Ethics and Sarbanes/Oxley Strategies for Compliance

American Public Power Association

2005 Business and Financial Conference

Portland, Oregon

Session #38

Sacramento Municipal Utility District, SMUDSacramento

California

Los Angles

San Francisco

Nevada

Oregon

The District

• Started operations in 1947

• Service territory most of Sacramento County and a portion of Placer Country, 900 Sq. Miles

• Number of Customers 547,000+

• Peak Demand 2,959 MW

• Generation Capacity 1,200 MW

• System Average Rate 9.93 Cents/kWh

• Employees 2,200

Audit and Quality Services

• Staff of 8 Auditors• Four Operational/Financial Auditors• Two Information Technology Auditors• Two Quality Assurance Engineers• Audit Reports go to the Board and Management

Sarbanes-Oxley

• Paul Sarbanes Senator from Maryland.

• Michael G. Oxley Ohio's FourthCongressional District

Sarbanes-Oxley

• Section 406 requires the SEC to issue rules, within 180 days after enactment, to require an issuer to disclose immediately, by means of filing a Form 8-K, dissemination by the Internet or by other electronic means, any change in or waiver of the code of ethics for senior financial officers.

Sarbanes-Oxley• The final rules define the term "code of ethics" as written standards

that are reasonably designed to deter wrongdoing and to promote: – Honest and ethical conduct, including the ethical handling of

actual or apparent conflicts of interest between personal and professional relationships;

– Full, fair, accurate, timely and understandable disclosure in reports and documents that a company files with or submits to the SEC and in other public communications made by the company;

– Compliance with applicable governmental laws, rules and regulations;

– The prompt internal reporting of any violations of the code of ethics to an appropriate person or persons identified in the code of ethics; and

– Accountability for adherence to the code of ethics.

Sarbanes-Oxley

• Whistleblower Protection.  Section 806 provides that no public company or any officer, employee, contractor, subcontractor, or agent of such company, may discharge, demote, suspend, threaten, harass, or in any other manner discriminate against an employee in the terms and conditions of employment because of any lawful act done by the employee in connection with providing information or assisting in certain investigations involving securities law matters, or testifying or participating in certain proceedings involving securities law matters.

Board Ethics Policy SD-12

• Maintaining the publics trust and confidence is a core value of the District. 

• Code of Ethics applicable to the Board and all District employees

• Will have a Conflict of Interest Code• The code of Ethics will encourage high ethical

standards; • Establish clear guidelines for ethical standards

requires disclosure and reporting of potential conflicts of interest.

District’s Code of Ethics

• General prohibitions in using one’s influence when one has a financial interest in the decision

• Employee Conduct:– Contracting– Gifts– Use of District Facilities– Outside employment– Permitted investments

District’s Code of Ethics

• Annual disclosure of economic interest• Annual written statement of reaffirmation • Where to obtain answers to an employees

questions, Ethics Officer • Actions that may be taken for violations of policy.

Everything from a letter of admonishment to dismissal

Ethics Training

• Ethics training for all employees this year.• On-line course for staff with computer access.• Field staff offered the class in one of two ways;

come into the computer training center or a classroom session

Ethics Training

• Included excerpts from District policies to be read or in some case a video

• Provides a situation• Select the “correct answer”• Program then provided the correct answer with

explanation

Ethics Training

Teacher’s “Report” Card

Lydia is a Business Analyst. She also teaches a weekly class at a local university on business practices. Lydia’s students know where she works, and Lydia sometimes relates personnel situations she has handled at SMUD to the class, being careful to speak without specifics. Lydia knows it would be improper to use any of SMUD's business policies or manuals in the classroom.

Under SMUD's policy, should Lydia disclose her teaching position to her supervisor?

  Yes       No

     

Even though there appears to be no direct conflict of interest in Lydia’s part-time teaching position, Lydia's practice of drawing on her work experiences could cause her to disclose confidential information or otherwise make a disclosure not in SMUD's interest. Lydia must disclose the outside employment situation to her supervisor or the Ethics Officer. They can then assess the situation to see if it poses a potential conflict of interest and direct Lydia how to proceed. Lydia should have disclosed her intention to teach this class prior to accepting the teaching position.

Sample Question

© Advantage Performance

Ethics Training

Liquid Lunch

Marissa is surprised to note her supervisor, Alan, returning from lunch smelling like an alcoholic beverage. He bumps into people while walking down the hall and slurs his words when Marissa asks him a question.

What should Marissa do?

  

 

  

      A.   Ignore it - it is not a good career move to confront or “tell on” your supervisor

      B.   Note the time, date, observations, and witnesses to the situation

      C.   Report the incident to the manager on duty or Labor Relations

Alan could be engaged in a serious violation of SMUD's policy and could place himself, his co-workers and the public at risk if un-addressed. Alan’s behavior poses a significant potential safety concern and could be subject to severe disciplinary action or termination. Despite the fact that Alan is Marissa’s supervisor, she should report the situation to Alan’s supervisor. She will not be retaliated against – either by Alan or SMUD – for reporting a violation of the policy that she brings in good faith.

Sample Question

© Advantage Performance

Whistleblower Policy

• Avenue for employees to report fiscal, environmental and ethical violations where the normal channels of communications may not be available

• Policy does encourage employees to use the normal chain of command

• The policy gives directions on how employees can file a complaint

Ethics as the Foundation for Success

Ethical Environment (Principal Based)

Code of Ethics(Rule Based)

Governance Policies & Procedures

Goals & Objectives

Steps for Management

• Set an ethical tone at the top• Promote strong and effective internal controls• Establish a whistleblower policy • Prevent reprisals• Provide ethics and fraud training for staff• Implement a confidential tips hotline• Create a culture of doing the right thing Institute of Internal Auditors, Tone at the Top June

2005

Test Your Ethics *

• Is it right?• Is it legal?• Is it fair?• Who might get hurt?• Do I really have the facts?• What would I do if it were my money?• Can I tell the public, a friend, or my family what

I’m doing and still respect the decision?• * Bruce Carpenter - Salt Lake City APPA Workshop - September 30, 1997

Questions

Sarbanes-Oxley and Internal Control Documentation

Alan Bailey

City Utilities of Springfield, MO

Quotes on Ethics• “Relativity applies to physics, not ethics.”

Albert Einstein 1879-1955; German-born American theoretical physicist

• “If ethics are poor at the top, that behavior is copied down through the organization.”

Robert Noyce, inventor of the silicon chip

• “Earnings can be pliable as putty when a charlatan heads the company reporting them.”

Warren Buffett 1930-, American Investment Entrepreneur

About Springfield

• 3rd largest city in Missouri.

• Metro Area Population 250,000

• Missouri State University plus 3 private colleges

– estimated temporary student population 30,000

• 2 Regional Medical Centers

• Light Manufacturing - 2 industrial parks

• Regional Retail and Financial Services.

About City Utilities Financial Data

(Amounts in $ Millions as of 9-30-04)

Total Assets $ 915

Net Capital Assets $ 702

Operating Revenue $ 288

Net Operating Income $ 8.7

Annual Payroll $ 61

About City Utilities Statistical Data

(as of 9-30-04)

Annual Electric Sales = 3.6 billion kWh

Generating and Purchased Power Capacity 987,300 kW

97,000 Electric Customers (86,000 Residential)

79,000 Gas Customers (71,000 Residential)

75,000 Water Customers (68,000 Residential)

CU also operates public transportation and telecommunications

1,033 Employees

About City Utilities Board of Public Utilities

• City Council appoints 11-member board, staggered 3-year terms.

• Board members and immediate families must be independent of City and CU. Cannot serve more than 2 consecutive terms, Cannot be hired by CU for 1 year after term ends.

• (Section 301-3 Independence)

• Board elects 4 officers - one-year term– Chair, Vice-Chair,Secretary and Assistant Secretary.

• CU General Manager (CEO) reports to the Board

• Executive Committee reports to General Manager– CFO, COO, Chief Internal Auditor, General Counsel, Associate General

Managers (4)

About City UtilitiesFinance Area Structure

Chief Financial Officer (1)Directors (2)

Administrators (2) Support Staff (3) Treasury Operations (1) Forecasting (3)

Business Unit Reporting (5) Risk Management and Security (5)

Financial Reporting (8) Financial Technology (2)Disbursements - AP and Payroll (12)

Finance Total (43)

Finance does not include IT - 55 employees

Internal Controls DocumentationSarbanes-Oxley requires annual management assessment of internal controls. Auditors for SEC filer attest to and report on management’s assessment.

– (Section 404 Management Assessment of Internal Controls)

CU Logic:• Audit programs encompass Sarbanes-Oxley. • Auditors must review management assessment of internal controls.• Auditors won’t have two sets of audit programs. (SEC and non-SEC)• How justify to auditors (ongoing) why Internal Controls are not important enough for

CU management to document and periodically review. Generally recommended approach:• Document detailed work instructions (desk procedures)• Write accounting procedures (the 5 Ws)• Write accounting policy (15 - 20 words) • Document internal controls (narrative text and flow charts).

Sarbanes-Oxley at CU The Big Audit Adjustment of 2002

• Calculation of liability for unpaid Sick and Vacation Leave understated by $2.2 million ($14.9 recorded liability should have been $17.1)

– Error was discovered by auditor’s entry level staff during final days of audit field work in mid-November

– Called back and re-issued all 9-02 financial statements– Ledgers reopened to record audit adjustment– Auditor reported finding to Audit Committee and

Board of Public Utilities (televised meeting)

The Big Audit Adjustment of 2002 Post-Trauma Analysis Team Findings

• The same basic, year-end manual format used since 1972 to calculate the balance of S&V.

• 27 sequential, manual calculations were required.

• The preparer calculated the individual items correctly, but excluded one from the calculated worksheet total.

• The reviewer did not verify calculations or re-foot the totals.

• The preparer had performed the calculations and prepared the year-end adjustment for 17 consecutive fiscal years.

The Big Audit Adjustment of 2002 Post-Trauma Analysis Team Findings

• On the surface, changes in policy during the year for accruing upper layer sick pay, and retirements of highly compensated employees, appeared to support the decrease in liability. Analytic review approach failed.

• Other “sexier” high-profile issues were in process at year-end, including a software upgrade project. Preparer and reviewer of entry were performing in dual-roles.

• Other than notes and tick-mark explanations on the worksheet, no written procedures existed for the analysis and entry.

Quality Assurance Review of 2003

• In January 2003, CU General Manager called for a Quality Assurance Review to be completed by September 30, 2003.

• CFO established a Quality Assurance Review Committee (QARC)– Corporate Reporting Administrator (facilitator),

Comptroller, Director of Disbursements, Director of Financial Reporting and Administrator - Financial Reporting.

– Priority over everything for entire finance staff.– Committee to meet at least bi-weekly until project

completed.

Quality Assurance Review of 2003

Initial QARC Planning Phase: (March 6-18, 2003)• Established 22-week project work plan

– 112 standard journal entries procedures to document and review – Organized work plan by functional area.– Initial target completion date 9-1-03

• Adopted a new “Journal Entry Standards” document – addressed referencing techniques, preparer and reviewer responsibilities,

supporting documentation requirements, order of assembly and archiving.– 90 minute training session for all finance staff.

• After one month, expanded scope of project to include procedures for general ledger reconciliations and PeopleSoft allocations (Revised target date 9-30-03)

Quality Assurance Review of 2003

April - September QARC met every two weeks:• Tuesday: Committee only - review draft of procedures.• Friday: committee met with functional area to review proposed

changes

Written bi-weekly project status reports to CFO and GM.

All changes completed and implemented for October 2003 ledger. (start of fiscal year)

Final written report delivered to General Manager December 4, 2003.

Accounting Policies Project - 2004• During the QARC project of 2003, the need for a centralized

Accounting Policy Manual (APM) was identified.

• Assigned Corporate Reporting Administrator as facilitator, as follow-up project for QARC. To be completed by September 2004.

• Finance work-groups are responsible for documenting APM for their own area.

• Standardized Accounting Policy Template established.

• APM set up on shared drive.• (enables word search)

Accounting Policies Project - 2004• To facilitate long-term maintenance of the manual, the structure

uses generic functions instead of current work-group names. – (e.g. section titles are “Accounts Payable, Accounts

Receivable-Customers, instead of “Business Unit Reporting, Financial Reporting, Forecasting and Risk Management”)

• Starting point for APM was the summary of significant accounting policies in the audited financial statements.

• 61 accounting policies documented as of 9-04. Two added so far in fiscal 2005.

• First round of annual staff review and updates - Summer 2005

Internal Controls Documentation - 2004-5• Internal Control Charts were developed concurrently with Accounting Policy Manual.

Started with written process narrative (from external auditor)

• The first objective of documenting internal controls was to help identify additional accounting policies to document.

• Became a means of identifying and analyzing effectiveness of internal controls. • (Sarbanes Oxley Section 404 Management Assessment of Internal Controls)

Guidelines for CU Internal Control documentation:• Use Excel flow-chart functionality.• One excel workbook file = complete process, “cradle to grave”• Individual worksheet tabs = one function. Use connectors to link tabs. No more than two

pages when printed.• Design flow charts to print on a standard letter size page, in large enough font to be read

with the naked eye.

Where to Start?Recommended work approach (order of preparation):• Document detailed work instructions (desk procedures) CU -2003• Write accounting procedures (address the 5 Ws) 1 to 2 pages CU-2004• Write accounting policy (15 - 20 words) CU-2004• Document internal controls (text and flow charts). CU-2004-5A good starting point: Read Sarbanes-Oxley Act of 2002 (Almost a soap opera plot)

Comments: • Don’t confuse accounting procedures with accounting policy. If your policy is more

than 15-20 words, it’s probably documenting procedures instead of policy.• After doing the first two steps, you should be able to write the accounting policy in

15 minutes or less.• Flow charts are quick work when the work procedures have been documented and

reviewed.• Plan for frequent reviews (CU reviews annually)

– (Section 404 Management Assessment of Internal Controls)

Questions

Sarbanes-Oxley and Audit Committee Charter

Mindy Willis

Orlando Utilities Commission, FL

Quotes on Ethics

• “Virtue has never been as respectable as money.”

Mark Twain Author, Humorist

• “We have, in fact, two kinds of morality side by side: one which we preach but do not practice, and another which we practice but seldom preach.”

Bertrand Russell 1872-1970, British philosopher and mathematician  

About OUC

• Municipality providing electric, water & chilled water services

• Service territory include both the City of Orlando and the City of St. Cloud

• Service area population exceeds 400,000

About OUC’s Financial Data

(Amounts in $ Millions as of 9-30-04)

Total Assets $ 2,500

Net Capital Assets $ 725

Operating Revenue $ 673

Income before contributions $ 53

Annual Payroll $ 57

About OUC’s Statistical Data

(as of 9-30-04)

Annual Electric Sales = 8.5 billion kWh

Generating and Purchased Power Capacity 2,000 kW

194,000 Electric Customers (139,000 Residential)

138,000 Water Customers (100,000 Residential)

OUC also operates chilled water facilities

1,073 Employees

About OUC’s Governing Board – The Commission

• OUC’s governing board consists of 5 members, including the Mayor of the City of Orlando

• Members serve without compensation and with the exception of the Mayor may serve no more than 2 full consecutive four-year terms

• OUC’s General Manager (GM/CEO) reports to the Board

• Executive staff reports to General Manager– Seven Vice Presidents including CFO and General Counsel

and Director of Internal Audit

OUC’s Audit Committee

• Established to assist the Commission fulfilling its oversight responsibilities by reviewing financial information, systems of internal controls and the audit process.

• Responsible to provide an open avenue of communication between Management, Internal Audit and the external auditors.

• Consists of at least two Commissioners with one being appointed Chairperson, the GM, CFO and General Counsel.

Sarbanes-Oxley & the Audit Committee

• This new regulation, although not applicable to governmental entities, was beginning to raise some questions.

Audit Committee Responsibilities

• Internal Control and Risk assessment including:– Evaluate effectiveness of OUC’s process of for

assessing risk and steps taken to monitor and control these risks.

– Review of significant findings and recommendations of external and internal auditors including Management’s responses.

Audit Committee Responsibilities (cont’d)

• Review of Internal Audit including:– Confirm and assure independence and

adequacy of resources.– Appointment and replacement of Director of

Internal Audit.– Review of annual plan as well as findings and

difficulties encountered in the course of internal audits.

Audit Committee Responsibilities (cont’d)

• Compliance with Laws, Regulations and Code of Conduct including:

– Gaining reasonable assurance of compliance with laws and regulations as well as conflicts of interest and fraud..

– Ensure coordination with Internal Audit for the proper handling of complaints to deter fraud, illegal activities and ethic conflicts.

• Financial Reporting including:

– Review of annual audit reports

– Review of OUC’s quarterly financial performance

Audit Committee Responsibilities (cont’d)

• External Auditor including:

– Appointment and compensation for external auditors

– Review and approval of the discharge of auditors

– Review of scope and approach of external audit

– Approval of all non-audit services

– Review and approval of the hiring of former external auditors for senior-level positions

Note: Audit partner rotation is required at 5-year intervals

Wrap-up Summary

• The adoption of a more stringent internal control environment has begun for many of us and has included:– Re-examining our ethics policies– Formalizing our internal control structures

including documenting control policies and operational procedures

– Educating our governing boards including clearing defining their roles and responsibilities

Questions