Sarbanes Oxley Ebook

P a g e | 1

_________________________________________________ Sarbanes Oxley Compliance Professionals Association (SOXCPA)

www.sarbanes-oxley-association.com

P a g e | 2



Contents 1. Dodd Frank Act and Whistleblower Protection: Sarbanes Oxley on Steroids - Page 5 2. Dodd Frank Act, Section 922: Whistleblower Protection - Page 8 3. The 12 most important definitions in the Sarbanes Oxley Act - 3 4. Dodd Frank Act, SEC. 989G: Exemption for Non accelerated filers - Page 27 5. Internal Controls, the Sarbanes Oxley Act and the Dodd Frank Act - Page 28 6. Study and Recommendations on Section 404(b) of the Sarbanes - Oxley Act of 2002 For Issuers With Public Float Between $75 and $250 Million - Page 33 7. A very interesting letter - Page 54 8. Auditing Standards Related to the Auditor's Assessment of, and Response to, Risk (AS No. 8 through 15) - Page 57 9. Oversight of the U.S. Securities and Exchange Commission: Evaluating Present Reforms and Future Challenges by Chairman Mary L. Schapiro - Page 59 10. The PCAOB passes the Adequacy Assessment of the European Union - Page 69 11. Public Company Accounting Oversight Board (PCAOB) Interesting parts from the Strategic Plan (2009 - 2013) - Page 71 12. Sarbanes Oxley jobs and careers in 2011 - Page 98 13. What is "internal control over financial reporting"? - Page 102

P a g e | 3



14. What is "Off-Balance Sheet Arrangement"? – Page 105 15. PCAOB Enters into Cooperative Agreement with United Kingdom Audit Regulator - Page 110 16. Congressional Oversight Panel, Examining the Consequences of Mortgage Irregularities for Financial Stability and Foreclosure Mitigation, and the PCAOB Staff Audit Practice Alert NO. 7 - Page 112 17. PCAOB staff audit practice Alert No 7 - Page 118 18. PCAOB Issues Concept Release on Auditor's Reporting Model - Page 128 19. SEC Proposes Rules Requiring Listing Standards for Compensation Committees and Compensation Consultant - Page 130 20. The Statement on Standards for Attestation Engagements (SSAE) No. 16 - Page 135 21. PCAOB Issues Concept Release on Auditor Independence and Audit Firm Rotation - Page 143 22. Joint Press Release - U. S. Securities and Exchange Commission, China Securities Regulatory Commission, Chinese Ministry of Finance - Page 145 23. Updated Information on PCAOB International Inspections - Page 148 24. Opening Remarks, Daniel L. Goelzer, Board Member PCAOB Roundtable , Sept. 15, 2011, Washington, DC - Page 156 25. The Auditor's Reporting Model, James R. Doty, Chairman PCAOB Roundtable, Sept. 15, 2011 - Washington, DC - Page 158

P a g e | 4



26. Case Study: UBS - Page 160 27. COSO Internal Control - Integrated Framework Update Project Frequently Asked Questions (September 2011) - Page 169 28. The role of the Board of Directors in Enron’s Collapse - Page 173 29. PCAOB Enters Into Cooperative Agreement with Dubai - Page 201 30. U.S. Securities and Exchange Commission, Annual Report on the Dodd Frank Whistleblower Program, Fiscal Year 2011 - Page 203 31. Whistleblower Incentive Awards Made During Fiscal Year 2011 - Page 212 32. The 1st Circuit ruled that employees of private contractors working for public companies are not entitled to whistleblower

protections under the Sarbanes-Oxley Act - Page 227 33. Public Company Accounting Oversight Board, Reflections on the State of the Audit Profession, Jay D. Hanson - Page 233 34. Remarks (at the Practicing Law Institute’s SEC Speaks) by Chairman Mary L. Schapiro, U.S. Securities and Exchange Commission, Washington D.C., Feb. 24, 2012 - Page 244 35. Unreasonably Feeble” Opening Statement of Commissioner Scott D. O’Malia Regarding Open Meeting on One Final Rule and One Proposed Rule February 23, 2012 - Page 262

P a g e | 5



The Sarbanes Oxley Act after the enactment of the Dodd Frank Act Dodd Frank Act and Whistleblower Protection: Sarbanes Oxley on Steroids. For months we read in blogs and some newspapers that the Sarbanes Oxley Act is dead, or that it is not important any more, as there are other laws and regulations that matter. Well, they are dead wrong. The Sarbanes Oxley Act has become much more important. It is a fact. The two most important reasons for that are: 1. The new US financial regulatory reform, the Dodd Frank Act, amends some sections of the Sarbanes Oxley Act. SOX is part of the new regulatory reform. They did not delete the SOX provisions, they have made them more strict and clever. For example, whistleblowers now have a monetary incentive to report matters to the SEC (they may be entitled to as much as 10 percent to 30 percent of the monetary sanctions imposed). Management should clearly explain to all employees the importance of prompt reporting of violations. Public companies should do much more for complaints submitted to audit committees or employee hotlines to address areas of potential concern. The Dodd-Frank Act also provides an employee with remedies against the employer that has violated the whistleblower provisions of the Dodd-Frank Act.

P a g e | 6



These remedies include reinstatement with the same seniority status that the individual would have had, two times the amount of back pay otherwise owed to the individual, with interest, and even compensation for litigation costs, expert witness fees, and reasonable attorneys’ fees. Does it look like the end of Sarbanes Oxley? No, it is Sarbanes Oxley on steroids. According to the Dodd Frank Act, no employer may discharge, demote, suspend, threaten, harass, directly or indirectly, or in any other manner discriminate against, a whistleblower in the terms and conditions of employment because of any lawful act done by the whistleblower: - In providing information to the SEC in accordance with the provisions of the Dodd-Frank Act; - In initiating, testifying in, or assisting in any investigation or judicial or administrative action of the Commission based upon or related to such information; or - In making disclosures that are required or protected under the Sarbanes-Oxley Act, the Securities Exchange Act and any other law, rule, or regulation subject to the jurisdiction of the SEC. 2. The US Supreme Court denied putting the Public Company Accounting Oversight Board (PCAOB) out of business, and now the PCAOB, with its role clear and well understood, has decided to announce new and stricter risk assessment standards. Sarbanes Oxley becomes more strict and mature. The PCAOB imposes more sanctions on accounting firms and managers that don’t adequately supervise their staff. The suite of risk assessment standards, Auditing Standards No. 8 through No. 15, sets forth requirements that enhance the effectiveness of

P a g e | 7



the auditor's assessment of, and response to, the risks of material misstatement in the financial statements. The risk assessment standards address audit procedures performed throughout the audit, from the initial planning stages through the evaluation of the audit results. "These new standards are a significant step in promoting sophisticated risk assessment in audits and minimizing the risk that the auditor will fail to detect material misstatements," said PCAOB Acting Chairman Daniel L. Goelzer. "Identifying risks, and properly planning and performing the audit to address those risks, is essential to promoting investor confidence in audited financial statements."

P a g e | 8



Dodd Frank Act, Section 922: Whistleblower Protection (a) IN GENERAL.—The Securities Exchange Act of 1934 (15 U.S.C. 78a et seq.) is amended by inserting after section 21E the following: ‘‘SEC. 21F. SECURITIES WHISTLEBLOWER INCENTIVES AND PROTECTION. ‘‘(a) DEFINITIONS.—In this section the following definitions shall apply: ‘‘(1) COVERED JUDICIAL OR ADMINISTRATIVE ACTION.—The term ‘covered judicial or administrative action’ means any judicial or administrative action brought by the Commission under the securities laws that results in monetary sanctions exceeding $1,000,000. ‘‘(2) FUND.—The term ‘Fund’ means the Securities and Exchange Commission Investor Protection Fund. ‘‘(3) ORIGINAL INFORMATION.—The term ‘original information’ means information that— ‘‘(A) is derived from the independent knowledge or analysis of a whistleblower; ‘‘(B) is not known to the Commission from any other source, unless the whistleblower is the original source of the information; and ‘‘(C) is not exclusively derived from an allegation made in a judicial or administrative hearing, in a governmental report, hearing, audit, or investigation, or from the news media, unless the whistleblower is a source of the information. ‘‘(4) MONETARY SANCTIONS.—The term ‘monetary sanctions’, when used with respect to any judicial or administrative action, means—

P a g e | 9



‘‘(A) any monies, including penalties, disgorgement, and interest, ordered to be paid; and ‘‘(B) any monies deposited into a disgorgement fund or other fund pursuant to section 308(b) of the Sarbanes- Oxley Act of 2002 (15 U.S.C. 7246(b)), as a result of such action or any settlement of such action. ‘‘(5) RELATED ACTION.—The term ‘related action’, when used with respect to any judicial or administrative action brought by the Commission under the securities laws, means any judicial or administrative action brought by an entity described in subclauses (I) through (IV) of subsection (h)(2)(D)(i) that is based upon the original information provided by a whistleblower pursuant to subsection (a) that led to the successful enforcement of the Commission action. ‘‘(6) WHISTLEBLOWER.—The term ‘whistleblower’ means any individual who provides, or 2 or more individuals acting jointly who provide, information relating to a violation of the securities laws to the Commission, in a manner established, by rule or regulation, by the Commission. ‘‘(b) AWARDS.— ‘‘(1) IN GENERAL.—In any covered judicial or administrative action, or related action, the Commission, under regulations prescribed by the Commission and subject to subsection (c), shall pay an award or awards to 1 or more whistleblowers who voluntarily provided original information to the Commission that led to the successful enforcement of the covered judicial or administrative action, or related action, in an aggregate amount equal to— ‘‘(A) not less than 10 percent, in total, of what has been collected of the monetary sanctions imposed in the action or related actions; and ‘‘(B) not more than 30 percent, in total, of what has been collected of the monetary sanctions imposed in the action or related actions.

P a g e | 10



‘‘(2) PAYMENT OF AWARDS.—Any amount paid under paragraph (1) shall be paid from the Fund. ‘‘(c) DETERMINATION OF AMOUNT OF AWARD; DENIAL OF AWARD.— ‘‘(1) DETERMINATION OF AMOUNT OF AWARD.— ‘‘(A) DISCRETION.—The determination of the amount of an award made under subsection (b) shall be in the discretion of the Commission. ‘‘(B) CRITERIA.—In determining the amount of an award made under subsection (b), the Commission—‘‘(i) shall take into consideration— ‘‘(I) the significance of the information provided by the whistleblower to the success of the covered judicial or administrative action; ‘‘(II) the degree of assistance provided by the whistleblower and any legal representative of the whistleblower in a covered judicial or administrative action; ‘‘(III) the programmatic interest of the Commission in deterring violations of the securities laws by making awards to whistleblowers who provide information that lead to the successful enforcement of such laws; and ‘‘(IV) such additional relevant factors as the Commission may establish by rule or regulation; and ‘‘(ii) shall not take into consideration the balance of the Fund. ‘‘(2) DENIAL OF AWARD.—No award under subsection (b) shall be made— ‘‘(A) to any whistleblower who is, or was at the time the whistleblower acquired the original information submitted to the Commission, a member, officer, or employee of—

P a g e | 11



‘‘(i) an appropriate regulatory agency; ‘‘(ii) the Department of Justice; ‘‘(iii) a self-regulatory organization; ‘‘(iv) the Public Company Accounting Oversight Board; or ‘‘(v) a law enforcement organization; ‘‘(B) to any whistleblower who is convicted of a criminal violation related to the judicial or administrative action for which the whistleblower otherwise could receive an award under this section; ‘‘(C) to any whistleblower who gains the information through the performance of an audit of financial statements required under the securities laws and for whom such submission would be contrary to the requirements of section 10A of the Securities Exchange Act of 1934 (15 U.S.C. 78j–1); or ‘‘(D) to any whistleblower who fails to submit information to the Commission in such form as the Commission may, by rule, require. ‘‘(d) REPRESENTATION.— ‘‘(1) PERMITTED REPRESENTATION.—Any whistleblower who makes a claim for an award under subsection (b) may be represented by counsel. ‘‘(2) REQUIRED REPRESENTATION.— ‘‘(A) IN GENERAL.—Any whistleblower who anonymously makes a claim for an award under subsection (b) shall be represented by counsel if the whistleblower anonymously submits the information upon which the claim is based.

P a g e | 12



‘‘(B) DISCLOSURE OF IDENTITY.—Prior to the payment of an award, a whistleblower shall disclose the identity of the whistleblower and provide such other information as the Commission may require, directly or through counsel for the whistleblower. ‘‘(e) NO CONTRACT NECESSARY.—No contract with the Commission is necessary for any whistleblower to receive an award under subsection (b), unless otherwise required by the Commission by rule or regulation. ‘‘(f) APPEALS.—Any determination made under this section, including whether, to whom, or in what amount to make awards, shall be in the discretion of the Commission. Any such determination, except the determination of the amount of an award if the award was made in accordance with subsection (b), may be appealed to the appropriate court of appeals of the United States not more than 30 days after the determination is issued by the Commission. The court shall review the determination made by the Commission in accordance with section 706 of title 5, United States Code. ‘‘(g) INVESTOR PROTECTION FUND.— ‘‘(1) FUND ESTABLISHED.—There is established in the Treasury of the United States a fund to be known as the ‘Securities and Exchange Commission Investor Protection Fund’. ‘‘(2) USE OF FUND.—The Fund shall be available to the Commission, without further appropriation or fiscal year limitation, for— ‘‘(A) paying awards to whistleblowers as provided in subsection (b); and ‘‘(B) funding the activities of the Inspector General of the Commission under section 4(i). ‘‘(3) DEPOSITS AND CREDITS.—

P a g e | 13



‘‘(A) IN GENERAL.—There shall be deposited into or credited to the Fund an amount equal to— ‘‘(i) any monetary sanction collected by the Commission in any judicial or administrative action brought by the Commission under the securities laws that is not added to a disgorgement fund or other fund under section 308 of the Sarbanes-Oxley Act of 2002 (15 U.S.C. 7246) or otherwise distributed to victims of a violation of the securities laws, or the rules and regulations thereunder, underlying such action, unless the balance of the Fund at the time the monetary sanction is collected exceeds $300,000,000; ‘‘(ii) any monetary sanction added to a disgorgement fund or other fund under section 308 of the Sarbanes-Oxley Act of 2002 (15 U.S.C. 7246) that is not distributed to the victims for whom the Fund was established, unless the balance of the disgorgement fund at the time the determination is made not to distribute the monetary sanction to such victims exceeds $200,000,000; and ‘‘(iii) all income from investments made under paragraph (4). ‘‘(B) ADDITIONAL AMOUNTS.—If the amounts deposited into or credited to the Fund under subparagraph (A) are not sufficient to satisfy an award made under subsection (b), there shall be deposited into or credited to the Fund an amount equal to the unsatisfied portion of the award from any monetary sanction collected by the Commission in the covered judicial or administrative action on which the award is based. ‘‘(4) INVESTMENTS.— ‘‘(A) AMOUNTS IN FUND MAY BE INVESTED.—The Commission may request the Secretary of the Treasury to invest the portion of the Fund that is not, in the discretion of the Commission, required to meet the current needs of the Fund. ‘‘(B) ELIGIBLE INVESTMENTS.—Investments shall be made by the Secretary of the Treasury in obligations of the United States or

P a g e | 14



obligations that are guaranteed as to principal and interest by the United States, with maturities suitable to the needs of the Fund as determined by the Commission on the record. ‘‘(C) INTEREST AND PROCEEDS CREDITED.—The interest on, and the proceeds from the sale or redemption of, any obligations held in the Fund shall be credited to the Fund. ‘‘(5) REPORTS TO CONGRESS.—Not later than October 30 of each fiscal year beginning after the date of enactment of this subsection, the Commission shall submit to the Committee on Banking, Housing, and Urban Affairs of the Senate, and the Committee on Financial Services of the House of Representatives a report on— ‘‘(A) the whistleblower award program, established under this section, including— ‘‘(i) a description of the number of awards granted; and ‘‘(ii) the types of cases in which awards were granted during the preceding fiscal year; ‘‘(B) the balance of the Fund at the beginning of the preceding fiscal year; ‘‘(C) the amounts deposited into or credited to the Fund during the preceding fiscal year; ‘‘(D) the amount of earnings on investments made under paragraph (4) during the preceding fiscal year; ‘‘(E) the amount paid from the Fund during the preceding fiscal year to whistleblowers pursuant to subsection (b); ‘‘(F) the balance of the Fund at the end of the preceding fiscal year; and ‘‘(G) a complete set of audited financial statements, including—

P a g e | 15



‘‘(i) a balance sheet; ‘‘(ii) income statement; and ‘‘(iii) cash flow analysis. ‘‘(h) PROTECTION OF WHISTLEBLOWERS.— ‘‘(1) PROHIBITION AGAINST RETALIATION.— ‘‘(A) IN GENERAL.—No employer may discharge, demote, suspend, threaten, harass, directly or indirectly, or in any other manner discriminate against, a whistleblower in the terms and conditions of employment because of any lawful act done by the whistleblower— ‘‘(i) in providing information to the Commission in accordance with this section; ‘‘(ii) in initiating, testifying in, or assisting in any investigation or judicial or administrative action of the Commission based upon or related to such information; or ‘‘(iii) in making disclosures that are required or protected under the Sarbanes-Oxley Act of 2002 (15 U.S.C. 7201 et seq.), the Securities Exchange Act of 1934 (15 U.S.C. 78a et seq.), including section 10A(m) of such Act (15 U.S.C. 78f(m)), section 1513(e) of title 18, United States Code, and any other law, rule, or regulation subject to the jurisdiction of the Commission. ‘‘(B) ENFORCEMENT.— ‘‘(i) CAUSE OF ACTION.—An individual who alleges discharge or other discrimination in violation of subparagraph (A) may bring an action under this subsection in the appropriate district court of the United States for the relief provided in subparagraph (C).

P a g e | 16



‘‘(ii) SUBPOENAS.—A subpoena requiring the attendance of a witness at a trial or hearing conducted under this section may be served at any place in the United States. ‘‘(iii) STATUTE OF LIMITATIONS.— ‘‘(I) IN GENERAL.—An action under this subsection may not be brought— ‘‘(aa) more than 6 years after the date on which the violation of subparagraph (A) occurred; or ‘‘(bb) more than 3 years after the date when facts material to the right of action are known or reasonably should have been known by the employee alleging a violation of subparagraph (A). ‘‘(II) REQUIRED ACTION WITHIN 10 YEARS.—Notwithstanding subclause (I), an action under this subsection may not in any circumstance be brought more than 10 years after the date on which the violation occurs. ‘‘(C) RELIEF.—Relief for an individual prevailing in an action brought under subparagraph (B) shall include— ‘‘(i) reinstatement with the same seniority status that the individual would have had, but for the discrimination; ‘‘(ii) 2 times the amount of back pay otherwise owed to the individual, with interest; and ‘‘(iii) compensation for litigation costs, expert witness fees, and reasonable attorneys’ fees. ‘‘(2) CONFIDENTIALITY.— ‘‘(A) IN GENERAL.—Except as provided in subparagraphs (B) and (C), the Commission and any officer or employee of the Commission

P a g e | 17



shall not disclose any information, including information provided by a whistleblower to the Commission, which could reasonably be expected to reveal the identity of a whistleblower, except in accordance with the provisions of section 552a of title 5, United States Code, unless and until required to be disclosed to a defendant or respondent in connection with a public proceeding instituted by the Commission or any entity described in subparagraph (C). For purposes of section 552 of title 5, United States Code, this paragraph shall be considered a statute described in subsection (b)(3)(B) of such section. ‘‘(B) EXEMPTED STATUTE.—For purposes of section 552 of title 5, United States Code, this paragraph shall be considered a statute described in subsection (b)(3)(B) of such section 552. ‘‘(C) RULE OF CONSTRUCTION.—Nothing in this section is intended to limit, or shall be construed to limit, the ability of the Attorney General to present such evidence to a grand jury or to share such evidence with potential witnesses or defendants in the course of an ongoing criminal investigation. ‘‘(D) AVAILABILITY TO GOVERNMENT AGENCIES.— ‘‘(i) IN GENERAL.—Without the loss of its status as confidential in the hands of the Commission, all information referred to in subparagraph (A) may, in the discretion of the Commission, when determined by the Commission to be necessary to accomplish the purposes of this Act and to protect investors, be made available to— ‘‘(I) the Attorney General of the United States; ‘‘(II) an appropriate regulatory authority; ‘‘(III) a self-regulatory organization;

P a g e | 18



‘‘(IV) a State attorney general in connection with any criminal investigation; ‘‘(V) any appropriate State regulatory authority; ‘‘(VI) the Public Company Accounting Oversight Board; ‘‘(VII) a foreign securities authority; and ‘‘(VIII) a foreign law enforcement authority. ‘‘(ii) CONFIDENTIALITY.— ‘‘(I) IN GENERAL.—Each of the entities described in subclauses (I) through (VI) of clause (i) shall maintain such information as confidential in accordance with the requirements established under subparagraph (A). ‘‘(II) FOREIGN AUTHORITIES.—Each of the entities described in subclauses (VII) and (VIII) of clause (i) shall maintain such information in accordance with such assurances of confidentiality as the Commission determines appropriate. ‘‘(3) RIGHTS RETAINED.—Nothing in this section shall be deemed to diminish the rights, privileges, or remedies of any whistleblower under any Federal or State law, or under any collective bargaining agreement. ‘‘(i) PROVISION OF FALSE INFORMATION.—A whistleblower shall not be entitled to an award under this section if the whistleblower— ‘‘(1) knowingly and willfully makes any false, fictitious, or fraudulent statement or representation; or ‘‘(2) uses any false writing or document knowing the writing or document contains any false, fictitious, or fraudulent statement or entry.

P a g e | 19



‘‘(j) RULEMAKING AUTHORITY.—The Commission shall have the authority to issue such rules and regulations as may be necessary or appropriate to implement the provisions of this section consistent with the purposes of this section.’’. (b) PROTECTION FOR EMPLOYEES OF NATIONALLY RECOGNIZED STATISTICAL RATING ORGANIZATIONS.—Section 1514A(a) of title 18, United States Code, is amended— (1) by inserting ‘‘or nationally recognized statistical rating organization (as defined in section 3(a) of the Securities Exchange Act of 1934 (15 U.S.C. 78c),’’ after ‘‘78o(d)),’’; and (2) by inserting ‘‘or nationally recognized statistical rating organization’’ after ‘‘such company’’. (c) SECTION 1514A OF TITLE 18, UNITED STATES CODE.— (1) STATUTE OF LIMITATIONS; JURY TRIAL.—Section 1514A(b)(2) of title 18, United States Code, is amended— (A) in subparagraph (D)— (i) by striking ‘‘90’’ and inserting ‘‘180’’; and (ii) by striking the period at the end and inserting ‘‘, or after the date on which the employee became aware of the violation.’’; and (B) by adding at the end the following: ‘‘(E) JURY TRIAL.—A party to an action brought under paragraph (1)(B) shall be entitled to trial by jury.’’. (2) PRIVATE SECURITIES LITIGATION WITNESSES; NONENFORCEABILITY; INFORMATION.—Section 1514A of title 18, United States Code, is amended by adding at the end the following:

P a g e | 20



‘‘(e) NONENFORCEABILITY OF CERTAIN PROVISIONS WAIVING RIGHTS AND REMEDIES OR REQUIRING ARBITRATION OF DISPUTES.— ‘‘(1) WAIVER OF RIGHTS AND REMEDIES.—The rights and remedies provided for in this section may not be waived by any agreement, policy form, or condition of employment, including by a predispute arbitration agreement. ‘‘(2) PREDISPUTE ARBITRATION AGREEMENTS.—No predispute arbitration agreement shall be valid or enforceable, if the agreement requires arbitration of a dispute arising under this section.’’. (d) STUDY OF WHISTLEBLOWER PROTECTION PROGRAM.— (1) STUDY.—The Inspector General of the Commission shall conduct a study of the whistleblower protections established under the amendments made by this section, including— (A) whether the final rules and regulation issued under the amendments made by this section have made the whistleblower protection program (referred to in this subsection as the ‘‘program’’) clearly defined and user-friendly; (B) whether the program is promoted on the website of the Commission and has been widely publicized; (C) whether the Commission is prompt in— (i) responding to— (I) information provided by whistleblowers; and (II) applications for awards filed by whistleblowers; (ii) updating whistleblowers about the status of their applications; and

P a g e | 21



(iii) otherwise communicating with the interested parties; (D) whether the minimum and maximum reward levels are adequate to entice whistleblowers to come forward with information and whether the reward levels are so high as to encourage illegitimate whistleblower claims; (E) whether the appeals process has been unduly burdensome for the Commission; (F) whether the funding mechanism for the Investor Protection Fund is adequate; (G) whether, in the interest of protecting investors and identifying and preventing fraud, it would be useful for Congress to consider empowering whistleblowers or other individuals, who have already attempted to pursue the case through the Commission, to have a private right of action to bring suit based on the facts of the same case, on behalf of the Government and themselves, against persons who have committee securities fraud; (H)(i) whether the exemption under section 552(b)(3) of title 5 (known as the Freedom of Information Act) established in section 21F(h)(2)(A) of the Securities Exchange Act of 1934, as added by this Act, aids whistleblowers in disclosing information to the Commission; (ii) what impact the exemption described in clause (i) has had on the ability of the public to access information about the regulation and enforcement by the Commission of securities; and (iii) any recommendations on whether the exemption described in clause (i) should remain in effect; and (I) such other matters as the Inspector General deems appropriate. (2) REPORT.—Not later than 30 months after the date of enactment of this Act, the Inspector General shall—

P a g e | 22



(A) submit a report on the findings of the study required under paragraph (1) to the Committee on Banking, Housing, and Urban Affairs of the Senate and the Committee on Financial Services of the House; and (B) make the report described in subparagraph (A) available to the public through publication of the report on the website of the Commission.

P a g e | 23



The 12 most important definitions in the Sarbanes Oxley Act 1. Appropriate state regulatory authority It means the State agency or other authority responsible for the licensure or other regulation of the practice of accounting in the State or States having jurisdiction over a registered public accounting firm or associated person thereof, with respect to the matter in question. 2. Audit It is an examination of the financial statements of any issuer by an independent public accounting firm in accordance with the rules of the Board or the Commission for the purpose of expressing an opinion on such statements. 3. Audit committee It is: A. A committee (or equivalent body) established by and amongst the board of directors of an issuer for the purpose of overseeing the accounting and financial reporting processes of the issuer and audits of the financial statements of the issuer; and B. If no such committee exists with respect to an issuer, the entire board of directors of the issuer. 4. Audit report It means a document or other record: A. Prepared following an audit performed for purposes of compliance by an issuer with the requirements of the securities laws; and B. In which a public accounting firm either - - Sets forth the opinion of that firm regarding a financial statement, report, or other document; or - Asserts that no such opinion can be expressed.

P a g e | 24



5. Board It means the Public Company Accounting Oversight Board established under section 101. 6. Commission It means the Securities and Exchange Commission (SEC). 7. Issuer It means an issuer (as defined in section 3 of the Securities Exchange Act of 1934), the securities of which are registered under section 12 of that Act, or that is required to file reports under section 15(d), or that files or has filed a registration statement that has not yet become effective under the Securities Act of 1933, and that it has not withdrawn. 8. Non-audit services It means any professional services provided to an issuer by a registered public accounting firm, other than those provided to an issuer in connection with an audit or a review of the financial statements of an issuer. 9. Person associated with a public accounting firm A. In general. The terms "person associated with a public accounting firm" (or with a "registered public accounting firm") and "associated person of a public accounting firm" (or of a "registered public accounting firm") mean any individual proprietor, partner, shareholder, principal, accountant, or other professional employee of a public accounting firm, or any other independent contractor or entity that, in connection with the preparation or issuance of any audit report-- - Shares in the profits of, or receives compensation in any other form from, that firm; or - Participates as agent or otherwise on behalf of such accounting firm in any activity of that firm. B. Exemption authority. The Board may, by rule, exempt persons

P a g e | 25



engaged only in ministerial tasks from the definition in subparagraph (A), to the extent that the Board determines that any such exemption is consistent with the purposes of this Act, the public interest, or the protection of investors. 10. Professional standards It means— A. Accounting principles that are-- - Established by the standard setting body described in section 19(b) of the Securities Act of 1933, as amended by this Act, or prescribed by the Commission under section 19(a) of that Act or section 13(b) of the Securities Exchange Act of 1934; and - Relevant to audit reports for particular issuers, or dealt with in the quality control system of a particular registered public accounting firm; and B. Auditing standards, standards for attestation engagements, quality control policies and procedures, ethical and competency standards, and independence standards (including rules implementing title II) that the Board or the Commission determines-- - Relate to the preparation or issuance of audit reports for issuers; and - Are established or adopted by the Board under section 103(a), or are promulgated as rules of the Commission. 11. Public accounting firm It means: A. A proprietorship, partnership, incorporated association, corporation, limited liability company, limited liability partnership, or other legal entity that is engaged in the practice of public accounting or preparing

P a g e | 26



or issuing audit reports; and B. To the extent so designated by the rules of the Board, any associated person of any entity described in subparagraph (A). Registered public accounting firm is a public accounting firm registered with the Board in accordance with this Act. 12. Rules of the board It means the bylaws and rules of the Board (as submitted to, and approved, modified, or amended by the Commission, in accordance with section 107), and those stated policies, practices, and interpretations of the Board that the Commission, by rule, may deem to be rules of the Board, as necessary or appropriate in the public interest or for the protection of investors.

P a g e | 27



Dodd Frank Act, SEC. 989G. EXEMPTION FOR NONACCELERATED FILERS. (a) EXEMPTION.—Section 404 of the Sarbanes-Oxley Act of 2002 is amended by adding at the end the following: “(c) EXEMPTION FOR SMALLER ISSUERS.—Subsection (b) shall not apply with respect to any audit report prepared for an issuer that is neither a “large accelerated filer” nor an “accelerated filer” as those terms are defined in Rule 12b–2 of the Commission (17 C.F.R. 240.12b–2).” (b) STUDY.—The Securities and Exchange Commission shall conduct a study to determine how the Commission could reduce the burden of complying with section 404(b) of the Sarbanes-Oxley Act of 2002 for companies whose market capitalization is between $75,000,000 and $250,000,000 for the relevant reporting period while maintaining investor protections for such companies. The study shall also consider whether any such methods of reducing the compliance burden or a complete exemption for such companies from compliance with such section would encourage companies to list on exchanges in the United States in their initial public offerings. Not later than 9 months after the date of the enactment of this subtitle, the Commission shall transmit a report of such study to Congress.

P a g e | 28



Internal Controls, the Sarbanes Oxley Act and the Dodd Frank Act Effective internal control over financial reporting is intended to provide reasonable assurance about the reliability of a company's financial statements and the process of preparation of those statements. Until this summer, all this had to do with Section 404 of the Sarbanes-Oxley Act. After July 2010, we have to speak about "Section 404 of the Sarbanes-Oxley Act, as amended by the Dodd-Frank Act". It requires management of all companies to assess and report on the effectiveness of the company's internal control over its financial reporting. The law also requires that independent auditors for larger companies attest to management's disclosures about the effectiveness of that internal control. Under the amendments to Sarbanes Oxley by the Dodd-Frank Act, certain smaller companies, known as "non-accelerated filers," are exempted from the requirement for an external audit of internal control over financial reporting. However, these smaller companies, which typically have common equity held by non-insiders of less than $75 million, must still provide annually management’s assessment of internal controls. We use the term “non-accelerated filer” to refer to a reporting company that does not meet the definition of either an “accelerated filer” or a “large accelerated filer” under Exchange Act Rule 12b-2. Under Exchange Act Rule 12b-2, an accelerated filer is an issuer that “had an aggregate worldwide market value of the voting and non-voting common equity held by its non-affiliates of $75 million or more, but less than $700 million, as of the last business day of the issuer’s most recently completed second fiscal quarter.

P a g e | 29



A large accelerated filer is an issuer that “had an aggregate worldwide market value of the voting and non-voting common equity held by its non-affiliates of $700 million or more, as of the last business day of the issuer’s most recently completed second fiscal quarter”. In addition, for both definitions, the issuer needs to have been subject to reporting requirements for at least twelve calendar months, have filed at least one annual report, and not be eligible to use the requirements for smaller reporting companies for its annual and quarterly reports.

Securities and Exchange Commission, final rule. The Securities and Exchange Commission (“Commission”) is adopting amendments to its rules and forms to conform them to Section 404(c) of the Sarbanes-Oxley Act of 2002 (the “Sarbanes-Oxley Act”), as added by Section 989G of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the “Dodd-Frank Act”). Section 404(c) provides that Section 404(b) of the Sarbanes-Oxley Act shall not apply with respect to any audit report prepared for an issuer that is neither an accelerated filer nor a large accelerated filer as defined in Rule 12b-2 under the Securities Exchange Act of 1934 (the “Exchange Act”). The Commission is adopting amendments to its rules and forms to conform them to new Section 404(c) of the Sarbanes-Oxley Act, as added by Section 989G of the Dodd-Frank Act. Section 404(c) provides that Section 404(b) of the Sarbanes-Oxley Act shall not apply with respect to any audit report prepared for an issuer that is neither an accelerated filer nor a large accelerated filer as defined in Rule 12b-29 under the Exchange Act. Prior to enactment of the Dodd-Frank Act, a non-accelerated filer would have been required, under existing Commission rules, to include an attestation report of its registered public accounting firm on internal

P a g e | 30



control over financial reporting in the filer’s annual report filed with the Commission for fiscal years ending on or after June 15, 2010. [Consistent with Sections 404(a) and 404(b) of the Sarbanes-Oxley Act, on June 5, 2003, the Commission adopted initial amendments to its rules and forms requiring companies, other than registered investment companies, to include in their annual reports filed with the Commission a report of management and an accompanying auditor’s attestation report on the effectiveness of the company’s internal control over financial reporting. Subsequent to the adoption of those rules, the Commission postponed the Section 404(b) auditor attestation requirement for non-accelerated filers, such that the auditor’s attestation report for these filers would have first been required for annual reports filed with the Commission for fiscal years ending on or after June 15, 2010. The amendments in this Release will not affect the transition rules applicable for non-accelerated filers with fiscal years ending prior to June 15, 2010.] To conform the Commission’s rules to Section 404(c) of the Sarbanes-Oxley Act, these amendments remove the requirement for a non-accelerated filer to include in its annual report an attestation report of the filer’s registered public accounting firm. We are also adopting a conforming change to our rules concerning management’s disclosure in the annual report regarding inclusion of an attestation report to provide that the disclosure only applies if an attestation report is included. Lastly, we are making a conforming change to Rule 2-02(f) of Regulation S-X to clarify that an auditor of a non-accelerated filer need not include in its audit report an assessment of the issuer’s internal control over financial reporting.

P a g e | 31



All issuers, including non-accelerated filers, continue to be subject to the requirements of Section 404(a) of the Sarbanes-Oxley Act. Section 404(a) and its implementing rules require that an issuer’s annual report include a report of management on the issuer’s internal control over financial reporting. PROCEDURAL AND OTHER MATTERS Under the Administrative Procedure Act, a notice of proposed rulemaking is not required when the agency, for good cause, finds that notice and public comment are impracticable, unnecessary, or contrary to the public interest. These amendments merely conform certain rules and forms to a newly enacted statute, Section 404(c) of the Sarbanes-Oxley Act, as amended by the Dodd-Frank Act, so the Commission finds that it is unnecessary to publish notice of these amendments. These amendments revise the Commission’s rules and forms to make them consistent with the internal control reporting requirements for non-accelerated filers in the Sarbanes-Oxley Act, as amended by the Dodd-Frank Act, and should therefore minimize potential confusion of issuers and investors. The Administrative Procedure Act also requires publication of a rule at least 30 days before its effective date unless the agency finds otherwise for good cause. The Commission is taking this action to implement the Dodd-Frank Act. Thus, any costs and benefits to the economy resulting from these amendments are mandated by the Dodd-Frank Act. Section 23(a)(2) of the Exchange Act requires the Commission, in adopting rules under the Exchange Act, to consider the competitive effects of such rules, if any, and to refrain from adopting a rule that would impose a burden on competition not necessary or appropriate in furtherance of the purposes of the Exchange Act.

P a g e | 32



Section 3(f) of the Exchange Act requires the Commission, whenever it engages in rulemaking and must consider or determine if an action is necessary or appropriate in the public interest, to consider if the action will promote efficiency, competition, and capital formation. We do not anticipate any competitive or capital formation effects from these amendments as they merely conform certain rules and forms to new Section 404(c) of the Sarbanes-Oxley Act. We do not anticipate that these conforming amendments will impose any costs, and they may promote efficiency by eliminating potential confusion that may otherwise result from a discrepancy between our rules and the statute.

P a g e | 33



OFFICE OF ECONOMIC ANALYSIS UNITED STATES SECURITIES AND EXCHANGE COMMISSION

Study of the Sarbanes-Oxley Act of 2002 Section 404 Internal Control over Financial Reporting Requirements Executive Summary The Public Company Accounting Reform and Investor Protection Act, otherwise known as the Sarbanes-Oxley Act (the “Act”), was enacted in July 2002 after a series of high-profile corporate scandals involving companies such as Enron and Worldcom. Section 404(a) of the Act requires management to assess and report on the effectiveness of internal control over financial reporting (“ICFR”). Section 404(b) requires that an independent auditor attest to management’s assessment of the effectiveness of those internal controls. Because the cost of complying with the requirements of Section 404 of the Act (“Section 404”) has been generally viewed as being unexpectedly high, efforts to reduce the costs while retaining the effectiveness of compliance resulted in a series of reforms in 2007. This report presents an analysis of data from publicly traded companies collected from an SEC-sponsored Web survey of financial executives of companies with Section 404 experience conducted during December 2008 and January 2009. The analysis of the survey data is designed to inform the Commission and other interested parties as to whether changes occurring since 2007 are having the intended effect of facilitating more cost-effective internal controls evaluations and audits, especially as they may apply to smaller reporting companies. The findings of the analysis relating to efficiency include evidence on the total and component compliance costs, the changes in costs over time,

P a g e | 34



and the factors that help to explain why costs are lower or higher for some companies than for others. These findings include evidence of direct and indirect effects that management ascribes to Section 404 compliance, including evidence on intended benefits. The 2007 reforms that are the focus of this inquiry include the SEC’s June 2007 Management Guidance and its order approving the Public Company Accounting Oversight Board’s (PCAOB) Accounting Standard No. 5 (AS5) (collectively referred to as the “2007 reforms”). We are primarily interested in whether and how companies’ experience with Section 404(b) compliance changed following the reforms, yet this report also presents evidence on the implementation of both Section 404(a) and Section 404(b). This reflects the interrelationship between the two requirements. The survey was open to all reporting companies with relevant experience in complying with Section 404, recognizing that only large accelerated filers and accelerated filers are currently required to comply with both Section 404(a) and Section 404(b) and, thus, have information on the overall cost of compliance with these sections. These experienced filers that responded to the survey tend to have public float in excess of $75 million, which is large compared to that of non-accelerated filers that are not yet required to comply with Section 404(b). The evidence on the experiences of larger companies may be useful in evaluating the extent to which additional improvements to the implementation of Section 404(b) should be undertaken before it becomes applicable to non-accelerated filers. Notwithstanding, it is important to highlight that the analysis in this report is not designed to provide compliance cost estimates for

P a g e | 35



companies that have yet to comply with the relevant requirements of Section 404. The general conclusion from the analysis of survey data is that compliance costs vary with company size (increasing with size), compliance history (decreasing with increased compliance experience), and compliance regime (lower after the 2007 reforms). Larger companies tend to incur higher compliance costs in dollar terms (“absolute cost”), while smaller companies report higher costs as a fraction of asset value (“scaled cost”). The evidence suggests that companies bear some fixed start-up costs of compliance that are not scalable. Some of these costs are recurring fixed costs, while others are one-time start-up costs borne in the first years of compliance that tend to dissipate over time. For companies complying with both parts of Section 404, the cost of complying with Section 404(b) is reportedly similar to the incremental cost of complying with Section 404(a) alone. The resource requirements of Section 404(a) and Section 404(b) compliance are quite different, however. The Section 404(a) cost is borne through increased internal labor and outside vendor expenses, while the Section 404(b) cost is experienced primarily through increased independent-auditor fees, according to the survey evidence. The evidence also indicates that there is an economically and statistically significant reduction in Section 404 compliance costs following the 2007 reforms. This reduction is most pronounced among larger companies. More than half of survey participants (henceforth also referred to as “respondents”) who answered explicit questions about the effects of the

P a g e | 36



2007 reforms report that the reforms led to a decrease in compliance costs, consistent with the objectives of the reform and the reported cost reductions. Nearly all respondents indicated that they relied on the Management Guidance and, of those, a majority found it to be useful. As a result of the Management Guidance, there has been a shift of effort among smaller companies toward evaluating the effectiveness of ICFR and away from the tasks of identifying risks to the company’s financial reporting and identifying controls that address identified risks. These respondents, however, had a less favorable response to a question about the SEC’s responsiveness to concerns about compliance costs. The Web survey also included questions about respondents’ perceptions of other potential effects of Section 404 compliance, including potential beneficial effects. Respondents ascribe some beneficial effects to Section 404 compliance. In particular, respondents were more likely to report direct benefits of compliance with Section 404 rules (i.e., improvements directly related to a company’s financial reporting process, such as the quality of the company’s ICFR), rather than indirect benefits of compliance (i.e., improvements indirectly related to a company’s financial reporting process, such as the company’s ability to raise capital). Respondents from larger companies and Section 404(b) companies tend to regard Section 404 compliance more favorably than those from their counterparts in almost every respect. Before turning to a more detailed outline of findings, it will be useful to provide some background on the size and compliance categories of the companies that are the subject of the study.

P a g e | 37



Throughout the analysis, respondents are partitioned based on the size of their company using the size thresholds that parallel the SEC’s reporting thresholds. Under SEC regulations— typically—non-accelerated filers have public float of less than $75 million; accelerated filers have public float between $75 million and $700 million; and large accelerated filers have public float of $700 million or more. The evidence on the costs and benefits of Section 404(b) compliance is almost entirely from the last two groups, which are termed “large” and “medium/mid-sized” companies in this report, because “small” companies (with public float less than $75 million) were typically not yet required to comply with Section 404(b) at the time of the survey. Following previous research, in some instances, the analysis of smaller companies focuses on those having a public float falling within a band above and below the $75 million threshold that distinguishes non-accelerated from accelerated filers. In addition, to separate the effects of Section 404(a) compliance from those of Section 404(b), when appropriate the analysis partitions companies that were compliant with both Sections 404(a) and 404(b) in the relevant fiscal year (henceforth “Section 404(b) companies”) from those that are compliant with Section 404(a) only (henceforth “Section 404(a)-only companies”). A more detailed presentation of findings as answers to the central questions of the report follows: Q1. How does the cost of complying with Section 404 vary across companies, and what factors influence a company’s compliance cost? The total cost of complying with Section 404 varies across companies depending on (1) The company’s size,

P a g e | 38



(2) Whether the company is complying with Section 404(a) only or also with Section 404(b), (3) The company’s experience in complying with Section 404(b), and (4) Whether compliance occurred before or after the 2007 reforms. Specifically, the absolute compliance cost in dollar terms tends to increase with company size (measured by public float), but the cost scaled by asset value tends to decline as company size increases. As one would expect, total compliance costs are typically larger for companies complying with Section 404(b) in addition to Section 404(a). Longer experience with Section 404(b) compliance, however, is associated with a decrease in the typical reported costs (scaled by company assets). The cost of compliance tends to be lower after the 2007 reforms than before and this decrease is most pronounced among larger companies. Q2. What is the observed trend in Section 404 compliance cost before and after the 2007 reforms? The Web survey collected response data on audit fees, outside vendor fees, non-labor costs, and internal labor hours. These cost components were aggregated using conservative assumptions in order to obtain a dollar estimate of the total cost of compliance. The evidence generally indicates that the typical total compliance costs have decreased from the year prior compared to the one after the 2007 reform and are expected to decrease further in the fiscal year in progress at the time of the survey. Among Section 404(b) companies, the mean total Section 404 compliance cost drops significantly from $2.87 million pre-reform to

P a g e | 39



$2.33 million post-reform, representing a 19 percent decline in the total compliance cost. The compliance cost is expected to be lower still, with a mean cost of $2.03 million, representing a combined decline of 29 percent. When reporting compliance costs by size category, the mean total compliance cost decreases from $769,000 to $690,000 among filers with public float lower than $75 million, but this difference is not statistically significant. The reduction in compliance costs is more pronounced among the medium and large companies that are already required to comply with Section 404(b). The medians reveal similar patterns for the typical company in our sample. The median total Section 404 compliance cost declines significantly from $1.19 million pre-reform to $1.04 million post-reform, a 13 percent decline. The median expected cost for the fiscal year in progress is lower still, at $905,000, a combined decline of 24 percent relative to the pre-reform median cost. For non-accelerated filers, the median total compliance cost decreased from $579,000 to $439,000, but, as with the means, the difference for these companies is not statistically significant. When analyzing first-time compliance costs before and after the 2007 reforms, the results are mixed and the mean decrease in total costs is not statistically significant. In contrast, for companies in their second year of compliance with Section 404(b), both the mean and median compliance costs are significantly lower after the 2007 reforms than before.

P a g e | 40



Meanwhile, among Section 404(a)-only companies, the mean total cost also decreased from $425,000 pre-reform to $336,000 post-reform, but the difference is not statistically significant, and the median cost actually increased from $111,000 to $162,000. Both the mean and the median, however, are expected to decrease for the fiscal year in progress at the time of the survey. Q3. How do the component costs of complying with Section 404 compare, and how have they changed since the 2007 reforms? For Section 404(b) compliant companies, the largest cost component is internal labor costs— which can comprise more than 50 percent of the total compliance cost—followed by the estimated portion of total audit fees attributed to ICFR (404(b) audit fees), outside vendor fees, and non-labor cost. In general, every component cost declines after the reforms compared to the year before, and is projected to decline further in the fiscal year in progress. The most notable changes in the cost components between pre-reform and post-reform are observed in the outside vendor fees and the percent of the total audit fees attributable to ICFR. The mean outside vendor fee decreases by 29 percent from $438,000 pre-reform to $311,000. The median outside vendor fee decreases by 10 percent from $100,000 to $90,000. Both differences are statistically significant, and the outside vendor fees are expected to decrease significantly to a mean cost of $222,000 and median cost of $55,000 in the fiscal year in progress at the time of the survey. The mean portion of the audit fee that respondents attributed to the ICFR audit also decreases significantly by 21 percent from $821,000 to $652,000.

P a g e | 41



This decline is expected to continue. Similarly, the median audit fee decreases by 13 percent from $358,000 to $311,000 and is expected to decrease to $275,000. Q4. What are the benefits of complying with Section 404, as reported by company executives, and how do they compare against the costs of compliance? The survey asked the respondents to comment on the impact of Section 404 compliance on twelve characteristics relating to internal governance and investor confidence, of which six were considered direct effects of compliance and the remaining six indirect effects of compliance. The respondents recognized Section 404 compliance as having a positive impact on various dimensions of the financial reporting process, but were less inclined to recognize these improvements as affecting the companies’ dealings with other capital market participants. Furthermore, in an optional section of the survey, respondents provided their assessment of the cost-benefit trade-off of Section 404 compliance. The majority of respondents to this section perceive the trade-off to be negative to varying degrees. This perceived trade-off is more favorable among larger companies and, independently of size, improved following the 2007 reforms. Among the characteristics that are most widely reported benefiting from Section 404 compliance is: - The quality of the respondent company’s internal control structure

(73 percent)

- The audit committee’s confidence in the company’s ICFR (71 percent)

P a g e | 42



- The quality of the company’s financial reporting (49 percent)

- The company’s ability to prevent and detect fraud (48 percent)

- The respondent’s confidence in the financial reports of other companies complying with Section 404 (40 percent).

The majority of respondents recognize no effect of Section 404 compliance on: the company’s ability to raise capital, investor confidence in the company’s financial reports, the company’s overall firm value, and the liquidity of the company’s common stock. Finally, the perceived effect of Section 404 compliance on the efficiency of the operating and financial reporting processes and the timeliness of the company’s financial statement audit varies widely: While a majority of respondents perceive no effect on these dimensions, non-trivial portions of respondents recognize a negative effect—that is, a reduction in the efficiency of the operating and financial reporting processes and/or the timeliness of financial statement audit. In the cross-section, larger companies were more likely to ascribe positive direct and indirect effects to Section 404 compliance than were smaller companies. Q5. What are the reported benefits of Section 404 compliance from the perspective of financial statement users? In order to obtain a more complete picture of the effects of Section 404 implementation, staff members from the SEC’s Office of the Chief Accountant conducted separate in-depth phone interviews of a sample of 30 users of financial statements—including lenders, securities analysts, credit rating agencies, and other investors. Although the sample is admittedly smaller than that of issuers participating in the survey, the evidence gathered is useful because it

P a g e | 43



provides the perspective of financial statement users on the effects of Section 404 compliance. In general, financial statement users regard ICFR disclosures to be beneficial and indicated that Section 404(a) and Section 404(b) compliance has had a positive impact on their confidence in the companies’ financial reports. The users generally indicate that Section 404 compliance leads management to better understand financial reporting risks, put in place appropriate controls to address financial reporting risks, and address internal control deficiencies in a more timely fashion than in the absence of the disclosure requirement. Although, users offer divergent opinions regarding the extent to which disclosures of material weakness affect their decision-making process, most agree that severe weaknesses that could take years to remediate are likely to negatively affect their decision-making. Users tend not to perceive the benefits of Section 404 compliance to vary with the size of the reporting company. Instead, many indicate that these benefits depend on a company’s complexity and industry affiliation. At the same time, the users agree that variations in compliance requirements based on complexity and/or industry would likely be impractical. Finally, most users indicate that the benefits they perceive from Section 404 compliance have not changed substantially over time. This is an important finding since it indicates that the 2007 reforms, while intended to reduce certain duplicative efforts in conducting the evaluation of ICFR, did not at the same time change financial statement users’ perception of the effectiveness of Section 404.

P a g e | 44



Regarding the Section 404(b) requirement, the general consensus is that the auditor’s report on ICFR required under Section 404(b) provides an incremental benefit beyond the management’s report because many respondents perceive the audit requirement to provide necessary discipline to the reporting process. Although some users express the concern that ICFR evaluation may divert management’s attention from other important areas of their businesses, these respondents continued to believe that strong ICFR is necessary and that financial statements need to be of high quality and reliable. Most users interviewed indicate that the process of compliance with Section 404 has become more efficient since the initial implementation in 2004 due to: (i) Reduction in the level of documentation, (ii) Improved communications between auditors and management, (iii) Increased use of professional judgment in scoping and testing, (iv) More focus on higher risk areas, and (v) Streamlining of audits subsequent to the first-time effort required by Section 404 compliance. Q6. In what ways have the Commission’s 2007 reforms affected the companies’ procedures of complying with Section 404? Nearly all respondents who completed an optional section of the survey requesting feedback on management’s Section 404(a) experience responded that they used Management Guidance and found it to be useful.

P a g e | 45



Those who responded indicate that both Management Guidance and Auditing Standard No. 5 have helped reduce the total cost of compliance, for companies in every size category. The respondents also indicate on average that Auditing Standard No. 5 resulted in a small decrease in the time it takes to complete the independent audit of ICFR. The perceived impact of AS5, however, varies with the size of the company and its experience with Section 404(b) compliance. Specifically, the perceived impact of AS5 on the time it takes to complete the independent audit of ICFR is significantly smaller among small filers and among companies with no previous experience with Section 404(b) compliance. When asked to compare the changes in activities associated with management’s evaluation of ICFR, the respondents indicate a slight decrease on average from pre-reform to post-reform in the number of risks subject to testing, the number of controls tested, but a slight increase in the level of documentation, the use of management’s interaction with controls as evidence, reliance on evidence gained from self-assessment, and reliance on evidence from direct testing. Like much of the previous results, the responses varied significantly depending on the respondents’ size. While smaller companies typically report an increase in every component, the changes reported by medium and large filers are not homogenous. Interestingly, however, the evidence suggests that the compliance process across companies of different size has become more homogenous following the 2007 reforms. Finally, the survey evidence indicates that companies are increasingly structuring their evaluations of ICFR with the intent of allowing the

P a g e | 46



independent auditor to rely on their internal work, which is consistent with one of the goals of the 2007 reforms through Auditing Standard No. 5. Some caveats about the analysis of Web survey data on Section 404 implementation There are a number of caveats to consider when interpreting the evidence presented in this study, some of which are due to the inherent nature of survey data, while others are the result of the particular context in which the Section 404 survey takes place. First, most, if not all, analyses of survey data are affected to various degrees by the following potential difficulties:

• Self-Selection Bias (i.e., Non-response Bias): Participation in survey research is generally voluntary. The process by which survey participants “select” to participate in a survey can bias the inference based on survey data, if the participants’ (self-) selection process is such that particular segments of the population are systematically over- or under-represented. We conduct extensive analyses to test for the presence and the potential severity of the problem, particularly by investigating the extent to which key characteristics of the sample of respondents to the survey coincide or diverge from those of the list of companies identified as the target population. We find that respondent companies are representative of the initial list of public companies identified for this study, particularly among Section 404(b) companies or within company size groups. We also find that the typical responses of voluntary participants in the survey are not significantly different from those of a randomly selected,

P a g e | 47



stratified sample of companies that were the target of follow-up efforts to induce their participation. Overall, the evidence is consistent with the notion that the voluntary nature of the participation introduces no bias in the responses, at least relative to the separate treatment group where part of the decision to participate is a result of the follow-up effort.

• Response Bias: If there are no penalties for misrepresentation and survey participants have systematic incentives to be less than fully truthful, inference based on survey data (or any other self-reported information that meets those criteria) may not be accurate. A similar problem arises when survey questions are designed to elicit the participant’s subjective perceptions on a particular subject and the participants’ views are systematically biased. The portion of survey data that we could independently verify (i.e., audit fees) indicates that the participants’ representations do not deviate substantially from what is reported in official SEC filings. Aside from this exercise, it is virtually impossible to assess the extent to which the remaining survey data may not be accurate. The nature of the survey questions varies, with some questions focusing on quantifiable items (e.g., internal labor hours) and others on directional perceptions (e.g., assessment of the effect of Section 404 on the quality of ICFR) and others still on directional/ordinal perceptions (e.g., assessment of the effect of AS5 on the amount of time it takes to complete the independent audit under Section 404(b)). The common element, however, is that these data cannot be independently verified, either because companies are do not keep a separate record of the figures provided (e.g., costs) or because the

P a g e | 48



information provided is based on the respondents’ perceptions which by their very nature are not verifiable. The analysis in this report provides a characterization of companies’ experiences with Section 404 compliance that is based on survey participants’ representations of their experiences. Other caveats are specific to the analysis presented in this report, as they depend on the nature and timing of the survey. In particular: 1. The number of respondents from Section 404(b) companies that are non-accelerated filers and have usable data is relatively small —approximately 100 companies versus over 1,600 accelerated filers in the most recently completed fiscal year —and there are reasons to believe the experience of these companies may not extend to other non-accelerated filers that are yet to comply with Section 404(b). Specifically, non-accelerated Section 404(b) companies that participated in the survey are either voluntary compliers or have been required to comply in the past as accelerated filers and must continue to do so because their float has not dropped below $50 million since. To the extent that these factors affect companies’ experience with Section 404(b) compliance, one should be careful when extrapolating the results to non-accelerated filers that are yet to comply. 2. Non-accelerated filers were required to start complying with Section 404(a) at the end of 2007—after the reforms. Yet, a number of non-accelerated filers responding to the survey reported bearing Section 404 compliance costs prior to the reform. These respondents were contacted after the survey was closed to inquire about the nature of the information provided.

P a g e | 49



These respondents indicated that their company began complying with Section 404 requirements prior to the Commission’s public announcement that the compliance deadline had been extended and, thus, they viewed the resulting pre-reform costs reported in the survey as appropriately ascribed to Section 404(a) compliance. The analysis of non-accelerated filers’ experience prior to the reforms should be interpreted with the caveat in mind that it may not be representative of what the typical non-accelerated filer would have experienced. 3. The characteristics of the internal governance structure and financial reporting process are likely to be important determinants of the companies’ compliance experiences, including costs and benefits and the nature of the audit services they obtain under Section 404(b). To the extent that accelerated and non-accelerated filers display significant differences in these dimensions, it may not be appropriate to extrapolate the analysis of accelerated filers to non-accelerated filers. 4. All the cost figures presented in this analysis are based on survey respondents’ characterization of the resources devoted to Section 404 compliance. As such, the general caveats above apply. Moreover, there are some aspects specific to our analysis: a. All estimates presented in this report are based on non-audited numbers based on the respondents’ perception provided in the survey. Moreover, the nature of the estimates is limited by the scope of the survey. b. There are reasons to question the ability of respondents to provide an accurate breakdown of audit fees into Section 404(b) fees versus financial statement audit fees.

P a g e | 50



Auditors interviewed by the SEC’s OCA staff highlight this difficulty on the basis that, for Section 404(b) companies, the two audits are integrated and audit firms do not typically provide a breakdown of the fees. Based on conversations with issuers, however, it seems routine for them to request and obtain audit fee quotes that account for the incremental auditor’s work under Section 404(b) requirements before the company begins complying with this section of the Act. Thus, it is possible that respondents’ attribution of audit fees to Section 404(b) may be inaccurate, to the extent that they are based on quotes provided by auditors upon first-time compliance with this section and that such a breakdown does not apply in subsequent years of compliance c. It is important to note that the estimates of internal labor costs presented in this report are based on an assumption about a reasonable hourly rate. The rate adopted for internal labor is $121 per hour, consistent with the rate quoted as of September, 2008 for a junior accountant cited in a report on salaries prepared by the Securities Industry and Financial Markets Association (SIFMA), to which the Commission frequently refers in its rulemakings. This is at the low end of cost estimates that are provided in the SIFMA report for accounting and related services, and above the rate of $50/hour (or $100,000 for 2000 hours) that is assumed in a series of Financial Executives International (“FEI”) reports of survey findings relating to the costs of compliance with Section 404 that date back to 2005. Although our assumed rate is within the range of reasonable estimates for evaluating the overall costs of compliance, it is not intended for use in estimating the cost to an individual company.

P a g e | 51



We have provided information sufficient for determining how the internal labor costs are affected by changes in the hourly rate—e.g., doubling (halving) the rate to $242 ($60.5) per hour doubles (halves) the associated labor costs— and by changes in internal labor hours, each of which may vary across companies. d. Coates (2007), among others, highlights that implementation of the Sarbanes-Oxley Act “created new incentives for firms to spend money on internal controls” even where companies were required to invest such resources under the previous regulatory regime. This observation is particularly relevant in the context of Section 404 implementation. In particular, Section 13(b)(2) of the Exchange Act requires companies to maintain effective ICFR, while Section 404 requires management to report on the effectiveness of ICFR. By this reasoning, it is conceivable that Section 404 may have given issuers incentives to spend more resources to meet the requirements of the Exchange Act, causing companies to bear “deferred maintenance” expenses to bring ICFR into compliance with those requirements. It is possible that survey participants include these costs in their assessment of the incremental costs due to Section 404 compliance. Whether this is the correct measure of the incremental costs of Section 404 compliance depends on the objective of the analysis. For example, issuers were required to be in compliance with Section 13(b)(2) of the Exchange Act prior to SOX, so the ICFR maintenance costs might not seem pertinent. From this perspective, Section 404 cost estimates that include the ICFR maintenance expenses overestimate the cost of compliance with Section 404—by including more than just the cost of reviewing ICFR and preparing the mandated disclosures.

P a g e | 52



Alternatively, if the argument above is correct, in the sense that companies systematically shirk in complying with the Exchange Act requirements absent SOX, then the incremental economic cost of Section 404 compliance should include the aforementioned maintenance expenses that would not be borne absent Section 404. Similarly, it is worth noting that a parallel logic applies to the benefits of Section 404 compliance. That is, from an economic perspective, the incremental benefits of Section 404 include the improvements in ICFR resulting from the deferred maintenance that would not have occurred absent the new disclosure requirements of Section 404. 5. Participants in the survey provided their perceptions of the effects of Section 404 compliance, both on the financial reporting process and their company’s interaction with capital market participants. The following caveats should be kept in mind for this part of the analysis: a. The assessment of the benefits is qualitative in nature, given the intrinsic difficulty of quantifying the benefits of Section 404 compliance in monetary terms, and not directly comparable to the cost estimates provided by the same respondents. b. In addition to lack of comparability with cost estimates, the analysis of the survey responses about the benefits of compliance may be subject to response bias. In particular, the response bias would seem to be especially relevant when participants provide their assessment of how Section 404 compliance affects subjects outside the corporation (e.g., investors’ confidence in the company’s reports). The resulting analysis may be biased if the respondents’ perception or their representation of those perceptions is biased.

P a g e | 53



With this caveat in mind, the staff of the SEC’s Office of the Chief Accountant (OCA) conducted in-depth interviews with individuals representing a variety of external users of financial statements to gather their views on the effects of Section 404. This effort complements the analysis of the views expressed by the companies participating in the survey, in combination providing a broader and more complete assessment of the effects of Section 404 on capital market participants. 6. In various parts of the survey, the participants provided information about their experience with Section 404 compliance over several years: the most recently completed fiscal year; the fiscal year prior to that, and the fiscal year in progress at the time of the survey. While responses referring to the participants’ past experience reflect events that are certain, responses for the fiscal year in progress at the time of the survey result in estimates and perceptions that are intrinsically less precise, due to the inherent uncertainty about future events. To study all 139 pages of the report: www.sec.gov/news/studies/2009/sox-404_study.pdf

http://www.sec.gov/news/studies/2009/sox-404_study.pdf

P a g e | 54



A very interesting letter Dear Chairman Dodd and Ranking Member Shelby: We are writing to urge you in the course of your efforts to reform the financial sector to resist efforts to weaken protections for investors in the Sarbanes-Oxley Act of 2002 (SOX). Specifically, we oppose exempting smaller public companies from compliance with Section 404(b) of the Act. Further, we are troubled by evidence of a proposal to roll back to an arbitrary market capitalization point strengthened internal controls requirements for larger companies that are already in compliance with the provision. As you know, Section 404(b) requires an independent audit of a public company’s assessment of its internal controls. If Congress agrees to a permanent 404(b) waiver for smaller companies, there may be little independent scrutiny of financial reporting safeguards at half of all listed companies nationwide. Compliance Week has reported that, “as much as non-accelerated filers denounce the burden of Section 404(b) compliance, they’re still confronted with one stubborn counter-argument: fraud happens.” The publication went on to note that numerous studies indicate that small companies are particularly vulnerable to fraud. A congressionally-mandated study by the Securities and Exchange Commission (SEC) has found that Section 404 provides benefits that are valuable regardless of a public company’s size. Reporting requirement reforms, including the Public Company Accounting Oversight Board’s adoption of Audit Standard No. 5 and the

P a g e | 55



SEC’s management guidance, are reflective of the real-world lessons learned since the law’s enactment. The result has been a decline in compliance costs of approximately 30 percent. Reporting under Section 404 provides investors with meaningful information regarding a public company’s internal control over financial reporting (ICFR). In addition, we believe that the required independent audit of management’s assessment of the effectiveness of ICFR, as required by SOX Section 404(b), has been integral to the achievement of the intended objectives of ICFR reporting under SOX Section 404. As important, the SEC’s study determined that investors and other financial statement users “regard ICFR disclosures to be beneficial and indicated that Section 404(a) and Section 404(b) compliance has had a positive impact on their confidence in the companies’ financial reports. The users generally indicate that Section 404 compliance leads management to better understand financial reporting risks, put in place appropriate controls to address financial reporting risks, and address internal control deficiencies in a more timely fashion than in the absence of the disclosure requirement.” Investor confidence in public companies’ financial reports is imperative to the successful operation of our capital markets. As such, it only makes sense to apply the benefits of Section 404(b) to investors to public companies of all sizes, even those that have not yet had to comply. This is especially meaningful in view of the fact small companies are more likely to issue earnings restatements. In fact, a November 2009 study by Audit Analytics suggests that companies that have not yet had auditors review their internal control reports have a restatement rate that

P a g e | 56



is 46 percent higher than larger public companies, despite claiming they have effective controls. Moreover, a 2009 analysis of restatements of small companies by Glass Lewis for the Ohio Public Employees Retirement System found a correlation between internal control problems and poor stock performance. The analysis revealed the large costs incurred by investors in the form of continued stock underperformance of small companies with deficient internal controls. There is no compelling or credible reason to create a dual class system of investor protection in the United States. By waiving Section 404(b) compliance for all but the largest public companies, however, Congress sets us on a path to do just that. We urge you maintain the benefits of Section 404 to investors in all public companies.

P a g e | 57



Auditing Standards Related to the Auditor's Assessment of, and Response to, Risk (AS No. 8 through 15)

Auditing Standard 8 (AS No. 8) - Audit Risk. This standard discusses the auditor's consideration of audit risk in an audit of financial statements as part of an integrated audit or an audit of financial statements only. It describes the components of audit risk and the auditor's responsibilities for reducing audit risk to an appropriately low level in order to obtain reasonable assurance that the financial statements are free of material misstatement.

Auditing Standard 9 (AS No. 9) - Audit Planning. This standard establishes requirements regarding planning an audit, including assessing matters that are important to the audit, and establishing an appropriate audit strategy and audit plan.

Auditing Standard 10 (AS No. 10) - Supervision of the Audit Engagement. This standard sets forth requirements for supervision of the audit engagement, including, in particular, supervising the work of engagement team members. It applies to the engagement partner and to other engagement team members who assist the engagement partner with supervision.

Auditing Standard 11 (AS No. 11) - Consideration of Materiality in Planning and Performing an Audit. This standard describes the auditor's responsibilities for consideration of materiality in planning and performing an audit.

P a g e | 58



Auditing Standard 12 (AS No. 12) - Identifying and Assessing Risks of Material Misstatement. This standard establishes requirements regarding the process of identifying and assessing risks of material misstatement of the financial statements. The risk assessment process discussed in the standard includes information-gathering procedures to identify risks and an analysis of the identified risks.

Auditing Standard 13 (AS No. 13) - The Auditor's Responses to the Risks of Material Misstatement. This standard establishes requirements for responding to the risks of material misstatement in financial statements through the general conduct of the audit and performing audit procedures regarding significant accounts and disclosures.

Auditing Standard 14 (AS No. 14) - Evaluating Audit Results. This standard establishes requirements regarding the auditor's evaluation of audit results and determination of whether the auditor has obtained sufficient appropriate audit evidence. The evaluation process set forth in this standard includes, among other things, evaluation of misstatements identified during the audit; the overall presentation of the financial statements, including disclosures; and the potential for management bias in the financial statements.

Auditing Standard 15 (AS No. 15) - Audit Evidence. This standard explains what constitutes audit evidence and establishes requirements for designing and performing audit procedures to obtain sufficient appropriate audit evidence to support the opinion expressed in the auditor's report.

P a g e | 59



An interesting testimony Testimony before the United States House of Representatives Committee on Financial Services

“Oversight of the U.S. Securities and Exchange Commission: Evaluating Present Reforms and Future Challenges” Chairman Mary L. Schapiro, U.S. Securities and Exchange Commission

New Leadership, Organizational Structures, and Expertise Over the past year, the Commission has undergone significant changes. These include hiring new leadership to run the agency’s four largest operating units: the Division of Enforcement, the Office of Compliance Inspections and Examinations (OCIE), the Division of Corporation Finance, and the Division of Trading and Markets. We also have selected a new General Counsel, Chief Accountant, head of the Office of Investor Education and Advocacy, and directors for the New York, Miami, and Atlanta regional offices. Most recently, we hired the agency’s first Chief Operating Officer. The efforts of these new senior managers, together with the efforts of other leaders who are continuing their service, are already making the SEC a more nimble, responsive, and innovative agency. This new leadership team is committed to a culture of collaboration, information exchange and idea sharing. To solidify these efforts, we have established several interdisciplinary teams to focus on a host of specific issues (e.g., life settlements and the development of a consolidated audit trail). In addition, we have begun integrating our broker-dealer and investment adviser examinations and are consolidating our multi-office oversight of clearing agencies.

P a g e | 60



A principal lesson learned from the financial crisis is that, because today’s financial markets and their participants are dynamic, fast-moving, and innovative, the regulators who oversee them must continuously improve their knowledge and skills to regulate effectively. In response, we have created and begun staffing a new division, the Division of Risk, Strategy, and Financial Innovation. This new division is helping to re-focus the agency’s attention on and response to new products, trading practices, and risks. Already, we have attracted, retained and continue to recruit financial, economic, and legal experts who have a deep understanding of and experience with the financial innovations being crafted on Wall Street. In addition, we are working to establish throughout the agency a deeper reservoir of professionals with specialized industry expertise to conduct risk analysis and identify emerging trends and practices.

Reinvigorating the Enforcement Program Enforcement is a key element to fair and effective markets. Swift and vigorous prosecution of those who have violated the law is at the heart of the agency’s efforts to promote investor confidence in the integrity of the marketplace. Over the past year, we have improved our law enforcement capabilities. For example, we delegated to senior staff the authority to formally initiate investigations and issue subpoenas. We also ended the requirement that staff obtain Commission approval before entering into settlement negotiations involving civil monetary penalties against issuers.

P a g e | 61



In addition, we have added a host of measures to encourage corporate insiders and others to come forward with evidence of wrongdoing. These new cooperation initiatives establish incentives for individuals and companies to fully and truthfully cooperate and assist with SEC investigations and enforcement actions, and they provide new tools to help investigators develop first-hand evidence to build the strongest cases as quickly as possible. Cooperation and coordination with criminal authorities and other regulators also has been strengthened. The SEC historically has had a very close and cooperative working relationship with criminal and other regulatory authorities. Last November, as part of the effort to better combat financial crime and mount a more organized, collaborative, and effective response to the financial crisis, the SEC joined the Department of Justice, the Department of the Treasury, and the Department of Housing and Urban Development in announcing the interagency Financial Fraud Enforcement Task Force (Task Force). The Task Force builds upon the efforts already underway to combat mortgage, securities, and corporate fraud by increasing coordination and fully utilizing the resources and expertise of the government's law enforcement and financial regulatory organizations. A little over a year ago, Robert Khuzami, a longtime federal prosecutor who had served as Chief of the Securities and Commodities Fraud Task Force of the U.S. Attorney’s Office for the Southern District of New York, joined the SEC as the Director of the Division of Enforcement. Under his leadership, we undertook the most significant structural reforms of the enforcement program since 1972 – reforms designed to maximize resources and enable us to move swiftly and vigorously against securities fraud.

P a g e | 62



As part of the now completed reorganization of the Enforcement Division, we created five new specialized units, as well as a new office dedicated to the handling of complaints, tips, and referrals; we eliminated an entire layer of management, returning talented and experienced lawyers to front-line investigative work; and we hired additional, experienced staff, as well as restructured current staff to fill the various positions. Division management teams and staff around the country have worked together to make the transition smooth and effective while continuing to bring high quality cases that serve our mission of investor protection.

Highlights of the initiatives include:

Specialization The five new national specialized investigative groups dedicated to high-priority areas of enforcement are Asset Management (hedge funds and investment advisers), Market Abuse (large-scale insider trading and market manipulation), Structured and New Products (various derivative products), Foreign Corrupt Practices Act violations, and Municipal Securities and Public Pensions. The specialized units are utilizing enhanced training, specialized industry experience and skills, and targeted investigative approaches to better detect links and patterns suggesting wrongdoing – and ultimately to conduct more efficient and effective investigations. Each of the specialized units is in the process of hiring additional professionals with specialized experience to assist in investigative and enforcement efforts.

Management Restructuring The Division has adopted a flatter, more streamlined organizational structure under which it has reallocated a number of staff who were first-

P a g e | 63



line managers to the mission-critical work of conducting front-line investigations. While a layer of management has been eliminated, the Division is maintaining staff-to-manager ratios that allow for close substantive consultation and collaboration, resulting in a management structure that facilitates timeliness, quality, and staff development. The Division also has hired its first-ever Managing Executive, who is creating a business management network throughout the Division that is focused on the Division’s administrative, operational, and infrastructure functions, thus freeing up valuable investigative resources for mission-critical work.

Office of Market Intelligence The Division has established an Office of Market Intelligence, which serves as a central office for the handling of complaints, tips, and referrals that come to the attention of the Division; coordinates the Division’s risk assessment activities; and supports the Division’s strategic planning activities. In short, this office gives the Division the ability to have a unified, coherent, coordinated response to the huge volume of complaints, tips, and referrals we receive every day, thereby enhancing the Division’s ability to open the right investigations, bring solid cases, and more effectively protect investors. As we move forward, we will continue to assess, evaluate, and make further improvements to the program as necessary to maximize the effectiveness and responsiveness of the Enforcement Division. The Enforcement Division’s work has increased in both speed and effectiveness. For example, in 2009, we secured orders for disgorgement and civil penalties in amounts that exceeded the fiscal year 2008 amounts by 46 percent and 101 percent, respectively.

P a g e | 64



We also sought more than twice as many temporary restraining orders to halt ongoing fraudulent conduct, and issued more than twice as many formal orders of investigation. As we move forward, the Division will continue to expeditiously investigate and bring high quality cases that serve important programmatic and investor protection objectives. Of course, we recognize that numbers alone do not and cannot capture the complexity and range – or the importance – of the actions brought by the Commission. For example, the Commission has brought a number of cases involving issues surrounding the financial crisis, including cases alleging accounting and disclosure violations at subprime lenders, misrepresentation of complex mortgage securities as appropriate for retail investors seeking safe financial products, fraud in connection with synthetic CDO marketing materials, and misleading fund investors about fund exposure to subprime investments. Our cases have included actions against American Home Mortgage, officers of Countrywide Financial Corp., New Century, Brookstreet Securities, and Morgan Keegan. And just last week, we announced a settlement in the Goldman, Sachs & Co case. Goldman, Sachs & Co. will pay $550 million to settle the Commission’s charges that Goldman misled investors in a subprime mortgage product just as the U.S. housing market was starting to collapse. Of the $550 million to be paid by Goldman in the settlement, $250 million would be returned to Deutsche Industriebank AG and Royal Bank of Scotland N.V. through a Fair Fund distribution and $300 million would be paid to the U.S. Treasury.

P a g e | 65



As part of its settlement, Goldman also acknowledged that its marketing materials for the subprime product contained incomplete information and agreed to tighten internal controls and assess the roles and responsibilities of Goldman personnel to ensure that disclosures in future offerings of mortgage securities are full and accurate. In agreeing to the settlement, we also took into account that Goldman is engaging in a broad-based self-assessment of its overall business practices that will increase transparency, evaluate and remediate conflicts, and reduce the chances that investors in the future will be misled. The settlement is subject to approval by the Honorable Barbara S. Jones, United Sates District Judge for the Southern District of New York. Meanwhile, the SEC's litigation continues against Fabrice Tourre, a vice president at Goldman. In addition, in the last several months, SEC has filed other actions related to mortgage securities, including: • Charging investment adviser ICP Asset Management LLC and others in connection with conflicts of interest and fraud concerning its simultaneous management of multiple CDOs, managed accounts and an affiliated hedge fund as they came under pricing and liquidity pressures in 2007. • Charging the former chairman of major mortgage lender Taylor, Bean & Whitaker with orchestrating a large-scale securities fraud scheme and attempting to defraud the U.S. Treasury’s Troubled Asset Relief Program. This action was brought in coordination with other members of the newly created Financial Fraud Enforcement Task Force. • Charging Boston-based State Street Bank and Trust Company with misleading investors about their exposure to subprime investments while

P a g e | 66



selectively disclosing more complete information only to certain favored investors. Another key priority is the return of monies to harmed investors under the Fair Funds provisions of the Sarbanes-Oxley Act of 2002, which authorizes the Commission to distribute civil penalties with disgorgement funds. In fiscal year 2009, the Commission distributed to injured investors an estimated $2.1 billion, a more than two-fold increase in comparison to fiscal year 2008. During the current fiscal year, we already have distributed to injured investors an estimated $1.5 billion plus from 29 separate funds. Recent examples of where the SEC’s actions have resulted in significant recovery for harmed investors include: • Charging the investment adviser for the Reserve Primary Fund with failing to properly disclose to investors and trustees material facts relating to the Fund’s liquidity and share value in the wake of the bankruptcy of Lehman Brothers Holdings, Inc. We also charged the adviser with misrepresenting that it would provide the credit support necessary to protect the $1 net asset value of the Primary Fund when, according to our complaint, the adviser had no such intention. In bringing the enforcement action, the SEC also sought to expedite the distribution of the fund’s remaining assets to investors by proposing a pro-rata distribution plan, which the Court has approved. At the fund’s next distribution, which the Fund is processing for distribution this week pursuant to court order, investors will have been provided with approximately 99 cents on the dollar.

P a g e | 67



• Completing the distribution of more than $178 million to investors affected by improper market timing by Millennium Partners and its related entities. • As a result of the State Street Bank and Trust Company action referenced above, more than $300 million will be distributed to investors who lost money during the subprime market meltdown. In addition to the significant cases we have brought arising out of the financial crisis, we have continued to bring cases in many other important areas including: • In a pension fund pay-to-play case, we filed a settled action against a private investment firm, Quadrangle Group LLC, and one of its affiliated entities, charging them with participating in a widespread kickback scheme to obtain investments from New York's largest pension fund. • In the municipal securities arena, we filed settled fraud charges against J.P. Morgan Securities for its alleged role in an unlawful pay-to-play scheme in Jefferson County, Alabama. J.P. Morgan paid $50 million directly to Jefferson County, forfeited more than $647 million in claimed termination fees, and paid a penalty of $25 million. At the same time, the SEC also charged two of J.P. Morgan’s former managing directors with fraud arising out of this scheme and previously charged others, including the former Birmingham mayor – who in March was sentenced to 15 years in prison and fined $360,000 – a J.P. Morgan banker, and the local operative who served as go-between. • In the area of accounting and financial fraud, auditor Ernst & Young LLP paid an $8.5 million settlement – one of the largest ever paid by an accounting firm – and six current and former partners were sanctioned for their conduct in the audit of Bally Total Fitness Holding Corporation, including abdicating their responsibility to function as gatekeepers while their audit client engaged in fraudulent accounting.

P a g e | 68



• In the Galleon and Cutillo insider trading cases, we charged more than a dozen hedge fund managers, lawyers, and investment professionals in two overlapping serial insider trading rings that collectively constituted one of the largest insider trading cases in Commission history. In the parallel criminal prosecutions, twelve individuals have already pled guilty and nine additional individuals have been indicted. • Finally, last month, we obtained an emergency asset freeze against two Canadians we charged with fraudulently touting penny stocks through, among other venues, social media websites. The method of communication – including social media websites and text messages – was a twist on traditional fraudulent conduct and is an illustration of the Enforcement Division’s responsiveness to developing technology and trends.

P a g e | 69



The PCAOB passes the Adequacy Assessment of the European Union The European Commission has adopted a decision recognising the adequacy of the auditor oversight authorities of Australia and the United States of America. Adequacy refers to the ability of a third country authority to fulfil the requirements set out in the EU's Statutory Audit Directive (2006/43/EC) and, in particular, its capacity to enter into reciprocal working arrangements with the EU Member States on the exchange of audit working papers or other relevant documents between competent authorities. This also covers the preservation of the confidentiality of any such documents that authorities from third countries may receive from EU Member States. The decision will enable the exchange of audit working papers between the EU Member States' oversight authorities and their Australian and US counterparts. This will contribute to reinforcing international co-operation on audit oversight which will ultimately lead to increased investor protection. Internal Market and Services Commissioner Michel Barnier said: "This decision will allow the co-operation of European auditor oversight bodies and their US and Australian counterparts in the supervision of global audit networks. The exchange of audit working papers is an important step in moving towards our ultimate objective of equivalent rules and mutual reliance on each other's audit oversight systems. " As auditing has moved beyond national borders, international co-operation is necessary to ensure that high quality audits are carried out worldwide.

P a g e | 70



Australia and the United States of America have expressed an interest in exchanging audit working papers with the EU Member States. The Commission decided that these countries fulfil the European requirements on reciprocal access to audit working papers, including the need to respect the confidential nature of the transferred documents. Following the Commission decision, EU Member States can now conclude reciprocal bilateral agreements with Australia and the United States of America on the exchange of audit working papers. To ensure that high quality audit services are provided globally, international coordination and co-operation are necessary between auditor regulators. European legislation provides for a framework for international co-operation and allows the European Commission to determine the countries with which Member States may co-operate in that context. In February 2010 the European Commission adopted a similar decision for the auditor oversight authorities of Canada, Japan and Switzerland (see IP/10/136). The Commission is committed to co-operate with its international partners on auditor oversight and may adopt similar decisions regarding the auditor oversight authorities of other countries in the future.

P a g e | 71



Public Company Accounting Oversight Board (PCAOB) Interesting parts from the Strategic Plan (2009 - 2013) The Public Company Accounting Oversight Board (the “PCAOB” or the “Board”) developed this Strategic Plan to guide its programs and operations, and development of its budgets, in the coming years. The Sarbanes-Oxley Act of 2002 (the “Act”) established the PCAOB and serves as the strategic blueprint for structuring and managing the PCAOB's programs and operations. Consistent with the Act, the PCAOB's mission is to oversee the auditors of public companies in order to protect the interests of investors and further the public interest in the preparation of informative, fair and independent audit reports. The Act gives the PCAOB four primary responsibilities: - Registration of accounting firms that audit U.S. public companies

- Inspections of registered public accounting firms;

- Establishment of auditing and related attestation, quality control,

ethics, and independence standards for registered public accounting firms;

- Investigation and discipline of registered public accounting firms

and their associated persons for violations of specified laws or professional standards.

To enhance the PCAOB’s effectiveness in these activities, the PCAOB devotes substantial attention and resources to analyzing information obtained in its inspections, investigations, and otherwise. The PCAOB aims to identify risks that may have resulted in, or could lead to, audit, quality control, ethics or independence failures by registered firms.

P a g e | 72



The PCAOB also uses such analysis to identify weaknesses in, and appropriate improvements to, its auditing and related professional practice standards or a need for guidance on how to apply such standards in particular circumstances. The PCAOB further uses this analysis to identify ways in which it can improve the effectiveness of its oversight programs in light of lessons learned through its activities and other means. The Act gives the Securities and Exchange Commission (the “SEC” or the “Commission”) oversight authority over the PCAOB, including the authority to appoint and remove the Board’s five members. The PCAOB is subject to rules and orders promulgated by the SEC. Moreover, the PCAOB’s own rules, including its auditing and related professional practice standards, are not effective unless approved by the SEC. The PCAOB’s annual (and any supplemental) budgets are also subject to SEC approval. And, as provided in the Act, adverse PCAOB inspection reports, remediation determinations, and disciplinary actions against registered firms and their associated persons are subject to review by the SEC. This Strategic Plan sets forth goals, objectives and initiatives to achieve the PCAOB’s mission under the Act. In addition, consistent with the SEC’s rule on the approval process for the PCAOB’s budget, this Strategic Plan provides the framework for developing the PCAOB’s annual budget. Specifically, the PCAOB has established the following five overarching goals –

P a g e | 73



Goal 1: Protect the interests of the investing public in informative, fair and independent audit reports on the financial statements of public companies through effective oversight of registered public accounting firms and their associated persons

Goal 2: Maintain a program to register, and receive annual and special reports from, public accounting firms with broker-dealer audit clients, in a manner that enhances public information about such firms and facilitates administration of laws related to brokerdealers

Goal 3: Inform, educate and obtain input from a broad cross-section of the public, including auditors, investors, the academic community and other interested parties, about the PCAOB’s oversight activities

Goal 4: Strengthen the coordination of financial reporting and auditing initiatives in the United States and abroad, to the extent consistent with the PCAOB’s mission

Goal 5: Operate the PCAOB in a manner that demonstrates careful stewardship over its resources consistent with the public interest nature of its mission As outlined below, each goal has corresponding objectives and supporting initiatives that highlight some of the key tools that the PCAOB will use to achieve that goal.

P a g e | 74



Key Environmental Factors In developing this strategic plan, the PCAOB has taken into consideration the environment in which it operates, including both the environment in which financial reporting and public company audits take place as well as the PCAOB’s internal, cultural and operational environment. The PCAOB has used this analysis to identify factors that could affect its programs and operations. To the extent possible, the PCAOB has taken these factors into account in designing its goals, objectives and initiatives. To the extent some of these factors may, in the future, affect the PCAOB’s programs and operations, the PCAOB intends to continue to monitor them and be prepared to adjust its goals, objectives and corresponding initiatives as necessary and appropriate. In particular, several key factors are described below.

Global Financial Crisis The global financial crisis has affected the PCAOB’s programs, operations and resources, and the PCAOB expects it to continue to do so for the near future. In the early stages of the financial crisis, financial institutions most vulnerable to liquidity risk resulting from their exposure to residential mortgage debt were most affected. Thus, the audits of such institutions’ financial statements were more challenging. As the financial crisis continued, it affected other kinds of companies as well, in particular companies that engage in complex structured finance transactions.

P a g e | 75



These matters present complex accounting and auditing issues, especially in the areas of valuation and consolidation and, among other things, require meaningful and complete financial statement disclosures. Some transactions and instruments that would have previously been relatively simple to account for now present complex accounting and auditing issues given prevailing economic conditions. This is especially true when companies experience liquidity problems. Such transactions and instruments can involve significant estimates and other judgments that are susceptible to management bias. These conditions have increased the need for auditors to have a comprehensive understanding of their audit clients’ businesses and transactions, as well as economic conditions, in order to be able to assess the potential impact of liquidity and other risks associated with the crisis. Fundamentally, the auditor’s job is to provide reasonable assurance that financial statements are fairly presented, consistent with applicable standards, and not misleading to investors and, if applicable, that the company has effective internal control over financial reporting. Also, where applicable, the auditor is responsible for evaluating its audit client’s assessment of the client’s ability to continue as a going concern. The audit serves, among other things, as a counterweight against management bias in these areas. The combination of complexity and economic challenges has made auditing more challenging in the current environment, but also has reinforced the need for auditors to maintain their professional skepticism. Moreover, in light of public accounting firms’ for-profit nature, changes in the economic environment may exacerbate certain pressures on

P a g e | 76



auditors, including pressures to maintain audit practice profit margins, accommodate audit clients facing deteriorating economic and business conditions, and reduce audit fees. Registered firms may also face internal cost pressures, including among other things pressures to retain partners and staff and pressures to meet obligations and goals. Firms may also consider new business lines. All of these factors could affect the quality or independence of services provided to public company audit clients. Given these risks and challenges, the PCAOB has found that its inspections are more challenging, and its need for thoughtful risk assessment is greater. In addition, the PCAOB may identify gaps in its auditing and related professional practice standards, or emerging needs for new or improved standards. In order to protect investors, the PCAOB will need to identify and correct any such weaknesses in its standards in a timely manner. In addition, since the financial crisis began, the PCAOB’s inspections have resulted in increased referrals to its enforcement program. For example, through the PCAOB’s inspection process, a number of referrals related to financial institutions have been made. The PCAOB may thus also find, through these increased referrals from inspections or otherwise, that some auditors have failed to adhere to applicable standards, laws and rules and, in order to protect investors and deter auditor misconduct, should be disciplined. Investigations and disciplinary proceedings involving complex transactions and accounting and auditing issues will likely consume more resources than have many of the PCAOB’s past disciplinary cases.

P a g e | 77



To be prepared for these and other challenges, it will be critical for the PCAOB’s inspectors and enforcement staff, as well as other PCAOB staff, to have relevant training, robust risk analysis, and appropriate management support. In addition, Board members will require access to a wide range of expertise and risk analysis themselves, in order to make appropriate determinations about use and allocation of the PCAOB’s resources, give appropriate direction to its program leaders, and consider and adopt appropriate standards, rules, and other decisions, among other things.

Legislative, Regulatory and Judicial Developments As described below, certain legislative, regulatory and judicial developments could affect the scope of the PCAOB’s responsibilities and, accordingly, the PCAOB’s programs and operations, and resource needs.

Legislative Developments On November 4, 2009, the House Financial Services Committee reported out H.R. 3817, the Investor Protection Act (the “IPA”), by a vote of 41-28. The legislation includes certain amendments to the Act, as well as provisions related to a broader effort to modernize the financial regulatory system in the United States. In addition, on November 10, 2009, the Chairman of the Senate Committee on Banking, Housing and Urban Affairs circulated a discussion draft of a financial regulatory reform bill. These bills, or other legislative measures developed in the context of the Congress’s consideration of financial regulatory reform, could affect the PCAOB in a number of ways. In particular, two provisions of the IPA could have an effect on the PCAOB’s resource needs in the near future.

P a g e | 78



First, Section 601 of the IPA would amend Title I of the Act to expand the PCAOB’s oversight responsibilities to include audits of the financial statements and selected practices and procedures of broker-dealers. The Senate discussion draft includes a comparable provision. Currently, the Act does not subject such audits to the PCAOB’s standard-setting, inspection, investigative or disciplinary authority. If this legislation were enacted, the PCAOB would need additional resources to develop new programs and adjust its operations to support such programs. Depending on the final text of the legislation, this effort also could require development of an inspection methodology, including appropriate risk analyses, hiring and training of additional staff, and specialized auditing and related professional practice standards for such audits, and adjustments to the PCAOB’s funding system. Second, Section 602 of the IPA would amend the Act to permit the PCAOB to share certain confidential information relating to PCAOB inspections and investigations with certain non-U.S. regulators. The Senate discussion draft includes a comparable provision. If enacted, this provision would facilitate the PCAOB’s coordination with such regulators. Some authorities in such jurisdictions have expressed reluctance to cooperate with or allow PCAOB inspections in their jurisdictions because the PCAOB is unable to share inspection information with their local audit oversight bodies. Therefore, unless this provision is enacted, the PCAOB may continue to experience difficulty gaining non-U.S. authorities’ cooperation and our related ability to conduct non-U.S. inspections.

P a g e | 79



In addition, three amendments offered during the House Financial Services Committee’s markup of the IPA, and subsequently reported out, could also affect the PCAOB’s resource needs. First, Representatives Scott Garrett and John Adler offered an amendment to the IPA that would exempt public companies with a market capitalization under $75 million from the auditor attestation requirement of Section 404(b) of the Act. Section 404(b) requires each registered firm that prepares or issues the audit report for an issuer to attest to, and report on, management’s assessment of internal control over financial reporting. To date, the SEC has deferred compliance by non-accelerated filers with applicable regulations implementing Section 404(b) of the Act. However, pursuant to an announcement by the SEC on October 2, 2009, the extension of time is set to expire beginning with the annual reports of companies with fiscal years ending on or after June 15, 2010. The amendment to exempt public companies with a market capitalization under $75 million passed 37-32. This provision is not included in the Senate discussion draft, but if enacted, it would affect the scope of the PCAOB’s inspections. Second, Representatives Lynn Jenkins and Scott Garrett offered an amendment to the IPA that would establish a small business ombudsman at the PCAOB. This amendment passed by voice vote. If enacted, it would require additional staff resources. Finally, Representative Gary Miller offered an amendment that would create a Financial Reporting Forum.

P a g e | 80



This Forum would include the Chairman of the PCAOB, among others, and would meet quarterly to discuss immediate and long-term issues critical to financial reporting. The Forum would also issue an annual report to the Congress detailing any determinations or findings made by the Forum, including any legislative recommendations. If enacted, this provision would require additional staff resources to prepare for quarterly meetings and contribute to the drafting of determinations, findings, recommendations and reports.

Regulatory Developments Policy initiatives and other actions taken by the SEC, which has statutory oversight authority over the PCAOB, or by other governmental agencies could have an impact on the PCAOB’s programs and operations. In particular, the following regulatory developments may affect the PCAOB’s programs and operations –

• Registration of, and Annual and Special Reporting by, Registered Public Accounting Firms with Broker-Dealer Audit Clients The Act requires broker-dealers to have balance sheets and income statements audited by PCAOB registered public accounting firms, but, by order of the SEC, until relatively recently registration of such auditors has not been required. As of December 30, 2008, the SEC has determined no longer to relieve firms with broker-dealer audit clients from the registration provisions of the Act. In light of this development, the PCAOB expects approximately 1,200 accounting firms with broker dealer audit clients to seek PCAOB registration.

P a g e | 81



As discussed above, these firms’ audits related to broker-dealer audit clients are not subject to the PCAOB’s standard-setting, inspection, investigative or disciplinary authority. These firms will, however, be required to file annual reports, as well as special reports, with the PCAOB. The volume of expected registration applications and subsequent required reports may significantly affect resource needs related to registration and annual and special reporting, including staffing and information technology.

• Implementation of Section 404(b) for Non-accelerated Filers

Assuming no further delay of the implementation deadline, and subject to any legislative changes as discussed above, Section 404(b) will go into effect for non-accelerated filers reporting on internal control over financial reporting for periods ending on or after June 15, 2010. Thus, audits of those companies’ financial statements and internal control will, for the first time, be subject to the PCAOB’s auditing standard on internal control, Auditing Standard No. 5, An Audit of Internal Control over Financial Reporting That is Integrated with An Audit of Financial Statements. These audits will be subject to inspection beginning in 2010, which will require additional resources and risk analysis. In addition, firms auditing under the standard for the first time could seek additional application guidance and training.

• Treasury Advisory Committee Recommendations

The Department of the Treasury, Advisory Committee on the Auditing Profession (the “ACAP”), issued its Final Report on October 6, 2008. The Committee recommended that the PCAOB undertake or participate in a number of initiatives.

P a g e | 82



Consistent with the SEC’s order approving the PCAOB’s budget for fiscal year 2009, the PCAOB has consulted with the SEC about its plans in connection with certain recommendations and intends to continue to consult with the SEC about its plans with regard to those and other recommendations. The results of such consultations may affect the prioritization of certain existing PCAOB initiatives or require additional resources in order to implement activities that may not be part of the PCAOB’s existing programs.

• Changes in Financial Reporting. Certain changes in financial reporting, such as new accounting standards involving fair value measurements, securitization accounting, consolidations, business combinations, the going concern assumption, and financial disclosure requirements, as well as developments related to International Financial Reporting Standards (“IFRS”), could have implications for the PCAOB’s programs. Moreover, regulatory initiatives and potential accounting standard-setting initiatives regarding derivative instruments and loan loss reserves could impact the PCAOB. These potential changes could affect the need for the PCAOB to modify its standards or issue additional guidance, modify or expand its risk analysis models or adjust its inspections methodology and staff training. Such changes also may result in the PCAOB requiring more resources with specialized knowledge. The SEC’s eXtensible Business Reporting Language ("XBRL") initiative, which requires that certain filers provide financial statement data in a form that uses electronic tags to provide a uniform taxonomy for financial statement information and related disclosures across registrants, could also affect the PCAOB’s programs.

P a g e | 83



The SEC currently does not require auditor assurance on the XBRL data, although some companies may voluntarily engage their auditors to examine and report on such information by their auditor. Nevertheless, in the future, the SEC may require some companies’ filings to include auditor attestation reports on XBRL data. Such changes would likely require the PCAOB to establish specific standards for such engagements and to include such engagements in its inspections and other oversight activities.

• Pending PCAOB Proposal Related to the Timing of Certain Non-U.S. Inspections. In June 2009, the Board adopted an amendment to Rule 4003 allowing the PCAOB to postpone, for up to three years, the first inspection of any non-U.S. registered public accounting firm that the PCAOB is otherwise required to conduct before the end of 2009 and that is in a jurisdiction in which the PCAOB has not conducted an inspection prior to 2009. The 2009 amendment was submitted to the Commission for approval on July 2, 2009, is pending before the Commission, and is not currently in effect. Although the PCAOB expects the amendment to be approved, if it is not, the timing of several non-U.S. inspections would be affected. Such changes in timing could have resource implications for each of the next several years. In particular, staffing for the Division of Registration and Inspections, the Office of Research and Analysis, and the Office of International Affairs, as well as related administrative resources, could be affected.

• Pending PCAOB Proposal Related to Periodic Inspection Requirements for Certain Categories of Firms.

P a g e | 84



In October 2007, the Board adopted amendments to Rule 4003 that would give the Board discretion concerning whether and how often to inspect, rather than require the PCAOB to inspect triennially, (1) Firms that play a substantial role in one or more audits but do not serve as principal auditor on any audit ("substantial role only firms") and (2) Any firm that has served as principal auditor but has not done so for at least two consecutive years before the inspection would otherwise be required. The 2007 amendment was submitted to the Commission for approval on October 22, 2007, is pending before the Commission, and is not currently in effect. The scope of firms that current Rule 4003 provides that the PCAOB must inspect is significantly broader than the scope would be if the amendments were approved (although if the amendments were approved, the PCAOB would nevertheless, as part of its regular program, conduct inspections of substantial role only firms). The difference in scope could have ongoing resource implications, in particular Office of Research and Analysis, and the Office of International Affairs, as well as related administrative resources.

Judicial Developments Judicial decisions relating to interpreting the Act and other federal securities laws, or auditing and related professional practice standards or other PCAOB rules, may have an impact on the PCAOB’s programs and operations. For example, and in particular, the Supreme Court’s decision in FEF v. PCAOB, et al., could have an effect on the PCAOB’s programs and operations. This case is a challenge to the PCAOB’s constitutionality.

P a g e | 85



On August 22, 2008, the U.S. Court of Appeals for the District of Columbia Circuit affirmed the District Court’s grant of summary judgment in favor of the PCAOB. On May 18, 2009, the U.S. Supreme Court granted the plaintiffs’ petition for a writ of certiorari seeking review of the District of Columbia Circuit’s decision. The PCAOB expects the case to be heard and decided in the Supreme Court’s 2009-2010 Term. The PCAOB will continue to defend this action vigorously, which will in any event require significant resources. Globalization and Cross-Border Auditing. Both U.S. and non-U.S. registered public accounting firms issue, and participate in the issuance of, audit reports on which investors in U.S. public companies rely. More than 1,000 foreign private issuers are required by the federal securities laws to file audited financial statements annually with the SEC and, in many cases, audited reports on the effectiveness of their internal control over financial reporting. In addition, many U.S.-based public companies have branches, subsidiaries, and joint ventures around the world that contribute to those companies’ financial results and position, as well as the effectiveness of their internal control over financial reporting. Public accounting firms that audit, or play a substantial role in audits of such companies’ financial statements and internal control, wherever located, are required to be registered with the PCAOB and are subject to PCAOB oversight. Foreign private issuers typically use registered public accounting firms that are based locally, although such firms may also be members of a global network of firms that share a common name and certain policies, practices, audit methodologies and business interests.

P a g e | 86



Registered public accounting firms with U.S.-based multi-national audit clients often also use the work of such network affiliates, or other local firms, to assist in audits of non-U.S. operations. In many cases, affiliates who assist in audits are separately registered with the PCAOB, and they must be so registered if they play a substantial role in an audit of a U.S. public company’s financial statement.

• Challenges in Inspecting Global Network Firms. Multi-national audits present certain risks. For example, supervising multi-national audit work presents a risk that affiliates do not adhere to the quality controls or individual audit instructions required by the supervising firm. Moreover, sharing a common name presents additional reputational risk. Beginning in 2005, the PCAOB’s inspection program has included inspections of non-U.S. registered firms each year. Some of these inspections have encountered risks that are different from, or in addition to, risks encountered in the U.S. In particular, the PCAOB has encountered different business, cultural, and audit environments, which bear on the areas the PCAOB should focus on in its inspections. The PCAOB expects to continue to refine and expand its assessment of risks associated with non-U.S. inspections, and it may find that it continues to need additional expertise and information resources to do so. Moreover, even with these enhancements, the PCAOB may find continued challenges in inspecting networked firms, when only the member firms, and not the network itself, are registered and subject to PCAOB oversight.

P a g e | 87



• Challenges in Gaining Access to Non-U.S. Firms. In addition to the challenges of designing an effective program of non-U.S. inspections, in some jurisdictions, the PCAOB has also experienced challenges in gaining access to non-U.S. firms and their work papers in order to perform required inspections. Many of the non-U.S. registered firms that are subject to inspection are located in countries that have established or are establishing local auditor oversight systems. As appropriate, the PCAOB strives to work with its non-U.S. counterparts to allay concerns related to sovereignty and, in some cases, local confidentiality and other legal restrictions. The PCAOB may nevertheless continue to encounter difficulties in securing the cooperation of local firms and authorities with its inspections that could affect the PCAOB’s ability to complete certain scheduled inspections. Finally, if the PCAOB remains unable to inspect certain registered firms, the PCAOB may require additional resources to address firms’ failures to cooperate, including through appropriate disciplinary proceedings to protect the interests of investors, and consider any additional actions, such as new disclosure requirements relating to the PCAOB’s ability to inspect, including registered firms’ reliance on work performed by other firms that have not been inspected by the PCAOB.

Profile of the Audit Profession The more than 2,000 registered public accounting firms vary in size, ranging from sole proprietorships to large audit firms with extensive global networks, and type of practice, and are based in various locations around the world. This diversity requires consideration of a diverse mix of risks and corresponding adjustments to the PCAOB’s programs, as appropriate.

P a g e | 88



For example, although more than 2,000 firms have registered with the PCAOB, four very large firms audit 97.8 percent of the global market capitalization of public companies whose securities trade on U.S. exchanges. As described above, many of these audits are multi-national and involve both registered and unregistered network affiliates. An audit failure by one of these firms, especially in connection with a large issuer audit client, could have significant negative effects on the firm, including possible negative effects on the firm’s ability to continue to serve as the auditor for its many other issuer audit clients. This dynamic presents a special risk. The PCAOB’s mission is to protect the interests of investors and further the public interest in the preparation of informative, fair, and independent audit reports. The PCAOB’s mission is not to protect any individual firm from demise, whether related to the firm’s audit practice, another business line, or otherwise. The PCAOB believes the best way for a firm to avoid demise is to focus on performing high quality audits and avoid business lines and practices that could jeopardize the quality of audits or the firm’s reputation. The PCAOB strives through its programs to encourage firms to do so, but it cannot ensure that they will do the Division of Registration and Inspections, the so. In particular, through its inspection and remediation processes, the PCAOB aims to protect investors from the risk of a significant and abrupt change in the availability of audit services due to a firm’s demise. But in the event that a firm nevertheless fails, the PCAOB could find it necessary to work closely with the SEC to protect investors as audit clients transition to other firms.

P a g e | 89



Smaller audit firms, with smaller issuer audit clients, present different risks. For example, smaller audit firms may experience staff and other resource constraints that can exacerbate risks of an audit failure. Moreover, as discussed above, non-U.S. firms present other risks that can affect the PCAOB’s programs and operations. None of these firms audits the financial statements of more than 100 issuer audit clients, and therefore, in general, such firms are on a triennial inspection schedule. Nevertheless, such firms are some of the largest firms in the world and serve foreign private issuers that constitute some of the largest companies in the world, presenting significant risk to investors who purchase their securities on U.S. exchanges. The PCAOB faces risk that its inspection approach may not provide for adequate coverage in the inspections of these firms and, to the extent the PCAOB identifies potential violations of applicable audit and related professional practice standards or other applicable legal requirements by such firms or their associated persons, additional investigative resources could be required. Finally, whatever the size or location of a firm, changes in its operations also may affect the PCAOB’s inspections. For example, improvements, or shortcomings, in the internal operations of firms’ risk management and quality control could have an effect on the scope and focus of inspections. In addition, changes in firms’ use of technology may require changes in the way the PCAOB collects information during its inspections as well as changes in the PCAOB’s assessments of risk at such firms.

P a g e | 90



Auditing-related Initiatives by the Profession The International Auditing and Assurance Standards Board (“IAASB”) of the International Federation of Accountants and the American Institute of Certified Public Accountants’ (the “AICPA”) Auditing Standards Board (the “ASB”) provide forums through which auditors can share knowledge, expertise, and best practices in auditing. In contrast to the PCAOB, the IAASB and the ASB do not have direct regulatory authority to establish audit standards, or authority to monitor implementation or compliance with those standards, although a number of authorities have applied or adapted one or the other’s standards, to varying extents, as local regulatory or professional requirements. The PCAOB monitors the work of the IAASB and the ASB to leverage standards these organizations have developed. Staff time and other resources devoted to this monitoring has been considerable, and to the extent such initiatives expand, the PCAOB may require additional resources to continue its monitoring.

Risks Associated with Delays in PCAOB Disciplinary Process The Act requires that hearings associated with PCAOB disciplinary proceedings not be public, unless otherwise ordered by the Board for good cause and with the consent of the parties. The Act further prohibits any public report of a sanction against a firm pending appeal of the sanction to the Commission. These provisions prevent public disclosure of disciplinary actions by the PCAOB and thus provide an incentive for respondents to litigate disciplinary actions, which in turn could result in an inefficient use of PCAOB resources and delay important information about disciplinary sanctions, and how the PCAOB is applying applicable laws, rules and standards, from reaching the public, including registered firms and their associated persons.

P a g e | 91



Changes in Leadership and Human Capital Changes in the leadership of both the PCAOB and the SEC could affect the PCAOB’s programs and operations. In particular, three of five Board seats are expected to turn over in the near future, including the chairman. Such changes could result in additional changes in the PCAOB’s strategic goals, objectives and initiatives. Moreover, since the PCAOB’s inception, the SEC has experienced, and will continue to experience, changes in leadership, which could result in changes in the SEC’s oversight of the PCAOB and other policies related to the PCAOB. Among other things, such changes could involve changes in the PCAOB’s responsibilities, including new (or fewer) responsibilities. The PCAOB’s primary tools to maintain effective oversight of registered firms and associated persons while accommodating such changes in leadership are internal training, effective maintenance of historical records, a robust annual strategic planning process, and outreach. In addition to challenges related to changes in leadership, the PCAOB may experience other challenges related to hiring and maintaining the staff necessary to meet its goals and objectives. In the past, the PCAOB has faced constraints in hiring and retaining the staff it needs; in particular, the market for experienced accountants has been highly competitive. Another challenge is the lack of diversity in the accounting profession. In addition, while the current economic environment has provided some opportunity for the PCAOB to meet its hiring needs, it presents other challenges.

P a g e | 92



For example, economic conditions may affect qualified applicants’ willingness to relocate, and the PCAOB may need to evaluate further expanding its initiative to establish a presence in regions where it did not have a presence in the past. Opportunities for career progression and training at the PCAOB also bear directly on the PCAOB’s ability to attract and to retain experienced staff to enable the PCAOB to respond to environmental changes. In particular, as changes in the financial reporting environment emerge, the PCAOB will need to continually train its staff. Moreover, should the PCAOB’s responsibilities increase significantly on short notice, the PCAOB may need to change its recruiting approach in order to hire quickly and integrate a substantial number of additional program staff into the organization.

Technology The PCAOB is dependent on technology to support its programs and operations. For example, the PCAOB’s risk assessment program is heavily dependent on IT tools, including relational data analysis. Enhancements of IT tools, including tools designed to permit inputs based on evidence collected in inspections, as well as tools designed to improve delivery of analysis to programs, would significantly improve the effectiveness and efficiency of PCAOB programs. In addition, the PCAOB currently is implementing several large-scale technology projects, including a new Registration and Annual and Special Reporting System and an Inspection Information System. Such projects present special risks related to meeting program and budget goals.

P a g e | 93



In addition, given the rapid pace of technological change, the PCAOB could experience challenges in maintaining the effectiveness of its existing systems and technology infrastructure. PCAOB Release - CONSIDERATION OF REGISTRATION APPLICATIONS FROM PUBLIC ACCOUNTING FIRMS IN NON-U.S. JURISDICTIONS WHERE THERE ARE UNRESOLVED OBSTACLES TO PCAOB INSPECTIONS The Public Company Accounting Oversight Board ("PCAOB" or "Board") is issuing this release to provide notice of a development in its approach to registration applications from public accounting firms in non-U.S. jurisdictions where, because of asserted legal restrictions or objections of local authorities, the Board is denied access to information from PCAOB-registered firms that is necessary to inspect those firms.

Background Public companies, whether located in the United States or abroad, access U.S. capital markets by complying with certain U.S. legal requirements, including the requirement to periodically file audited financial statements with the U.S. Securities and Exchange Commission. Under the Sarbanes-Oxley Act of 2002 ("the Act"), the auditor of those financial statements – whether a U.S. auditor or a non-U.S. auditor – must be registered with the PCAOB, and the PCAOB must regularly inspect the firm to assess its compliance with U.S. law and professional standards in connection with those audits. These inspections are fundamental to the Board's ability to carry out its oversight responsibilities "in order to protect the interests of investors and further the public interest in the preparation of informative, accurate, and independent audit reports."(Section 101(a) of the Act.) Obstacles to those inspections frustrate the oversight system put in place by the Act and, in turn, threaten the public interest by impeding the

P a g e | 94



Board's ability to detect conduct that violates U.S. law and professional standards. In each year since 2005, the Board's inspection program has included inspections of PCAOB-registered firms in non-U.S. jurisdictions. In many of those jurisdictions, the PCAOB and local authorities in the non-U.S. jurisdiction have worked together to overcome potential impediments to PCAOB inspections, and in several of those jurisdictions PCAOB inspections have been conducted in coordination with inspections by local authorities. In some non-U.S. jurisdictions, however, asserted legal restrictions or objections of local authorities pose unresolved obstacles to PCAOB inspections. From 2004 to the present, the Board has approved registration applications of many firms in those jurisdictions without raising the inspection obstacle as a potential basis for disapproval. This practice was rooted in a belief that the PCAOB and authorities in those jurisdictions would, working cooperatively, overcome any obstacles to registered firms’ compliance with PCAOB inspection demands for documents and information, and would do so without undue delay relative to the inspection schedule mandated by the Act. [The registered firms that the Board is required to inspect in the affected jurisdictions are firms that the Act requires the Board to inspect at least once every three years, a frequency that is determined by reference to the number of issuers (i.e. companies whose securities trade in U.S. markets) whose financial statements filed with the SEC are audited by the firm. See Section 104(b)(1)(B) of the Act. The Act authorizes the Board to adjust that frequency requirement if the Board finds that doing so is consistent with the purposes of the Act, the public interest, and the protection of investors.

P a g e | 95



In 2008 and 2009, the Board adjusted the frequency requirement applicable to firms in jurisdictions where obstacles had not yet been overcome, but the Board did so both in the belief that progress was being made to overcome the obstacles and with a caveat that it would not make further schedule adjustments for firms in those jurisdictions. See PCAOB Release No. 2009-003 and PCAOB Release No. 2008-007 (cited in note 1 above).] The Board has tried for several years to negotiate arrangements with authorities in the affected jurisdictions to eliminate asserted obstacles to Board inspections, but obstacles persist in several jurisdictions. In some of those jurisdictions, there have been recent indications of progress, and the Board continues to try to work through the issues with the relevant foreign authorities. Currently, however, even the recent progress in some jurisdictions still leaves substantial uncertainty about whether and when PCAOB inspections of registered firms will be able to go forward. [For example, recently there has been progress in negotiations with the audit regulator in Switzerland. Further, on September 1, 2010, the European Commission adopted a decision recognizing the "adequacy" of the PCAOB for purposes of the European Union’s Statutory Audit Directive. This decision permits the individual Member State audit regulators to enter into bilateral arrangements with the PCAOB, subject to certain conditions. PCAOB is currently negotiating with several EU audit regulators and hopes to resolve the remaining obstacles to inspections.]

P a g e | 96



Consideration of Registration Applications In light of the length of time that has elapsed without successful resolution of the obstacles, and the continuing inability of the Board to inspect PCAOB-registered firms in some jurisdictions, the Board has re-evaluated its approach to new registration applications from firms in those jurisdictions. The Board has determined that its consideration of new applications from firms in those jurisdictions will no longer be premised on an expectation that those obstacles will be resolved without undue delay to any necessary PCAOB inspection of a firm. Accordingly, effective for all pending and future applications from firms in such jurisdictions, [The jurisdictions to which the approach described here applies may, and the Board expects will, change over time depending upon developments in particular jurisdictions] the Board, in addition to addressing any other issues raised by the application, will proceed as follows. Through a request for additional information pursuant to section 102(c)(1) of the Act and PCAOB Rule 2106(b)(i), the Board will ask the applicant to state its understanding of whether a PCAOB inspection of the firm would currently be allowed by local law or local authorities and, if the response is that the inspection would be allowed, to supply written confirmation of that point from the appropriate local regulatory authority. An applicant that receives such a request would have essentially three options. One option would be to allow its application to remain pending by not responding to the request until it was able to provide written confirmation from the appropriate local regulatory authority that an inspection would be allowed. A second option would be to withdraw its application.

P a g e | 97



The third option would be to respond by stating the firm's understanding that a PCAOB inspection of the firm would currently not be allowed by local law or local authorities. In the event the applicant chooses the third option, and its application is otherwise complete, the Board will issue a notice of hearing pursuant to PCAOB Rule 2106(b)(2)(ii) specifying as a proposed ground for disapproval of the application the obstacle to the Board’s ability to inspect the firm. A notice of hearing on the registration application would give the applicant an opportunity to elect to have a hearing on the question of whether, taking into account the obstacle to the Board's ability to inspect the firm, approval of the application would be consistent with the Board’s responsibilities under the Act to protect the interests of investors and to further the public interest in the preparation of informative, accurate, and independent audit reports. If an applicant receives a notice of hearing and neither elects a hearing nor withdraws its application, the application is disapproved on the basis of the grounds stated in the notice of hearing. [Under section 102(c)(2) of the Act, Board disapproval of a registration application is treated as a disciplinary sanction, and the applicant may seek Securities and Exchange Commission review of the disapproval.]

P a g e | 98



Sarbanes Oxley jobs and careers in 2011 Ten years after the Enron scandal, almost 9 years after the enactment of the Sarbanes Oxley Act, and there are so many great Sarbanes Oxley related jobs and careers in every corner of the world, from the States to Australia. It is interesting to Google "Sarbanes Oxley jobs", you will be surprised. I am very surprised with the average salary of these jobs, even far from the United States. For example, the 3-month moving average for salaries quoted in permanent IT jobs citing Sarbanes-Oxley within the UK is shown below.

Source: www.itjobswatch.co.uk/jobs/uk/sarbanes-oxley.do

Source: www.itjobswatch.co.uk/jobs/uk/sarbanes-oxley.do

http://www.itjobswatch.co.uk/jobs/uk/sarbanes-oxley.do

http://www.itjobswatch.co.uk/jobs/uk/sarbanes-oxley.do

P a g e | 99



The next chart provides the 3-month moving average for daily rates quoted in IT contract jobs citing Sarbanes-Oxley within the UK.

Source: www.itjobswatch.co.uk/contracts/uk/sarbanes-oxley.do

Interesting Job Descriptions Internal Audit/SOX Manager, NY-Manhattan Top 10 CPA firm, Compensation: $90,000 to $125,000 This individual will be responsible for planning, staffing, and executing Internal Audit and/or Sarbanes-Oxley Section 404 (SOX 404) projects, as well as support demand creation sales and proposal development. He / she will manage direct client project relationships and ensure high-quality delivery within the project confines of budget. He / she will provide oversight and quality assurance of various project deliverables, technical work, and oversee project leaders and teams. He / she will work directly with clients to communicate business and technical aspects of the work being performed. He / she will set performance expectations for all members of the project team and provide constructive performance feedback on a regular basis.

http://www.itjobswatch.co.uk/contracts/uk/sarbanes-oxley.do

P a g e | 100



He / she will be responsible for overall engagement economics of the projects, including budget status tracking, billing, and collection follow-up.

Interesting Job Descriptions Job Title: SOX IT Compliance Analyst The firm is looking for an IT SOX Compliance Consultant responsible for assisting in the execution of: (1) assisting with Sarbanes-Oxley/Attestation compliance for the Investment Department (2) preparation of investment compliance-related reporting to the companys Board of Directors, Investment Committee, and external parties such as the SEC, rating agencies, departments of insurance, etc., and 3) preparing special analyses as requested. Responsible for assisting the Investment Departments Information Technology (IT) and Compliance Groups in the preparation and administration of the Departments Sarbanes-Oxley/Attestation program. This includes management of process description documents, identification of key risks and controls, facilitation of test documentation and materials and the testing of controls within the Department

Interesting Job Descriptions Job Title: Sarbanes-Oxley/Risk Management Consultant Do you have extensive experience in managing Sarbanes-Oxley compliance and assessing risk in an internal audit environment? Our firm is proactively seeking a talented, highly motivated business professional to join our practice and to assist our local client on a Sarbanes-Oxley project.

P a g e | 101



As the consultant on this project, you will have the opportunity to oversee risk assessment strategies and tools, develop Sarbanes-Oxley plans, document business processes, design and execute testing strategies and assist in remediation efforts.

P a g e | 102



What is "internal control over financial reporting"? The final rules define "internal control over financial reporting" as: A process designed by, or under the supervision of, the registrant's principal executive and principal financial officers, or persons performing similar functions, and effected by the registrant's board of directors, management and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles and includes those policies and procedures that: (1)Pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the registrant; (2) Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the registrant are being made only in accordance with authorizations of management and directors of the registrant; and (3) Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the registrant's assets that could have a material effect on the financial statements. Following the general language defining internal control over financial reporting, clauses (1) and (2) include the internal control matters described in Section 103 of the Sarbanes-Oxley Act that the company's registered public accounting firm is required to evaluate in its audit or attestation report. This language is included to make clear that the assessment of management in its internal control report as to which the company's

P a g e | 103



registered public accounting firm will be required to attest and report specifically covers the matters referenced in Section 103. The definition also includes, in clause (3), explicit reference to assurances regarding use or disposition of the company's assets. This provision is specifically included to make clear that, for purposes of our definition, the safeguarding of assets is one of the elements of internal control over financial reporting and it addresses the supplementation of the COSO Framework after it was originally promulgated. In the absence of our change to the definition, the determination of whether control regarding the safeguarding of assets falls within a company's internal control over financial reporting currently could be subject to varying interpretation. Safeguarding of assets had been a primary objective of internal accounting control in SAS No. 1. In 1988, the ASB issued Statement of Auditing Standards No. 55 (codified as AU §319 in the Codification of Statements on Auditing Standards), which replaced AU §320. SAS No. 55 revised the definition of "internal control" and expanded auditors' responsibilities for considering internal control in a financial statement audit. The prior classification of internal control into the two categories of "internal accounting control" and "administrative control" was replaced with the single term "internal control structure," which consisted of three interrelated components--control environment, the accounting system and control procedures. Under this new definition, the safeguarding of assets was no longer a primary objective, but a subset of the control procedures component.

P a g e | 104



The COSO Report followed this shift in the iteration of safeguarding of assets. The COSO Report states that operations objectives "pertain to effectiveness and efficiency of the entity's operations, including performance and profitability goals and safeguarding resources against loss." However, the report also clarifies that safeguarding of assets can fall within other categories of internal control In 1994, COSO published an addendum to the Reporting to External Parties volume of the COSO Report. The addendum was issued in response to a concern expressed by some parties, including the U.S. General Accounting Office that the management reports contemplated by the COSO Report did not adequately address controls relating to safeguarding of assets and therefore would not fully respond to the requirements of the FCPA. In the addendum, COSO concluded that while it believed its definition of internal control in its 1992 report remained appropriate, it recognized that the FCPA encompasses certain controls related to safeguarding of assets and that there is a reasonable expectation on the part of some readers of management's internal control reports that the reports will cover such controls. The addendum therefore sets forth the following definition of the term "internal control over safeguarding of assets against unauthorized acquisition, use or disposition": Internal control over safeguarding of assets against unauthorized acquisition, use or disposition is a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the entity's assets that could have a material effect on the financial statements.

P a g e | 105



What is "Off-Balance Sheet Arrangement"? The definition of "off-balance sheet arrangement" primarily targets the means through which companies typically structure off-balance sheet transactions or otherwise incur risks of loss that are not fully transparent to investors. For example, in many cases, in order to facilitate a transfer of assets or otherwise finance the activities of an unconsolidated entity, a company must provide financial support designed to reduce risks to the entity or other third parties. That financial support may assume many different forms, such as financial guarantees, subordinated retained interests, keep well agreements, derivative instruments or other contingent arrangements that expose the registrant to continuing risks or material contingent liabilities. To appropriately capture these transactions, the definition of "off-balance sheet arrangement" includes any contractual arrangement to which an unconsolidated entity is a party, under which the registrant has: - Any obligation under certain guarantee contracts; - A retained or contingent interest in assets transferred to an unconsolidated entity or similar arrangement that serves as credit, liquidity or market risk support to that entity for such assets; - Any obligation under certain derivative instruments; - Any obligation under a material variable interest held by the registrant in an unconsolidated entity that provides financing, liquidity, market risk or credit risk support to the registrant, or engages in leasing, hedging or research and development services with the registrant.

P a g e | 106



1. Guarantees The definition of "off-balance sheet arrangements" addresses certain guarantees that may be a source of potential risk to a registrant's future liquidity, capital resources and results of operations, regardless of whether or not they are recorded as liabilities. The definition borrows concepts from U.S. GAAP in order to identify the types of guarantee contracts for which disclosure is required. The references to U.S. GAAP apply regardless of the particular GAAP under which a registrant presents its primary financial statements. The first element of the definition refers to any obligation under a guarantee contract that has any of the characteristics identified in paragraph 3 of FIN 45 (FASB Interpretations), and that is not excluded from the initial recognition and measurement provisions of FIN 45.82 Paragraph 3 of FIN 45 includes within its scope any contract with one or more of the following four characteristics: Contracts that contingently require the guarantor to make payments to the guaranteed party based on changes in an "underlying" that is related to an asset, a liability or an equity security of the guaranteed party (e.g., a financial standby letter of credit, a market value guarantee, a guarantee of the market price of the common stock of the guaranteed party or a guarantee of the collection of the scheduled contractual cash flows from individual financial assets held by an SPE); Contracts that contingently require the guarantor to make payments to the guaranteed party based on another entity's failure to perform under an obligating agreement (e.g., a performance guarantee); Indemnification agreements (contracts) that contingently require the indemnifying party (guarantor) to make payments to the indemnified party (guaranteed party) based on changes in an underlying that is related to an asset, a liability or an equity security of the indemnified party (e.g., an adverse judgment in a lawsuit or the imposition of

P a g e | 107



additional taxes due to either a change in the tax law or an adverse interpretation of the tax law); or Indirect guarantees of the indebtedness of others, which arise under an agreement that obligates one entity to transfer funds to a second entity upon the occurrence of specified events, under conditions whereby (a) The funds become legally available to creditors of the second entity and (b) Those creditors may enforce the second entity's claims against the first entity under the agreement (e.g., keepwell agreements). The definition of "off-balance sheet arrangement" is designed so that a registrant's application of FIN 45 will provide the basis for determining the guarantee contracts that are subject to disclosure under the amendments. Paragraphs 6 and 7 of FIN 45 exclude certain guarantee contracts from the recognition and measurements provisions of FIN 45. These exclusions also will apply to the definition of "off-balance sheet arrangements" in the amendments.

2. Retained or Contingent Interests As an alternative to guarantee contracts, companies may structure and facilitate off-balance sheet arrangements by retaining an interest in assets transferred to an unconsolidated entity. For example, a subordinated retained interest in a pool of receivables transferred to an unconsolidated entity can provide credit support to the entity by cushioning the senior interests in the event that a portion of the receivables becomes uncollectible. In this event, the value of the retained interest can decline and can therefore have a material effect on a registrant's financial condition.

P a g e | 108



Accordingly, the second element of the definition of "off-balance sheet arrangements" includes retained or contingent interests in assets transferred to an unconsolidated entity or similar arrangements that serve as credit, liquidity or market risk support to such entity for such assets.

3. Certain Derivative Instruments Similar to guarantees or retained interests, certain derivative instruments have been used in structuring off-balance sheet arrangements. For example, a registrant may issue or hold derivative instruments that are indexed to its stock and classified as stockholders' equity under GAAP. The impact of those derivative instruments often is not transparent to investors because those derivative instruments are classified as equity and subsequent changes in fair value may not be periodically recognized in the financial statements. Therefore, the third element of the definition includes those derivative instruments to better apprise investors of their impact. The definition for registrants whose financial statements are prepared in accordance with U.S. GAAP includes derivative instruments that are excluded from SFAS No. 133 pursuant to paragraph 11a of that Statement. Similarly, the definition for registrants whose financial statements are prepared in accordance with a non-U.S. GAAP includes any obligation under a derivative instrument that is both indexed to the registrant's own stock and classified in stockholders' equity, or not reflected, in the registrant's statement of financial position.

P a g e | 109



4. Variable Interests The fourth element of the definition includes any obligation, including a contingent obligation, arising out of a material variable interest held by the registrant in an unconsolidated entity, where such entity provides financing, liquidity, market risk or credit risk support to, or engages in leasing, hedging or research and development services with, the registrant. We intend for this element of the definition to be consistent with the concept of a "variable interest" that is included in the recently issued FASB Interpretation No. 46 ("FIN 46"). The term "variable interest" is defined in FIN 46 as "contractual, ownership, or other pecuniary interests in an entity that change with changes in the entity's net asset value." In other words, variable interests are investments or other interests that will absorb a portion of an entity's expected losses if they occur or receive portions of the entity's expected residual returns if they occur. To apply this element of the definition, a registrant must assess the variable interests it holds in the specified unconsolidated entities regardless of whether the entity is deemed to be a "variable interest entity" pursuant to paragraph 5 of FIN 46. To focus the disclosure on the most crucial off-balance sheet arrangements, however, the definition only applies to variable interests, that are material to the registrant, in entities that provide financing, liquidity, market risk or credit risk support to the registrant, or engage in leasing, hedging or research and development services with the registrant.

P a g e | 110



PCAOB Enters into Cooperative Agreement with United Kingdom Audit Regulator We have the first cooperative agreement that the PCAOB has concluded since the passage of the Dodd–Frank Wall Street Reform and Consumer Protection Act, which amended the Sarbanes-Oxley Act to permit the PCAOB to share confidential information with its non-U.S. counterparts under certain conditions. Washington, D.C., Jan. 10, 2011 - The Public Company Accounting Oversight Board entered into a cooperative agreement with the Professional Oversight Board in the United Kingdom to facilitate cooperation in the oversight of auditors and public accounting firms that practice in the two regulators’ respective jurisdictions. This agreement provides a basis for the resumption of PCAOB inspections of registered accounting firms that are located in the United Kingdom and that audit, or participate in audits, of companies whose securities trade in U.S. markets. The PCAOB previously conducted inspections in the United Kingdom with the POB from 2005 to 2008, but has been blocked from doing so since that time. Acting PCAOB Chairman Daniel L. Goelzer welcomed the arrangement, which will lay the foundation for the PCAOB and POB to work together to promote public trust in the audit process and investor confidence in capital markets. "The POB and the PCAOB both are committed to investor protection and to having a strong working relationship with each other," said PCAOB Acting Chairman Daniel L. Goelzer. "I am pleased that we have overcome the obstacles that have prevented PCAOB inspections in the United Kingdom since 2008. Investors in U.S.-listed companies increasingly rely on audit work performed outside the borders of the United States.

P a g e | 111



Agreements like this one open the door for us to inspect that work and are essential to the Board’s investor protection mission." This is the first cooperative agreement that the PCAOB has concluded since the passage of the Dodd–Frank Wall Street Reform and Consumer Protection Act, which amended the Sarbanes-Oxley Act to permit the PCAOB to share confidential information with its non-U.S. counterparts under certain conditions. That amendment removed one of the obstacles to PCAOB inspections asserted by European and certain other officials. "This agreement reflects our important relationship with the POB and serves as an example of cross-border cooperation between the PCAOB and its counterparts abroad. We look forward to resuming our work with the POB in the United Kingdom and to assisting the POB should it conduct inspections in the United States," said Rhonda Schnare, PCAOB Director of International Affairs. "We are currently working with other oversight bodies in several non-U.S. jurisdictions to establish similar cooperative arrangements," she added. The Sarbanes-Oxley Act directed the PCAOB to oversee and periodically inspect all accounting firms that regularly audit companies whose securities trade in U.S. markets. More than 890 audit firms currently registered with the PCAOB are located outside of the United States, spanning 87 countries. There are 59 registered firms located in the United Kingdom.

P a g e | 112



Congressional Oversight Panel Examining the Consequences of Mortgage Irregularities for Financial Stability and Foreclosure Mitigation In the fall of 2010, reports began to surface alleging that companies servicing $6.4 trillion in American mortgages may have bypassed legally required steps to foreclose on a home. Employees or contractors of Bank of America, GMAC Mortgage, and other major loan servicers testified that they signed, and in some cases backdated, thousands of documents claiming personal knowledge of facts about mortgages that they did not actually know to be true. Allegations of “robo-signing” are deeply disturbing and have given rise to ongoing federal and state investigations. At this point the ultimate implications remain unclear. It is possible, however, that “robo-signing” may have concealed much deeper problems in the mortgage market that could potentially threaten financial stability and undermine the government's efforts to mitigate the foreclosure crisis. Although it is not yet possible to determine whether such threats will materialize, the Panel urges Treasury and bank regulators to take immediate steps to understand and prepare for the potential risks. In the best-case scenario, concerns about mortgage documentation irregularities may prove overblown. In this view, which has been embraced by the financial industry, a handful of employees failed to follow procedures in signing foreclosure-related affidavits, but the facts underlying the affidavits are demonstrably accurate. Foreclosures could proceed as soon as the invalid affidavits are replaced with properly executed paperwork.

P a g e | 113



The worst-case scenario is considerably grimmer. In this view, which has been articulated by academics and homeowner advocates, the “robo-signing” of affidavits served to cover up the fact that loan servicers cannot demonstrate the facts required to conduct a lawful foreclosure. In essence, banks may be unable to prove that they own the mortgage loans they claim to own. The risk stems from the possibility that the rapid growth of mortgage securitization outpaced the ability of the legal and financial system to track mortgage loan ownership. In earlier years, under the traditional mortgage model, a homeowner borrowed money from a single bank and then paid back the same bank. In the rare instances when a bank transferred its rights, the sale was recorded by hand in the borrower's county property office. Thus, the ownership of any individual mortgage could be easily demonstrated. Nowadays, a single mortgage loan may be sold dozens of times between various banks across the country. In the view of some market participants, the sheer speed of the modern mortgage market has rendered obsolete the traditional ink-and-paper recordation process, so the financial industry developed an electronic transfer process that bypasses county property offices. This electronic process has, however, faced legal challenges that could, in an extreme scenario, call into question the validity of 33 million mortgage loans. Further, the financial industry now commonly bundles the rights to thousands of individual loans into a mortgage-backed security (MBS).

P a g e | 114



The securitization process is complicated and requires several properly executed transfers. If at any point the required legal steps are not followed to the letter, then the ownership of the mortgage loan could fall into question. Homeowner advocates have alleged that frequent “robo-signing” of ownership affidavits may have concealed extensive industry failures to document mortgage loan transfers properly. If documentation problems prove to be pervasive and, more importantly, throw into doubt the ownership of not only foreclosed properties but also pooled mortgages, the consequences could be severe. Clear and uncontested property rights are the foundation of the housing market. If these rights fall into question, that foundation could collapse. Borrowers may be unable to determine whether they are sending their monthly payments to the right people. Judges may block any effort to foreclose, even in cases where borrowers have failed to make regular payments. Multiple banks may attempt to foreclose upon the same property. Borrowers who have already suffered foreclosure may seek to regain title to their homes and force any new owners to move out. Would-be buyers and sellers could find themselves in limbo, unable to know with any certainty whether they can safely buy or sell a home. If such problems were to arise on a large scale, the housing market could experience even greater disruptions than have already occurred, resulting in significant harm to major financial institutions.

P a g e | 115



For example, if a Wall Street bank were to discover that, due to shoddily executed paperwork, it still owns millions of defaulted mortgages that it thought it sold off years ago, it could face billions of dollars in unexpected losses. Documentation irregularities could also have major effects on Treasury's main foreclosure prevention effort, the Home Affordable Modification Program (HAMP). Some servicers dealing with Treasury may have no legal right to initiate foreclosures, which may call into question their ability to grant modifications or to demand payments from homeowners. The servicers' use of “robo-signing” may also have affected determinations about individual loans; servicers may have been more willing to foreclose if they were not bearing the full costs of a properly executed foreclosure. Treasury has so far not provided reports of any investigation as to whether documentation problems could undermine HAMP. It should engage in active efforts to monitor the impact of foreclosure irregularities, and it should report its findings to Congress and the public. In addition to documentation concerns, another problem has arisen with securitized mortgage loans that could also threaten financial stability. Investors in mortgage-backed securities typically demanded certain assurances about the quality of the loans they purchased: for instance, that the borrowers had certain minimum credit ratings and income, or that their homes had appraised for at least a minimum value. Allegations have surfaced that banks may have misrepresented the quality of many loans sold for securitization.

P a g e | 116



Banks found to have provided misrepresentations could be required to repurchase any affected mortgages. Because millions of these mortgages are in default or foreclosure, the result could be extensive capital losses if such repurchase risk is not adequately reserved. To put in perspective the potential problem, one investor action alone could seek to force Bank of America to repurchase and absorb partial losses on up to $47 billion in troubled loans due to alleged misrepresentations of loan quality. Bank of America currently has $230 billion in shareholders' equity, so if several similar-sized actions – whether motivated by concerns about underwriting or loan ownership – were to succeed, the company could suffer disabling damage to its regulatory capital. It is possible that widespread challenges along these lines could pose risks to the very financial stability that the Troubled Asset Relief Program was designed to protect. Treasury has claimed that based on evidence to date, mortgage-related problems currently pose no danger to the financial system, but in light of the extensive uncertainties in the market today, Treasury's assertions appear premature. Treasury should explain why it sees no danger. Bank regulators should also conduct new stress tests on Wall Street banks to measure their ability to deal with a potential crisis. The Panel emphasizes that mortgage lenders and securitization servicers should not undertake to foreclose on any homeowner unless they are able to do so in full compliance with applicable laws and their contractual agreements with the homeowner. The American financial system is in a precarious place.

P a g e | 117



Treasury's authority to support the financial system through the Troubled Asset Relief Program has expired, and the resolution authority created by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 remains untested. The 2009 stress tests that evaluated the health of the financial system looked only to the end of 2010, providing little assurance that banks could withstand sharp losses in the years to come. The housing market and the broader economy remain troubled and thus vulnerable to future shocks. In short, even as the government's response to the financial crisis is drawing to a close, severe threats remain that have the potential to damage financial stability.

P a g e | 118



PCAOB STAFF AUDIT PRACTICE ALERT NO. 7 - AUDITOR CONSIDERATIONS OF LITIGATION AND OTHER CONTINGENCIES ARISING FROM MORTGAGE AND OTHER LOAN ACTIVITIES Staff Audit Practice Alerts highlight new, emerging, or otherwise noteworthy circumstances that may affect how auditors conduct audits under the existing requirements of PCAOB standards and relevant laws. Auditors should determine whether and how to respond to these circumstances based on the specific facts presented. The statements contained in Staff Audit Practice Alerts are not rules of the Board and do not reflect any Board determination or judgment about the conduct of any particular firm, auditor, or any other person.

Background In the fall of 2010, allegations surfaced that banks may have misrepresented the quality of mortgages sold and that those banks could be required to repurchase the affected mortgages. Additional allegations have been made that companies servicing $6.4 trillion in American mortgages may have bypassed legally required steps to foreclose on homes Some of these practices could result in loss contingencies for certain financial institutions that may require recognition of liabilities or disclosure in financial statements. The situation remains fluid, with estimates of potential costs associated with foreclosure irregularities and mortgage repurchases ranging from "manageable" to an exposure for the industry of up to $52 billion.

P a g e | 119



Some experts have acknowledged scenarios in which the title and legal documentation problems related to foreclosures could lead to significant effects on banks' balance sheets. Numerous federal and state agencies are coordinating their efforts to review practices that may not comply with state foreclosure laws or applicable federal laws and to provide for better disclosures and improve transparency in the securitization market. As part of the efforts to provide for better disclosures, in October 2010, the United States Securities and Exchange Commission's (“SEC”) Division of Corporation Finance sent letters to certain public companies as a reminder of their disclosure obligations with respect to their forthcoming quarterly reports on Form 10-Q and subsequent filings. The letters highlighted continued concerns about potential risks and costs associated with mortgage and foreclosure-related activities or exposures. The sample letter posted to the SEC Web site stated that companies should consider certain items for disclosure, including, without limitation, “the impact of various representations and warranties regarding mortgages made to purchasers of the mortgages (or to purchasers of mortgagebacked securities) including to the government-sponsored entities (GSEs), private-label mortgage-backed security (MBS) investors, financial guarantors and other whole loan purchasers.” The letters further reminded companies of the requirements for disclosures in Management's Discussion and Analysis for Forms 10-Q and 10-K under Item 303 of Regulation S-K and for accruing and disclosing loss contingencies in the financial statements under the Financial Accounting Standards Board's ("FASB") Accounting Standards Codification ("ASC") Topic 450, Contingencies, Subtopic 450-20.

P a g e | 120



Companies were reminded that, as appropriate, they should consider the need to accrue loss contingencies and to provide clear and transparent disclosure regarding obligations relating to the various representations and warranties that were made in connection with securitization activities and whole loan sales, and to discuss any implications of any foreclosure reviews, including potential delays in completing foreclosures. The letters cautioned companies to consider a number of matters when preparing their quarterly and subsequent filings (e.g., litigation risks and uncertainties related to any known or alleged defects in the securitization process, including any potential defects in mortgage documentation or in the assignment of the mortgages). The letter also cautioned that some of these issues are not limited to financial institutions. This practice alert advises auditors that the potential risks and costs associated with mortgage and foreclosure-related activities or exposures, such as those discussed in the SEC staff letters, could have implications for audits of financial statements or of internal control over financial reporting. These implications might include accounting for litigation or other loss contingencies and the related disclosures. Auditors should consider the effect of these matters during their reviews of interim financial information, year-end audits, and attestation engagements on assessments of compliance with servicing criteria. Staff Audit Practice Alert No. 3, Audit Considerations in the Current Economic Environment ("Practice Alert No. 3"), was issued in December 2008 to assist auditors in identifying matters related to the current economic environment that might affect audit risk and require additional emphasis.

P a g e | 121



Among other things, Practice Alert No. 3 provides auditors with information on selected financial reporting areas, including contingencies and guarantees that may be affected by the economic environment, and reminds auditors of the requirements regarding accounting estimates. Audit risks that existed in December 2008 with respect to contingencies and guarantees, as well as potential other issues, continue to exist today. These audit risks potentially affect the risk of material misstatement, as evidenced by recent concerns regarding problematic foreclosures and asserted claims or potential litigation relating to representations and warranties made in connection with securitizations or whole loan sales. Auditors may need to consider the possible effects that these issues might have on the nature, timing, and extent of planned audit procedures.

Matters for the auditor’s consideration In light of continued concerns about potential risks and costs associated with mortgage and foreclosure-related activities or exposures, this practice alert reminds auditors of their responsibilities with respect to auditing loss contingencies, disclosures, and other related topics.

Auditing Litigation, Claims, and Assessments

Companies that may be affected by mortgage and foreclosure-related activities or exposures may need to accrue for or provide disclosures relating to legal contingencies. AU sec. 337, Inquiry of a Client's Lawyer Concerning Litigation, Claims, and Assessments, establishes requirements with respect to litigation, claims, and assessments. This standard states that in order to identify litigation, claims, and assessments, and to become satisfied with the accounting and reporting

P a g e | 122



of such matters, the auditor should gather sufficient and appropriate audit evidence relevant to the following factors: • The existence of a condition, situation, or set of circumstances indicating an uncertainty as to the possible loss to an entity arising from litigation, claims, and assessments; • The period in which the underlying cause for legal action occurred; • The degree of probability of an unfavorable outcome; and • The amount or range of potential loss. AU sec. 337 discusses the procedures the auditor should perform regarding litigation, claims, and assessments and also states that although certain audit procedures may be undertaken for other purposes, they might also disclose litigation, claims, and assessments (e.g., reading minutes of meetings of stockholders, directors, and appropriate committees held during and subsequent to the period being audited; reading contracts, loan agreements, leases, and correspondence from taxing or other governmental agencies; or inspecting similar documents). Further, the auditor should obtain a letter from the client's lawyer to assist the auditor in corroborating the information furnished by management concerning litigation, claims, and assessments.

Auditing Accounting Estimates Companies involved in mortgage and foreclosure-related activities may need to estimate and accrue amounts for other potential loss contingencies including those related to various representations and warranties. AU sec. 342, Auditing Accounting Estimates, establishes requirements regarding obtaining and evaluating sufficient appropriate audit evidence for accounting estimates.

P a g e | 123



In auditing accounting estimates, the auditor normally should consider the company's historical experience in making past estimates as well as the auditor's experience in auditing companies in the same industry. However, changes in facts, circumstances, or a company's procedures may cause factors different from those considered in the past to become significant to the accounting estimate. For example, a company's historical experience relating to repurchasing loans sold into securitization structures may not be indicative of future trends in that area. According to AU sec. 342, when planning and performing procedures to evaluate the reasonableness of the company’s accounting estimates, the auditor should consider, with an attitude of professional skepticism, the subjective and objective factors included in the estimate. When evaluating accounting estimates relating to mortgage loan repurchase losses, such factors may include, among others, estimated levels of defects based on the company's review or experience, default expectations, investor repurchase demand, or appeal success rates.

Evaluating Financial Statement Presentation and Disclosure Information essential for a fair presentation in conformity with generally accepted accounting principles should be set forth in the financial statements (which include the related notes). When such information is set forth elsewhere in a report to shareholders "it should be referred to in the financial statements." If management omits from the financial statements, including the accompanying notes, information that is required by generally accepted accounting principles, the auditor should express a qualified or adverse opinion and should provide the information in the audit report, if practicable.

P a g e | 124



In addition, the auditor should read the other information accompanying the interim and annual financial statements contained in reports filed with the SEC, including the Management's Discussion and Analysis of Financial Condition and Results of Operations sections of annual reports and other filings. The auditor should consider whether that information or the manner of its presentation is materially inconsistent with the financial statements. If the auditor concludes that there is a material inconsistency or becomes aware of information that he or she believes is a material misstatement of fact, the auditor should determine if the financial statements, the audit report, or both, require revision. If the auditor concludes that the financial statements or audit report do not require revision, the auditor should request the company to revise the other information. FASB ASC Topic 450, Contingencies, Subtopic 450-20 requires that when a loss is not both probable and estimable, an accrual is not recorded, but disclosure of the contingency is required to be made when a loss is not both probable and estimable, an accrual is not recorded, but disclosure of the contingency is required to be made when there is at least a reasonable possibility that a loss or an additional loss has been incurred. Companies involved in mortgage and foreclosure-related activities or exposures may need to establish new disclosures or enhance existing disclosures regarding litigation and other contingencies or estimates. For example, companies that sold or securitized loans but may not have complied with representations and warranties may be at risk of being forced to repurchase such loans. These companies may need to disclose or enhance their existing disclosures regarding the nature, timing, and uncertainty of their potential exposures as additional claims arise and are resolved.

P a g e | 125



Communication with Audit Committees To the extent potential risks and costs associated with mortgage and foreclosure related activities or exposures are identified, auditors are reminded of their responsibility to communicate with the audit committee. AU sec. 380, Communication With Audit Committees, includes requirements regarding communications relating to management judgments and accounting estimates. Other communication with the audit committee includes such matters as the clarity and completeness of the company's financial statements, which include related disclosures and a discussion of items that have a significant impact on the representational faithfulness, verifiability, and neutrality of the accounting information included in the financial statements. For example, in appropriate circumstances, this discussion would include the auditor's view on disclosures relating to representations and warranties that were made in connection with securitization activities.

Reviewing Interim Financial Information The objective of a review of interim financial information is to provide the auditor with a basis for communicating whether he or she is aware of any material modifications that should be made to the interim financial information for it to conform with generally accepted accounting principles. AU sec. 722, Interim Financial Information, requires the auditor to make inquiries regarding unusual or complex situations that may have an effect on the interim information. These situations may include changes in estimated loss contingencies as well as trends and developments affecting accounting estimates.

P a g e | 126



If information obtained from performing review procedures leads the auditor to believe that the interim financial information may not be in conformity with generally accepted accounting principles in all material respects, the auditor should make additional inquiries or perform other procedures considered appropriate to provide a basis for communicating whether any material modifications should be made to the interim financial information. AU sec. 722 provides additional requirements in cases where the auditor believes that a material modification should be made to the interim financial information.

Ongoing Audit Considerations As additional information is determined in future periods regarding the potential risks and costs associated with mortgage and foreclosure-related activities or exposures, auditors planning or performing an audit should acquire a sufficient understanding to assess how the additional information affects the nature and potential magnitude of the associated risks. Auditors should modify the overall audit strategy and the audit plan as necessary if circumstances change significantly during the course of the audit, including changes due to a revised assessment of the risks of material misstatement or the discovery of a previously unidentified risk of material misstatement. Accordingly, auditors may need to consider, e.g., how documentation issues in the loan origination process at a bank affect the auditors' initial risk assessment, overall audit strategy and the audit plan. Risks of material misstatement can arise from a variety of sources, including external factors, including conditions in the company's industry and environment and company-specific factors, such as the nature of the company, its activities, and internal control over financial reporting which can affect the judgments involved in determining

P a g e | 127



accounting estimates or create pressures to manipulate the financial statements to achieve certain financial targets. In an integrated audit, many factors can affect the risk associated with a control including the design of the control, nature of the control and the frequency with which it operates as well as the competence of the personnel who perform the control or monitor its performance and whether there have been changes in key personnel who perform the control or monitor its performance. Accordingly, an increase in the volume of foreclosures or loan repurchases could affect the risks associated with related controls.

Attestation Reports on Assessments of Compliance with Servicing Criteria Section 1122 of the SEC's Regulation AB requires an attestation report by a registered public accounting firm on a servicer's assessment of compliance with servicing criteria. These criteria include, among other things, maintaining collateral or security on pool assets as required by the transaction agreements or related pool asset documents; and initiating, conducting, and concluding loss mitigation or recovery actions in accordance with the timeframes or other requirements established by the transaction agreements. In adopting Regulation AB, the SEC provided that AT sec. 601, Compliance Attestation, applies to the preparation of these attest reports and generally requires that, in assessing whether the servicer has complied with the criteria, an auditor should consider risk factors similar to those an auditor would consider when planning an audit of financial statements, as well as factors relevant to the compliance engagement. For example, in assessing risk, the auditor considers whether the servicer or its parent has identified noncompliance as part of an internal investigation, internal audit, or other compliance review.

P a g e | 128



PCAOB Issues Concept Release on Auditor's Reporting Model Washington, D.C., June 21, 2011 The Public Company Accounting Oversight Board today issued a concept release to discuss alternatives for changing the auditor's reporting model. The Board also announced that it will convene a public roundtable to discuss the concept release in the third quarter of 2011. "The concept release we issue today represents a significant step for investor protection in response to the financial crisis, and a first step toward a holistic consideration of reforms designed to foster the relevance, transparency and reliability of the audit process," said James R. Doty, PCAOB chairman. The Board is seeking comment on alternatives and other matters presented in the concept release regarding possible enhancements in the auditor's reporting model. The auditor's report is the primary means by which the auditor communicates to investors and other financial statement users about information regarding the audit of the financial statements. "The auditor is in a unique position to provide relevant and useful information, because of the auditor's extensive knowledge of the

company and as an independent third-party,’ said Martin F. Baumann, PCAOB Chief Auditor and Director of Professional Standards. "The concept release explores ways to expand the auditor's communication in the auditor's report about the audit and the company's financial statements." The concept release presents several alternatives for changing the auditor's reporting model and is seeking specific comment on these or other alternatives that could provide investors with more transparency in the audit process and more insight into the company's financial

P a g e | 129



statements or other information outside the financial statements. These alternatives include: An auditor's discussion and analysis; Required and expanded use of emphasis paragraphs; Auditor assurance on other information outside the financial statements; and, Clarification of language in the standard auditor's report The current release seeks public comment on alternatives for amendments to, or the development of new, auditing standards that would supersede the Board's current standards on the auditors' report. The Board also today released a fact sheet that provides a summary of the matters included in the concept release. Earlier this year, PCAOB staff reached out to investors, auditors, preparers of financial statements, audit committee members, and other interested parties to seek their views on potential changes to the auditor's report. The staff reported its findings to the Board on March 22. Comments on the concept release are due Sept. 30, 2011. Additional details about the roundtable discussion on the auditor's reporting model concept release will be announced at a later date.

P a g e | 130



SEC Proposes Rules Requiring Listing Standards for Compensation Committees and Compensation Consultant Washington, D.C., March 30, 2011 – The Securities and Exchange Commission today voted unanimously to propose rules directing the national securities exchanges to adopt certain listing standards related to the compensation committee of a company‘s board of directors as well as its compensation advisers, as required by the Dodd-Frank Wall Street Reform and Consumer Protection Act. In 2010, Congress passed the Dodd-Frank Act that among other things sought to address issues regarding the compensation that companies pay their executives. Section 952 of the Act addresses the compensation committees formed by corporate boards as well as the compensation advisers that these committees retain. In particular, this provision requires the SEC to direct the exchanges to

adopt certain ‘listing standards’ relating to the independence of the members on a compensation committee, the committee‘s authority to retain compensation advisers, and the committee‘s responsibility for the appointment, compensation and work of any compensation adviser. Once an exchange‘s new listing standards are in effect, a listed company must meet these standards in order for its shares to continue trading on that exchange. In addition, the provision requires each company to disclose in its proxy material for an annual meeting of shareholders whether its board‘s compensation committee retained or obtained the advice of a compensation consultant. The provision also requires a company to disclose whether the work of the compensation consultant has raised any conflict of interest and, if so, the nature of the conflict and how the conflict is being addressed. Requirements of the Proposed Rule.

P a g e | 131



Independence of Compensation Committee Member Under the SEC‘s proposal, the exchanges would be required to adopt listing standards that require each member of a company‘s compensation committee to be a member of the board of directors and to be independent. In developing a definition of independence, the exchanges would be required to consider such factors as: The sources of compensation of a director, including any consulting, advisory or compensatory fee paid by the company to such member of the board of directors. Whether a member of the board of directors of a company is affiliated with the company, a subsidiary of the company, or an affiliate of a subsidiary of the company. As with all listing standards, exchanges would need to seek the approval of the SEC before adopting them.

Authority and Funding of the Compensation Committe The proposed rules would require the exchanges to adopt listing standards providing that the compensation committee of a listed company: May, in its sole discretion, retain or obtain the advice of a compensation adviser. Is directly responsible for the appointment, payment and oversight of compensation advisers. Must be appropriately funded by the listed company.

P a g e | 132



Compensation Adviser Selection The proposed rules also would require the exchanges to adopt listing standards providing that a compensation committee may select a compensation consultant, legal counsel or other adviser only after considering the following five independence factors: Whether the compensation consulting company employing the compensation adviser is providing any other services to the company. How much the compensation consulting company who employs the compensation adviser has received in fees from the company, as a percentage of that person‘s total revenue. What policies and procedures have been adopted by the compensation consulting company employing the compensation adviser to prevent conflicts of interest. Whether the compensation adviser has any business or personal relationship with a member of the compensation committee. Whether the compensation adviser owns any stock of the company. The exchanges themselves could impose additional considerations.

Exemption As directed by the statute, the proposed rules would require the exchanges to exempt the following five categories of companies from the compensation committee independence requirements: Controlled companies. Limited partnerships. Companies in bankruptcy proceedings.

P a g e | 133



Open-end management investment companies registered under the Investment Company Act of 1940. Any foreign private issuer that discloses in its annual report the reasons that the foreign private issuer does not have an independent compensation committee. In addition, the proposed rules would authorize the exchanges to exempt a particular relationship from the independence requirements applicable to compensation committee members. The proposed rules also would authorize the exchanges to exempt any category of company from all of the requirements of the new compensation committee listing standards. The proposed rules would exempt controlled companies from all of the requirements of the new compensation committee listing standards. As with all listing standards, the exchanges would need to seek the approval of the SEC before adopting any exemptions.

Compensation Consultant Conflicts of Interest Disclosure Exchange Act registrants subject to the federal proxy rules are already required to disclose information about their use of compensation consultants, including specific information about fees paid to consultants that the SEC added in late 2009. The proposed rules would modify existing rules to require disclosure about whether: The compensation committee has retained or obtained the advice of a compensation consultant. The work of the compensation consultant has raised any conflict of interest and, if so, the nature of the conflict and how the conflict is being addressed.

P a g e | 134



The proposed rules also would eliminate the current disclosure exception for services that are limited to consulting on broad-based plans and the provision of non-customized benchmark data, but would retain the fee disclosure requirements, including the exemptions from those requirements.

P a g e | 135



The Statement on Standards for Attestation Engagements (SSAE) No. 16 For many years (since April 1992), third-party service organizations need a Statement on Auditing Standards (SAS) No. 70 in order to provide evidence that they have effective internal controls. It is time to do more: To consider the Statement on Standards for Attestation Engagements (SSAE) No. 16. In April 2010, the American Institute of Certified Public Accountants (AICPA) published the new Standard, SSAE No. 16, which supersedes the SAS 70 for performing an examination of a service organization's controls and processes. In fact the AICPA has launched a new resource dedicated to Service Organization Control (SOC) Reporting including the new SSAE 16 Standard In SSAE No. 16, the entity that outsources a task or function is known as a user entity, and the entity that performs a service for user entities is known as a service organization. An example of a service organization is an investment adviser that invests assets for user entities, maintains the accountability for those assets, and provides statements to user entities that contain information that is incorporated in the user entities’ financial statements, for example, the fair value of exchange traded securities, or dividend and interest income. Another example of a service organization is a data center that provides applications and technology that enable user entities to process financial transactions. In SSAE No. 16, an auditor who audits the financial statements of a user entity is known as a user auditor.

P a g e | 136



In auditing a user entity’s financial statements, the user auditor needs to obtain evidence to support assertions in the user entity’s financial statements that are affected by information provided by the service organization. In some cases, the user entity is able to implement controls at the user entity over the service performed by the service organization. In other cases, the user entity relies on the service organization to initiate, execute, and record the transactions. In the latter case it may be necessary for a user auditor to obtain information about the effectiveness of controls at the service organization that affect the quality of the information provided to user entities. The user auditor could visit the service organization and test the service organization’s controls that are relevant to the user entity’s internal control over financial reporting . However, because many entities use the service organization, a number of user auditors may visit the service organization, require the assistance of service organization personnel, and disrupt the business of the service organization. Another alternative is for the service organization to: (1) Prepare a description of the service organization’s system, including the control objectives and related controls that are likely to be relevant to user entities’ internal control over financial reporting, and (2) Engage a service auditor to report on the fairness of the presentation of the description, the suitability of the design of the controls, and in certain engagements, the operating effectiveness of the controls. That report, including the description of the system, can be used by all the user auditors to obtain information about the controls at the service

P a g e | 137



organization that are relevant to the user entities’ internal control over financial reporting.

Two Types of Engagements SSAE No. 16 contains the requirements and guidance for a service auditor reporting on a service organization’s controls. It enables a service auditor to perform two types of engagements: A type 2 engagement in which the service auditor reports on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period. A type 1 engagement in which the service auditor reports on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.

Changes Introduced by SSAE No. 16 The following are some changes in the requirements for a service auditor’s engagement introduced by SSAE No. 16: 1. The service auditor is required to obtain a written assertion from management of the service organization about the subject matter of the engagement. For example, for a type 2 engagement, the service auditor would obtain a written assertion by management about whether in all material respects, and based on suitable criteria - Management’s description of the service organization’s system fairly presents the service organization’s system that was designed and implemented throughout the specified period,

P a g e | 138



- The controls related to the control objectives stated in management’s description of the service organization’s system were suitably designed throughout the specified period to achieve those control objectives, and - The controls related to the control objectives stated in management’s description of the service organization’s system operated effectively throughout the specified period to achieve those control objectives. 2. Suitable criteria are used to measure, present, and evaluate the subject matter. Paragraphs 14–16 of SSAE No. 16 provide suitable criteria for the fairness of the presentation of a service organization’s description of its system and the suitability of the design and operating effectiveness of its controls. 3. The service auditor may not use evidence obtained in prior engagements about the satisfactory operation of controls in prior periods to provide a basis for a reduction in testing, even if it is supplemented with evidence obtained during the current period. 4. The service auditor’s examination report must contain the report elements identified in paragraph .85 of AT Section 101. (These report elements are tailored to a service auditor’s engagement in paragraphs .52 and .53 of SSAE No. 16.

Scope of this Statement on Standards for Attestation Engagement This Statement on Standards for Attestation Engagements (SSAE) addresses examination engagements undertaken by a service auditor to report on controls at organizations that provide services to user entities when those controls are likely to be relevant to user entities’ internal control over financial reporting. The focus of this SSAE is on controls at service organizations likely to be relevant to user entities’ internal control over financial reporting.

P a g e | 139



In addition to performing an examination of a service organization’s controls, a service auditor may be engaged to: (a) Examine and report on a user entity’s transactions or balances maintained by a service organization, or (b) Perform and report the results of agreed upon procedures related to the controls of a service organization or to transactions or balances of a user entity maintained by a service organization. However, these engagements are not addressed in this SSAE. The requirements and application material in this SSAE are based on the premise that management of the service organization (also referred to as management) will provide the service auditor with a written assertion that is included in or attached to management’s description of the service organization’s system. Paragraph 10 of this SSAE addresses the circumstance in which management refuses to provide such a written assertion. AT section 101 indicates that when performing an attestation engagement, a practitioner may report directly on the subject matter or on management’s assertion. For engagements conducted under this SSAE, the service auditor is required to report directly on the subject matter. The new service organization reporting standard, Statement on Standards for Attestation Engagements (SSAE) No. 16, is now effective

Types of Service organization Control Report SOC 1 Reports on Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting: SOC 1 reports are examination engagements performed by a service auditor (CPA) in

P a g e | 140



accordance with Statement on Standards for Attestation Engagements (SSAE) 16, Reporting on Controls at a Service Organization to report on controls at a service organization that are likely to be relevant to an audit of a user entity’s financial statements. Use of a SOC 1 report is restricted to existing user entities (not potential customers) and their auditors. There are two types of SOC 1 reports: (i) Type 1 – A report on management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date. (ii) Type 2 – A report on management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period. SOC 2 Reports on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality and Privacy: SOC 2 reports are examination engagements performed by a service auditor (CPA) in accordance with AT Section 101, Attest Engagements, of SSAEs (AICPA, Professional Standards, vol. 1) using the predefined criteria in TSP section 100, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Technical Practice Aids). SOC 2 reports specifically address one or more of the following five key system attributes: 1. Security - The system is protected against unauthorized access (both physical and logical);

P a g e | 141



2. Availability - The system is available for operation and use as committed or agreed; 3. Processing integrity - System processing is complete, accurate, timely and authorized; 4. Confidentiality - Information designated as confidential is protected as committed or agreed; 5. Privacy - Personal information is collected, used, retained, disclosed and disposed of in conformity with the commitments in the entity’s privacy notice, and with criteria set forth in Generally Accepted Privacy Principles (GAPP) issued by the AICPA and Canadian Institute of Chartered Accountants. [The criteria in GAPP are the same as the criteria for the privacy principle in TSP section 100.] Use of a SOC 2 report is generally restricted. The two types of SOC 2SM reports are: Type 1 – A report on management’s description of the service organization’s system and the suitability of the design of the controls; Type 2 – A report on management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls. SOC 3 Trust Services Report for Service Organization: SOC 3 reports are examination engagements performed by a practitioner (CPA) in accordance with AT Section 101, Attest Engagements, of SSAEs (AICPA, Professional Standards, vol. 1) using the predefined criteria in TSP section 100, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Technical Practice Aids). A SOC 3 report is a general-use report that provides only the auditor’s

P a g e | 142



report on whether the system achieved the trust services criteria (no description of tests and results or opinion on the description of the system are provided). SOC 3 reports can be issued on one or more of the Trust Services principles (security, availability, processing integrity, confidentiality and privacy). Note: SOC 1, SOC 2 and SOC 3 and the associated logos are trademarks, service marks and certification marks of the American Institute of Certified Public Accountants (AICPA), which reserves all rights. AICPA has established specific Guidelines for the use and display of these marks. AICPA monitors the quality of the attestation services provided under its marks, but does not independently audit or verify compliance with the Guidelines by all those who download the marks nor does display of the mark indicate that the engagement did not identify any deficiencies or exceptions. In instances where AICPA becomes aware that a company may be displaying a mark without full compliance with the Guidelines, AICPA will undertake reasonable efforts to have that party demonstrate compliance with the Guidelines or remove the marks from its website. However, AICPA does not and cannot provide any express or implied representations, warranties or assurances concerning a party or company displaying any of the marks. Those doing business with an organization displaying the marks should conduct independent due diligence regarding the reputability, integrity and reliability of that organization.

P a g e | 143



PCAOB Issues Concept Release on Auditor Independence and Audit Firm Rotation Washington, D.C., Aug. 16, 2011 The Public Company Accounting Oversight Board today voted to issue a concept release to solicit public comment on ways that auditor independence, objectivity and professional skepticism can be enhanced, including through mandatory rotation of audit firms. Comments are due Dec. 14, 2011. Mandatory audit firm rotation would limit the number of consecutive years for which a registered public accounting firm could serve as the auditor of a public company. "One cannot talk about audit quality without discussing independence, skepticism and objectivity. Any serious discussion of these qualities must take into account the fundamental conflict of the audit client paying the auditor," said PCAOB Chairman James R. Doty. "The reason to consider auditor term limits is that they may reduce the pressure auditors face to develop and protect long-term client relationships to the detriment of investors and our capital markets," Chairman Doty added. Audit firm rotation has been discussed at various times since the 1970s. The concept release notes that proponents of rotation believe that setting a term limit on the audit relationship could free the auditor, to a significant degree, from the effects of client pressure and offer an opportunity for a fresh look at the company’s financial reporting. The concept release also notes that opponents have expressed concerns about the costs of changing auditors and believe that audit quality may suffer in the early years of an engagement and that rotation could exacerbate this phenomenon.

P a g e | 144



The concept release invites commenters to respond to specific questions, including, for example, whether the Board should consider a rotation requirement only for audit tenures of more than 10 years or only for the largest issuer audits. The concept release also seeks comment on whether there are other measures that could meaningfully enhance auditor independence, objectivity and professional skepticism. The Board will also convene a public roundtable on auditor independence and mandatory audit firm rotation in March 2012. Additional details about the roundtable will be announced at a later date.

P a g e | 145



Joint Press Release - U. S. Securities and Exchange Commission China Securities Regulatory Commission Chinese Ministry of Finance Chinese and U.S. Regulators Held Meeting in Beijing On Audit Oversight Cooperation Washington, D.C., Aug. 8, 2011 The Sino-U.S. Symposium on Audit Oversight was held in Beijing on July 11-12, 2011. In attendance were officials of the China Securities Regulatory Commission (CSRC), the Chinese Ministry of Finance (MOF), the U.S. Public Company Accounting Oversight Board (PCAOB) , and the U.S. Securities and Exchange Commission (SEC). The symposium, which was contemplated by the outcomes of the third US-China Strategic and Economic Dialogue (S&ED), represented an important step toward Sino-U.S. cooperation on audit oversight of public companies. At the symposium, the officials briefed each other on their respective audit oversight system and inspection procedures. They also exchanged views on how to deepen cooperation on crossborder audit oversight. CSRC Chairman Shang Fulin met with the SEC-PCAOB delegation headed by Lewis Ferguson, PCAOB Board Member, and SEC Deputy Chief Accountant Mike Starr, prior to the symposium. "The CSRC and MOF welcome constant communication and good cooperation with both the SEC and PCAOB. The regulators of both countries share common objectives in protecting investors' rights and interests, raising the quality of accounting and auditing standards, and improving the transparency and disclosure of public companies. Therefore, the regulators of both countries should enhance cooperation

P a g e | 146



on the basis of mutual trust and respect," said Chairman Shang. The U.S. delegation brought Chairman Shang a letter from PCAOB Chairman James R. Doty, who stated his sincere hope for constructive discussions in Beijing and for enhanced cooperation between China and the U.S. on cross-border audit oversight in the near future. "The development of an effective cross-border oversight system is essential to market integrity and investor protection, and the PCAOB and CSRC share a common goal of promoting fair, open, and sound markets," Chairman Doty wrote in the letter. Mr. Ferguson said, "Our delegates are willing to share with our Chinese counterparts the PCAOB inspection approaches as well as our practices in joint cross-border audit oversight. In return, the U.S. delegation expects to learn more, through future exchanges, about the methodology and practices of accounting and audit oversight in China." As an outcome reached during the third US-China Strategic and Economic Dialogue, both sides welcome continued dialogue concerning the oversight of accounting firms providing audit services to public companies in the two countries, so as to enhance mutual trust and strive to reach an agreement on cross-border audit oversight. During the two-day symposium, the PCAOB representatives gave detailed presentations on the background and organizational structure of the PCAOB, and its inspection process. With input from the SEC delegation, including officials from the SEC's Office of International Affairs, the PCAOB explained how it works with foreign regulators on cross-border audit oversight cooperation. Senior officials from the CSRC and the MOF provided an overview of the auditing and accounting oversight framework governing China's capital markets, supervision arrangements, and inspection methodology and

P a g e | 147



process for accounting and auditing firms. Through candid discussions, the two sides enhanced mutual understanding, and discussed initial arrangements for follow-up collaboration. The two sides discussed a series of arrangements aiming to build mutual understanding and cooperation in the near future, including sending staff to observe the inspection of accounting firms in each other's jurisdiction to learn more about each other's inspection process and methodology. The U.S. delegation invited the CSRC and the MOF to send delegates to Washington, D.C. to have further discussions on the topics of common concern. Such trust and confidence-building exercises are helpful for both sides to fulfill their respective mandates. The parties believe that strengthened cooperation on audit oversight is an important part in implementing the S&ED outcomes. The symposium was very productive and served as a first step toward deeper cooperation. The parties share the view that increasing cooperation on cross-border audit oversight will help improve the quality of auditing and accounting information of public companies, protect the rights of investors, and assist in safeguarding of financial markets in both countries.

P a g e | 148



Updated Information on PCAOB International Inspections (As of June 30, 2011) In order to provide transparency about its international inspection program, the Public Company Accounting Oversight Board provided its semi-annual update about the status of the inspections of registered nonU.S. firms. Specifically, in order to provide investors and the public with information about the PCAOB’s international inspection efforts, the Board – • Posted on its Web site any updates to the lists that provide information about the status of inspections in certain jurisdictions and of certain firms and issuers; and • Reported on its progress in meeting target thresholds announced by the PCAOB in adopting PCAOB Rule 4003(g) for inspections of certain non- U.S. firms.

LISTS OF JURISDICTIONS The PCAOB is updating two lists of jurisdictions in which there are registered non-U.S. firms that are currently required to be inspected. The first list includes all of the jurisdictions in which there are one or more registered non-U.S. firms that the PCAOB has already inspected. As indicated by that list, as of June 30, 2011, the PCAOB has conducted inspections of non-U.S. firms in 35 jurisdictions on a cumulative basis, the same as reported in Dec. 31, 2010. The second list identifies the jurisdictions in which there are registered non-U.S. firms that the PCAOB intends to inspect in the current calendar year, 2011. The intention to publish this information was announced by the Board in PCAOB Release No. 2009-003, Final Rule Concerning the Timing of

P a g e | 149



Certain Inspections of Non-U.S. Firms, and Other Issues Relating to Inspections of Non-U.S. Firms (June 25, 2009) and in PCAOB Release No. 2008-007, Rule Amendments Concerning the Timing of Certain Inspections of Non-U.S. Firms, and Other Issues Relating to Inspections of Non-U.S. Firms (Dec. 4, 2008). The PCAOB publishes this list in order to provide transparency about its international inspections plans for each calendar year. The inspection schedule for non-U.S. firms is based on primarily the inspection deadline for a particular firm, but also may be affected by the inspection schedule of the firm’s home-country regulator, and/or the risk that a firm or its audit clients presents to investors and the public. In addition, one or more firms from jurisdictions not currently included on the list may be added to the inspection schedule for a variety of reasons, including the availability of PCAOB resources, the inspection schedule of a firm’s home-country regulator, and new information about the potential risk posed by a firm or its audit clients to investors and the public. China has been removed from this 2011 list in light of the Board’s hope, already communicated publicly, that a joint inspection program with China would be implemented in 2012.

UPDATED LIST The third list includes the names of registered firms for which, as of June 30, 2011, the inspection fieldwork had not yet been completed by the PCAOB, even though more than four years have passed since the end of the calendar year in which the firm first issued an audit report while registered with the PCAOB. The Board announced its intention to publicly identify firms meeting that criteria in the release issued in connection with the PCAOB’s adoption of PCAOB Rule 4003(g); and the release issued in connection with the PCAOB’s adoption of PCAOB Rule 4003(f).

P a g e | 150



This list is updated, at a minimum, on a semiannual basis to add firms that qualify for the list and also to remove firms from the list when the inspection fieldwork has been completed or the firm has voluntarily deregistered from the PCAOB. The reasons that the inspection fieldwork for a firm has not been completed within four years of the firm having issued an audit report while registered with the PCAOB may vary. For example, some firms are included on the list because their inspections were postponed pursuant to Rule 4003(f) or Rule 4003(g), which permit the PCAOB to postpone, for a limited time, the first inspections of certain non-U.S. firms. Certain other firms are included on this list because access to information necessary to inspect the firm has so far been denied on the basis of asserted restrictions under non-U.S. law or objections based on national sovereignty. Today, the Board updated this list to show that one firm was removed from the list because it voluntarily withdrew from PCAOB registration. Because inclusion on the list is based on the passage of four years from the end of a calendar year, any additions to the list will occur only at year-end updates.

UPDATED LIST OF ISSUER AUDIT CLIENTS OF FIRMS IN JURISDICTIONS WHERE THE PCAOB HAS BEEN DENIED ACCESS TO CONDUCT INSPECTIONS The fourth list is a list of issuers that have filed with the U.S. Securities and Exchange Commission (“SEC”) financial statements audited by a PCAOB-registered firm located in jurisdictions where obstacles to PCAOB inspections exist. Because of the position taken by certain non-U.S. authorities, the PCAOB currently is prevented from inspecting the U.S. related audit work and practices of PCAOB-registered firms in certain European

P a g e | 151



countries, China and — to the extent their audit clients have operations in mainland China — Hong Kong. As a result of these obstacles, investors in U.S. markets who rely on those firms’ audit reports are deprived of the potential benefits of PCAOB inspections of these auditors. The PCAOB publishes this list in order to inform investors that the PCAOB currently is prevented from inspecting the PCAOB-registered auditors of the listed issuers. The list is set out in two formats – one sortable by issuer, auditor, or jurisdiction, and one organized by jurisdiction and auditor. The current list is derived from annual reports on Form 2 filed with the PCAOB by registered public accounting firms in 2010 and 2011 which, in combination, encompass audit reports issued by the firms in the period from April 1, 2009 to March 31, 2011. The list is limited to issuers for which auditors in the relevant jurisdictions reported having issued audit reports. Auditors in those jurisdictions, however, including the auditors identified in the list, may play a substantial role in the audits of numerous multi-national issuers not listed here. Even though these auditors do not issue audit reports for those issuers, the audit work they perform is relied upon by the issuer’s principal auditor, in the U.S. or elsewhere. That work is often significant to the audit of the financial statements the multi-national issuer files with the SEC and would also be within the scope of PCAOB inspections.

PROGRESS IN MEETING THRESHOLDS The PCAOB today also reported its progress in meeting the target

P a g e | 152



thresholds that it announced in adopting Rule 4003(g), which permits the Board to defer, for up to three years, the first inspection of 49 nonU.S. firms that were otherwise required to be inspected in 2009. In adopting that rule, the Board stated that it intended to inspect at least four of those firms in 2009 and that the four firms would have combined issuer audit-client U.S. market capitalization equal to at least 35 percent of the aggregate U.S. market capitalization of the audit clients of all firms meeting the Rule 4003(g) criteria for deferral. For 2010, the Board stated that it intended to inspect at least 11 more firms, and that the firms inspected in 2009 and 2010 would have combined issuer audit-client U.S. market capitalization equal to at least 90 percent of the aggregate U.S. market capitalization of the audit clients of all firms meeting the Rule 4003(g) criteria for deferral. For 2011, the Board stated that it intended to inspect at least 14 additional firms and that the firms inspected in 2009 through 2011 would have combined issuer audit-client U.S. market capitalization equal to at least 99.9 percent of the aggregate U.S. market capitalization of the audit clients of all firms meeting the Rule 4003(g) criteria for deferral. Between Jan. 1 and June 30, 2011, the PCAOB did not complete inspections at any firm that met the Rule 4003(g) criteria for deferral. While the inspection of a firm in Switzerland meeting the Rule 4003(g) criteria for deferral was underway but not yet complete as of June 30, the PCAOB has so far been denied access to information necessary to conduct inspections at the other firms meeting the rule criteria from other jurisdictions on the basis of asserted restrictions under non-U.S. law. As a result, aside from the one firm where the PCAOB has commenced fieldwork, the PCAOB otherwise made no progress between Jan. 1 and June 30, 2011 in meeting the target thresholds discussed above for U.S. market capitalization or number of firms to be inspected.

P a g e | 153



As previously reported, between Jan. 1 and December 31, 2010, the PCAOB inspected no firms that met the Rule 4003(g) criteria for deferral and therefore made no progress that calendar year in meeting the target thresholds for market capitalization or number of firms to be inspected in 2010. Likewise, as previously reported, in 2009, the PCAOB inspected five firms eligible for deferral pursuant to Rule 4003(g), including only two of the four firms that the PCAOB had scheduled for inspection in 2009 based on their clients’ U.S. market capitalization. The combined market capitalization of the clients of those five inspected firms equaled 2 percent of the aggregate market capitalization of the audit clients of all firms meeting the Rule 4003(g) criteria for deferral.

PCAOB Inspections of Registered Non-U.S. Firms (Current as of June 30, 2011)

The PCAOB has conducted inspections of one or more registered firms located in the following non-U.S. jurisdictions: Argentina Australia Belize Bermuda Bolivia Brazil Canada Cayman Islands Chile Colombia Greece Hong Kong India Indonesia Ireland Israel

P a g e | 154



Japan Kazakhstan Republic of Korea Malaysia Mexico New Zealand Norway Panama Papua New Guinea Peru Philippines Russian Federation Singapore South Africa Chinese Taipei (Taiwan) Thailand Ukraine United Arab Emirates United Kingdom List of Jurisdictions in which there are Firms whose Inspections the Board Intends to Conduct in 2011 Australia Belgium Brazil Canada Denmark Finland France Germany Greece Hong Kong Hungary Ireland India Israel

P a g e | 155



Italy Japan Republic of Korea Luxembourg Netherlands Norway Poland Portugal Spain Singapore South Africa Sweden Switzerland Chinese Taipei (Taiwan) Turkey United Kingdo

P a g e | 156



Opening Remarks, Daniel L. Goelzer, Board Member PCAOB Roundtable , Sept. 15, 2011, Washington, DC I would like to join Chairman Doty in welcoming the roundtable panelists and in thanking you for your willingness to provide the Board with your views regarding ways in which the auditor's reporting model could be improved. Exploring whether to expand what auditors communicate to financial statement users raises fundamental issues about the purpose of the audit and about what it means to be an auditor. The Board has heard repeatedly that investors want more from auditors than the assurance that the traditional pass/fail report provides. Frustration over financial institution disclosures in the run-up to the economic crisis crystallized dissatisfaction with the current reporting model. To address these concerns, the Board's concept release floats a series of alternatives. At one end of the spectrum, auditors might be required to create an auditor's discussion and analysis commenting on such matters as management's judgments and estimates and its selection of accounting policies and practices. The auditor might also be asked to characterize particular accounting or auditing decisions as "close calls" and to describe the underlying issues and risks. The AD&A proposal rests partly on the notion that auditors had insight into undisclosed risks and dubious judgments on which the pre-crisis reporting of major financial institutions rested and should have alerted investors. In contrast, other concept release alternatives would expand auditors'

P a g e | 157



reporting responsibilities by building on their traditional attestation role without requiring the auditor to compete with management as an information source. For example, emphasis paragraphs keyed to management's disclosures would be a way for the auditor to indicate the existing disclosures that, in his or her view, are the most significant to understanding the company's financial reporting. Auditors could also be required to opine on the accuracy and completeness of information outside the financial statements that management already provides, such as in MD&A or in earnings releases. I have serious doubts about whether financial reporting would benefit from requiring auditors to move from attesting to, or emphasizing the importance of, information that management presents and into creating their own information about the company's financial reporting. As the concept release discusses, even without requiring auditor-created commentary, there is still room to expand the scope and relevance of auditor communications. In any event, this is a threshold issue with which the Board will have to grapple as this project moves ahead. I am looking forward to hearing the views of roundtable participants on that question and on the full range of possible ways of making auditor reporting more relevant to users.

P a g e | 158



The Auditor's Reporting Model James R. Doty, Chairman PCAOB Roundtable, Sept. 15, 2011 - Washington, DC Today's open meeting Roundtable of the Public Company Accounting Oversight Board will elicit the views of the 32 experts we have around the table this morning. You bring here such various backgrounds as investors, auditors, corporate board members, financial statement preparers, and academics. In this, the third public meeting on today's subject, the PCAOB wants to hear how we can improve the relevance and usefulness of auditors' reporting on the results of their audits of public company financial statements. The PCAOB's consideration of the audit reporting model is intended to confront questions that recur in times of economic crisis. In the concept release we attempt to identify meaningful opportunities to enhance the relevance of auditors' communications with investors. Our alternatives aim to enhance the relevance of the auditor's communication to investors. To highlight a statement we made in the concept release: the alternatives suggested do not aim to change the fundamental role of the auditor to perform an audit and attest to management's assertions as embodied in management's financial statements. To be clear, they are not intended to put the auditor in the position of creating and reporting financial information for management. As the concept release states, the alternatives are not mutually exclusive. A revised auditor's report could include one or a combination of these alternatives, or elements of these alternatives.

P a g e | 159



Discussants may also suggest other alternatives to consider. We are at a very early stage in this project. The concept release format allows us to frame today's discussion and the broader debate that will play out through the public comment process. It is not intended to lead inexorably to proposed requirements in any of the areas we have suggested. Proponents of ideas, whether embodied in the release or introduced today, should come forward with evidence and analysis explaining why the idea is worthwhile. Both supporters and opponents of changes to the auditor reporting model should present persuasive support for positions they advocate. We are in the middle of a long public comment period. I am confident today will not be the last public discussion of the concept release; but I encourage participants and members of the public who are interested in the project to follow up on today's discussion with any additional analysis or evidence they have to inform and help shape the project.

P a g e | 160



Case Study: UBS UBS is a good example of Sarbanes Oxley related controls that are very important for all, domestic and foreign companies. It is also interesting to read the Sarbanes-Oxley related disclosures. Headquartered in Zurich and Basel, Switzerland, UBS has offices in more than 50 countries, including all major financial centers, and employs approximately 65,000 people. Under Swiss company law, UBS is organized as an Aktiengesellschaft, a corporation that has issued shares of common stock to investors. UBS AG is the parent company of the UBS Group (Group). The operational structure of the Group comprises the Corporate Center and four business divisions: Wealth Management & Swiss Bank, Wealth Management Americas, Global Asset Management and the Investment Bank. UBS has discovered important unauthorized trading activities. As a USlisted company, UBS is required under the Sarbanes-Oxley Act to evaluate the effectiveness of its "internal control over financial reporting" and "disclosure controls and procedures" on an annual basis. Group CEO and Group CFO, has concluded that there was a material weakness in their internal control over financial reporting on 31 December 2010 and, accordingly, that their internal control over financial reporting was not effective as of that date.

FORM 6-K Date: October 25, 2011 UBS AG “Following the discovery in September 2011 of unauthorized and fictitious trading by an employee in our Global Synthetic Equity business unit in London, and on the basis of information now available

P a g e | 161



to management concerning the circumstances surrounding the trading and the related controls, we have determined that certain controls designed to prevent or detect the use of unauthorized and fictitious transactions on a timely basis were not operating effectively. We have further determined that the control deficiencies that led to the failure to prevent or detect unauthorized and fictitious trading on a timely basis also existed at the end of 2010. A material weakness is a deficiency or combination of deficiencies in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of a registrant’s financial statements will not be prevented or detected on a timely basis. Management has re-assessed whether our internal control over financial reporting was effective on 31 December 2010, and has determined that there is a reasonable possibility that the control deficiencies that existed on that date could have been sufficient to result in a material misstatement of our consolidated financial statements as of and for the year ended 31 December 2010. On this basis, management, including our Group CEO and Group CFO, has concluded that there was a material weakness in our internal control over financial reporting on 31 December 2010 and, accordingly that our internal control over financial reporting was not effective as of that date. On the basis of the available information to date, management has concluded that (i) the control requiring bilateral confirmation with counterparties of trades within our Investment Bank’s equities business with settlement dates of greater than 15 days after trade date was not operating, and when such trades were cancelled, re-booked or amended, the related monitoring control to ensure the validity of these changes had ceased to operate effectively, and

P a g e | 162



(ii) the controls in the inter-desk reconciliation process within the Investment Bank’s equities and fixed income, currencies and commodities businesses to ensure that internal transactions are valid and accurately recorded in our books and records, including controls over cancellations and amendments of internal trades that require supervisor review, intervention and resolution, did not operate effectively. Management has likewise determined that, solely because of these deficiencies, our disclosure controls and procedures were not effective on 31 December 2010. Accordingly, our previous evaluation stating that our disclosure controls and procedures were effective on 31 December 2010 and the reports of management and of our independent registered public accounting firm on internal control over financial reporting on 31 December 2010, all of which were included in our 2010 Annual Report on Form 20-F filed with the SEC on 15 March 2011, should no longer be relied upon. Notwithstanding the foregoing, we have determined that our consolidated financial statements included in our 2010 Annual Report on Form 20-F continue to fairly present, in all material respects, our financial position on 31 December 2008, 2009 and 2010 and our results of operations and cash flows for the years ended 31 December 2008, 2009 and 2010 in accordance with IFRS. Subsequent to the identification of the unauthorized and fictitious trading activity, we have been remediating and will continue to remediate the control deficiencies referred to above. . We have reactivated the confirmation control referred to in (i) above, have initiated work on a front-to-back control process to ensure that the exceptions identified by the inter-desk reconciliation process referred to in (ii) above are effectively reviewed, investigated and resolved on a timely basis, and will develop new monitoring reports and controls to achieve operating effectiveness in performing the controls referred to in (i) and (ii) above as part of a broader program to strengthen the

P a g e | 163



effectiveness of supervisory oversight. Investigations are ongoing and we expect we will be adopting further controls and procedures following completion of such investigations and discussions with our regulators. In the course of these ongoing investigations, management may become aware of facts relating to the Investment Bank that cause it to broaden the scope of the findings described above. In addition, management recognizes that the aforementioned material weakness in internal control over financial reporting will only be confirmed as having been remediated on 31 December 2011 if the necessary internal controls have been designed effectively, placed into operation, operated for a reasonable period of time, and tested, allowing management to conclude that the controls are operating effectively.”

Comments Is it ok now? They had no effective controls…

Answer Yes, from a Sarbanes Oxley perspective they did what they could do. There is no way to ensure that all controls are always effective. As soon as firms realize that something is wrong, they have to disclose it on a timely basis, and to take steps to mitigate the problem. The above form 6-K has the following parts: 1. Recognition, description and materiality of the problem 2. The re-assessment of the internal controls and the actions taken 3. The confirmation that they we will be adopting further controls and procedures following the completion of the investigations and the discussions with their regulators We must also remember that we never provide absolute assurance, as it

P a g e | 164



is impossible. There is also an important legal disclaimer. UBS has written in the Form 20-F (annual report for the fiscal year ended December 31, 2010)

CAUTIONARY STATEMENT REGARDING FORWARDLOOKING STATEMENTS “This report contains statements that constitute “forward-looking statements”, including but not limited to management’s outlook for UBS’s financial performance and statements relating to the anticipated effect of transactions and strategic initiatives on UBS’s business and future development. While these forward-looking statements represent UBS’s judgments and expectations concerning the matters described, a number of risks, uncertainties and other important factors could cause actual developments and results to differ materially from UBS’s expectations. These factors include, but are not limited to: (1)future developments in the markets in which UBS operates or to which it is exposed, including movements in securities prices or liquidity, credit spreads, currency exchange rates and interest rates and the effect of economic conditions and market developments on the financial position or creditworthiness of UBS’s clients and counterparties; (2) changes in the availability of capital and funding, including any changes in UBS’s credit spreads and ratings; (3) the ability of UBS to retain earnings and reduce its risk-weighted assets in order to comply with recommended Swiss capital requirements without adversely affecting its business;

P a g e | 165



(4) changes in financial regulation in Switzerland, the US, the UK and other major financial centers which may impose constraints on or necessitate changes in the scope and location of UBS’s business activities and in its legal and booking structures, including the imposition of more stringent capital and liquidity requirements, incremental tax requirements and constraints on remuneration, some of which may affect UBS in a different manner or degree than they affect competing institutions; (5) the liability to which UBS may be exposed due to legal claims and regulatory investigations, including those stemming from market dislocation and losses incurred by clients and counterparties during the financial crisis; (6) the outcome and possible consequences of pending or future inquiries or actions concerning UBS’s cross-border banking business by tax or regulatory authorities in various jurisdictions; (7) the degree to which UBS is successful in effecting organizational changes and implementing strategic plans, and whether those changes and plans will have the effects intended; (8) UBS’s ability to retain and attract the employees necessary to generate revenues and to manage, support and control its businesses; (9) changes in accounting standards or policies, and accounting determinations affecting the recognition of gain or loss, the valuation of goodwill and other matters; (10) limitations on the effectiveness of UBS’s internal processes for risk management, risk control, measurement and modeling, and of financial models generally; (11) changes in the size, capabilities and effectiveness of UBS’s competitors, including whether UBS will be successful in keeping pace with competitors in updating its technology, particularly in trading businesses; And

P a g e | 166



(12) the occurrence of operational failures, such as fraud, unauthorized trading and systems failures, either within UBS or within a counterparty. Our business and financial performance could be affected by other factors identified in our past and future filings and reports, including those filed with the SEC. More detailed information about those factors is set forth in documents furnished by UBS and filings made by UBS with the SEC, including UBS’s Annual Report on Form 20-F for the year ended 31 December 2010. UBS is not under any obligation to (and expressly disclaims any obligation to) update or alter its forward-looking statements, whether as a result of new information, future events, or otherwise.

Sarbanes Oxley Roles in UBS It is interesting to see how a Swiss firm allocates responsibilities for Sarbanes Oxley related tasks

Group Chief Financial Officer (Group CFO) Together with the Group Chief Executive Officer (CEO), the Group CFO provides external certifications under sections 302 and 404 of the Sarbanes-Oxley Act 2002, and in coordination with the Group CEO, manages relations with analysts, investors and the rating agencies.

Group CEO and Group CFO An evaluation was carried out under the supervision of management including the Group CEO and Group CFO, of the effectiveness of our disclosure controls and procedures (as defined in Rule 13a–15e) under the US Securities Exchange Act of 1934. Based upon that evaluation, the Group CEO and Group CFO concluded that our disclosure controls and procedures were effective as of 31 December 2010.

P a g e | 167



No significant changes have been made in our internal controls or in other factors that could significantly affect these controls subsequent to the date of their evaluation. In accordance with Section 404 of the US Sarbanes-Oxley Act of 2002, our management is responsible for establishing and maintaining adequate internal control over financial reporting. The financial statements of this report contain management’s assessment of the effectiveness of internal control over financial reporting, as of 31 December 2010. The external auditors’ report on this assessment is also included in this Report.

Audit Committe The Audit Committee (AC) comprises at least three independent BoD members, with all members having been determined by the BoD to be fully independent and financially literate. On 31 December 2010, the AC consisted of William G. Parrett, the Chairman, as well as Michel Demaré, Rainer-Marc Frey and Ann F. Godbehere. All members have accounting and financial management expertise and are considered to be “financial experts” according to the rules established by the US Sarbanes-Oxley Act of 2002. The AC itself does not perform audits, but monitors the work of the auditors who in turn are responsible for auditing UBS’s and the Group’s financial statements and for reviewing the quarterly financial statements. The function of the AC is to serve as an independent and objective body with oversight of:

P a g e | 168



(i) the Group’s accounting policies, financial reporting and disclosure controls and procedures, (ii) the quality, adequacy and scope of external audit, (iii) UBS’s compliance with financial reporting requirements, (iv) management’s approach to internal controls with respect to the production and integrity of the financial statements and disclosure of the financial performance, and (v) the performance of Group Internal Audit in conjunction with the Chairman and the Risk Committee (RC). For these purposes, the AC has the authority to meet with regulators and external bodies in consultation with the Group CEO.

P a g e | 169



COSO Internal Control - Integrated Framework Update Project Frequently Asked Questions (September 2011) 1. What is this nature and timing of this project? While the Internal Control - Integrated Framework (ICIF or the Framework) has proven to be one of the most widely accepted frameworks for designing and evaluating systems of internal control, the COSO Board has decided to update the Framework to make it more relevant to stakeholders in the current business environment. The COSO Board believes that the principles embedded within the Framework first developed in 1992 are timeless. Hence, the clarifications, updates and enhancements to the Framework are not expected to alter these embedded principles fundamentally based on the broad market acceptance to date. The updated Framework should enable more effective application in practice of internal control over operations, compliance and reporting. Certain concepts and discussions are expected to be refined to reflect certain changes in the business environment and in expectations in the market place. It is also the intent of the COSO Board to keep the Framework as succinct as possible. The projected publication date of the updated Framework is mid-2012 and is intended to be rolled out with minimal disruption to capital markets.

2. What are some of the preliminary areas expected to be Updated? While the nature and extent of updates are still being defined on the date

P a g e | 170



of this document, preliminary topics of discussion that gave rise to the need for considering an update to the original Framework include the following: - Reflecting the increased use of IT in business operations (e.g., ERP systems, other automation tools, internet); - Expanding the financial reporting objective to include consideration of management reporting and external reporting more broadly (not intended to affect the scope of Sarbanes-Oxley compliance which remains focused on internal controls over financial reporting), (e.g., enabling reporting on sustainability and various third party standards); - Providing more detail around key governance principles (e.g., responsibilities of the audit committee, compensation committees, and alignment of incentives); - Explaining the linkages between Internal Control and Enterprise Risk Management frameworks to enable more effective and integrated application in practice; - Expanding the discussion on risk assessment; - Reflecting changes in business models (e.g., increased use of outsource providers, increased rationalization of supply chain and infrastructure management); - Considering the nature and broader impact of fraud in the business environment (e.g., inappropriate use of assets, intentional misrepresentation). - Making more crisp and concise those areas of lengthy discussion in the original Framework that have become institutional knowledge; and - Incorporating core aspects of the 2006 Internal Control over Financial Reporting- Guidance for Smaller Public Companies and the 2009 Guidance on Monitoring Internal Control Systems.

P a g e | 171



The update is expected to be analogous to a software update, where the original version remains valid and usable, but the update reflects the additional knowledge and experience gained over time and provides more up-to-date content and a more user-friendly interface.

3. Will the conceptual and logical construct of the Framework (i.e. the three objective categories and five components) be Overhauled? The updated Framework will be consistent in many respects with the Framework first developed in 1992 - the three categories of objectives; the effectiveness and efficiency of operations, reliability of reporting, and compliance with applicable laws and regulations; and the five components of internal control, comprising the control environment, risk assessment, control activities, information and communication, and monitoring activities. However, it is also being updated and enhanced to reflect changes in the business environment and in expectations of stakeholders. For example, the Framework will be updated and enhanced to address greater expectations for governance oversight, greater use and reliance on technology, significant changes in the business environment, among many others. Also, the updated Framework will codify principles that were embedded in the 1992 Framework to further facilitate the development and evaluation of the effectiveness of internal control systems.

4. What will be the structural elements of each component within the Framework? The updated Framework's principles and attributes, which have been drawn from the five components of the 1992 Framework define the essential considerations for managing or evaluating the presence and functioning of the five components of internal control.

P a g e | 172



It is generally expected that all principles will, to some extent, be present and functioning for an organization to have effective internal control, or when a principle is not being met, some form of internal control deficiency exists. Attributes represent characteristics associated with particular principles. Although each attribute is generally expected to be present and functioning within an entity, it may be possible for a principle to be present and functioning even though not every attribute relating to that principle is present and functioning.

P a g e | 173



2012 On December 2, 2001, we had the 10-year anniversary of Enron filing for Chapter 11 bankruptcy. This bankruptcy, which was at the time the largest in corporate history, led to the creation of new laws and regulations, including the Sarbanes Oxley Act. The Sarbanes-Oxley act was enacted on July 30, 2002, less than a year after Enron filed for Chapter 11. Today Sarbanes Oxley is as important as it has been all these years. Amended by the Dodd Frank Act, the Sarbanes Oxley rules continue to apply and change the lives of hundreds of thousands of professionals around the world. Today we will remember what has been said about the role of professionals and the board of directors during one of the most interesting investigations. We will also see that, although we had so many laws and regulations, many of the problems we had in Enron, continue to haunt boards, corporate officers and shareholders. Enron’s board of directors was criticized for being asleep at the wheel after the firm collapsed. Today we will read the interesting opinion of one of these directors, a very good and very experienced one.

THE ROLE OF THE BOARD OF DIRECTORS IN ENRON’S COLLAPSE HEARING BEFORE THE PERMANENT SUBCOMMITTEE OF INVESTIGATIONS OF THE COMMITTEE ON GOVERNMENTAL AFFAIRS, UNITED STATES SENATE MAY 7, 2002

P a g e | 174



Senator Levin: On December 2, 2001, the seventh largest corporation in America collapsed. Its stock, having plummeted from $80 a share to practically nothing in less than 10 months, the reins of what was once a high-flying company of $100 billion in gross revenues and 20,000 employees were handed over to a Federal bankruptcy judge. That collapse has rolled like a tidal wave across the corporate boardrooms of America, across Wall Street, and across the entire investing community, which now includes over half of U.S. households. With this tidal wave, we are all asking two questions: What happened at Enron, and could it happen again? Today, we hope to help answer the first question in order to ensure that the answer to the second question will become ‘‘no.’’ One of the key players responsible for overseeing the operations of our publicly held corporations is the Board of Directors. Directors are charged by law to be the fiduciaries, the trustees who protect the interests of the corporate shareholders. In that capacity, they are supposed to exercise their best business judgment on behalf of those shareholders. They are supposed to be independent. And while they are not expected to be detectives, they are expected to ask tough questions of management, to probe opaque answers, and to display sufficient skill and fortitude to say no to transactions that do not look right. Along with management and the auditors, the Board shares the

P a g e | 175



responsibility to provide to the company’s shareholders a financial statement that is a fair representation of the financial position of the company. As the Second Circuit Court of Appeals held in a widely quoted opinion, technical compliance with Generally Accepted Accounting Principles may be evidence of acting in good faith, but it is not necessarily conclusive: The ‘‘critical test,’’ the court said, is ‘‘whether the financial statements as a whole fairly present the financial position’’ of a company. Enron’s financial statements did not, and the Board’s role in that failure is before us. Today, we have five key members from the Enron Board of Directors to tell us what they knew about the financial condition of Enron, when they knew it, and what they did about it. In other words, what role did the Board play in these events? The Subcommittee issued over 50 subpoenas for documents to Enron, Arthur Andersen, members of the Enron Board, and officers of Enron. Staff has reviewed about 300 boxes of documents to date, and conducted interviews with 13 current and past Board members. Each Board member complied with the document subpoenas and willingly appeared for interviews. We appreciate their cooperation and their voluntary appearance today. We have found that when you pare down the hundreds of incredibly complex financial transactions that were the hallmark of Enron, you realize that many were nothing more than smoke-and mirrors bookkeeping tricks, designed to artificially inflate earnings rather than achieve economic objectives, to hide losses rather than disclose business

P a g e | 176



failures to the public, to deceive more than inform. The decisions to engage in these accounting gimmicks and deceptive transactions were fueled by the very human but unadmirable emotions of greed and arrogance. Putting a growth gloss on the balance sheet pumped up the stock price, and the rise in stock price, regardless of the underlying true value of the company, was, for many, the measure in the 1990’s for judging corporate success. The Board that was supposed to be the check on the greed and the arrogance, in fact, was not. Here is how it happened. Enron was in transition from an old-line energy company, with pipelines and power plants, to a high-tech global enterprise engaged in energy trading and international investment. It experienced large fluctuations from quarter to quarter in its earnings. Those large fluctuations affected the credit rating Enron received, and the credit rating affected Enron’s ability to obtain low-cost financing, attract investment, and increase its stock price. In order to smooth out its earnings and avoid the natural dips, Enron engaged in a variety of complicated transactions that relied on structured finance, derivatives, and other arrangements that, while legal if done right, are nonetheless designed to massage a company’s financial statement to make its financial condition look better than it really is. While it is not uncommon for a company to use these devices, they are also used somewhat sparingly. Enron, however, made them a high art form and used them aggressively, and in some cases, improperly.

P a g e | 177



When used extensively and when they become dominant, when they involve billions of dollars, $27 billion in assets at Enron’s peak, the real impact of these complex transactions on a financial statement is to cover up reality with a glitzy coat of paint. The financial statement becomes a fiction, and that is what happened at Enron. Step by step, Enron shifted a larger percentage of its assets into these structured finance arrangements, not for any real business purpose, but in order to make Enron look more profitable than it really was. Funds flow and the appearance of funds flow became the Enron mantra in order to keep Enron’s credit rating up and its stock price climbing, and the Board of Directors went along with it. In many actions starting in 1997, when the Board first approved Whitewing, through the summer of 2001, just before things fell apart publicly, the Board of Directors went along with management’s wishes. The Board relinquished its role of questioner and adopted the role of facilitator. It succumbed to the Enron ether of invincibility, superiority, and gamesmanship in manipulating Enron’s financial statement to keep the Enron stock price soaring. This is a company, we are told, that had televisions in its elevators in order for employees to monitor Enron’s stock price at all times. The financial transactions that the Board approved were used to make debt look like equity, to make loans look like sales, to make poorly performing assets look like money makers, and to make Enron controlled entities look like legitimate third parties. By the time of the collapse, Enron held almost 50 percent of its assets off its books, and what started as a useful tool to address specific business

P a g e | 178



problems had become a way of life. But once Enron stock started falling, these financial structures collapsed on themselves like a house of cards, revealing at the end that there was no ‘‘there’’ there. These transactions involved a number of deceptions that pushed the limit of accepted accounting practices and, at times, exceeded them. And parenthetically, if it turns out that Generally Accepted Accounting Principles allow such deceptions, then those accounting principles need to be changed. One type of deception that Enron used was to report on the company’s financial statements the sale of an asset despite an understanding that Enron would buy it back after the financial statement was filed, or despite a hidden guarantee that the entity buying the asset would receive a certain rate of return. Five of the seven assets sold this way to the LJM partnership at the end of the last two quarters of 1999 were bought back by Enron, sometimes within 6 months’ time. But those guarantees did not show on Enron’s books as a liability. Only the sales showed as funds flow. Another type of deception made what was essentially a loan look like a sale, so the company’s financial statement reflected the transaction as income or cash flow instead of debt. A third type of deception inflated the value of the assets that Enron held for sale. For example, Enron would buy a power plant on day one for $30 million, and within a month or so would begin carrying it on Enron’s books as an asset worth $45 million.

P a g e | 179



Two weeks ago, Enron filed a statement with the SEC declaring that it is going to write down its assets by another $14 to $24 billion, a staggering sum, due to overvaluations on the books and ‘‘accounting errors or irregularities.’ Another type of deception, the Raptors, used Enron stock to backstop a risk that the LJM partnership and its investors were supposed to be assuming for Enron, and the risk retained by Enron was not disclosed on the company’s financial statements in a meaningful way. As these structured financial transactions grew in number, size, and frequency, and as 50 percent of Enron’s assets were moved off Enron’s books, no one on the Enron Board said that their fiduciary duty required them to blow the whistle and prevent a deceptive picture of Enron’s financial situation from being presented to the public. During the 13 interviews, the Board members told us that they had not been aware of the depth of Enron’s problems or the extent of these structured transactions and accounting gimmicks, and most said they had no inkling that Enron was in troubled waters until mid-October 2001. But look at this chart that the Subcommittee staff has put together, identifying numerous red flags presented to the Board of Directors from February 1999 on, that signaled the risks Enron was taking, and that should have alerted the Board to probe and then to change course. The staff has identified well over a dozen of these red flags, but I am just going to highlight a few. In February 1999, the Board’s Audit Committee was told by Arthur Andersen directly that Enron’s accounting practices were high risk and pushed limits. In June 1999, the Board approved at a special meeting and without prior Finance Committee consideration the creation of the LJM partnership, and waived the conflict of interest provision of the Enron code of

P a g e | 180



conduct. The Enron Chief Financial Officer, Andy Fastow, served as the managing partner of LJM, something no Board member had ever approved or heard of prior to this. The Board was to approve a code of conduct waiver for Fastow three times over the next 16 months. In September 1999, the Board approved moving off the Enron balance sheet a $1.5 billion joint venture called Whitewing, which was established by the Board in December 1997 to get a loan that looked like equity, and then used from 1999 on to purchase assets that Enron wanted to move off its books. In May 2000, the Board approved the first Raptor transaction, a vehicle designed to hedge Enron investments by using Enron stock to backstop the hedge, which amounted to Enron hedging with itself. By October 2000, the Board knew that Enron had $27 billion in assets, almost half of its assets, off its balance sheet. In April 2001, the Enron Board knew that 64 percent of Enron’s assets were troubled or not performing and that 45 million shares of Enron stock were at risk in Raptors and Whitewing. Starting with the creation of Whitewing in 1997 and with its deconsolidation in 1999, the Board started to wade into dangerous waters. With the establishment of the LJM partnership and the waiver of the code of conduct, they were up to their necks, and with the Board’s approval of the Raptors, the Board was swimming way over their heads. In the end, Enron drowned in its own debt. The Board had ample knowledge of the dangerous waters in which

P a g e | 181



Enron was swimming and it did not do anything about it. The Board told the Subcommittee staff that because each of Enron’s transactions was approved by Enron management, whom they saw as some of the most creative and talented people in the business, and because the transactions had been approved by Arthur Andersen, a top auditing firm, and by Enron’s lawyers and private law firms like Vinson and Elkins, by the credit rating agencies, or by investment bankers who had a significant stake in a lot of these transactions, the Board assumed that the transactions were OK. Now, I can see why you might rely on a company auditor or an outside attorney, but the Board must exercise independent judgment. The Board is not supposed to be a rubber stamp for auditors or attorneys. Also, the people that the Board relied on were conflicted in their roles involving Enron, and the Board knew it. First, the Board knew that Enron’s management handed out bonuses like candy at Halloween. Employees were given huge bonuses for closing deals, and many of these deals proved damaging to Enron. For instance, two executives closed a deal on a power project in India, which is now a financial disaster, and got bonuses in the range of $50 million. The head of one Enron division who was moved out of the company walked away with more than $250 million in the year that he was shown the door. The temptation to self-enrichment at Enron was overwhelming. Arthur Andersen was conflicted, because it served Enron as both an auditor and a consultant, and, for 2 years, it also served as Enron’s

P a g e | 182



internal auditor, essentially auditing its own work. Enron was Andersen’s largest client, and in 2000, Andersen earned over $50 million in fees from the company. Employees of Andersen routinely crossed over to work for Enron, and an Andersen employee who actually questioned Enron practices while serving on the audit team was promptly reassigned to another client at Enron’s urging. Relying on outsiders, conflicted or not, does not relieve the Board from the ultimate responsibility to make sure that at the end of the day, Enron was operating properly and Enron’s financial statement was a fair representation of Enron’s financial condition. The Board failed in that responsibility. The structured debt and guarantees overwhelmed Enron’s ability to pay, and that meant bankruptcy for the corporation, huge pension losses for employees, investment losses for stockholders, and business losses for hundreds of small companies that did business with Enron, while the officers of the corporation walked away with fortunes.

OPENING STATEMENT OF SENATOR COLLINS Today is the first in a series of hearings to be held by the Permanent Subcommittee on Investigations into the events that led to the bankruptcy of the Enron Corporation. As a result of the company’s downward spiral and ultimate bankruptcy, shareholders, both large and small, individual and institutional, lost an estimated $60 billion. This includes more than 15,000 Enron employees and retirees who had a significant proportion of their pension funds invested in the company’s stock.

P a g e | 183



They lost an astounding $1.3 billion. The collapse of Enron caused thousands of Americans to lose their jobs, to lose savings, and to lose confidence in corporate America. Unraveling the complexities of what happened, determining who is responsible, and prosecuting those individuals will take the Department of Justice, the Labor Department, and the Securities and Exchange Commission many months and possibly years. The Subcommittee’s job is not to duplicate those efforts, but rather to examine the actions taken by all of the players who contributed to Enron’s demise in order to illuminate the public policy issues. By doing so, the Subcommittee can help focus the debate in Congress, in State legislatures, and in corporate board rooms across the Nation on what measures should be taken and by whom to minimize the chances of another Enron-like debacle. In this first hearing, the Subcommittee will examine the role played by Enron’s Board of Directors in the company’s bankruptcy. I want to acknowledge the Board’s full cooperation with this investigation. I also want to take a moment to praise Senator Levin and the dedicated both Majority and Minority Subcommittee staff who have been tireless in their efforts to unravel a very tangled web of conflicts of interest, unusual transactions, and lax oversight. Corporate boards play an essential role in the American economy. They are the single most important guardians of a company’s shareholders, and as such, they have a fiduciary duty to promote the interests of the corporation, to act in good faith, and to exercise their best judgment.

P a g e | 184



When Korn/Ferry, a major corporate recruiter, polled corporate directors in 2001 to determine the outstanding capabilities of board members, it identified one single trait that stood significantly above all the others. That trait is a willingness to challenge management decisions when necessary. There is no question that directors generally should be able to rely on the representation of management and independent experts. But directors have an obligation to do more than simply accept what they are told, occasionally ask whether there are any problems, and inquire whether the accountants agree on the propriety of actions presented for their approval. Prudent directors retain their objectivity and to some degree, a healthy skepticism. They must be willing to ask the tough questions of management, recognize those situations where independent expert advice should be sought, and exercise heightened diligence when a company is pursuing unfamiliar or new territory. Enron was a company that prided itself on its innovation. CEO Jeffrey Skilling often boasted of Enron’s pioneering efforts as it transformed itself from a traditional energy company to a global enterprise creating new markets and businesses. In contrast, it appears that the Board of Directors continued to perform its duties as if Enron were still an old-line, conservative energy company, at a time when it appears they should have been far more probing, given Enron’s metamorphosis into an energy trading company. Serving as a director for a corporation as complicated as Enron obviously is not an easy task.

P a g e | 185



Enron was one of America’s largest corporations. It had thousands of partnerships, joint ventures, and other special purpose entities, many of which were engaging in transactions that can only, and barely even then, be followed with the aid of complex diagrams. In fact, the Board members interviewed by the staff appear to have been unaware that Enron has some 3,000 related entities, including 600 using the same post office box in the Cayman Islands. I would argue that should have been another red flag. The complexity of the responsibility is precisely why Enron’s Directors were paid hundreds of thousands of dollars per year in cash, stock, and options. While the exact amount of compensation can be difficult to determine, depending on how one calculates the value of stock options, there is no question that Enron’s Board members were among the most highly compensated in the world. Today, we will ask five Enron Directors what they did to protect shareholders and why they believe that they failed in doing so. We will also hear an evaluation of their efforts from some of the leading experts on corporate governance. I am particularly interested to learn more about the Board’s response to the large stock sales engaged in by Enron’s management, its reaction to the departure of a CEO who left after only 6 months on the job, and its decision to approve a waiver of Enron’s code of conduct to allow the Chief Financial Officer to engage in business deals with the company. This latter decision is the Board action that I find among the most inexplicable. During the investigation, the Subcommittee spoke with many experts on corporate governance, and not a single one had ever heard of a public

P a g e | 186



company ratifying a similar proposal. I want to understand also the Board’s view of what now appears to be the obvious conflicts of interest that contributed to Enron’s collapse and to explore whether the Board, and its Audit Committee in particular, believed that they acted prudently in monitoring the outside auditor, Andersen. Actually, Andersen, as we know, was more than the outside auditor, which is another issue in and of itself. The Board, with Andersen’s endorsement, approved many of the transactions described by Senator Levin that enabled the company to paint a false picture of its financial health and Enron employees to enrich themselves at the expense of the corporation, its shareholders, and ultimately its creditors. We are still working to unravel the complexities of these transactions, which has proven to be a monumental task. It is troubling to me that in staff interviews, Board members have provided little insight into major transactions. For example, not one Board member could explain or recall a $2.2 billion Board resolution that approved the issuance of preferred Enron stock to an outside investor. Now, I certainly do not expect the Board members to have perfect recall of every deal that they approved, but I would hope that transactions that rise to the threshold of multiple billions of dollars would be memorable to at least someone on the Board. In addition, we will discuss some of the alleged conflicts of interest created by some of the Board members’ other relationships with Enron. Was the Board’s vigilance dulled by large consulting fees, corporate

P a g e | 187



contributions to their favorite charities, and other business relationships? Every corporate governance expert with whom we spoke was critical, for example, of any Board member having a consultant contract with Enron. At a minimum, such relationships do not foster the appearance of propriety and financial independence of Board members. Mr. Chairman, the Enron case is uncannily similar to another business failure that occurred some 70 years ago. In the early 1930’s, an electric holding company called Middle West Utilities collapsed under the weight of stock fraud and cooked books. Middle West was comprised of so many interlocking boards that it took the Federal Trade Commission 7 years to fully comprehend its structure, which involved 284 affiliates. Underneath its incredibly complex structure lay an immense amount of debt taken on as it expanded in the 1920’s. Ironically, Middle West’s auditor was a relatively new firm named Arthur Andersen. There is, however, one significant difference between Middle West’s and Enron’s executives. The Middle West CEO’s considerable fortune of around $150 million was tied up in Middle West holdings and disappeared with the company. In contrast, many of Enron’s managers were making tens and, at least in one case, hundreds of millions of dollars by dumping their Enron stock before the corporation’s collapse. Although imperfect, it is important to remember that today, our systems of accounting and financial regulation are the best in the world. That makes the Enron case all the more troubling, because it simply

P a g e | 188



should not have happened. It represents a colossal failure of virtually every mechanism that is supposed to provide the checks and balances on which the integrity of our capital markets depend. And in that system, the Board of Directors is supposed to provide the first line of defense by overseeing the conduct of management. There are already encouraging signs that many directors in the wake of Enron’s collapse are taking their roles much more seriously. As we seek answers in the Enron case, we should be careful not to act precipitously without understanding the true nature and extent of the problems underlying the corporation’s bankruptcy. The testimony we will hear this morning about the role of the Board of Directors should provide some answers. It should also yield valuable lessons for strengthening our free enterprise system, restoring public confidence in our capital markets, and ensuring that small investors, in particular, have access to complete and accurate information to guide their investment decisions.

TESTIMONY OF JOHN H. DUNCAN, FORMER EXECUTIVE COMMITTEE CHAIR, BOARD OF DIRECTORS, ENRON CORPORATION, HOUSTON, TEXAS Chairman Levin, Senator Collins, and Members of the Subcommittee, good morning and thank you for the opportunity to address this Subcommittee. My name is John Duncan. From 1967 to 1985, I was a Director of Enron’s predecessor company, Houston Natural Gas, and I was there when Enron began in 1985.

P a g e | 189



I have served as the Chairman of the Executive Committee since 1986. Thus, I am the Enron Director who has served the longest period of time. Until the Fall of 2001, I considered Enron one of the great companies of this country, and I was proud to be one of its directors. I resigned from the Board in March 2002. After receiving my bachelor’s degree in business administration at the University of Texas, I set out to become a businessman, to start and run my own company. With the exception of the first job, in a family business, and a stint in the U.S. Air Force during the Korean War, I have not drawn a paycheck from a company of which I was not either the founder or the co-founder. As co-founder and President of Gulf and Western and founder of Gulf Consolidated Services, both companies had small beginnings and wonderful success stories. During the course of my career, I have served on the board of seven New York Stock Exchange Companies, and, Senator Durbin, not all at one time. I have also served and chaired the boards of several important Texas institutions, including the Chancellor’s Council of the University of Texas System, Southwestern University in Georgetown, Texas, the Board of Visitors at M.D. Andersen Cancer Center, and all the metropolitan Houston YMCAs. I provide that background to the Subcommittee to respectfully suggest that I have had substantial experience and exposure to the workings and to the role and to the duties of a board of directors. I also know a board’s limitations.

P a g e | 190



That is what I want to talk about today. In particular, I want to focus on what I believe are the elements of an effective board and why I believe the tragic events of Enron occurred. First, I believe the directors must be individuals who possess integrity and intelligence. They also should collectively bring a broad spectrum of knowledge and experience in the areas of business and finance and in the particular fields that the company is in. People usually acquire this experience by having operated a company with a significant budget or by having obtained unique experience from other professions that are relevant to the company’s mission. The Directors of the Enron Board certainly possess, in my opinion, these Qualities. My colleagues are highly ethical and of good character. As far as intelligence goes, I can simply say that if education is any measure, I believe I was one of only two directors who did not have a master’s degree or a doctorate degree. Our directors are experienced, successful businessmen and women, experts in areas of finance and accounting, and have had experience in leading large institutions. Others, like our overseas directors, brought experience in certain areas of the world in which Enron saw great business potential. Second, I believe the board must be dedicated and diligent in addressing the matters that are presented to it. The directors need to do their homework, analyze the issues, ask penetrating questions, and make decisions that are always in the best

P a g e | 191



interest of the shareholders. In my opinion, the Enron directors met this criteria. We worked hard. We prepared for meetings. We asked probing questions and imposed specific controls and procedures that management and outside advisors were required to follow. I know that my colleagues here today will address those items in more detail. We were also willing to say ‘‘no’’ to management when we did not agree with its recommendations. A good example of exercising a board’s responsibility and to act independently in the company’s best interest occurred only last September, when all the indicators that we had were still positive and before any of the outside directors was aware that Enron was in trouble. We were presented two transactions at the Executive Committee and the Board; management requested to authorize the purchase of two pulp paper mills at a price in excess of $300 million cash. We did not approve these acquisitions because we were concerned about a prior acquisition in the same field; we did not like the purchase price; and we wanted to preserve our financial flexibility in the light of the September 11 tragedies. We postponed our decision, but we now know that subsequent events soon overtook us and the company. I did not sit on the Audit Committee or the Finance Committee, but I did sit in as a guest at a number of their meetings. In my opinion, these committees and these members thoroughly executed their duties.

P a g e | 192



Third, I think that a board cannot be successful unless it feels comfortable relying on the intelligence and integrity of the management, as well as other advisors who present matters to the board. With over 20,000 employees working at the company, with over 200 lawyers writing contracts every day, and with over 400 accountants posting the daily books, we, the directors, had to rely on the reports given to us by the officers of the company. Frankly, there is no other way that we could direct effectively a company of that size. We felt confident relying on the senior management of the company, as we truly believed we had hired some of the best and the brightest in the industry. National, independent publications lauded the Enron officers for their intelligence, leadership, and creativity. Finally, I believe the management and other advisors reporting to the board must tell the truth. They must tell the complete truth, good or bad, in order for the board to make informed decisions. We now know this did not happen at Enron. The Board had implemented mechanisms and controls to ensure, at the very least, it obtained early warning signals of any impending problem. Among other procedures, we created a risk management officer position, and we staffed that department with nearly 100 employees. That officer and that department was responsible for reporting to the Board the most significant concerns and credit issues that faced the company.

P a g e | 193



That did not happen. It is now quite clear that significant information about related party transactions was withheld from us. We were not aware, for example, of the problems of Chewco. They were withheld from us for years. We were not informed about Raptor III. We were not told about the $800 million recapitalization of the Raptors in late 2000 and 2001. We were not told that employees, in addition to Andy Fastow, were participants in a number of partnerships, and we were unaware of their substantial windfall profits. As late as the August 14, 2001 Board meeting, the Board was briefed on the financial condition of the company. Your staff has that briefing. The report was—earnings were up, balance sheet was stable, except maybe a credit rating improvement in the year 2002. Various Power Point slides given at that same meeting indicated to the Board that the company’s good business was still improving as usual. The Powers Report and the reports we now have read in the press indicate that for many months, if not years, certain members of management and our outside auditors were well aware of the problems facing the company, and they did not tell us. In sum, I do not believe that Enron’s fall would have been avoided had the Board asked more questions, implemented more controls, or avoided certain financing projects, because they were too complicated or risky.

P a g e | 194



Rather, I believe if management had implemented the Board’s controls, as they assured us they had, if just one of the Board’s officers or employees had fulfilled his or her corporate duty to reveal these problems or to any one director, or if the outside auditors had executed their obligation to convey to us concerns they privately expressed and documented amongst themselves, that I and we would not be here today.

P a g e | 195



P a g e | 196



P a g e | 197



P a g e | 198



P a g e | 199



P a g e | 200



P a g e | 201



PCAOB Enters Into Cooperative Agreement with Dubai The Public Company Accounting Oversight Board has announced that it has entered into a cooperative arrangement with the Dubai Financial Services Authority (DFSA) for the oversight of auditors that practice in the regulators' respective jurisdictions. The two regulators plan to hold a formal signing ceremony in January. "For many years the DFSA has been a valued partner as the PCAOB has sought to ensure effective cross-border audit oversight," said PCAOB Chairman James R. Doty. "We are pleased that this agreement will allow us to exchange confidential information, which will enhance the strong cooperative relationship that already exists," he added. This marks the second cooperative arrangement that the PCAOB has concluded in the Middle East. The PCAOB recently signed a cooperative arrangement with the Israeli Securities Authority. In addition, earlier this month, the PCAOB announced that it had entered into a cooperative agreement with the Netherlands Authority for the Financial Markets. The PCAOB already conducts inspections in Dubai. The agreement authorizes the PCAOB and the DFSA to exchange confidential information, consistent with the provisions of the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act. Those provisions amended the Sarbanes-Oxley Act of 2002 to permit the PCAOB to share confidential information with its non-U.S. counterparts under certain circumstances. "We are pleased to have concluded these arrangements with the DFSA," said Rhonda Schnare, PCAOB Director of International Affairs.

P a g e | 202



"The PCAOB has long considered the DFSA's approach to cross-border regulation to be a model of cooperation, which furthers the goal of protecting investors." The Sarbanes-Oxley Act directed the PCAOB to oversee and periodically inspect all accounting firms that regularly audit companies whose securities trade in U.S. markets. More than 900 audit firms currently registered with the PCAOB are located outside the United States, spanning 88 jurisdictions. There are eight registered firms located in Dubai.

P a g e | 203



U.S. Securities and Exchange Commission, Annual Report on the Dodd Frank Whistleblower Program, Fiscal Year 2011.

Section 922 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the “Dodd-Frank Act”), amended the Securities Exchange Act of 1934 (the “Exchange Act”) by, among other things, adding Section 21F, entitled “Securities Whistleblower Incentives and Protections.” Section 21F directs the Commission to make monetary awards to eligible individuals who voluntarily provide original information that leads to successful Commission enforcement actions resulting in the imposition of monetary sanctions over $1,000,000, and certain related successful actions. Awards are required to be made in the amount of 10% to 30% of the monetary sanctions collected.

P a g e | 204



Awards will be paid from the Commission’s Investor Protection Fund (the “Fund”). In addition, Dodd-Frank Act § 924(d) directs the Commission to establish a separate office within the Commission to administer the whistleblower program. Section 924(d) of the Dodd-Frank Act requires the Commission’s Office of the Whistleblower to report annually to Congress on its activities, whistleblower complaints, and the response of the Commission to such complaints. In addition, Exchange Act § 21F(g)(5) requires the Commission to submit an annual report to Congress that addresses the following subjects: • The whistleblower award program, including a description of the number of awards granted and the types of cases in which awards were granted during the preceding fiscal year; • The balance of the Fund at the beginning of the preceding fiscal year; • The amounts deposited into or credited to the Fund during the preceding fiscal year; • The amount of earnings on investments made under Section 21F(g)(4) during the preceding fiscal year; • The amount paid from the Fund during the preceding fiscal year to whistleblowers pursuant to Section 21F(b); • The balance of the Fund at the end of the preceding fiscal year; and • A complete set of audited financial statements, including a balance sheet, income statement and cash flow analysis. This report has been prepared by the Commission’s Office of the

P a g e | 205



Whistleblower to satisfy the reporting obligations of Dodd Frank Act § 924(d) and Exchange Act § 21F(g).

Implementation of the Whistleblower Award Program Adoption of Implementing Regulations Exchange Act § 21F(b) provides that whistleblower awards shall be paid under regulations prescribed by the Commission. Shortly after the enactment of the Dodd-Frank Act, the Commission formed a cross-disciplinary working group to draft proposed rules to implement the Act’s whistleblower provisions. In addition, before publishing proposed rules and commencing formal notice-and-comment rulemaking, the Commission provided an e-mail link on its website to facilitate public input about the whistleblower award program. On November 3, 2010, the Commission proposed Regulation 21F to implement Exchange Act § 21F. The Commission received more than 240 comment letters and approximately 1,300 form letters on the proposal. In response to the comments, the Commission made a number of revisions and refinements to the proposed rules in order to better achieve the goals of the statutory whistleblower program and to advance effective enforcement of the federal securities laws. On May 25, 2011, the Commission adopted final Regulation 21F, which became effective on August 12, 2011 (the “Final Rules”). Among other things, the Final Rules define certain terms essential to the operation of the whistleblower program; establish procedures for submitting tips and applying for awards, including appeals of Commission determinations whether or to whom to make an award;

P a g e | 206



describe the criteria the Commission will consider in making award decisions; and implement the Dodd-Frank Act’s prohibition against retaliation for whistleblowing.

Establishment and Activities of the Office of the Whistleblower Section 924(d) of the Dodd-Frank Act directs the Commission to establish a separate office within the Commission to administer and to enforce the provisions of Exchange Act § 21F. On February 18, 2011, the Commission announced the appointment of Sean X. McKessy to head the newly-created Office of the Whistleblower in the Division of Enforcement. In addition to Mr. McKessy, the Office is currently staffed by five attorneys and one senior paralegal on detail from various Commission Divisions and Offices, each serving a 12-month detail in the Office of the Whistleblower. These details started in May 2011. The Office of the Whistleblower is in the process of recruiting and hiring a Deputy Chief. Since its establishment, the Office of the Whistleblower has focused primarily on establishing the office and implementing the whistleblower program. During fiscal year 2011, the Office’s activities included the following: • Providing extensive training on the Dodd-Frank statute and Final Rules to the Commission’s staff; • Establishing and implementing internal policies, procedures, and protocols; • Establishing a publicly-available Whistleblower hotline for members of the public to call with questions about the program. Office of the Whistleblower attorneys return calls within 24 business hours.

P a g e | 207



Since the hotline was established in May 2011, the Office has returned over 900 phone calls from members of the public; • Redesigning and launching an Office of the Whistleblower website dedicated to the whistleblower program (www.sec.gov/whistleblower). The website includes detailed information about the program, copies of the forms required to submit a tip or claim an award, notices of covered actions, links to helpful resources, and frequently asked questions; • Meeting with whistleblowers, potential whistleblowers and their counsel, and consulting with the relevant subject matter experts in the Division of Enforcement to provide guidance to whistleblowers and their counsel concerning expectations and follow up; • Conferring with regulators from other agencies’ whistleblower offices, including the Internal Revenue Service, Commodity Futures Trading Commission, Department of Justice, and Department of Labor (OSHA), to discuss best practices and experiences; • Publicizing the program actively through participation in webinars, presentations, speeches, press releases, and other public communications; • Assisting in updating the Commission’s web-based system for submitting tips, complaints, and referrals (https://denebleo.sec.gov/TCRExternal/index.xhtml) to conform to the Final Rules;

http://www.sec.gov/whistleblower

P a g e | 208



• Providing ongoing guidance to staff throughout the Commission regarding various aspects of the program, including the development of internal policies for the handling of confidential whistleblower identifying information; And

• Working with Enforcement staff to identify and track all enforcement cases involving a whistleblower to assist in the documentation of the whistleblower’s participation in anticipation of an eventual claim for

P a g e | 209



award.

Whistleblower Tips Received During Fiscal Year 2011 The Final Rules specify that individuals who would like to be considered for a whistleblower award must submit their tip to the Office of the Whistleblower on Form-TCR either via facsimile or mail or via the Commission’s online TCR questionnaire portal. Concurrently with the effectiveness of the Final Rules on August 12, 2011, the Commission updated its Tips, Complaints and Referrals System (the “TCR System”) to conform the online questionnaire to the substantive requirements in the Final Rules and to provide enhanced whistleblower functionality. The updated online TCR questionnaire allows whistleblowers to make online submissions that satisfy Regulation 21F, including making the required declarations. In addition, the TCR System allows the Commission to comprehensively and centrally track all whistleblower tips submitted to the Commission online or via hard copy by mail or facsimile. Because the Final Rules became effective August 12, 2011, only 7 weeks of whistleblower tip data is available for fiscal year 2011. Appendix A lists, by subject matter and month, the 334 whistleblower tips received from August 12, 2011 through September 30, 2011. The most common complaint categories were market manipulation (16.2%), corporate disclosures and financial statements (15.3%), and offering fraud (15.6%). The Commission received whistleblower submissions from individuals in 37 states, as well as from several foreign countries, including China (10) and the United Kingdom (9).

P a g e | 210



Appendices B and C set forth tabular presentations of the sources of domestic and international whistleblower tips. As a result of the relatively recent launch of the program and the small sample size, it is too early to identify any specific trends or conclusions from the data collected to date. We expect that the Annual Report for 2012 – with the benefit of a full year’s worth of data – will yield such trends and conclusions.

Processing of Whistleblower Tips During Fiscal Year 2011 The Office of the Whistleblower leverages the resources and expertise of the Commission’s Office of Market Intelligence to triage incoming whistleblower TCRs and to assign specific, timely and credible TCRs to appropriate members of the Enforcement staff. During the triage process, several layers of staff in the Office of Market Intelligence examine each submitted tip to identify those that are sufficiently specific, timely and credible to warrant the further allocation of Commission resources, or a referral to another law enforcement or regulatory agency. Complaints that relate to an existing investigation are generally forwarded to the staff assigned to the existing matter. Complaints that involve the specific expertise of another Division or Office within the Commission are generally forwarded to staff in that particular Division or Office for further analysis. When appropriate, complaints that fall within the jurisdiction of another federal or state agency are forwarded to the Commission contact at that agency, provided this can be done without violating the confidentiality of whistleblower-identifying information contained in the complaint. Complaints that relate to the private financial affairs of an investor or a discrete investor group are usually forwarded to the Office of Investor

P a g e | 211



Education and Advocacy (“OIEA”). Comments or questions about agency practice or the federal securities laws are also forwarded to OIEA. The Office of the Whistleblower participates in the tip allocation and investigative processes in several ways. When callers to the Office of the Whistleblower’s voicemail provide information of any allegation or statement of concern about possible violations of the federal securities laws or conduct that poses a possible risk of harm to investors (either as a message or during a return call), members of the Office of the Whistleblower staff enter that information in the TCR System so it can be triaged. During triage, the Office of the Whistleblower may contact the whistleblower to glean additional information or may participate in the qualitative assessment of the best course of action to take in response to a whistleblower tip. During an investigation, the Office of the Whistleblower is available as needed to serve as a liaison between the whistleblower (and his or her counsel) and investigative staff. On occasion, the Office of the Whistleblower arranges meetings between whistleblowers and subject matter experts on the Enforcement staff to assist in better understanding the whistleblowers’ submissions and developing the specific facts of a case. Staff in the Office of the Whistleblower also communicates frequently with Enforcement staff with respect to the timely documentation of information regarding the staff’s interactions with whistleblowers, the value of the information provided by whistleblowers, and the assistance provided by whistleblowers as the potential securities law violation is being investigated.

P a g e | 212



Whistleblower Incentive Awards Made During Fiscal Year 2011 The Final Rules set out the procedures for applying for a whistleblower award. The award process begins following the entry of a final judgment or order for monetary sanctions that, alone or jointly with judgments or orders previously entered in the same action or an action based on the same nucleus of operative facts, exceeds $1 million. Following the entry of such a judgment or order, the Office of the Whistleblower publishes a Notice of Covered Action on the Commission's website. Once a Notice of Covered Action is posted, individuals have 90 calendar days to apply for an award by submitting a completed whistleblower award application, which is known as Form WB-APP, to the Office of the Whistleblower. On August 12, 2011, the Office of the Whistleblower posted Notices of Covered Actions for the 170 applicable enforcement judgments and orders issued from July 21, 2010 through July 31, 2011 that included the imposition of sanctions exceeding the statutory threshold of $1 million. It is anticipated that as the program evolves, the Office of the Whistleblower’s standard practice will be to provide individualized notice to whistleblowers who may have contributed to the success of a Commission action resulting in monetary sanctions exceeding $1 million. Analysis of claims submitted in connection with any of these Covered Actions requires, as a preliminary matter, identifying all claimants who submit an application for an award in connection with the Covered Action before the deadline.

P a g e | 213



Securities and Exchange Commission Investor Protection Fund Section 922 of the Dodd-Frank Act established the Securities and Exchange Commission Investor Protection Fund (“Fund”) to provide funding for the Commission's whistleblower award program, including the payment of awards in related actions. In addition, the Fund is used to finance the operations of the SEC Office of the Inspector General’s suggestion program. The suggestion program is intended for the receipt of suggestions from Commission employees for improvements in the work efficiency, effectiveness, and productivity, and use of resources at the Commission, as well as allegations by Commission employees of waste, abuse, misconduct, or mismanagement within the Commission. As of September 30, 2011, the Fund was fully funded, with an ending balance of $452,788,043.74

Note: This is a Report of the Staff of the U.S. Securities and Exchange Commission. The Commission has expressed no view regarding the analysis, findings, or conclusions contained herein.

P a g e | 214



P a g e | 215



Frequently Asked Questions What is the SEC Whistleblower Program? The Whistleblower Program was created by Congress to provide monetary incentives for individuals to come forward and report possible violations of the federal securities laws to the SEC. Under the program eligible whistleblowers (defined below) are entitled to an award of between 10% and 30% of the monetary sanctions collected in actions brought by the SEC and related actions brought by other regulatory and law enforcement authorities. The Program also prohibits retaliation by employers against employees who provide us with information about possible securities violations. Who is an eligible whistleblower? An “eligible whistleblower” is a person who voluntarily provides us with original information about a possible violation of the federal securities laws that has occurred, is ongoing, or is about to occur. The information provided must lead to a successful SEC action resulting in an order of monetary sanctions exceeding $1 million. One or more people are allowed to act as a whistleblower, but companies

P a g e | 216



or organizations cannot qualify as whistleblowers. You are not required to be an employee of the company to submit information about that company. See Rule 21F-2. What does it mean to “voluntarily” provide information? Your information is provided “voluntarily” if you provide it to us or another regulatory or law enforcement authority before (i) We request it from you or your lawyer or (ii) Congress, another regulatory or enforcement agency or selfregulatory organization (such as FINRA) asks you to provide the information in connection with an investigation or certain examinations or inspections. See Rule 21F-4(a). What is “original information?” “Original information” is information derived from your independent knowledge (facts known to you that are not derived from publicly available sources) or independent analysis (evaluation of information that may be publicly available but which reveals information that is not generally known) that is not already known by us. So if we received your information previously from another person, that information will not be original information unless you were the original source of the information that the other person submitted. See Rule 21F- 4(b)(1). How might my information “lead to” a successful SEC action? Your information satisfies the “led to” criterion if your information causes us to open a new investigation, re-open a previously closed investigation or pursue a new line of inquiry in connection with an ongoing investigation, and we bring a successful enforcement action based at least in part on the information you provided.

P a g e | 217



Additionally, you may still be eligible if your information relates to an ongoing examination or investigation, if the information you provide significantly contributes to the success of our resulting enforcement action. You may also be eligible if you report your information internally first to your company, and the company later reports your information to us, or reports the results of an internal investigation that was prompted by your information, as long as you also report directly to us within 120 days. I work at a company with an internal compliance process. Can I report internally and still be eligible for a whistleblower award? Although internal reporting is not required to be considered for an award, you may be eligible for an award for information you reported internally if you also report the information to us within 120 days of reporting it internally. Under these circumstances, we will consider your place in line for determining whether your information is “original information” to be the date you reported it internally. In addition, if the company to which you reported conducts an investigation and reports the results to us, you will benefit from all the information the Company’s investigation turns up when we are considering whether you should receive an award and if so where the award should fall in the 10% to 30% range. I provided information to the SEC before the enactment of Dodd-Frank on July 21, 2010. Am I eligible for an award? No. The statute makes awards available only in connection with information submitted to the SEC after July 21, 2010. See Rule 21F- 4(b)(1). How do I submit information under the SEC whistleblower program?

P a g e | 218



In order to qualify for an award under the whistleblower program, you must submit your information either through our online Tips, Complaints and Referrals questionnaire or by completing our hardcopy Form-TCR and mailing or faxing it to the SEC Office of the Whistleblower, 100 F Street NE, Mail Stop 5971, Washington, DC 20549, Fax (703) 813-9322. Can I submit my information anonymously? Yes, you may submit anonymously. To do so, you must have an attorney represent you in connection with your submission. You must also provide the attorney with a completed Form TCR signed under penalty of perjury at the time you make your anonymous submission. Will the SEC keep my identity confidential? Whether or not you seek anonymity, the SEC is committed to protecting your identity to the fullest extent possible. For example, we will not disclose your identity in response to requests under the Freedom of Information Act. However, there are limits on our ability to shield your identity and in certain circumstances we must disclose it to outside entities. For example, in an administrative or court proceeding, we may be required to produce documents or other information which would reveal your identity. In addition, as part of our ongoing investigatory responsibilities, we may use information you have provided during the course of our investigation. In appropriate circumstances, we may also provide information, subject

P a g e | 219



to confidentiality requirements, to other governmental or regulatory entities.. How will I learn about the opportunity to apply for an award? We will post on this web site notices of actions exceeding $1 million in sanctions so that anyone who believes they may be eligible will have an opportunity to apply for a whistleblower award. In addition, if we have been working with you and believe you may be eligible, we will contact you or your attorney directly to alert you to the opportunity to apply for an award. How do I apply for an award? Once the case you believe your information led to is posted, you must complete and return Form WB-APP within 90 calendar days to the Office of the Whistleblower via mail to 100 F Street, NE, Mail Stop 5971, Washington DC 20549, or by fax (703) 813-9322. What factors does the SEC consider in determining the amount of the award? The Rules require that we consider many factors in determining the amount of an award based on the unique facts and circumstances of each case. We may increase the award percentage based on the existence of these factors: - The significance of the information you provided us to the success of any proceeding brought against wrongdoers. - The extent of the assistance you provide us in our investigation and any successful proceeding. - Our law enforcement interest in deterring violations of the securities

P a g e | 220



laws by making awards to whistleblowers who provide information that leads to the successful enforcement of these laws. - Whether, and the extent to which, you participated in your company's internal compliance systems, such as, for example, reporting the possible securities violations through internal whistleblower, legal or compliance procedures before, or at the same time, you reported them to us. We may reduce the amount of an award based on these factors: - If you were a participant in, or culpable for the securities law violation(s) you reported. - If you unreasonably delayed reporting the violation(s) to us. - If you interfered with your company's internal compliance and reporting systems, such as, for example, making false statements to your compliance department that hindered its efforts to investigate possible wrongdoing. Can I appeal the SEC's award decision? It depends. If the Commission follows the factors described above, authorizes an award, and the amount awarded is between 10% and 30% of the monetary sanctions collected in the Commission or related action, then the Commission’s determination of the amount of the award is not appealable. If the Commission denies your application for an award, you may file an appeal in an appropriate United States Court of Appeals within 30 days of the decision being issued. What rights do I have if my employer retaliates against me for submitting information to the SEC?

P a g e | 221



Employers may not discharge, demote, suspend, harass, or in any way discriminate against you because of any lawful act done by you in providing information to us under the whistleblower program or assisting us in any investigation or proceeding based on the information submitted. If you believe that your employer has wrongfully retaliated against you, you may bring a private action in federal court against your employer. If you prevail, you may be entitled to reinstatement, double back pay, litigation costs, expert witness fees, and attorneys fees. The Commission can also take legal action in an enforcement proceeding against any employer who retaliates against a whistleblower for reporting information to us. Also, under the Sarbanes-Oxley Act, you may be entitled to file a complaint with the Department of Labor if you are retaliated against for reporting possible securities law violations, including making internal reports to your company. For more details, please see the OSHA Fact Sheet on filing whistleblower complaints under the Sarbanes-Oxley Act.

P a g e | 222



Employees who work for publicly traded companies or companies that are required to file certain reports with the Securities and Exchange Commission (SEC) are protected from retaliation for reporting alleged mail, wire, bank, or securities fraud; violation(s) of SEC rules and regulations; or violation(s) of Federal law relating to fraud against shareholders.

Covered Companies A company is covered by section 806 of the Sarbanes-Oxley Act of 2002 (SOX) if it has a class of securities registered under Section 12 of the Securities Exchange Act or is required to file reports under Section 15(d) of that Act. Its subsidiaries, contractors, subcontractors, or agents may also be covered. On July 21, 2010, the Sarbanes-Oxley Act was amended by the DoddFrank Wall Street Reform and Consumer Protection Act (Public Law 111-203) to extend coverage to “nationally recognized statistical rating organizations,…as defined in Section 3(a) of the Securities Exchange Act, and their contractors, subcontractors and agents.”

Protected Activity An employer covered under SOX may not discharge or in any manner retaliate against an employee because he or she: • provided information

P a g e | 223



• caused information to be provided, or • assisted in an investigation by _ a federal regulatory or law enforcement agency _ a Member or committee of Congress, or _ an internal investigation by the company relating to alleged mail fraud, wire fraud, bank fraud, securities fraud, violation(s) of SEC rules and regulations, or violation(s) of Federal law relating to fraud against shareholders. In addition, an employer may not discharge or in any manner retaliate against an employee because he or she filed, caused to be filed, participated in or assisted in a proceeding relating to alleged mail fraud, wire fraud, bank fraud, securities fraud, violation(s) of SEC rules and regulations, or violation(s) of Federal law relating to fraud against shareholders. If an employer takes retaliatory action against an employee because he or she engaged in any of these protected activities, the employee can file a complaint with OSHA.

Unfavorable Employment Actions An employer may be found to have violated SOX if the employee’s protected activity was a contributing factor in the employer’s decision to take unfavorable employment action against the employee. Such actions may include: • Firing or laying off • Blacklisting • Demoting

P a g e | 224



• Denying overtime or promotion • Disciplining • Denying benefits • Failing to hire or rehire • Intimidation • Making threats • Reassignment affecting prospects for promotion • Reducing pay or hour

Deadline for Filing Complaints Complaints must be filed within 180 days after an alleged violation of SOX or after the date on which the employee became aware of the violation. An employee, or representative of an employee, who believes that he or she has been retaliated against in violation of SOX may file a complaint with OSHA.

How to File a SOX Complaint An employee can file a SOX complaint with OSHA by visiting or calling their local OSHA office at 1-800-321-OSHA (6742), or sending a written complaint to their closest OSHA regional or area office. Written complaints may be filed by facsimile, hand delivery during business hours, U.S. mail (confirmation services recommended), or other third-party commercial carrier. For written complaints, the date the complaint is sent via facsimile,

P a g e | 225



hand delivered, postmarked, or delivered to a third-party commercial carrier is considered the date filed. No particular form is required and complaints may be submitted in any language. For OSHA area office contact information, please call 1-800-321-OSHA (6742) or visit www.osha.gov/html/RAmap.html Complaints must be filed within 180 days of the alleged discrimination or of when the employee learned of the alleged discrimination. Upon receipt of a complaint, OSHA will first review it to determine whether it is a valid complaint allegation (e.g., timeliness or jurisdiction).

Results of the Investigation If the evidence supports an employee’s claim of retaliation and a settlement cannot be reached, OSHA will issue an order requiring the employer to reinstate the employee, pay back wages, restore benefits, and other possible relief to make the employee whole, including: • Reinstatement with the same seniority status. • Payment of back pay with interest. • Compensation for special damages, attorney’s fees, expert witness fees, and litigation costs. OSHA’s findings and order become the final order of the Secretary of Labor, unless they are appealed within 30 days. After OSHA issues its findings and order, either party may request a full hearing before an administrative law judge of the Department of Labor. The administrative law judge’s decision and order may be appealed to

P a g e | 226



the Department’s Administrative Review Board. If a final agency order is not issued within 180 days from the date the employee’s complaint is filed, then the employee may file the complaint in the appropriate United States district court.

P a g e | 227



The 1st Circuit ruled that employees of private contractors working for public companies are not entitled to whistleblower protections under the Sarbanes-Oxley Act But what is interesting is what had happened before that. It is the first attempt to extend whistleblower protection to employees of private companies.

Chief Judge Lynch gives an expansive interpretation of Section 806 of the Sarbanes Oxley Act (extending whistleblower protection to employees of private companies) LYNCH, Chief Judge - This interlocutory appeal is from the district court's order denying a Rule 12(b)(6) motion to dismiss two separate but related cases under the whistleblower protection provision of section 806 of the Sarbanes-Oxley Act of 2002 (SOX), codified at 18 U.S.C. § 1514A. It raises important questions of first impression. The plaintiffs, Jackie Hosang Lawson and Jonathan M. Zang, brought separate suits alleging unlawful retaliation by their corporate employers, which are private companies that act under contract as advisers to and managers of mutual funds organized under the Investment Company Act of 1940. Because the two suits shared a common defendant, FMR LLC, and both raised the same question of the scope of employees subject to protection under § 1514A, the district court addressed both cases in a single order. The district court concluded that the whistleblower protection provision within SOX section 806 extends its coverage beyond "employees" of "public" companies (as those terms are defined in the section) to encompass also the employees of private companies that are contractors or subcontractors to those public companies. Concerned that this interpretation could be thought too broad, the

P a g e | 228



district court then imposed a limitation, not found in the text, that the employees must be reporting violations "relating to fraud against shareholders." We interpret the statute differently and reverse. Both plaintiffs are suing their former employers, which are private companies that provide advising or management services by contract to the Fidelity family of mutual funds. The Fidelity mutual funds are not parties in either suit, and are investment companies organized under the Investment Company Act of 1940, 15 U.S.C. § 80a-3(a)(1). They are registered with the Securities and Exchange Commission (SEC) and are required to file reports under section 15(d) of the Securities Exchange Act of 1934 (1934 Act), 15 U.S.C. § 78o(d). The mutual funds are owned by their shareholders and are not owned or controlled by, or affiliated with, any of the defendant companies. The Fidelity funds are overseen by a single Fidelity Mutual Fund Board Of Trustees; a super-majority of the Board's members are independent of the funds' advisers. As is not unusual among funds organized under the Investment Company Act, the Fidelity funds have no employees of their own. Plaintiff Zang was employed by Fidelity Management &Research Co. and later by FMR Co., Inc., which was formed as a subsidiary of Fidelity Management & Research Co. (collectively, the Fidelity Management companies). The Fidelity Management companies have entered into contracts with certain of the Fidelity mutual funds to serve as investment advisers or sub-advisers.

P a g e | 229



As investment advisers to the funds, the Fidelity Management companies are subject to the provisions of the Investment Advisers Act of 1940. The Fidelity Management companies are subsidiaries, directly or indirectly, of FMR LLC. Zang's employment was terminated in July 2005. On September 15, 2005, he filed a complaint with the Occupational Health & Safety Administration (OSHA) of the Department of Labor (DOL), based on 18 U.S.C. § 1514A(b)(1)(A), which allows a person who alleges discharge or discrimination in violation of § 1514A(a) to seek relief by filing a complaint with the Secretary of Labor. The Secretary has, in turn, delegated enforcement responsibility for § 1514A to the Assistant Secretary for Occupational Safety and Health. Zang alleged that he had been terminated by the Fidelity Management companies in retaliation for raising concerns about inaccuracies in a draft revised registration statement for certain Fidelity funds. Zang alleged that he reasonably believed these inaccuracies violated several federal securities laws. OSHA dismissed Zang's complaint, finding that he was a covered employee within the meaning of § 1514A(a), that is, he was an employee "covered" by the whistleblower protections, but that he had not engaged in conduct protected by that subsection. Zang objected and had a hearing before an Administrative Law Judge (ALJ). The Fidelity Management companies moved for summary decision, contending, among other things, that Zang was not a covered employee. After allowing limited discovery on the issue, the ALJ granted summary

P a g e | 230



decision for the Fidelity Management companies on that basis and dismissed. Interpreting § 1514A(a), the ALJ concluded that merely being an employee of a privately held contractor to a fund was insufficient to come within the term "employee." Zang petitioned for review of the ALJ decision by the DOL's Administrative Review Board (ARB). Zang then gave notice to the DOL of his intention to file an action in federal court and filed his complaint against the Fidelity Management companies in the district court, terminating his appeal with the ARB. Under SOX, a claimant may seek de novo review in federal district court if the DOL has not issued a final decision on a complaint within 180 days of its filing. Plaintiff Lawson was employed by Fidelity Brokerage Services, LLC, a private subsidiary of FMR Corp., which was succeeded by FMR LLC. Together these companies operate under the trade name Fidelity Investments. Lawson filed SOX complaints against her employer and its parent with OSHA pursuant to § 1514A(b)(1)(A) in 2006 while she was still employed. She alleged retaliation against her for raising concerns primarily relating to cost accounting methodologies. She resigned her employment in September 2007, claiming that she had been constructively discharged. One year after filing, Lawson notified OSHA that she intended to seek review of her SOX claim in federal court. Her claims, which had been consolidated, were closed by the DOL, and she filed a complaint against her employers in the district court.

P a g e | 231



The defendants, all private companies, filed motions to dismiss under Rule 12(b)(6), arguing that the plaintiffs were not covered employees under § 1514A(a) and, in the alternative, that they had not engaged in protected activity under § 1514A(a)(1). The district court denied the motions to dismiss as to the plaintiffs' claims alleging retaliation in violation of § 1514A, which is the subject of this appeal. The district court held that the SOX whistleblower protection provisions of § 1514A(a) extend to employees of private agents, contractors, and subcontractors to public companies; that the plaintiffs had sufficiently pleaded facts alleging that their private company employers were "either contractors, subcontractors, or agents of publicly held investment companies;" and that both plaintiffs had sufficiently alleged that they had engaged in protected activity under § 1514A(a)(1). The defendants moved that the dispositive issue of § 1514A(a)'s applicability to the plaintiffs be certified for interlocutory appeal under 28 U.S.C. § 1292(b). The district court granted the motion, certified a "controlling question of law" to this court, and stayed the cases before it. The defendants petitioned this court for interlocutory review, and the plaintiffs each filed cross-petitions urging this court to grant the appeal. We granted the parties' cross-petitions for interlocutory review.

P a g e | 232



Public Company Accounting Oversight Board

Reflections on the State of the Audit Profession Jay D. Hanson, to the American Accounting Association, Auditing Section, Mid-Year Meeting, Savannah, GA Good Morning, I am very honored to be here this morning to address this distinguished group of individuals who have devoted their careers to the development and improvement of the profession that I joined over thirty years ago, when I graduated from college in Minnesota and joined McGladrey and Pullen as a young accountant. A great deal has happened since then. While accounting has always been a dynamic and evolving profession, its greatest changes have occurred in the last decade, since the collapse of Enron, the bankruptcy of WorldCom and the subsequent passage of the Sarbanes-Oxley Act of 2002. Before "SOX," as so many affectionately call this landmark legislation, the auditing profession in the United States was subject to self-regulation, and, in response to major corporate bankruptcies and concerns about the quality of public company audits in 1970's, the American Institute of Certified Public Accountants ("AICPA") established a variety of measures to enhance oversight over the practice of auditing, including the Auditing Standards Board, the SEC Practice Section, and the Quality Control Inquiry Committee. Nevertheless, the 1980's featured the Savings & Loan crisis and a number of other high profile corporate bankruptcies, followed by a series of cases involving earnings management in the 1990'. Things came to a head in 2001 and 2002 with the discovery of financial reporting and auditing improprieties at some of the largest public companies in the United States: Enron, Global Crossing, Adelphia, Tyco, Qwest Communications, Xerox.

P a g e | 233



This resulted in a national crisis of confidence in the integrity and reliability of public company financial reporting and a focus on the need for enhancements in internal controls over financial reporting and corporate governance. Early in the summer of 2002 both houses of Congress were considering legislation that would, among other things, increase regulation of public companies and their auditors. Then, on July 15, 2002, WorldCom announced an overstatement in its cash flow of over $3.8 billion, resulting in the single largest bankruptcy ever filed in the United States. Less than two weeks later, Congress passed the Sarbanes-Oxley Act almost unanimously, resulting in the most significant legislation relating to the federal securities laws since 1934. Before I go further I must tell you that the views I express today are my personal views and do not necessarily reflect the views of the Board, any other Board member, or the staff of the PCAOB. Consistent with the Sarbanes-Oxley Act, the PCAOB commenced operations in 2003, building programs to meets its four statutory obligations: registration, inspections, enforcement and standard setting. Initially conducting only limited inspections of the four largest firms, the Board quickly ramped up its operations and inspected 99 audit firms in 2004 and 281 in 2005 (including 15 firms located outside the United States). Currently, over 2300 firms, including foreign firms from 85 jurisdictions, are registered with the PCAOB. To date, the Board has conducted over 1800 inspections, including inspections in 37 jurisdictions outside the United States. Likewise, the Board has actively pursued its standard setting and

P a g e | 234



enforcement obligations. The Board has issued publicly 45 disciplinary orders — many with multiple parties sanctioned — while other cases remain pending in various stages investigation or litigation and must be kept confidential by the Board. Enforcement actions have been brought for auditors' failure to comply with applicable auditing standards and certain provisions of the securities laws, independence violations, and failure to cooperate with Board processes such as inspections, investigations, and the requirements to file annual reports and pay annual fees. Sanctions imposed by the Board have ranged from censures and suspensions to practice bars and revocations of firm registrations, both temporary and permanent. Several enforcement matters also resulted in orders for firms or individual auditors to pay monetary penalties. Since its inception, the Board also has issued 15 auditing standards — including, for example, on audit documentation, internal controls, audit planning, engagement quality review, and risk assessment — and has substantially amended a number of interim standards — including, for example, AU 325, AU 411, AU 508, AU 350 and AU 329. More recently, the Board issued concept releases or proposals to trigger wide-ranging discussions about potential changes to certain fundamental aspects of auditing, including the auditor's report, audit transparency, and auditor independence, objectivity, and skepticism. Thus, the Board has evolved over time, from a start-up institution focused on establishing a comprehensive, consistent oversight system to a maturing regulatory organization with the experience and resources to adapt to changing times and new challenges. And many challenges there are indeed! The accounting profession as a

P a g e | 235



whole is facing difficult questions as a result of the increasing complexity of business transactions and cutting edge financial instruments which are appearing more frequently not only in the financial statements of financial institutions but many other types of companies as well. Management and their accountants increasingly must tackle fair value measurements and management estimates, consistent with new accounting standards and EITF guidance in connection with derivatives, securitizations, consolidations, debt/equity issues, revenue recognition, leases and other issues. At the same time, in the wake of the financial crisis, the work of accountants is subject to increased scrutiny by regulators and investors, particularly in the areas of disclosures and internal controls over financial reporting. Auditors also must master these accounting challenges, while simultaneously overcoming the difficulties associated with auditing numbers increasingly subject to measurement uncertainty. Fair value estimates of financial instruments established through the use of third party pricing services are proving particularly difficult to audit. First, auditors have to consider whether management itself did enough work to understand how the pricing services arrived at their results, including the techniques used, the judgments made, and the controls that are in effect. Likewise, under PCAOB standards, the auditors cannot simply rely on the values established by management's third party pricing services. Rather, they must "get behind" the numbers by doing some testing and critically evaluating the methodologies and assumptions of management. Because this is such a challenging area, the PCAOB convened a Pricing Sources Task Force last year to assist the Board's Office of the Chief

P a g e | 236



Auditor to gain insight into issues related to auditing the fair value of financial instruments. This group of investors, financial statement preparers, auditors and representatives of pricing services and brokers met three times in 2011 to discuss the valuation of financial instruments that are not actively traded and the use of third-party pricing sources to value such instruments. The Office of the Chief Auditor is evaluating the input received from the Task Force and may develop some additional guidance for auditors. In addition to such technical challenges, auditors face pressures related to tight deadlines, as well as fee pressures, demands for client service, and business development expectations, all of which may undermine incentives to conduct comprehensive, high quality audits. At the same time, auditors face criticism from those who believe that they did not do enough, in the years or months leading up to the recent financial crisis, to sound an alarm about the risks and uncertainties associated with certain companies. PCAOB inspections also present a challenge to auditors, but one that I hope and believe can provide an effective counter- balance to fee and client service pressures by focusing auditors on the requirements of PCAOB standards and reminding them of their ultimate responsibility to protect the interests of investors. I firmly believe that PCAOB inspections, standard setting and enforcement activities have had a substantial, positive impact on audit quality since the PCAOB's establishment, but we are not without our critics. The audit profession, among others, has expressed concerns, often in the form of letters in response to our draft inspection reports, but also in meetings with the Board, in connection with Board advisory groups, and in other forums. One frequent comment from audit firms is that PCAOB inspections are

P a g e | 237



too tough, and that the PCAOB inspections staff does not respect the professional judgment exercised by auditors. Some auditors believe that the positions taken in inspections set an unreasonably high bar and constitute de facto standard setting by the inspection teams. Others charge that the PCAOB takes too long to do pretty much everything, including issuing inspection reports and setting new standards. One result of our activities, according to some, is that the best and brightest auditors become frustrated and leave the profession, having concluded that the negatives — such as their interactions with the Board, increased scrutiny and criticism by investors, and intensifying fee and other pressures — outweigh the positives of continuing to audit public companies. The Board is very cognizant of these concerns and has gone to great lengths to ensure that its inspectors are experienced, well-trained professionals who understand and respect the practice and the business of auditing. Consistency and fairness are our mantras. Our inspection process has evolved over time, and our internal processes have been improved to facilitate a consistent approach to inspections across firms. Much of the time that passes after inspection field work ends and before the report is issued is spent on quality control. Our inspectors compare notes about the interpretation of standards; they involve the Office of the Chief Auditor when in doubt, and we have a number of individuals in the Inspections Division dedicated exclusively to reviewing inspection reports for consistency, clarity and fairness. This process is necessarily time-consuming, but we are taking steps to streamline certain processes and to eliminate delays where possible. In that context, let me talk a little more about our inspection process,

P a g e | 238



both in terms of how we operate and what we are finding. PCAOB inspections are not intended to establish or provide reports presenting a balanced view of the strengths and weaknesses of each inspected firm. We do not provide grades to firms (as much as doing so might be popular with this particular audience). Consistent with the requirement in the Sarbanes-Oxley Act that PCAOB inspections "assess the degree of compliance of each . . . firm . . . with th[e] Act, the rules of the Board, the rules of the Commission, or professional standards,"our inspectors specifically look for audit deficiencies and inspect those engagements where they are most likely to find them. Inspections are therefore risk-based, both in terms of the engagements and audit areas that are selected for review. Our inspectors work closely with our Office of Research and Analysis to determine what industries or specific issuers present higher levels of audit risk. Within each audit engagement selected, inspectors choose the most challenging and high risk audit areas, in order to test the firm's ability appropriately to address those challenges and risks. Some have criticized this approach, suggesting that we should review audits more randomly. But in order to have the greatest impact on audit quality, in order to help auditors learn from our inspections, and in order to achieve our goal of protecting investors, we need to allocate our limited resources to finding those audits that do not measure up to our standards, rather than spending our time reviewing those that do. So what have we found? Common inspection findings reported by the

P a g e | 239



Board in late 2010, based on inspections conducted in 2007 through 2009 during the height of the financial crisis, included instances where auditors appear not to have complied with PCAOB auditing standards in certain audit areas, including, for example, fair value measurements, impairment of goodwill, indefinite-lived intangible assets, and other long-lived assets, allowance for loan losses, off-balance-sheet structures, revenue recognition, inventory and income taxes. Our results in 2010 showed an alarming increase in inspection findings, particularly, as I noted earlier, in the area of fair value. In the context of fair value, PCAOB inspectors have observed that: - Auditors did not obtain a sufficient understanding of the valuation methods or assumptions used by external valuation services utilized by management; - Auditors did not test, or test sufficiently, the operating effectiveness of internal controls over various aspects of issuers' valuation processes to support the degree of reliance placed by the firms on those controls; - Auditors did not evaluate significant differences between independent estimates used or developed by firms and the fair values recorded by management in the financial statements; and - Auditors did not test, or test sufficiently, significant, difficult-to-value securities, for example, by limiting procedures to inquiries of issuer personnel or extending to year-end conclusions regarding the valuation of investment securities that were reached at an interim date without taking into account volatile market conditions. PCAOB inspection findings related to valuations and fair value issues in general are not limited to financial instruments, however. Inspectors have also found deficiencies in connection with the valuation of non-financial measurements, for example in the areas of business combinations and goodwill impairment, and with other management

P a g e | 240



estimates, such as allowance for loan losses and valuation of inventory and income tax valuation allowances. In the context of multi-national audits, the Board also has reported that some U.S.-based firms issuing audit reports based on work performed by firms outside the United States were not properly applying PCAOB standards. As a result of these findings, the Board in July 2010 issued a Staff Audit Practice Alert to remind registered firms of their obligations when using the work of other firms or using assistants engaged from outside the firm. The alert describes the circumstances under which the firm issuing the audit report may use the work and reports of another auditor. The alert also explains that auditors who engage assistants from outside the firm are governed by the same standards regarding planning the audit and supervising assistants that apply when audit work is performed by assistants who are partners of, or employed by, the auditor's firm. So what does all of this mean for you — the educators of future accountants and auditors and the leaders in research relating to this important profession? Unlike their predecessors five or more years ago, recent and future graduates of accounting programs received their training in the postSarbanes-Oxley world. They benefit from the renewed focus by accountants and auditors on investor protection, auditor independence, and internal controls. I was pleased to see in the AAA's Statement of Responsibilities the commitment to "developing in students an appreciation for the importance of ethics and professionalism as well as technical expertise." Your agenda for this meeting also provides several opportunities for discussion of research relating to auditor ethics, independence, and

P a g e | 241



professional skepticism, and I applaud you for your continued focus on these important topics. As I mentioned earlier, however, the pressures faced by auditors once they begin to practice in the real world may chip away at some of the important investor protection priorities instilled by all of you. It is up to the firms that the students ultimately join to continue to emphasize the importance of these important principles, and I challenge them to do so through training and leadership by example. Beyond adhering to these overarching principles of auditor conduct, however, one question we should ask is whether auditors are otherwise equipped for the business world of the 21st Century, and whether there are things we can do collectively to make sure that they are. It is difficult, if not impossible, for accounting programs to teach in real time the accounting developments emerging on a daily basis in the business world. There are certain trends, however, that may merit increased attention, due to the changing business models and accounting practices we have observed in recent years. I have already discussed some of the complexity in business models and transactions that pose unprecedented challenges to accountants and auditors today. Fair value accounting and the auditing of fair value measurements and management estimates play an increasingly important role in today's economy, yet even experienced auditors struggle with these issues every single day. Many universities and colleges have begun to include fair value accounting modules in their curriculum, but I urge you to consider whether more can be done.

P a g e | 242



Provide real world examples to your students, and address both the accounting requirements and appropriate audit approaches. Cost accounting is an indispensable building block in any accounting education, but fair value accounting is an indispensable skill in today's business world. Other developments that auditors increasingly encounter include complex intellectual property arrangements, rapid business cycles where companies move quickly from start-up to IPO to merger and acquisition or sell-out, and, of course, the expansion in the use of International Financial Reporting Standards. I know many of you incorporate these and other emerging themes into your teaching and research activities, and I applaud you for your efforts. We at the PCAOB also are trying to do our part to support future auditors. The Sarbanes-Oxley Act provides that all monetary penalties collected by the PCAOB must be used to fund merit scholarships for students in accredited accounting degree programs. In 2011, the Board implemented this requirement and announced the inauguration of its scholarship program, awarding 52 scholarships of $10,000 each to students around the country who demonstrated high ethical standards and an interest and aptitude in accounting and auditing. PCAOB Board members and staff also frequently visit colleges and universities around the country to talk to accounting students about the auditing profession and the Board's work, and we periodically welcome groups of students visiting Washington, D.C. to our headquarters for discussions with PCAOB staff and Board members. Finally, your academic research activities complement the work of the Board to improve audit quality and enhance investor protection.

P a g e | 243



The Board and Board staff review and consider the conclusions of relevant academic studies in formulating Board policies. We have benefited from academic studies looking at the efficacy and relevance of our regulatory activities. Some of you also may be current or former participants in the joint PCAOB-AAA research synthesis projects, while others may have participated in the AAA Auditing Standards Committee's work to provide comments to the Board in connection with our standard setting process. Several of your members also have served on our advisory groups or have participated in our public round tables or the PCAOB's annual Academic Conference. Finally, some of you have visited us at the PCAOB to discuss your research or to work with our staff on a variety of projects, and we welcome such opportunities to hear directly from you. So I would like to end by thanking you for inviting me to speak to you here today and for your continued and tireless engagement in our shared objective of improving audit quality and enhancing investor protection.

P a g e | 244



Remarks (at the Practising Law Institute’s SEC Speaks) by Chairman Mary L. Schapiro, U.S. Securities and Exchange Commission, Washington D.C., Feb. 24, 2012 Parts of the speech Twenty years ago when I first served as an SEC commissioner, the financial world was a very different place. The Dow was inching towards the 3000 mark. Derivatives were barely a blip on the radar. A portable Macintosh weighed 16 pounds. And all you could do on a cell phone was talk. For most SEC staff, the biggest market disruption in living memory was the “Black Monday” crash of 1987 – a near-cataclysmic experience to be sure, but one that paled in comparison to the crisis of 2008. So, when President Obama asked me to return and serve as Chairman, I knew the agency would be challenged on a level at which no SEC had ever been challenged before: Challenged to restore confidence in markets that had nearly selfdestructed. Challenged to address risks that could jump from market to market like wildfire, incinerating each in turn. Challenged to bring a pre-crisis mindset into a post crisis-era. Challenged to prove that the agency could and would step up to play its role, aggressively and effectively. Given the scope of the financial crisis and the fallout from the Madoff scandal, it was no surprise that some were calling for the agency to be disbanded. But, the investing public and policymakers understood the importance of our mission – to protect investors and ensure the integrity of our markets.

P a g e | 245



And the men and women of the SEC were eager to meet these challenges head on. That was no surprise to me. From my earlier years with the SEC, I knew well that the individuals who serve are a dedicated and talented team, able and eager to rise to the occasion. I knew we’d come through – and I am pleased by how far we have come. And, so I would ask anyone who currently works – or has previously worked – at the SEC to stand and be recognized. Thank you. Our commitment to evolve helped to drive a consensus, inside and outside the SEC, that the better solution was not to shutter the agency, but to strengthen it – to demand more aggressive and efficient action from us, and for us to embrace needed reforms and better adjust to the new world in which we were operating. And that’s what the SEC’s leadership team set out to do. We redesigned the SEC, investing in technology and human capital, and significantly improving operations. We put in place a new operating strategy, rooted in an entrepreneurial attitude and a collaborative approach. We immediately began to execute on an agenda that would better protect investors and reduce the chances of another systemic shockwave. I knew, as we found our footing after the financial crisis and began to implement this strategy, that every move would be watched by many eyes. What I didn’t realize was that the SEC’s energetic response to the challenges we faced would lift the agency’s profile to heights rarely seen since the days of Joe Kennedy and The New Deal.

P a g e | 246



I welcome the attention. It gives rise to needed debate about important issues and challenges us to be our best. But, I sometimes worry that the tendency of observers to focus on individual rules or discrete actions distracts them from the big picture. What the agency has accomplished is greater than the sum of the rules we’ve adopted and the cases we’ve brought: we have fundamentally changed the agency in ways that will allow us to carry out our mission more effectively than ever in the 21st Century. And it’s not just that we’ve accomplished a great deal over the last three years. It’s that we’re now fundamentally better equipped to perform at an even higher level in the years to come.

Redesigning the SEC

Investing for Continued Success A first priority was to make better use of SEC resources, carefully investing overdue budget increases in people and technology and improving management in ways that allowed us to make the most of our funds. When I returned to the SEC, I saw how much the staff was being asked to do, and how little they were being given to do it. Although the agency experienced a brief period of funding growth following Sarbanes-Oxley, the budget failed to keep up with inflation in the years leading up to the financial crisis. Despite continued growth in the markets, the number of employees actually fell. And with oversight, examination and enforcement staff stretched to the limit, operations and IT needs were put on the back burner – investments in new IT fell by half. During my term, we have been fortunate to experience a modest funding turnaround – increases that we were determined to invest strategically.

P a g e | 247



We wanted not just to grow, but to grow more efficient as well – growing in ways that would expand capacity faster than the budget numbers were rising. We broadened our hiring approach, searching for recruits with financial industry backgrounds and specialized experience. We now have traders, asset managers, academics and quants on staff in addition to attorneys, economists and accountants, giving us a correspondingly greater insight into the technologies and practices that drive today’s financial markets. We increased the training budget to more than double what it was in 2009, helping staff to keep pace with the changes in the market. We significantly upgraded our case management system. Overworked attorneys and paralegals can now take advantage of vastly improved research capabilities – and we are deploying an agency-wide eDiscovery tool that will expand our ability to parse evidence and drill down on key subjects. Perhaps our most reported IT investment has been our new system for handling the thousands of tips, complaints and referrals we receive each year. And an ongoing series of upgrades is allowing us to better triage the information we receive as well as compare the data more effectively – opening new investigations, routing tips to existing investigations or discovering emerging trends that need to be watched.

Managing Effectively Together with wise investments, we also have been finding ways to improve agency operations. Within the various divisions and offices, we’ve created “managing executive” positions to handle important support areas, freeing legal, examination and other professionals to focus their skills on mission-critical work.

P a g e | 248



We are outsourcing responsibilities like leasing and financial management reporting to other agencies, focusing on core strengths and deploying people and resources accordingly. And we’re implementing a number of management recommendations resulting from the Dodd-Frank mandated study of agency operations. After three years of intense effort, the SEC is simply a sounder agency on a fundamental level, deploying people and technology more effectively and maximizing the impact of our limited resources. It’s all part of an effort to be more effective for years to come. But it should not suggest in any way that our work is done.

Instilling Entrepreneurial Leadership Parallel to our investments in people and tools, we began to put in place a new approach. We wanted to be more entrepreneurial – moving to diminish or head off threats within the markets, trusting our teams to recognize these threats and move rapidly without the need for top-down guidance in every case. This approach has flourished, and while we don’t have time to discuss every office and division, I’d like to offer a few as examples of how it is improving our efforts.

Corporation Finance One place to look is the Division of Corporation Finance, which is run by SEC Speaks co-Chair Meredith Cross, and which has been particularly aggressive in enhancing its structure and focus. In the last year, Corp Fin established new groups to concentrate closely on three systemically critical facets of the financial world: the largest financial institutions, structured finance products, and capital markets

P a g e | 249



trends. These offices will help ensure that investors have clear information about items that could – without the sunlight of disclosure – turn into malignant trends or dangerous practices. In addition, Corp Fin’s disclosure teams have been proactive in targeting specific disclosure issues which have potentially significant consequences. They’ve prompted companies to provide critical information about the potential financial impact of repatriating cash held overseas. They’ve raised questions about whether companies are properly disclosing their litigation contingencies. And they’ve worked with our enforcement, accounting and international units to combat an uptick in problems with reverse mergers by stepping up scrutiny of related filings. Corp Fin also is taking a lead in providing companies guidance on how existing disclosure rules apply to emerging and fast-changing market realities, issuing guidance – where possible – before inadequate or outdated disclosure practices harm investors. The staff issued guidance regarding the way financial services firms should disclose their exposure to European sovereign debt in time for these firms to use it when they prepare their annual reports – helping to provide investors with adequate, granular financial information even as the situation remains fluid. And the staff issued guidance regarding companies’ obligations to disclose material cyber-security risks and attacks – clearly an area of growing concern to investors. Additionally, in reviewing the most recent wave of IPOs, Corp Fin quickly stopped problematic revenue recognition practices. And they

P a g e | 250



halted the use of misleading non-GAAP measures before these practices – prevalent during the tech bubble of the 90s – could take root again. Similarly, disclosure teams acted swiftly when the right of investors to have their day in court was threatened – by objecting to a mandatory arbitration provision that was included in governing documents connected with a company’s IPO. The results of these changes aren’t always eye-catching. But we are convinced that increased focus on systemically significant market sectors is a necessary shift in a post-crisis world. We know that our proactive efforts to provide guidance have proved helpful to many companies as they grapple with disclosure issues. And we believe, based on our own review of disclosure statements, that investors are getting information that is both more complete and more relevant than in the past.

Office of Compliance Inspections and Examinations (OCIE) Perhaps the areas in which changes in organization and approach have been most apparent are in our examination and enforcement units. In both, new leadership has managed significant organizational changes and – just as important – encouraged an aggressive and proactive approach. Over the last two years, OCIE has put in place a new National Examination Program. The program has brought changes in the way examination teams are assembled – OCIE now precisely matches examiners’ skills with the unique challenges each examination offers. Examination materials are now standardized. And working with the Division of Risk, Strategy and Financial

P a g e | 251



Innovation, this national exam program greatly expands the use of riskbased targeting. Better targeting and more effective examinations are paying off. Over the last two years, 42 percent of exams have identified significant findings – up by a third since 2009. And over that same period, the percentage of exams resulting in referrals to Enforcement has risen by half, from 10 percent to 15 percent. One such referral involved a fund which had come into our sights through our risk-based targeting efforts. During the resulting examination, the fund admitted to an error in its trading algorithm, which it had previously failed to report – a failure that cost investors more than $200 million. Thanks to the work of the exam team and enforcement staff, the fund agreed to a settlement – returning the money to wronged investors almost before they knew they had been wronged and paying a $25 million penalty.

Division of Enforcement Meanwhile, the Enforcement Division – led by today’s other co-Chair Rob Khuzami –revamped its operations, putting additional talented attorneys back on the front lines, creating specialized units, and streamlining procedures. Those reforms are already producing record results. I won’t steal all of Rob’s thunder, but last year the SEC brought a record 735 enforcement actions, including some of the most complex cases we’ve ever worked on. And we obtained orders for $2.8 billion in penalties and disgorgements. What’s most satisfying is that last year we returned more than $2 billion to wronged investors.

P a g e | 252



If Congress agrees with my request to raise the caps on what we can obtain, we would have the ability in appropriate cases to return even larger sums to wronged investors. In the area of financial crisis-related cases, we filed charges against nearly 100 individuals and entities – actions against Goldman Sachs, Citigroup, J.P. Morgan and top executives at Countrywide, Fannie Mae and Freddie Mac. And more than half of the individuals charged were CEOs, CFOs or other senior officers. It should come as no surprise that there are more actions to come. This division also realized significant gains from its Aberrational Performance Inquiry – another collaborative effort with Risk Fin and OCIE which uses quantitative analytics to search for hedge fund advisers whose claimed returns are unusual enough to raise a red flag. In December, as a result of one of the aberrational performance sweeps, we charged four hedge fund advisers for inflating returns, overvaluing assets and other actions that materially misled and harmed investors. OCIE, RiskFin, and Enforcement are working together through different analytic initiatives to target various types of misconduct. These initiatives are particularly important to the SEC’s efforts to detect fraud before complaints are received. And one can draw direct lines between Enforcement’s earlier restructuring and its current results. For instance, one unit created during the reorganization – the Asset Management Unit – took the time to survey a group of firms that were actively communicating through social media. In the process, they learned about the various approaches firms were using – getting a sense of those that were legitimate and those that might not be.

P a g e | 253



Shortly thereafter, a staff member who was familiar with the survey noticed something irregular in the operation of an Illinois-based investment adviser. In short order, the ensuing investigation uncovered the fact that the adviser was offering more than $500 billion in fictitious securities through various social media websites, garnering significant attention from multiple potential buyers. Again, the agency acted before investors were harmed by suing the adviser last month and effectively halting the fraud. But rather than just stopping there, Enforcement teamed up with OCIE, the Investment Management division and our Investor Education office. And on the same day that we shut down the fraud, we released two publications – one that will help investors recognize, avoid, and report similar scams, and another one that will help investment advisers keep their communications in compliance. It’s hard to quantify the results of efforts like these – to know how much savings won’t be poured into fraudulent offerings or what tips might arise from the publications we’ve released. But we think this is important and that this aggressive and coordinated approach is yielding superior results across the agency – and will continue to do so going forward.

Recommitting to our Investor Protection Mission Yet another priority in recent years has been rededicating ourselves to our investor protection mission – an important task if we were to bolster the confidence so necessary for our markets to thrive. That is why – even before Dodd-Frank – we set out to address the resiliency of money market funds, insist upon more meaningful information regarding municipal securities and require more

P a g e | 254



information from investment advisers, among other initiatives.

The Dodd-Frank Act With the passage of Dodd-Frank our responsibilities expanded dramatically. And I am proud of the across-the-board progress we are making against these mandates. Of the more than 90 mandatory rulemaking provisions, the SEC has proposed or adopted rules for more than three quarters of them, not to mention a number of the rules stemming from the dozens of other provisions that give the SEC discretionary rulemaking authority. And we already have completed 12 studies called for by Congress. We could talk for hours about Dodd-Frank, but let me just touch on a few highlights. In the area of corporate governance, we have finalized rules concerning shareholder approval of executive compensation and "golden parachute" arrangements. Led by the Division of Investment Management, we have adopted new rules that have already resulted in approximately 1,200 hedge fund and other private fund advisers registering with the SEC. It’s a process by which they agree to abide by SEC rules and provide critical systemic risk information that can give regulators better insight into their practices. And we have established a whistleblower program that is already providing the agency with hundreds of higher-quality tips, helping us to avoid investigatory dead-ends and – at the same time – prodding companies to enhance their internal compliance programs.

P a g e | 255



In another area, response to the meltdown of the mortgage-backed securities market, the SEC has proposed rules that will protect investors by: Increasing dramatically investors’ visibility into the assets underlying all types of asset backed securities. Requiring securitizers – in conjunction with our banking colleagues – to keep skin in the game, giving them an incentive to double-check originators’ underwriting practices. Changing the practices of the rating agencies whose gross misratings of billions of dollars of mortgage-backed securities were kerosene on kindling.

OTC Derivatives Next up will be the final proposals to essentially build, from the ground up, a new regulatory regime for over-the-counter derivatives. The over-the-counter structure of the derivatives market has long presented a risk to the financial system. In October 1993, I addressed a Symposium for the Foundation for Research in International Banking and Finance about the potential problems. At that time I said “nothing will interrupt the progress of the derivatives market more abruptly than a financial crisis that is perceived to be caused or exacerbated by unregulated activity in those markets. Back then, of course, the notional value of interest rate and currency swaps was $4.7 trillion, which seemed like an extraordinary figure. I was concerned that this potentially useful financial innovation might present significant systemic risk for various reasons, including: the opacity of the derivatives market; weak or non-existent capital, margin

P a g e | 256



and clearing and settlement requirements; and the concentration of derivative transactions among a relatively small number of institutions. While others shared these concerns, in 2000, Congress specifically excluded most derivatives transactions from regulation. And by mid-2008, as the repercussions of the mortgage-backed securities market’s collapse were echoing throughout the financial system, the notional value of the derivatives market had increased more than a hundred-fold, and was approaching $700 trillion. Title VII of Dodd-Frank addresses challenges in the OTC derivative market underscored by the events of 2008, by bringing the derivatives market into the daylight. The SEC is working with the CFTC to write rules that strengthen the stability of our financial system by: Increasing centralized clearing of swaps and ensuring that capital and margin requirements reflect the true risks of these products. Improving transparency to regulators and to the public by shedding light on opaque exposures and assisting in developing more robust price discovery mechanisms. Increasing investor protection by enhancing security-based swap transaction disclosure, mitigating conflicts of interest, and improving our ability to police these markets.

Next Steps on Implementing Title VII It is my hope that, in the near term, we will complete the last remaining proposals regarding capital, margin, segregation and recordkeeping requirements. But, we are already beginning to transition to the adoption phase. As a first step, I expect the Commission to soon finalize rules that further

P a g e | 257



define who will be covered by the new derivatives regulatory regime and, next, what will constitute a security-based swap. Finalizing these definitions will be a foundational step, defining the scope of the new regulatory regime and letting market participants know whether their current activities will subject them to the substantive requirements we will be adopting in the coming year. Beyond this, the Commission staff is continuing to develop a plan for how the rules will be put into effect. The plan should establish an appropriate timeline and sequence for implementation and avoid a disruptive and costly “big bang” approach. And at all stages of implementation, those subject to the new regulatory requirements will be given adequate time to comply.

International Application of Title VII While some issues are stand-alone concerns, certain issues cut across the entirety of our implementation of Title VII. Among the most important, given the global nature of the derivatives market, is the international impact of our rules. We are working hard to coordinate with our foreign counterparts to help achieve consistency among approaches to derivatives regulation. There has been significant progress on the international level. Our cross-border approach must strike a balance between sufficient domestic regulatory oversight and the realities of the global market. A “one-size-fits-all” approach is neither feasible nor desirable. In the near term, the Commission intends to address the most salient international issues in a single proposal.

P a g e | 258



This will give interested parties an opportunity to consider, as an integrated whole, our approach to cross-border transactions and the registration and regulation of foreign entities engaged in such transactions with U.S. parties.

Money Market Funds Despite the breadth of Dodd-Frank, there are other gaps in the regulatory system that threaten investors that we are working to address. One high-profile area of interest is money market funds. As you know, when the Reserve Primary Fund broke the buck in 2008, it set off a run so serious that the federal government was forced to step in and guarantee the multi-trillion dollar industry. It was a shock that reverberated across the market and compelled us to take action. And so, two years ago, we adopted regulations making the mix of investments these funds can hold more liquid and less risky. But, at the time, I said we needed to do more. That is because money market funds remain susceptible to runs and to a sudden deterioration in quality of holdings. We need to move forward with some concrete ideas to address these structural risks. We’ve spent lots of time and outreach reviewing many possible Approaches. There are two serious options we are considering for addressing the core structural weakness: first, float the net asset value; and second, impose capital requirements, combined with limitations or fees on redemptions. It’s hard to miss the hue and cry being raised by the industry against either of these approaches. But the fact is investors have been given a false sense of security by

P a g e | 259



money market fund sponsor support and the one-time Treasury guarantee. Funds remain vulnerable to the reality that a single money market fund breaking of the buck could trigger a broad and destabilizing run. Should that happen, the government will not have the tools it had in 2008. Then, Treasury used the Exchange Stabilization Fund to stop the run. But Congress eliminated that option when it passed TARP legislation. Today, the money-market fund industry and, by extension, the shortterm credit market, is working without a net. To the extent that there’s a deadline, it’s the pressure that we should feel from living on borrowed time. We’ve been incredibly deliberate about this. The President’s Working Group report on reform options was issued in October 2010. We’ve had extensive public comment. And we held a roundtable with the Financial Stability Oversight Council on money market funds and systemic risk last May.

Consolidated Audit Trail Finally, we’re working to improve the SEC’s capacity to regulate and investigate. And so another major initiative is the consolidated audit trail. Standardizing reporting across trading platforms would seem to be an obvious move, serving investors on two levels: aiding in the investigation of suspicious trading activities, insider trading, or market manipulation and allowing more rapid and accurate reconstruction of unusual market events.

P a g e | 260



The complexity of the undertaking, however, has necessitated a detailed and extended rulemaking process, including a thoughtful review of the many comments received since we first proposed the system’s creation. The contours of the regulation are being finalized and will be considered by the full Commission. But, regardless of the details, the broader result must be a mechanism that gives the agency the ability to rapidly reconstruct trading – something that doesn’t exist today. In addition, while the initial proposal will be for an audit trail tracking orders and trades in the equity markets, I believe that the system should eventually be expanded to include fixed income, futures and other markets. It is important that we get a structure in place sooner rather than later so that the heavy lifting of working through the technical nuances of the system can begin. We expect to adopt a final rule in the months ahead. After that, I anticipate that the exchanges and FINRA will be required to submit a detailed blueprint, which in turn would be subject to public comment and a separate Commission approval.

Conclusion I’m proud to have the opportunity to work at the SEC during an exceedingly productive period in its history. The SEC has accomplished much and we are on the verge of further critically important rulemakings that will strengthen the structure of the financial markets and enhance the agency’s ability to oversee those markets and pursue investors’ interests. However, just as important as the cumulative effect of these accomplishments, are improvements in the culture, management,

P a g e | 261



approach and attitude of the agency as an institution and the staff who make it work – improvements that all regulatory agencies should undergo – and that will allow the SEC to continue to function at a high level in the years ahead. No one can predict what challenges will arise, what new threats to market stability will emerge, what fraudsters and manipulators will try down the road. But whatever does happen, the SEC is now materially better able to enforce the law and to identify and manage threats. The burst of activity isn’t just a result of circumstances – a reaction to the financial crisis. It’s an indication that the SEC is evolving in step with the rapidly changing markets. It has been a busy time. But there are a lot proud people who – even as we finish what is on our plates today – are looking ahead to an equally productive future.

P a g e | 262



“Unreasonably Feeble” Opening Statement of Commissioner Scott D. O’Malia Regarding Open Meeting on One Final Rule and One Proposed Rule1 February 23, 2012 Important parts of the speech

The latest issue of The Economist features an article titled “Overregulated America” that features as its archetype for excessive and badly-written regulation our own Dodd-Frank Act. The problem, the article points out, is that rules that sound reasonable on their own may impose a huge collective burden due, in part, to their complexity. Part of the problem is that we, as The Economist points out, are under the impression that we can anticipate and regulate for every eventuality. In our hubris, The Economist warns, our overreaching tends to defeat our good intentions and creates loopholes and perhaps unintentional safe-harbors, leaving our rules ineffectual and subject to abuse. The solution The Economist offers isn’t so unfamiliar, at least to this Commissioner. It is rather simple. It is just that: Rules need to be simple. Echoing President Obama’s 2011 Executive Order 13563 “Improving Regulation and Regulatory Review” (which applies equally to independent federal agencies such as the Commodity Futures Trading Commission (the “Commission” or “CFTC”) per a subsequent Executive Order), The Economist advises that we ought to cut out the verbiage and focus on writing rules that articulate broad goals and prescribe only what is strictly necessary to achieve them. In my own words, in several prior statements, I have argued that we must ensure that regulations are accessible, consistent, written in plain language, guided by empirical data, and are easily understood.

P a g e | 263



I cautioned that, with each piecemeal rulemaking, we risk creating redundancies and inconsistencies that result in costs—both opportunity costs and economic costs—without corresponding benefits. Consistent with Executive Order 13563, which reaffirms prior guidance on the subject of regulatory review issued in the 1993 Executive Order 128665 as well as Office of Management and Budget (“OMB”) guidance to federal agencies with respect to said Executive Order, agencies like the CFTC must go out of their way to ensure responsible rulemaking by, among other things, undertaking thorough cost-benefit analyses, both qualitatively and quantitatively, to ensure that new rules do not impose unreasonable costs. I accepted wholeheartedly the mission put upon this administration by the President to “root out regulations that conflict, that are not worth the cost, or that are just plain dumb.” Today, in furtherance of that mission, I will not support the final rules governing various internal business conduct standards for futures commission merchants, introducing brokers, swap dealers and major swaps participants (the “Internal Business Conduct Rules”). These rules fail to articulate necessary and clear performance objectives, are needlessly complex, and create a collective burden without the benefit of even an appropriate baseline cost-benefit analysis. The fact that OMB’s Office of Information and Regulatory Affairs has concurred with our determination that this set of rules qualifies as a “Major Rule” under the Congressional Review Act with an annual effect on the economy of more than $100 million without a fulsome discussion of anticipated costs, let alone an analysis based on reasoned assumptions or evaluation of the impacts of this rulemaking against the pre-statutory baseline, is regulatory malpractice in my book. While we set the bar low here at the Commission for our cost-benefit analyses, and accept what is “reasonably feasible,” this rulemaking is nothing but unreasonably feeble.

P a g e | 264



Time for a Review of our Cost-Benefit Analyses After reviewing the Internal Business Conduct Rules, I have reached a tipping point and can no longer tolerate the application of such weak standards to analyzing the costs and benefits of our rulemakings. Our inability to develop a quantitative analysis, or to develop a reasonable comparative analysis of legitimate options, hurts the credibility of this Commission and undermines the quality of our rules. I believe it is time for professional help, and I will be following up this statement with a letter to the Director of the OMB seeking an independent review of the Internal Business Conduct Rules to determine whether or not this rulemaking fully complies with the President’s Executive Orders and the OMB guidance found in OMB Circular A-4. To the extent that OMB finds any concerns with the Commission’s economic analysis, I hope that it will provide specific recommendations as to how the Commission can improve its cost-benefit analysis and analytical capabilities.

A Cost-Benefit Analysis without Costs? Lest anyone think that I am inadvertently waiving a work-product or other privilege, the Commission’s May 13, 2011 internal Staff Guidance on Cost-Benefit Considerations for Final Rulemakings under the DoddFrank Act (“Staff Guidance”) was made public as Exhibit 2 to the CFTC’s Office of Inspector General’s June 13, 2011 Review of CostBenefit Analyses Performed by the CFTC in Connection with Rulemakings Undertaken Pursuant to the Dodd-Frank Act, which is available on the CFTC’s website. While it is not my intent to walk you through the Staff Guidance (or the Inspector General’s report for that matter), I do think it warrants attention for the inattention it gives to both the principles of Executive Orders 13563 and 12866 and OMB guidance found in Circular A-4 (“OMB Circular A-4”).

P a g e | 265



More specifically, and among other things, the Staff Guidance provides that each rulemaking team should, “incorporate the principles of Executive Order 13563 to the extent they are consistent with section 15(a) [of the Commodity Exchange Act] and it is reasonably feasible to do so.” Keep in mind that while Section 15(a) of the Commodity Exchange Act requires the CFTC to consider the costs and benefits of its proposed regulations, the Commission has interpreted the language of section 15(a) to neither require quantification of such costs and benefits, nor to require the agency to determine whether the benefits exceed costs or whether the proposed rules are the most cost-effective means of reaching goals. “Rather, section 15 simply requires the Commission to ‘consider the costs and benefits’ of its action.” That was a direct quote from the Federal Register. Further, under the Staff Guidance—and clearly consistent with the Commission’s interpretation of section 15—rulemaking teams need only quantify costs and benefits “to the extent it is reasonably feasible and appropriate to address comments received.” As additional guidance, staff is advised that “reasonably feasible and appropriate” means “the extent to which (i) certain analyses, quantitative or qualitative, is [sic] needed to address comments received (“appropriate”) and (ii) whether such an analysis may be performed with available resources (“reasonably feasible”). Accordingly, our interpretation of our duties pursuant to section 15(a) and Staff Guidance provides that we need not quantify the costs or benefits of our rules unless we need to do so in order to respond to comments, and that we can do so with whatever resources are immediately at our fingertips. As for the Executive Orders, it appears that we will incorporate their principles only when they neatly align with our own interpretation of section 15(a), and only when we can do so without utilizing the resources

P a g e | 266



immediately within our coffers.

Setting the Bar Low Setting the bar this low is pretty remarkable. Indeed, former Commissioner and Acting Chairman William P. Albrecht recently remarked that expecting any detailed cost-benefit analysis of the proposed Dodd-Frank rules is impossible in part because, “[T]he CFTC has never had to develop CBA expertise.” Commissioner Albrecht advised that, “A good starting point might be to require more detailed analysis of the costs of alternative means of accomplishing a particular goal. This would help the agency develop CBA expertise and should, over time, lead to a deeper understanding of the costs of regulation.” I believe that Commissioner Albrecht’s advice is already well-articulated in both Executive Orders and OMB Circular A-4 as incorporated directly into the Staff Guidance. However, the Commission skirts these requirements and apparently refuses to develop expertise. Instead, the Commission limits itself to responding to comments, but only when it doesn’t require any analysis beyond that which it did for the proposal.

Pick Any Baseline You Like Additionally, as in today’s final rulemaking, the Commission has determined, in contradiction of OMB guidance directly on point, that in setting the baseline for comparison of the costs and benefits of regulatory alternatives, it may set the “baseline” to incorporate the costs of statutorily mandated rulemakings, regardless of how the CFTC has interpreted the statutory goals and regardless of the existence of alternative means to comply with such goals.

P a g e | 267



Thereby, the Commission is relying on an arbitrary presumption that, “To the extent that ... new regulations reflect the statutory requirements of the Dodd-Frank Act, they will not create costs and benefits beyond those resulting from Congress’s statutory mandates in the Dodd-Frank Act.” What does this mean? Well, according to the Commission in this rulemaking, it means that for commenters who “posit that there is no benefit to be derived from internal business conduct standards as mandated by Congress and that the mandated provisions do not generate sufficient benefits relative to costs or contribute to the purposes (e.g. mitigating systemic risk and enhancing transparency) of the DoddFrank Act. ...these commenters’ concerns fall outside the Commission’s regulatory discretion to implement sections 4s and 4d of the CEA and fail to raise issues subject to consider[ation] under section 15(a).” That is, the Commission will ignore comments related to required rulemaking provisions that mirror statutory language in spite of the fact that the Commission always has some level of discretion in determining the means to achieve such mandates. Rather the Commission will consider comments on new regulations “that reflect the Commission’s own determinations regarding implementation of the Dodd-Frank Act’s provisions. ... It is these other costs and benefits...that the Commission considers with respect to the section 15(a) factors.” It is unacceptable that the Commission ignores pre-Dodd-Frank reality and establishes its own economic baseline for its rulemakings. This practice defies not only common sense, but rigorous and competent economic analysis as well. I will briefly highlight how these rules not only fail to include a rational, rigorous, and sustainable cost-benefit analysis, but fail to articulate necessary and clear performance objectives, are complex, and create an unjustifiable cumulative burden within this rule and when considered with other CFTC regulations and those of prudential regulators.

P a g e | 268



Does the Technology Exist? With regard to recordkeeping requirements, the Internal Business Conduct Rules impose a substantial burden on Swap Dealers (“SDs”) and Major Swap Participants (“MSPs”) to maintain extensive audio recordings including the requirement to tag each taped conversation and make it searchable by transaction and counterparty. Understandably, section 4s(g) does require the maintenance of such daily trading records for each counterparty and that they be identifiable with each swap transaction. However, in spite of enormous technological challenges it is unclear as to whether or not the Commission undertook any independent effort to determine the technical challenges of implementing such a system, including, whether such technology currently exists, the costs of acquiring and installing such technology, and whether such a system could be developed and/or installed within the timetable set by the Commission. The Commission has failed the fundamental test in Circular A-4 to establish an appropriate baseline and consider a range of alternatives with associated costs and benefits. Although the Commission modified its original proposal to not require each telephone record to be kept as a single file, it fails to quantify the specific cost of complying with a costly and technically challenging mandate. Moreover, in determining that such audio recordings are to be maintained for a one-year period, the Commission provides no analytical support for this retention period over a more reasonable six-month period other than to say that such period will be “most useful for the Commission’s enforcement purposes.

Unreasonably Feeble

P a g e | 269



Ironically, the SDRs were created in the Dodd-Frank Act to facilitate market transparency and reporting The Commission could provide greater transparency into its own costbenefit analysis by disclosing its assumptions and data to support its conclusions. OMB Circular A-4 outlines standards for transparency with the following direction, “A good analysis should be transparent and your results must be reproducible. You should clearly set out the basic assumptions, methods and data underlying the analysis and discuss the uncertainties associated with your estimates.” It goes on to recommend that, “To provide greater access to your analysis, you should generally post it, with all the supporting documents, on the internet so the public can review the findings.” I presume the Commission feels that this level of compliance is not appropriate, given that the commenters failed to demand it, and is simply not reasonably feasible.

Conclusion...But Only For Now I believe our reasonably “feasible standard” as articulated in our own Staff Guidance has caused us to miss any marker for identifying and using the best, most innovative and least burdensome tools to meet the regulatory ends laid out in section 4s of the Commodity Exchange Act. We should be held accountable for not only failing to even attempt to meet the goals set by the President, but for deliberately eschewing them. I agree with Chairman Albrecht that the CFTC ought to be required to undertake more rigorous cost-benefit analyses. I believe all of our analyses should be more rigorous. While it may not

P a g e | 270



solve all of our problems with putting out complex and inefficient regulations, as noted by Chairman Albrecht, it should help. I will be sending a letter to Acting OMB Director Jeffrey Zients requesting his assistance in determining just how far off the baseline the Commission has fallen. If OMB Circular A-4 means anything at all, then OMB should take action and hold the Commission to the Circular’s standards.

P a g e | 271



Sarbanes Oxley Compliance Professionals Association (SOXCPA)

1200 G Street NW Suite 800 Washington, DC 20005-6705 USA Tel: 202-449-9750 Web: www.sarbanes-oxley-association.com

Sarbanes Oxley Speakers Bureau

Visit our Sarbanes Oxley Speakers Bureau. The Sarbanes Oxley Compliance Professionals Association (SOXCPA) has established the Speakers Bureau for firms and organizations that want to access the Sarbanes Oxley expertise of Certified Sarbanes Oxley Experts (CSOEs), Certified JSOX Experts (CJSOXEs) and Certified EU Sarbanes Oxley Experts (CEUSOEs) - experts of the 8th Company Law Directive of the European Union. The SOXCPA will be the liaison between our certified professionals and these organizations, at no cost. We strongly believe that this can be a great opportunity for both, our certified professionals and the organizers. We will give the details of an event to one or more Sarbanes Oxley experts, who will contact directly the organization requesting services. The Sarbanes Oxley experts will negotiate services and fees. To learn more: www.sarbanes-oxley-association.com/Sarbanes_Oxley_Speakers_Bureau.html

http://www.sarbanes-oxley-association.com/

http://www.sarbanes-oxley-association.com/Sarbanes_Oxley_Speakers_Bureau.html




http://www.sarbanes-oxley-association.com/Distance_Learning_and_Certification.htm

P a g e | 272



Certified Sarbanes-Oxley Expert (CSOE) Distance Learning and Online Certification Program.

The all-inclusive cost is $147 What is included in this price:

A. The official presentations we use in our instructor-led classes (2247 slides). The 1271 slides cover what is needed for the exam and 976 slides cover the Dodd Frank Act (that is not part of the exam). The presentations include the Auditing Standards 8 to 15 that apply to Sarbanes Oxley audits, from the PCAOB (the Auditor’s Assessment of and Response to Risk and Related Amendments to PCAOB Standards). Course Synopsis: www.sarbanes-oxley-association.com/CSOE_Course_Synopsis.htm

B. Up to 3 Online Exams There is only one exam you need to pass, in order to become a Certified Sarbanes-Oxley Expert (CSOE). If you fail, you must study again the official presentations, but you do not need to spend money to try again. To learn more you may visit: www.sarbanes-oxley-association.com/Questions_About_The_Certification_And_The_Exams_1.pdf www.sarbanes-oxley-association.com/CSOE_Certification_Steps_1.pdf

http://www.sarbanes-oxley-association.com/CSOE_Course_Synopsis.htm

http://www.sarbanes-oxley-association.com/CSOE_Course_Synopsis.htm

http://www.sarbanes-oxley-association.com/Questions_About_The_Certification_And_The_Exams_1.pdf




http://www.sarbanes-oxley-association.com/CSOE_Certification_Steps_1.pdf

http://www.sarbanes-oxley-association.com/CSOE_Certification_Steps_1.pdf

P a g e | 273



C. Personalized Certificate printed in full colour Processing, printing, packing and posting to your office or home

D. The Dodd Frank Act and the Sarbanes Oxley amendments (976 additional slides) The US Dodd-Frank Wall Street Reform and Consumer Protection Act is the most significant piece of legislation concerning the financial services industry in about 80 years. What does it mean for risk and compliance management professionals? It means new challenges, new jobs, new careers, and new opportunities. The bill establishes new risk management and corporate governance principles, sets up an early warning system to protect the economy from future threats, and brings more transparency and accountability. It also amends important sections of the Sarbanes Oxley Act. For example, it significantly expands whistleblower protections under the Sarbanes Oxley Act and creates additional anti-retaliation requirements. THE DODD FRANK ACT PRESENTATION IS NOT PART OF THE EXAM - THERE ARE NO QUESTIONS BASED ON THESE 976 SLIDES We will follow the steps: www.sarbanes-oxley-association.com/Distance_Learning_and_Certification.htm



P a g e | 274



Certified Risk and Compliance Management Professional (CRCMP) Distance learning and online certification program.

Companies like IBM, Accenture etc. consider the CRCMP a preferred certificate. You may find more if you search (CRCMP preferred certificate) using any search engine. The all-inclusive cost is $297. What is included in the price:

A. The official presentations we use in our instructor-led classes (3285 slides)

The 2309 slides are needed for the exam, as all the questions are based on these slides. The remaining 976 slides are for reference. You can find the course synopsis at: www.risk-compliance-association.com/Certified_Risk_Compliance_Training.htm

B. Up to 3 Online Exams

You have to pass one exam. If you fail, you must study the official presentations and try again, but you do not need to spend money. Up to 3 exams are included in the price. To learn more you may visit: www.risk-compliance-association.com/Questions_About_The_Certification_And_The_Exams_1.pdf www.risk-compliance-association.com/CRCMP_Certification_Steps_1.pdf

http://www.risk-compliance-association.com/Certified_Risk_Compliance_Training.htm

http://www.risk-compliance-association.com/Certified_Risk_Compliance_Training.htm

http://www.risk-compliance-association.com/Questions_About_The_Certification_And_The_Exams_1.pdf



http://www.risk-compliance-association.com/CRCMP_Certification_Steps_1.pdf

http://www.risk-compliance-association.com/CRCMP_Certification_Steps_1.pdf

P a g e | 275



C. Personalized Certificate printed in full color.

Processing, printing, packing and posting to your office or home.

D. The Dodd Frank Act and the new Risk Management Standards (976 slides, included in the 3285 slides)

The US Dodd-Frank Wall Street Reform and Consumer Protection Act is the most significant piece of legislation concerning the financial services industry in about 80 years. What does it mean for risk and compliance management professionals? It means new challenges, new jobs, new careers, and new opportunities. The bill establishes new risk management and corporate governance principles, sets up an early warning system to protect the economy from future threats, and brings more transparency and accountability. It also amends important sections of the Sarbanes Oxley Act. For example, it significantly expands whistleblower protections under the Sarbanes Oxley Act and creates additional anti-retaliation requirements. You will find more information at: www.risk-compliance-association.com/Distance_Learning_and_Certification.htm

http://www.risk-compliance-association.com/Distance_Learning_and_Certification.htm

http://www.risk-compliance-association.com/Distance_Learning_and_Certification.htm

P a g e | 276



Sarbanes Oxley Ebook

Career

Transcript of Sarbanes Oxley Ebook