© 2004 Ceridian Corporation. All rights reserved.

Corporate Integrity and The Sarbanes-Oxley Act

Victoria Nemerson

Vice President Compliance, Ceridian

Lynn Brewer

President, The Integrity Institute, Inc.

© 2004 Ceridian Corporation. All rights reserved.

Agenda & Learning Objectives

• Sarbanes-Oxley Act: How did we get here and what does it mean for your organization?

• Disclosure Controls: Prevention & Detection of Fraud and Abuse

• Confessions of an Enron Executive

• How to Minimize Your Risk: Ten Best Practices and A Strategy for Compliance

© 2004 Ceridian Corporation. All rights reserved.

Sarbanes-Oxley Act: Officers & Directors

• Section 402: Bans loans to officers & directors

• Section 403: Shortens due dates for reporting transactions

• Section 304: Disgorge bonus & incentives

• Section 306: Blackout periods

© 2004 Ceridian Corporation. All rights reserved.

SOX & Disclosure ControlsSection 302CEOs and CFOs certify they are responsible for

“disclosure controls & procedures.”Disclosure Committee – SEC Quarterly Reports – Internal ControlsSignificant changes & other factors Corrective actions

© 2004 Ceridian Corporation. All rights reserved.

SOX: Internal Controls Over Financial Reporting

Section 404 Internal controls over financial reporting Quarterly reports – material changesReasonable assurances:

Detail accurately & fairly reflects transactions Transactions are recorded GAAPPrevention & detection of material effects on financial

statements.

© 2004 Ceridian Corporation. All rights reserved.

SOX: Code of Ethical ConductSection 406Written standards reasonably necessary to deter

wrongdoing and promote:Honest & ethical conduct;Accurate & timely disclosure public reports;Compliance with the law;Internal reporting of code violation; andAccountability for adherence to code

© 2004 Ceridian Corporation. All rights reserved.

SOX: Stock Exchange Governance

SEC governance requirements:• Director Independence Rules;• Audit committee and other board committee

composition;• Director education and training;• Corporate governance guidelines; and • Code of business conduct and ethics

© 2004 Ceridian Corporation. All rights reserved.

SOX: Reporting Tool Section 301 To establish procedures for the

receipt, retention and treatment of complaints and the confidential, anonymous submission by employees

Regarding:• Accounting• Internal controls• Auditing matters

© 2004 Ceridian Corporation. All rights reserved.

SOX: Whistleblower ProtectionsSection 806 gives employees a right to sue their

employer for retaliation. Employees must file a charge with US DOL OSHA has 180 days to investigate and resolve If not resolved, employee has COA

Section 1107 provides for criminal penalties Includes up to 10 years in prison for retaliation

© 2004 Ceridian Corporation. All rights reserved.

Confidential Reporting SystemsReporting Systems must be:

Free of Conflict Anonymous Universally Accessible and Available

Non-financial Incident Reporting:Discrimination/HarassmentMisconduct/Inappropriate BehaviorAlcoholism & Substance AbuseWorkplace Violence/ThreatTheft

© 2004 Ceridian Corporation. All rights reserved.

Confessions of an Enron Executive

Lynn BrewerLynn BrewerPresidentPresidentThe Integrity Institute, Inc.The Integrity Institute, Inc.

Confessions of an Enron Executive

© 2004 Ceridian Corporation. All rights reserved.

How would you know?

• How would you discover?• Do you have knowledge?• Should you have knowledge?• Are you on notice?

© 2004 Ceridian Corporation. All rights reserved.

PreventionChanging Cultural Paradigms

• 75% of the workforce may have something to share but don’t report because of fear of retribution or retaliation. (AICPA’s Report to the Nation 2002)

© 2004 Ceridian Corporation. All rights reserved.

FALSE PROPHET$““We have found that companies that have a written We have found that companies that have a written vision and values statement have a far greater Return vision and values statement have a far greater Return

On Investment than those that don’t.”On Investment than those that don’t.”

Jeff Skilling, Enron PresidentJeff Skilling, Enron President

All Employee Meeting (April, 1998)All Employee Meeting (April, 1998)

Launch of New Vision & ValuesLaunch of New Vision & Values

© 2004 Ceridian Corporation. All rights reserved.

It was obvious to those Outside too. . .

“According to the Beneish Model, Enron may be manipulating its earnings. . . . We recommend a sell on Enron stock.”

Graduate students (Cornell University)May 5, 1998

© 2004 Ceridian Corporation. All rights reserved.

For anyone willing to look. . .Enron’s 2000 Shareholder Letter

“Enron’s performance in 2000 was a success by any measure . . . The company’s net income reached a record $1.3 billion in 2000.”

$1.3 billion is not reported in the audited income statement several pages later. The net income reported is $979 million.

© 2004 Ceridian Corporation. All rights reserved.

Enron’s Management Incident Report

0

10

20

30

40

50

60

70

January February March April May June July August September

2000

2001

Cumulative Totals 2000 vs. 2001

© 2004 Ceridian Corporation. All rights reserved.

Enron’s Hotline by Classification of Allegation

3

19

39

PendingAlleged Criminal Alleged Non- Criminal

© 2004 Ceridian Corporation. All rights reserved.

Enron’s Hotline Method of Reporting

18

7

115

1

19

Phone CallBy Business Unit/DepartmentLocal AuthoritiesLetterOrientationEmail

© 2004 Ceridian Corporation. All rights reserved.

© 2004 Ceridian Corporation. All rights reserved.

© 2004 Ceridian Corporation. All rights reserved.

What do Regulators, Prosecutors and Judges expect?

•Diligent •Effective• Industry Practice

© 2004 Ceridian Corporation. All rights reserved.

DOJ Test for Effectiveness

• Whether a company exercises due diligence is determined by a 7-part inquiry – hence, the 7 hallmarks of an effective corporate compliance program.

© 2004 Ceridian Corporation. All rights reserved.

Due Diligence Requires:

1. Written set of compliance standards;2. Appointment of high-level personnel oversight;3. Discretionary authority not be delegated;4. Systems for communicating the standards and procedures;5. Monitoring, auditing, and reporting criminal or unethical

conduct, including reporting by employees without fear of retribution;

6. Consistent enforcement of standards through discipline.7. History of appropriate responses to identified offenses,

including preventive action as needed.

© 2004 Ceridian Corporation. All rights reserved.

Revised Principles5 Key Considerations:

1. Company’s history of wrongdoing;

2. Its response to regulatory actions;

3. Its reaction to criminal conduct committed by its employees;

4. Level within the corporation;

5. Pervasiveness of criminal behavior within organization.

© 2004 Ceridian Corporation. All rights reserved.

Ten Best Practices

1. The Auditing committee establishes a procedure for handling complaints about accounting and auditing matters that is anonymous and confidential.

2. The BOD’s Audit Committee is comprised of independent Board Members.

3. One member of the Audit Committee must be a financial expert.

© 2004 Ceridian Corporation. All rights reserved.

Ten Best Practices 4. The Company’s auditing firm should not perform

any non-audit services while performing the audit.

5. All financial disclosures should reflect correcting adjustments and any off balance sheet transactions.

6. The CEO and the CFO must review and sign all annual and quarterly reports to the SEC.

© 2004 Ceridian Corporation. All rights reserved.

Ten Best Practices 7. No corporate loans to executives.

8. All insider stock transactions must be disclosed within 2 days.

9. Management must assess the effectiveness of internal controls and procedures and these must be certified and signed off by a CPA.

10. Adopt a company wide code of ethics and publish it frequently to all employees (SO: requires to Sr. Exec’s)

© 2004 Ceridian Corporation. All rights reserved.

Questions?