Fall 2006 issue of Horizons

Implementing “SOX-like” Practices

CORPORATE GOVERNANCE One of the benefits of SOX is the attention it has brought to the concept of corporate governance. Board members are more actively engaged in the oversight of the organization and are involved in the overall strategy, culture and expecta- tion of how the business should be run. Corporate gover- nance begins at the top, with the board and senior manage- ment, but eventually needs to be embedded in an organiza- tion and involve staff at all levels. An effective corporate governance program creates an environment of vision, trust, values and accountability. What organization would not want to embrace and embody such concepts throughout its organization? Although the phrase corporate governance sounds esoteric, implementing some- thing that makes sense can be quite simple. To begin, there must be commitment from the board and senior management - a commitment to embrace the concept and implement it across the organization. A practical approach that has worked in the Sarbanes-Oxley environment is to adopt a set of policies and procedures that communicate the expectations of the board and senior management. Corporate Governance Activity - Items to Consider Establish a Board of Directors and Appropriate Committees • Has the company established a board of directors? • Does the company have appropriate board committees, such as a compensation and audit/finance committee? • Are board and committee roles and responsibilities clearly defined? Establish a Strategic Business Plan • Has management developed a long-range plan for the company? It has been four years since the passage of the Sarbanes-Oxley Act of 2002 (SOX) and there are still questions looming as to the cost/benefit of comply- ing with the law. The Act applies specifically to publicly traded companies. While management of private businesses and not-for-profit institutions are happy they do not have to comply, they are being pressured by their boards to look for the benefits and best practices of SOX and consider implementing ”SOX-like” practices. What are these “SOX-like” practices? They fall primari- ly under two key areas - corporate governance and financial controls. They are good business practices for any organization - public or private, required or not. Following are some of the key measures/controls to consider in implementing an effective corporate governance program:

Steve Newstead, CPA, FLMI

Mike Ramirez, CPA

• Does the plan identify the financial and operational goals of the business? Establish a Corporate Code of Conduct • Do all employees sign a corporate code of conduct? How often? • Does it cover: - Outside employment? - Gifts to employees from vendors or suppliers? - Conflicts of interest? - Confidential information? - Misuse of firm property? - Copying of software, articles, etc? Establish an Annual Business Plan and Budget • Does the organization have an annual business plan and budget? • Is it used to monitor monthly progress on business plan goals and objectives? • Does management compare actual results to the budget and discuss variances with appropriate staff? Understand Enterprise Risk Management • Is there a group within the organization that manages enterprise risk, identifying ”what if” scenarios to ensure strategic, financial, operational and compliance objectives are met? • Has management and the board evaluated each identified risk and agreed upon a plan to mitigate the risk to an acceptable tolerance level? Establish a Hotline • Is there an independent hotline in place for employees to report financial irregularities and other apparent improper activities? • Is there a process in place to follow up on and report all hotline calls? Define Key Decision Strategies • Are policies established to limit the authority of manage- ment to contractually commit company resources? • Is the legal department reviewing all contracts?

17 • summer 2006 issue