim Flaherty’s push for a nationwide securities regulator, saying he has no interest in moving beyond an alternative system provinces have set up.

He said he’s content to stick with the “passport system” – arranged by all provinces except Ontario – that synchronizes securities approvals but allows 13 separate securities commissions to remain.

That’s right – thirteen separate securities commissions for Canada, each one a fiefdom unto itself in terms of enforcing securities legislation. Restricting the flow of capital through a country quickly falling behind its core G8 competitors.

Alberta’s support is considered crucial to forming a single securities regulator because companies headquartered in the province have the second-biggest market capitalization of any jurisdiction in Canada.

Ontario is the largest in terms of market cap, but Alberta is growing quickly on the strength of oil sands development.

According to Canada’s Department of Finance:

In December 2003 the Wise Persons’ Committee presented its report recommending that the federal and provincial governments collaborate to establish a single securities regulator in Canada. The federal government continues to work with the provinces towards the development of a single securities regulator to promote greater efficiency in Canada’s capital markets.

C’mon guys, they don’t call them wise persons for nothing!

What do you think? Is there any hope for a single regulator in Canada to rival the SEC in the US and the FSA in the UK?