Management’s Reports on Internal Control In honor of James N. Clark November 8, 2005
Financial Executives Research Foundation (FERF) wishes to acknowledge the generous gift from The FEI Cincinnati Chapter to underwrite this Executive Report in honor of James N. Clark BOARD OF DIRECTORS & OFFICERS FEI CINCINNATI CHAPTER
Brad Hunkler, President Melissa Lueke, Vice President Jim Acton, Treasurer Anna Allen, Secretary Jeff Bastian, Director Arslan El Guindy, Director Juan Fraiz, Director Tom Freeman, Director Bob Jung, Director Dave Meyer, Director Phil Glasgo, Chair-Academic Relations Anna Allen, Chair-Arrangements & Chair, Directory Ron Stowell, Chair-Chapter Partner Program & Chair, Nominating Bob Jung, Chair-Membership & Membership Retention Melissa Lueke, Chair-Professional Development & Chair, Program Jeff Bastian & Tom Freeman, Co-Chairs, Scholarship Rosemary Deitzer, Chapter Administrator
FEI Cincinnati Chapter PO Box 1862, West Chester, OH 45071 Phone: 1-513-779-4495 • Fax: 1-513-777-4461 www.fei.org/chapter/cincinnati/ 1
James N. Clark A special quality of leadership is needed to keep an organization on target and shape its growth. Such a leader is James N. Clark. Jim Clark was Chairman of the Board of Directors of Financial Executives International in 19941995. During his year as Chairman, he presided over major changes within FEI. Under his guidance, the association set its sights on the year 2000 in anticipation of what the members would need at the turn of the century and beyond. The growth of FEI’s membership to an all-time high, the expansion and strengthening of its professional development programs, the implementation of the sponsorship program, the initiation of a program of focused services to provide targeted services to specific segments of the membership, the completion of the reevaluation of FEI’s strategic plan by the Planning Committee, strengthened chapter relations, greater support to small chapters, and a more proactive stance in Washington and before other regulators, all represent the legacy of Jim Clark’s leadership. Jim joined FEI in 1976 in the Cincinnati Chapter. Eight years later, after progressive involvement in chapter leadership, he served as Cincinnati Chapter President. He was a member of the FEI Board of Directors since 1988 and was named Vice President of the North Central area in 1991-92. He became Vice Chairman in July 1993. In addition to Jim’s accomplishments with the FEI, Jim has also enjoyed a very successful career with the Western & Southern Financial Group in Cincinnati, Ohio. Jim joined Western & Southern in 1968 as Assistant Controller and retired from the Company as Executive Vice President and Chief Financial Officer in 2000. Jim currently serves as a Director and Corporate Secretary for Western & Southern. He has been married to his wife, Marlene, for 53 years. grandchildren, and three great-grandchildren.
They have four children, four
It has been an honor for every FEI member to know Jim, to work with him, and to have shared his years of achievement!
2
Management’s Reports on Internal Controls
Cheryl de Mesa Graziano Vice President, Research and Operations Financial Executives Research Foundation
Mark P. Holtzman Assistant Professor of Accounting Stillman School of Business, Seton Hall University
the source for financial solutions 200 Campus Drive P.O. Box 674 Florham Park, New Jersey 07932-0674 www.ferf.org
an affiliate of
financial executives international
3
Management’s Reports on Internal Controls TABLE OF CONTENTS Purpose and Executive Summary
5
Introduction - Summary of Current Regulations
6
Review of Forms 10-K and 10-K/A
7
Conclusion
19
Appendix – Examples
20
About the Authors and Financial Executives Research Foundation, Inc.
31
4
Management’s Reports on Internal Controls Purpose This study describes predominant practices for Management’s Reports on Internal Controls. It is based on a review and analysis of disclosures released after the November 15, 2004 effective date of Section 404 of the Sarbanes-Oxley Act of 2002. The report: • Analyzes Management’s Reports on Internal Controls and the related auditors’ reports filed in Securities and Exchange Commission (SEC) Forms 10-K and 10-K/A to identify common formats and inclusion of all required statements. • Summarizes predominant practices for Management’s Reports issued during 2005. • Classifies the types of material weaknesses and control deficiencies reported. • Cites and analyzes voluntary disclosures. • Identifies where Management and Auditor Reports on Internal Controls were reported in the 10-K and 10-K/A.
Executive Summary As directed by Section 404 of the Sarbanes-Oxley Act of 2002, the SEC’s Final Rule: Management's Reports on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports (the “SEC Rule”) requires annual reports to include management’s report on internal control over financial reporting. Financial Executives Research Foundation (FERF) reviewed 198 10-K and 10-K/A reports filed by accelerated filers with the SEC. The reports were required to comply with SEC reporting requirements for their first fiscal years ending on or after Nov. 15, 2004. The review determined that: • All used the framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). • Control evaluations and management’s report on internal control over financial reporting are typically located in Item 9a of the 10-K, with some reports located in Item 8 or 15. • All reports included the four basic requirements per the SEC Rule. Virtually all followed the sequence of statements suggested in the rule, which was to include statements regarding management's responsibility, the framework used, management's assessment, and the accounting firm attestation. • The majority of companies had two audit reports from their accounting firms, one for the financial statement audit and one for the internal control. Most were found in Item 8 or 15 of the 10-K. Almost all of the companies with a single audit report were audited by PricewaterhouseCoopers. • We found considerable variation in management’s reports that noted their companies have effective internal controls over financial reporting. Many reports reviewed and emphasized companies’ strong control systems, highlighting elements such as ethics committees and anonymous hotlines. • A number of companies took advantage of the SEC exclusion for control assessments for new acquisitions. • Material weaknesses related to income tax and lease accounting were the types most frequently cited by companies that disclosed material weaknesses.
5
Introduction - Summary of Current Regulations Section 404 of the Sarbanes-Oxley Act of 2002 (Section 404) calls for the SEC to prescribe rules requiring annual reports to contain an internal control report. The report shall: 1. “State management’s responsibility for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and 2. Contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.” With regard to “Internal Control Evaluation and Reporting,” Section 404 also states that “each registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer. The attestation made must be in accordance with standards for attestation engagements issued by the Public Company Accounting Oversight Board (PCAOB). Section 404 further stipulates that the attestation cannot be the subject of a separate engagement of the registered public accounting firm. SEC Rule: Management’s Reports on Internal Control over Financial Reporting As directed by Section 404 of the Sarbanes-Oxley Act of 2002, the SEC Final Rule: Management's Reports on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports (http://www.sec.gov/rules/final/33-8238.htm), requires annual reports to include a management report about the company's internal control over financial reporting. The internal control report must include: • A statement of management's responsibility for establishing and maintaining adequate internal control over financial reporting for the company; • A statement identifying the framework used by management to conduct the required evaluation of the effectiveness of the company's internal control over financial reporting; • Management's assessment of the effectiveness of the company's internal control over financial reporting as of the end of the company's most recent fiscal year, including a statement as to whether or not the internal controls are effective. The assessment must include disclosure of any "material weaknesses 1 " in the controls identified by management. Management is not permitted to conclude that the controls are effective if there are one or more material weaknesses in the controls; and • A statement that the registered public accounting firm that audited the company's financial statements included in the annual report has issued an attestation report on management's assessment of the company's internal control over financial reporting. The final rule also requires a company to file, as part of the company's annual report, the attestation report of the registered public accounting firm that audited the company's financial statements.
1
A "material weakness" is defined in Statement on Auditing Standards No. 60 (codified in Codification of Statements on Auditing Standards AU §325) as a reportable condition in which the design or operation of one or more of the internal control components does not reduce to a relatively low level the risk that misstatements caused by errors or fraud in amounts that would be material in relation to the financial statements being audited may occur and not be detected within a timely period by employees in the normal course of performing their assigned functions. It should be noted that a restatement resulting from an error will not necessarily result in identification of a material weakness. According to the May 16 SEC Staff Statement (http://www.sec.gov/info/accountants/stafficreporting.htm), “both management and the external auditor should use their judgment in assessing the reasons why a restatement was necessary and whether the need for restatement resulted from a material weakness in controls. Such an evaluation should be based on all the facts and circumstances, including the probability of occurrence in light of the assessed effectiveness of the company's internal control, keeping in mind that internal control over financial reporting is defined as operating at the level of ‘reasonable assurance.’”
6
A company that is an "accelerated filer2" had to comply with the reporting requirements for its first fiscal year ending on or after Nov. 15, 2004 (originally June 15, 2004). Current rules require companies that are not accelerated filers to comply with the Section 404 requirements for first fiscal years ending on or after July 15, 20073. Most recently, on May 16, 2005, the SEC released a “Commission Statement on Implementation of Internal Control Reporting Requirements” on issues that arose during the first year of experience with the implementation of Section 404 (http://www.sec.gov/news/press/2005-74.htm). Among other items, the statement provided considerations for disclosure of material weaknesses, discussed later in this report. PCAOB Auditing Standard No. 2 – An Audit of Internal Control over Financial Reporting On March 9, 2004, the PCAOB released Auditing Standard No. 2 – An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements (AS2). The standard “establishes requirements and provides directions that apply when an auditor is engaged to audit both a company’s financial statements and management’s assessment of the effectiveness of internal control over financial report.” This standard establishes the content of the auditor’s report attesting to management’s assessment of the internal control structure.4 Concurrent with the May 16 SEC statement, the PCAOB released a “Policy Statement Regarding Implementation of Auditing Standard No.2” that described how the PCAOB intends to supervise AS2 implementation.
Review of Forms 10-K and 10-KA Methodology To describe predominant practices about the form and content of management’s reports on internal control, FERF reviewed SEC Forms 10-K and 10-K/A for accelerated filers (required to comply with the SEC reporting requirements for their first fiscal years ending on or after Nov. 15, 2004). Form 10-K data from the largest publicly traded companies in the Fortune 100 were included. This sample was supplemented with randomly selected companies that Compliance Week reported to have at least one material weakness. For these companies, Forms 10-K and 10-K/A were downloaded through Edgar Online Pro5.
2
Exchange Act Rule 12b-2 generally defined the “accelerated filer” as a U.S. company that has equity market capitalization over $75 million and has filed at least one annual report with the Commission. However, on September 21, the SEC voted to propose amendments to this definition. The comment period for the proposed amendments ended October 31 with a final decision likely to occur prior to December 31. The current definition of accelerated filer includes foreign private issuers (FPI). A company that would qualify as an FPI would then need to determine whether it is an accelerated filer and, if so, comply with the applicable deadlines. A larger FPI that does not meet the characteristics of a non-accelerated filer must begin to comply for its first fiscal year ending on or after July 15, 2006. 3
The SEC approved on September 22, 2005, final rule 33-8618 Management's Report on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports of Companies that are Not Accelerated Filers http://www.sec.gov/rules/final/33-8618.pdf that states a company that is not an accelerated filer, is required to comply with the Section 404 requirements for its first fiscal year ending on or after July 15, 2007. 4
Section 167
5
Data provided by EDGAR Online, Inc. EDGAR Online, Inc. shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.
7
The following data fields were collected: company name, fiscal year end, filing date, SEC form number, web link to the complete filing, evaluation, management’s report, required statements, changes in internal control, audit firm, auditor opinion(s), location of report/opinion within 10-K, internal control framework used, type of control assessment, number of auditor report(s) and, where applicable, the type of material weaknesses disclosed. The sample records were categorized as follows: 1. No control deficiencies – effective internal controls over financial reporting. These companies’ management reports concluded that internal controls over financial reporting were effective. Also, the accompanying auditor’s report provided an unqualified opinion on management's assessment and an unqualified opinion on the effectiveness of internal control over financial reporting. 2. Control deficiency or deficiencies only – effective internal controls over financial reporting. These companies’ reports concluded that a control deficiency existed that led to a restatement. However, the companies and auditors made a final determination that the internal controls over financial reporting were effective. 3. Material weakness(es). These management reports concluded that the companies did not maintain effective internal control over financial reporting. The accompanying auditor reports provided an adverse opinion on the effectiveness of internal control over financial reporting because of the existence of a material weakness. The following table provides a quantitative analysis of the sample: Type of report
No control deficiencies Control deficiencies only Material weaknesses All observations
102
Market Value Mean ($ in Billions) $45.6
Minimum ($ in Millions) $159
Maximum ($ in Billions) $288
3
5.9
320
15.5
93
7.1
57
342.1
198
27.0
57
342.1
Number issuers/companies
of
Most of the companies (143) had fiscal years ending in December 2004. The sample also featured companies with fiscal years ending in November 2004 (4 companies), January 2005 (40), February 2005 (4), March 2005 (4), May 2005 (2), and July 2005 (1). In the course of our research, we came across one company reporting that it did not complete its internal control assessment.6 Number of Management’s Reports – Internal Control and Financial Statements Within the sample, 30 companies provided two separate management reports. Among these companies, a common practice was to provide Management’s Report on Internal Controls in 10-K Item 9a, and a separate Management’s Report on Financial Statements preceding the auditor report (usually in 10-K Item 8 or 15). A few companies reprinted the same Management’s Report in 10-K Item 9a and preceding the auditor report, while others merely cross referenced Item 9a to the reports included in Item 8 or 15. Location of Management’s Reports Most companies provided management’s report on internal control over financial reporting in Item 9a, Controls and Procedures of Form 10-K or 10-KA. Other commonly used locations included:
6
We excluded this company, SHURGARD STORAGE CENTERS INC from our study sample.
8
Item 8, Financial Statements and Supplementary Data; Item 15, Exhibits, Financial Statement Schedules. When combined with the auditor’s report, some companies used a combination of Items 8, 9a, or 15. A summary table follows: Location Item 9a only Item 15 only Item 8 only Items 9a & 15 Items 8 & 9a Item 7a only Item 9b only Items 9a & 9b Item 7 only Items 7a & 9a No section Total
No. of companies 115 26 23 14 8 4 3 2 1 1 1 198
For most of the sample size, Item 9a typically begins with a brief evaluation of controls and procedures, follows with management’s report, and concludes with whether there was a change in internal control over financial reporting. Most companies provided the auditor’s report on internal controls with the financial statements, in either Item 8 (88 companies) or in Item 15 (69 companies), while 56 companies placed the auditor’s report on internal controls into Item 9a, following Management’s Report on Internal Controls. Inclusion of Required Statements All the management’s reports studied include the statements required in the final SEC rule. Almost all followed the sequence of statements provided in the rule: (1) Management’s responsibility for internal control over financial reporting, (2) Framework used, (3) Management’s assessment, and (4) Public accounting firm attestation report on management's assessment. Just five reports (AAON INC., ASIAINFO HOLDINGS INC., THE DOW CHEMICAL COMPANY, SCIENTIFIC GAMES CORP., and TRACTOR SUPPLY CO.) discussed management’s assessment before mentioning the framework used. One (CAPSTONE TURBINE CORP.) discussed management’s responsibility, the framework used, the statement that the auditor issued an attestation report, and concluded with its assessment. An example is provided in the Appendix. Control Framework The SEC final rule specifies that management must base its evaluation of the effectiveness of the company's internal control over financial reporting on a suitable, recognized control framework that is established by a body or group that has followed due-process procedures, including the broad distribution of the framework for public comment. Specifically, a suitable framework must: be free from bias; permit reasonably consistent qualitative and quantitative measurements of a company's internal controls; be sufficiently complete so that those relevant factors that would alter a conclusion about the effectiveness of a company's internal controls are not omitted; and be relevant to an evaluation of internal control over financial reporting. The final rules require management's report to identify the evaluation framework used by management to assess the effectiveness of the company's internal control over financial reporting. The COSO Internal Control—Integrated Framework (COSO framework) satisfies the SEC criteria as evaluation framework for purposes of management's internal control evaluation and disclosure.
9
Although the final rules do not mandate use of a particular framework, all of the management reports studied indicated that the COSO framework was used. Within the sample, 117 companies included a statement to the effect that their company’s system of internal control over financial reporting is designed to provide reasonable assurance regarding the reliability of financial statements. Here are two examples: ALCOA INC. “The Company’s system of internal control over financial reporting is designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles.” DUKE ENERGY CORPORATION “Our internal control system was designed to provide reasonable assurance to our management and Board of Directors regarding the preparation and fair presentation of published financial statements.” Seventy-four companies added to this a statement regarding the policies and procedures related to internal control over financial reporting. CONAGRA FOODS, INC. “ConAgra Foods’ internal control over financial reporting is designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with U.S. generally accepted accounting principles. ConAgra Foods’ internal control over financial reporting includes those policies and procedures that: (i) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of ConAgra Foods; (ii) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with U.S. generally accepted accounting principles, and that receipts and expenditures of ConAgra Foods are being made only in accordance with the authorization of management and directors of ConAgra Foods; and (iii) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of ConAgra Foods’ assets that could have a material effect on the financial statements.” In the sample, 119 companies also included in their management’s report a statement regarding the inherent limitations of internal control over financial reporting. ALTRIA GROUP, INC. “Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.” KMART HOLDING CORPORATION Because of its inherent limitations, including the possibility of human error and the circumvention or overriding of controls, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
10
All of the above samples are consistent with illustrative reports provided in the COSO framework. No Control Deficiencies – Effective Internal Controls over Financial Reporting As summarized earlier, half the sample fell into this category. Companies that were classified as “No control deficiencies” also voluntarily disclosed discussion on their strong control environment, ethics policies, etc. LOCKHEED MARTIN CORPORATION Essential to the Corporation’s internal control system is management’s dedication to the highest standards of integrity, ethics and social responsibility. To support these standards, management has issued the Code of Ethics and Business Conduct (the Code). The Code provides for a help line that employees can use to confidentially or anonymously communicate to the Corporation’s ethics office complaints or concerns about accounting, internal control or auditing matters. These matters are forwarded directly to the Audit and Ethics Committee of the Corporation’s Board of Directors. The Audit and Ethics Committee, which is composed of six independent directors, has oversight responsibility for the Corporation’s financial reporting process and the audits of the consolidated financial statements and internal control over financial reporting. Both the independent auditors and the internal auditors have unrestricted access to meet with members of the Audit and Ethics Committee, with or without management representatives present. The Audit and Ethics Committee recommended, and the Board of Directors approved, that the audited consolidated financial statements be included in the Corporation’s Annual Report on Form 10-K for filing with the Securities and Exchange Commission. INTERNATIONAL PAPER COMPANY Internal Control Environment and Board of Directors Oversight - Our internal control environment includes an enterprise-wide attitude of integrity and control consciousness that establishes a positive “tone at the top.” This is exemplified by our ethics program that includes long-standing principles and policies on ethical business conduct that require employees to maintain the highest ethical and legal standards in the conduct of International Paper business, that have been distributed to all employees, a toll-free telephone helpline whereby any employee may report suspected violations of law or International Paper’s policy, and an office of ethics and business practice. The internal controls system further includes careful selection and training of supervisory and management personnel, appropriate delegation of authority and division of responsibility, dissemination of accounting and business policies throughout International Paper, and an extensive program of internal audits with management follow-up. The Board of Directors, assisted by the Audit and Finance Committee (Committee), monitors the integrity of the Company’s financial statements and financial reporting procedures, the performance of the Company’s internal audit function and independent auditors, and other matters set forth in its charter. The Committee, which currently consists of four independent directors, meets regularly with representatives of management, the independent auditors, and the Internal Auditor, with and without management representatives in attendance, to review their activities. The Committee’s Charter takes into account the New York Stock Exchange rules relating to Audit Committees and the SEC rules and regulations promulgated as a result of the Sarbanes-Oxley Act of 2002. A copy of the charter will be included in the Company’s definitive proxy statement relating to the annual meeting of shareholders in 2005. The Committee has reviewed and
11
discussed the consolidated financial statements for the year ended December 31, 2004, including critical accounting policies and significant management judgments, with management and the independent auditors. The Committee’s report recommending the inclusion of such financial statements in this Annual Report on Form 10-K will be set forth in our proxy statement. Control deficiency or deficiencies only – Effective Internal Controls over Financial Reporting Three companies in the sample fell into this category and reported control deficiencies that were not considered material weaknesses. The management’s reports for these companies concluded that a control deficiency existed that led to a restatement. However the company and auditors made a final determination that the internal controls over financial reporting were effective. BARNES & NOBLE, INC. Under the supervision and with the participation of management, including the Chief Executive Officer and Chief Financial Officer, the Company carried out an evaluation of the effectiveness of its internal control over financial reporting as of January 29, 2005 based on the “Internal Control - Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Based upon this evaluation, management concluded that the Company’s internal control over financial reporting was effective as of January 29, 2005 … In coming to the conclusion that the internal controls over financial reporting were effective as of January 29, 2005, management considered, among other things, the control deficiency related to the determination of lease terms, which resulted in the need to restate previously issued financial statements as disclosed in Note 1 to the Notes to Consolidated Financial Statements included in this Form 10-K. After reviewing and analyzing the SEC’s Staff Accounting Bulletin (SAB) No. 99, “Materiality,” Accounting Principles Board Opinion No. 28, “Interim Financial Reporting,” paragraph 29 and SAB Topic 5-F, “Accounting Changes Not Retroactively Applied Due to Immateriality,” and taking into consideration that: (i) the restatement adjustments did not have a material impact on the financial statements of prior interim or annual periods taken as a whole; (ii) the cumulative impact of the restatement adjustments on stockholders’ equity was not material to the financial statements of prior interim or annual periods; and (iii) the Company decided to restate previously issued financial statements solely because the cumulative impact of the error, if recorded in the current period, would have been material to the current year’s reported net income, management concluded that the control deficiency that resulted in the restatement of the prior period financial statements was not in itself a material weakness. Furthermore, management concluded that the control deficiency that resulted in the restatement when aggregated with other deficiencies did not constitute a material weakness. Disclosures about Material Weaknesses In its May 16 Staff Statement (http://www.sec.gov/info/accountants/stafficreporting.htm), the SEC stated that a company identifying a material weakness that has not been remediated prior to its fiscal year-end must conclude that its internal control over financial reporting is ineffective. Regarding material weaknesses, companies should consider disclosing: • The nature of any material weakness, • Its impact on financial reporting and the control environment, and • Management's plans, if any, for remediating the weakness.
12
AMERICAN INTERNATIONAL GROUP, INC. Remediation of Material Weaknesses in Internal Control Over Financial Reporting AIG is actively engaged in the implementation of remediation efforts to address the material weaknesses in AIG’s internal control over financial reporting as of December 31, 2004. These remediation efforts, outlined below, are specifically designed both to address the material weaknesses identified by AIG management and to enhance AIG’s overall corporate governance. AIG has taken, and is developing further plans to take, significant actions to improve its control environment, starting with a clear statement of the tone and philosophy set by its current senior management. AIG appointed a new Chief Executive Officer and a new Chief Financial Officer, who, together with other senior executives, are committed to achieving transparency and clear communication with all stakeholders through effective corporate governance, a strong control environment, high ethical standards and financial reporting integrity. AIG is considering the appropriate remedial actions with respect to certain employees in management and in the underwriting, accounting, auditing, actuarial and financial reporting functions. Such remedial actions may include further training and supervision, reassignment outside areas of involvement with financial reporting or termination. The AIG Board of Directors has recently established the Regulatory, Compliance and Legal Committee to provide oversight of AIG’s compliance with applicable laws and regulations. AIG has enhanced its Code of Conduct for employees and mandated that all employees complete special formal ethics training developed and monitored by AIG Corporate Compliance. AIG has implemented a Director, Executive Officer and Senior Financial Officer Code of Business Conduct and Ethics, to provide reasonable assurance that all members of the Board of Directors, executive officers and senior financial officers adhere to the stated principles and procedures set forth in that Code. AIG is developing a corporate level compliance framework, including implementation of compliance programs at the major business areas. AIG has strengthened the position of Chief Risk Officer, responsible for enterprise-wide credit, market, and operational risk management and oversight of the corresponding functions at the business levels and has empowered the Chief Risk Officer to work more closely with top executives at the corporate and major business area level to identify, assess, quantify, manage and mitigate risks to AIG. AIG has established an Operational Risk Management department, reporting to the Chief Risk Officer, to engage in expanded risk self-assessment processes for more effective identification and management of operational and reputational risks. In 2004, AIG established the Complex Structured Finance Transaction Committee at the corporate level to review and approve transactions that could enable a third party to achieve an accounting or financial reporting result
13
inconsistent with applicable accounting principles or subject AIG to heightened legal, reputational, regulatory or other risk. AIG has expanded the scope and activities of the Complex Structured Finance Transaction Committee, to include the review and approval of AIG’s accounting and financial reporting of identified transactions, including related party transactions. AIG plans to establish a Financial Disclosure Committee to assist the Chief Executive Officer and the Chief Financial Officer in fulfilling their responsibilities for oversight of the accuracy and timeliness of the disclosures made by AIG. AIG has taken several initial steps, and is developing others, that will provide reasonable assurance that risk transfer will be properly evaluated and contemporaneously documented and that the proper GAAP accounting will be utilized. AIG is establishing specific processes and controls and modifying others to provide reasonable assurance that reconciliations are performed as part of standardized procedures, reconciling items are reported on a periodic basis for timely resolution and consolidated exposure analyses are initiated and completed. AIG has commenced an evaluation of alternative approaches necessary to conform to hedge accounting in accordance with GAAP, is expanding the quarterly hedge effectiveness reviews currently performed independently by AIG’s Market Risk Management Department to ensure that certain derivative transactions meet hedge accounting requirements, and has begun to develop and implement the processes and controls necessary to ensure the appropriate evaluation and documentation of transactions qualifying for hedge accounting treatment. AIG has commenced a process to enhance controls to ensure that accounting for deferred taxes is in accordance with GAAP, addressing the reconciliation of deferred tax assets and liabilities to the tax basis of the related assets and liabilities and the monitoring of the effective tax rate applied to foreign subsidiaries eligible for relief from US income tax. FLAGSTAR BANCORP, INC. Management’s plans to correct material weaknesses. In order to correct the material weaknesses in internal control over financial reporting and ensure the integrity of our financial reporting process during 2005, management has implemented or is in the process of implementing the following actions: • Obtain additional training of relevant personnel in the area of derivative accounting, • Review of our accounting systems in order to identify opportunities to automate certain processes, • Retain and engage an outside accounting consultant to provide additional guidance in the application of generally accepted accounting principles for non-routine transactions, • Implementation of controls by senior accounting personnel surrounding the documentation of the review, analysis, and related conclusions with respect to non-routine transactions. FRED’S, INC. Management intends to respond to these material weaknesses by strengthening pertinent controls and making staffing changes, as follows:
14
-
-
Implement procedures to ensure that lease terms and leasehold improvements are accounted for in accordance with Generally Accepted Accounting Principles. Add additional staff with responsibility for completing the close process. Strengthen procedures surrounding the close process, including, but not limited to reconciliation of all major accounts. Improve cut-off procedures to ensure that transactions are recorded in the proper period.
These changes will act to remediate the material weaknesses discussed above, and will be conducted throughout the first and second quarters of fiscal 2005. However, we do not believe that all changes will be in effect at the end of the first quarter of 2005, and therefore, will likely report that material weaknesses in internal control continue to exist in our Quarterly Report on Form 10-Q for the first quarter of fiscal 2005. The SEC Staff Statement also strongly encourages companies to disclose the potential impact of each particular material weakness. The statement said this would lead to increased utility for investors, particularly if disclosures distinguish those material weaknesses that may have a pervasive impact on internal control over financial reporting from those material weaknesses that do not. Two companies (DELPHI CORPORATION, LEAPFROG ENTERPRISES INC.) use the term pervasive to describe their material weakness(es), but did not identify any material weakness as not pervasive, thus a basis for comparison could not be made. A summary of material weaknesses analyzed in the data sample follows:
Deficiency Leases Income taxes Inventory/cost of goods sold Revenue recognition Inadequate Personnel Accrued liabilities Derivative Instruments Account analysis Accounts receivable Financial close and reporting process Segregation of duties Depreciation Accounts payable Combination of individually immaterial factors Depletion Information technology controls Recording of non-routine journal entries Approval of journal entries Bonus and commission liabilities Cash Flows-securitizations Cash reconciliations Classification of mortgage loan origination fees on cash flows statement
15
Number of companies reporting (n=96) 27 19 10 9 7 6 6 5 5 4 4 3 2 2 2 2 2 1 1 1 1 1
Company-level controls Construction costs and debt Control environment for acquired company Costs incurred for tools used in production Credits attributable to software contracts Debt and related covenants Deferred policy acquisition costs and deferred sales inducement assets Detection and monitoring controls Effective “tone” within the organization related to the discouragement, prevention or detection of management override Employee Postretirement Health Care Benefits Evaluation of accounting estimates Evaluation of risk transfer Financial reporting process, footnotes Fraudulent accounting entries Goodwill and intangible assets Hedging transactions Inadequate accounting policies and procedures Inadequate software for consolidation Income taxes & goodwill Ineffective control environment Ineffective or inadequate accounting policies Ineffective or inadequate controls over the administration and related accounting for contracts Inventory derivatives Lack of formalized procedures and controls over accounting and financial reporting Manual Order Entry Processes. Minority interest equity accounting Pension and other postretirement plan accounting Periodic review of the application of generally accounting principles Personnel/goodwill and intangibles related to acquisition Presentation in the statement of cash flows of borrowings and repayments under the Company’s revolving credit facility Property & Equipment, Restructuring Revenue recognition/ Cost of goods sold Revenue recognition/accounts receivable Sales returns reserves Securitizations Segment disclosures Third Party Service Organizations Timely review and approval Validation and evaluation of data
16
1 1 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1
Other Common Disclosures/Voluntary Disclosures The SEC May 16 Staff Statement states, “An overall purpose of internal control over financial reporting is to foster the preparation of reliable financial statements. Reliable financial statements must be materially accurate. Therefore, a central purpose of the assessment of internal control over financial reporting is to identify material weaknesses that have, as indicated by their very definition, more than a remote likelihood of leading to a material misstatement in the financial statements. While identifying control deficiencies and significant deficiencies represents an important component of management's assessment, the overall focus of internal control reporting should be on those items that could result in material errors in the financial statements.” In our sample, 117 companies included in their reports a brief discussion of the purpose of internal control over financial reporting. One hundred thirty-two (132) companies included references to specific Securities and Exchange Act Rules. Sixty-seven (67) companies also provided definitions of terms such as material weakness, control deficiency, and internal control. Most of these firms were reporting specific material weaknesses and other control deficiencies. As cited earlier, many companies reporting effective internal controls over financial reporting, without any control deficiencies, provided voluntary disclosures regarding their internal control structure, control environment, and ethics policies and procedures that support a strong control environment.
17
Auditor’s Reports The extent to which auditors provided one or two reports is summarized in the following table: Auditor
Type
No. of companies
BDO Seidman LLP
No control deficiencies Control deficiencies only Material weaknesses Total No control deficiencies Control deficiencies only Material weaknesses Total No control deficiencies Material weaknesses Total Material weaknesses Material weaknesses No control deficiencies Material weaknesses Total No control deficiencies Control deficiencies only Material weaknesses Total No control deficiencies Control deficiencies only Material weaknesses Total
2 1 1 4 24 1 23 48 22 20 42 3 1 23 21 44 31 1 24 55 102 3 93 198
Deloitte & Touche LLP7
Ernst & Young LLP
Grant Thornton LLP Grobstein, Horwath & Co. KPMG LLP
PricewaterhouseCoopers LLP
All auditors
One integrated audit report
3 1 3 7
1 1 31 1 24 55 35 2 27 63
Two audit reports 2 1 1 4 21 20 41 22 20 42 3 1 22 21 43
67 1 66 134
In the sample of 10-Ks and 10-KAs we reviewed, PricewaterhouseCoopers issued one integrated audit report for all of its clients. The other audit firms, with a few exceptions, generally provided two reports—the first report on the internal control over financial reporting and the second on the financial statements. The auditor’s reports we reviewed fell generally into the following two categories: 1. Unqualified Opinion on Management's Assessment of the Effectiveness of Internal Control Over Financial Reporting and an Unqualified Opinion on the Effectiveness of Internal Control Over Financial Reporting 2. Unqualified Opinion on Management's Assessment of the Effectiveness of Internal Control Over Financial Reporting and an Adverse Opinion on the Effectiveness of Internal Control Over Financial Reporting Because of the Existence of a Material Weakness
7
Includes one company audited by Deloitte Touche Tohmatsu.
18
Conclusion This study describes predominant practices in Management’s Reports on Internal Controls, based on a review and analysis of 198 companies’ first-year disclosures released after the effective date of Section 404. We found considerable variation. While all companies report using the COSO framework, Management’s Reports were usually located in Item 8, 9a or 15 of the 10-K. Management’s Reports themselves varied. While all included statements required by the SEC, many also included statements regarding limitations of internal controls, references to specific SEC statutes, descriptions of the purpose of internal controls, and definitions of material weaknesses, or other internal control assessment terms. Many firms added specific voluntary disclosures about internal control and ethics initiatives. While PricewaterhouseCoopers issued all of its opinions as “integrated audits,” in a single letter, most other firms usually issued their opinion letters as two separate letters (financial statement audit and internal controls assessment). Furthermore, most firms provided their auditors’ internal control assessments letters in Items 8, 9a or 15.
19
Appendix – Examples COMCAST CORPORATION Comcast Corporation was one of the 30 companies in the sample that provided two separate Management reports. Item 8 includes the management reports and the integrated audit report on financial statements and internal controls over financial reporting. This was also an example of one of the companies that provided voluntary disclosures, in this case, a section titled “Audit Committee Oversight.” Item 9a cross referenced to Item 8. An excerpt from the company’s Form 10-K filed on February 23, 2005 for the year ended December 31, 2004 follows.
ITEM 8 FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA REPORT OF MANAGEMENT Management's Report on Financial Statements Our management is responsible for the preparation, integrity and fair presentation of information in our consolidated financial statements, including estimates and judgments. The consolidated financial statements presented in this report have been prepared in accordance with accounting principles generally accepted in the United States of America. Our management believes the consolidated financial statements and other financial information included in this report fairly present, in all material respects, our financial condition, results of operations and cash flows as of and for the periods presented in this report. The consolidated financial statements have been audited by Deloitte & Touche LLP, an independent registered public accounting firm, as stated in their report, which is included herein. Management's Report on Internal Control Over Financial Reporting Our management is responsible for establishing and maintaining an adequate system of internal control over financial reporting. Our system of internal control over financial reporting is designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with accounting principles generally accepted in the United States of America. Our internal control over financial reporting includes those policies and procedures that: • pertain to the maintenance of records that, in er asonable detail, accurately and fairly reflect our transactions and dispositions of our assets; • provide reasonable assurance that our transactions are recorded as necessary to permit preparation of our financial statements in accordance with accounting principles generally accepted in the United States of America, and that our receipts and expenditures are being made only in accordance with authorizations of our management and our directors; and • provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of our assets that could have a material effect on the financial statements. Because of its inherent limitations, a system of internal control over financial reporting can provide only reasonable assurance and may not prevent or detect misstatements. Further, because of changes in conditions, effectiveness of internal controls over financial reporting may vary over time. Our system contains self monitoring mechanisms, and actions are taken to correct deficiencies as they are identified.
20
Our management conducted an evaluation of the effectiveness of the system of internal control over financial reporting based on the framework in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission. Based on this evaluation, our management concluded that our system of internal control over financial reporting was effective as of December 31, 2004. Our management's assessment of the effectiveness of our internal control over financial reporting has been audited by Deloitte & Touche LLP, an independent registered public accounting firm, as stated in their report which is included herein. Audit Committee Oversight The Audit Committee of the Board of Directors, which is comprised solely of independent directors, has oversight responsibility for our financial reporting process and the audits of our consolidated financial statements and internal control over financial reporting. The Audit Committee meets regularly with management and with our internal auditors and independent registered public accounting firm (collectively, the "auditors") to review matters related to the quality and integrity of our financial reporting, internal control over financial reporting (including compliance matters related to our Code of Ethics and Business Conduct), and the nature, extent, and results of internal and external audits. Our auditors have full and free access and report directly to the Audit Committee. The Audit Committee recommended, and the Board of Directors approved, that the audited consolidated financial statements be included in this Annual Report on Form 10-K. REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM Board of Directors and Stockholders Comcast Corporation Philadelphia, Pennsylvania We have audited the accompanying consolidated balance sheet of Comcast Corporation and subsidiaries (the "Company") as of December 31, 2004 and 2003, and the related consolidated statements of operations, stockholders' equity and cash flows for each of the three years in the period ended December 31, 2004. We also have audited management's assessment, included under the caption Management's Report on Internal Control Over Financial Reporting, that the Company maintained effective internal control over financial reporting as of December 31, 2004, based on criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission. The Company's management is responsible for these financial statements, for maintaining effective internal control over financial reporting, and for its assessment of the effectiveness of internal control over financial reporting. Our responsibility is to express an opinion on these financial statements, an opinion on management's assessment, and an opinion on the effectiveness of the Company's internal control over financial reporting based on our audits. We conducted our audits in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement and whether effective internal control over financial reporting was maintained in all material respects. Our audits of the financial statements included examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements, assessing the accounting principles used and significant estimates made by management, and evaluating the overall financial statement presentation. Our audit of internal control over financial reporting included obtaining an understanding of internal control over financial reporting, evaluating management's assessment, testing and evaluating the design and operating effectiveness of internal control, and performing such other procedures as we considered necessary in the circumstances. We believe that our audits provide a reasonable basis for our opinions. A company's internal control over financial reporting is a process designed by, or under the supervision of, the company's principal executive and principal financial officers, or persons performing similar functions,
21
and effected by the company's board of directors, management, and other personnel to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements. Because of the inherent limitations of internal control over financial reporting, including the possibility of collusion or improper management override of controls, material misstatements due to error or fraud may not be prevented or detected on a timely basis. Also, projections of any evaluation of the effectiveness of the internal control over financial reporting to future periods are subject to the risk that the controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. In our opinion, the consolidated financial statements referred to above present fairly, in all material respects, the financial position of Comcast Corporation and subsidiaries as of December 31, 2004 and 2003, and the results of their operations and their cash flows for each of the three years in the period ended December 31, 2004, in conformity with accounting principles generally accepted in the United States of America. Also, in our opinion, management's assessment that the Company maintained effective internal control over financial reporting as of December 31, 2004, is fairly stated, in all material respects, based on the criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission. Furthermore, in our opinion, the Company maintained, in all material respects, effective internal control over financial reporting as of December 31, 2004, based on the criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission. Deloitte & Touche LLP Philadelphia, Pennsylvania February 21, 2005 ITEM 9A CONTROLS AND PROCEDURES Conclusions regarding disclosure controls and procedures. Our principal executive and principal financial officers, after evaluating the effectiveness of our disclosure controls and procedures (as defined in the Securities Exchange Act of 1934 Rules 13a-15(e) or 15d-15(e)) as of the end of the period covered by this report, have concluded that, based on the evaluation of these controls and procedures required by paragraph (b) of Exchange Act Rules 13a-15 or 15d-15, our disclosure controls and procedures were effective. Management's annual report on internal control over financial reporting. Refer to Management's Report on Internal Control Over Financial Reporting on page 34. Attestation report of the registered public accounting firm. Refer to Report of Independent Registered Public Accounting Firm on page 35. Changes in internal control over financial reporting. There were no changes in our internal control over financial reporting identified in connection with the evaluation required by paragraph (d) of Exchange Act Rules 13a-15 or 15d-15 that occurred during our last fiscal quarter that have materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.
22
THE DOW CHEMICAL COMPANY The Dow Chemical Company was one of five companies in the sample that provided management’s assessment (it concluded that their internal controls over financial reporting were effective) prior to referencing the control framework used. Item 9a includes both the management’s report and the auditor’s report on internal controls over financial reporting. This was also an example of one of the companies that provided voluntary disclosures, in this case, a section titled “Management's Process to Assess the Effectiveness of Internal Control Over Financial Reporting.” This section was repeated in Item 8 along with the management’s internal control assessment and the auditor’s report on the financial statements. Item 15 incorporated the financial statement audit opinion by reference. A complete excerpt from Item 9a of the company’s Form 10-K filed on February 18, 2005 for the period ended December 31, 2004 follows. ITEM 9A. CONTROLS AND PROCEDURES. Evaluation of Disclosure Controls and Procedures As of the end of the period covered by this Annual Report on Form 10-K, the Company carried out an evaluation, under the supervision and with the participation of the Company's Disclosure Committee and the Company's management, including the Chief Executive Officer and the Chief Financial Officer, of the effectiveness of the design and operation of the Company's disclosure controls and procedures pursuant to Exchange Act Rules 13a-15(e) and 15d-15(e). Based upon that evaluation, the Chief Executive Officer and the Chief Financial Officer concluded that the Company's disclosure controls and procedures were effective in timely alerting them to material information relating to the Company (including its consolidated subsidiaries) required to be included in the Company's periodic SEC filings. Changes in Internal Control Over Financial Reporting There were no changes in the Company's internal control over financial reporting identified in connection with the evaluation required by paragraph (d) of Exchange Act Rules 13a-15 or 15d-15 that was conducted during the last fiscal quarter that have materially affected, or are reasonably likely to materially affect, the Company's internal control over financial reporting. Management's Report on Internal Control Over Financial Reporting Management is responsible for establishing and maintaining adequate internal control over financial reporting. The Company's internal control framework and processes were designed to provide reasonable assurance to management and the Board of Directors regarding the reliability of financial reporting and the preparation of the Company's consolidated financial statements for external purposes in accordance with accounting principles generally accepted in the United States of America. Management recognizes its responsibility for fostering a strong ethical climate so that the Company's affairs are conducted according to the highest standards of personal and corporate conduct. The Company's internal control over financial reporting includes those policies and procedures that: • pertain to the maintenance of records that, in er asonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the Company; • provide reasonable assurance that transactions arerecorded properly to allow for the preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the Company are being made only in accordance with authorizations of management and Directors of the Company;
23
• provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the Company's assets that could have a material effect on the consolidated financial statements; and • provide reasonable assurance as to the detection of fraud. Because of its inherent limitations, a system of internal control over financial reporting can provide only reasonable assurance and may not prevent or detect misstatements. Further, because of changing conditions, effectiveness of internal control over financial reporting may vary over time. The Company's processes contain self-monitoring mechanisms, and actions are taken to correct deficiencies as they are identified. Management assessed the effectiveness of the Company's internal control over financial reporting and concluded that, as of December 31, 2004, such internal control is effective. In making this assessment, management used the criteria set forth by the Committee of Sponsoring Organizations of the Treadway Commission ("COSO") in Internal Control – Integrated Framework. To comply with the requirements of Section 404 of the Sarbanes-Oxley Act of 2002, the Company designed and implemented a structured and comprehensive compliance process to evaluate its internal control over financial reporting across the enterprise. In addition, the Company maintains an internal auditing program that independently assesses the effectiveness of internal control over financial reporting, including testing of the five COSO elements, and recommends possible improvements. The Company's independent auditors, Deloitte & Touche LLP, with direct access to the Company's Board of Directors through its Audit Committee, have audited the consolidated financial statements prepared by the Company. Their report on the consolidated financial statements is included in Part II, Item 8. Financial Statements and Supplementary Data. Management's assessment of the Company's internal control over financial reporting has been audited by Deloitte & Touche LLP, as stated in their report included herein. Management's Process to Assess the Effectiveness of Internal Control Over Financial Reporting Management's conclusion on the effectiveness of internal control over financial reporting is based on a thorough and comprehensive evaluation and analysis of the five elements of COSO (shown in italics below), and is based on, but not limited to, the following: • Documentation of entity-wide controls establishing the culture and "tone-at-the-top" of the organization, in support of Dow's Control Environment, Risk Assessment Process, Information and Communication policies and the ongoing Monitoring of these control processes and systems. • An evaluation ofControl Activities by work process. Key controls and compensating controls were documented and tested by each work process within the Company, including controls over all relevant financial statement assertions related to all significant accounts and disclosures. Internal control deficiencies were identified and prioritized, and appropriate remediation action plans were defined, implemented and retested. • A centralized review and analysis of all internal control deficiencies across the enterprise to determine whether such deficiencies, either separately or in the aggregate, represented a significant deficiency or material weakness. • An evaluation of any changes in work processes, systems, organization or policy that could materially impact internal control over financial reporting. • Internal control conclusions from managers, work process owners and significant nonconsolidated affiliates.
24
/s/ ANDREW N. LIVERIS
/s/ J. PEDRO REINHARD J. Pedro Reinhard Executive Vice President and Chief Financial Officer
Andrew N. Liveris President and Chief Executive Officer
/s/ FRANK H. BROD Frank H. Brod Vice President and Controller February 9, 2005 REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM To the Board of Directors and Stockholders of The Dow Chemical Company: We have audited management's assessment, included in the accompanying Management's Report on Internal Control Over Financial Reporting, that The Dow Chemical Company and subsidiaries (the "Company") maintained effective internal control over financial reporting as of December 31, 2004, based on criteria established in Internal Control – Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission. The Company's management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting. Our responsibility is to express an opinion on management's assessment and an opinion on the effectiveness of the Company's internal control over financial reporting based on our audit. We conducted our audit in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an understanding of internal control over financial reporting, evaluating management's assessment, testing and evaluating the design and operating effectiveness of internal control, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinions. A company's internal control over financial reporting is a process designed by, or under the supervision of, the company's principal executive and principal financial officers, or persons performing similar functions, and effected by the company's board of directors, management, and other personnel to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements. Because of the inherent limitations of internal control over financial reporting, including the possibility of collusion or improper management override of controls, material misstatements due to error or fraud may not be prevented or detected on a timely basis. Also, projections of any evaluation of the effectiveness of the internal control over financial reporting to future periods are subject to the risk that the controls may
25
become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. In our opinion, management's assessment that the Company maintained effective internal control over financial reporting as of December 31, 2004, is fairly stated, in all material respects, based on the criteria established in Internal Control – Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission. Also in our opinion, the Company maintained, in all material respects, effective internal control over financial reporting as of December 31, 2004, based on the criteria established in Internal Control – Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission. We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the consolidated financial statements and the financial statement schedule listed in the Index at Item 15 (a) 2. as of and for the year ended December 31, 2004 of the Company and our report dated February 9, 2005 expressed an unqualified opinion on those financial statements and financial statement schedule. /s/ DELOITTE & TOUCHE LLP Deloitte & Touche LLP Midland, Michigan February 9, 2005
26
WAL-MART STORES, INC. In Item 15 of its Form 10-K filed on March 31, 2005 for the period ended January 31, 2005, WalMart provided a “Management’s Report to Our Shareholders” that reiterated mangement’s responsibility for financial statements and internal control over financial reporting. It also included a “Report on Ethical Standards.” Excerpts from the filing follow. ITEM 9A. CONTROLS AND PROCEDURES Evaluation of Disclosure Controls and Procedures The Company maintains a system of disclosure controls and procedures that are designed to provide reasonable assurance that information, which is required to be timely disclosed, is accumulated and communicated to Management in a timely fashion. An evaluation of the effectiveness of the design and operation of Wal-Mart’s disclosure controls and procedures (as defined in Rule 13a-15(e) of the Securities Exchange Act of 1934, as amended (the “Exchange Act”))(“Disclosure Controls”) was performed as of the end of the period covered by this report. This evaluation was performed under the supervision and with the participation of the Company’s Management, including the Company’s Chief Executive Officer and Chief Financial Officer. Based upon that evaluation, the Company’s Chief Executive Officer and Chief Financial Officer concluded that these Disclosure Controls are effective to provide reasonable assurance that information required to be disclosed by the Company in the reports that it files or submits under the Exchange Act is accumulated and communicated to the Company’s Management, including its Chief Executive Officer and Chief Financial Officer, as appropriate, to allow timely decisions regarding required disclosure and are effective to provide reasonable assurance that such information is recorded, processed, summarized and reported within the time periods specified by the SEC’s rules and forms. Management’s Report on Internal Control Over Financial Reporting Management’s report on internal control over financial reporting and the attestation report of Ernst & Young LLP, the Company’s independent registered public accounting firm, on management’s assessment of internal control over financial reporting are included in our Annual Report to Shareholders for the year ended January 31, 2005 and are incorporated in this Item 9A by reference. Our Annual Report to Shareholders is included as an Exhibit to this Annual Report on Form 10-K. Changes in Internal Control Over Financial Reporting There has been no change in the Company’s internal control over financial reporting that occurred during the fiscal quarter ended January 31, 2005 that has materially affected, or is reasonably likely to materially affect, the Company’s internal control over financial reporting.
ITEM 15 EXHIBITS AND FINANCIAL STATEMENT SCHEDULES Report of Independent Registered Public Accounting Firm WAL-MART The Board of Directors and Shareholders, Wal-Mart Stores, Inc. We have audited the accompanying consolidated balance sheets of Wal-Mart Stores, Inc. as of January 31, 2005 and 2004, and the related consolidated statements of income, shareholders’ equity and cash flows for each of the three years in the period ended January 31, 2005. These financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on these financial statements based on our audits.
27
We conducted our audits in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion. In our opinion, the financial statements referred to above present fairly, in all material respects, the consolidated financial position of Wal-Mart Stores, Inc. at January 31, 2005 and 2004, and the consolidated results of its operations and its cash flows for each of the three years in the period ended January 31, 2005, in conformity with U.S. generally accepted accounting principles. We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the effectiveness of Wal-Mart Stores, Inc.’s internal control over financial reporting as of January 31, 2005, based on criteria established in Internal Control-Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission and our report dated March 25, 2005 expressed an unqualified opinion thereon.
Rogers, Arkansas March 25, 2005 Report of Independent Registered Public Accounting Firm on Internal Control Over Financial Reporting WAL-MART The Board of Directors and Shareholders, Wal-Mart Stores, Inc. We have audited management’s assessment, included in the accompanying Management’s Report to Our Shareholders under the caption “Report on Internal Control Over Financial Reporting,” that Wal-Mart Stores, Inc. maintained effective internal control over financial reporting as of January 31, 2005, based on criteria established in Internal Control – Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (the COSO criteria). Wal-Mart Stores, Inc.’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting. Our responsibility is to express an opinion on management’s assessment and an opinion on the effectiveness of the company’s internal control over financial reporting based on our audit. We conducted our audit in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an understanding of internal control over financial reporting, evaluating management’s assessment, testing and evaluating the design and operating effectiveness of internal control, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion. A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit
28
preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements. Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. In our opinion, management’s assessment that Wal-Mart Stores, Inc. maintained effective internal control over financial reporting as of January 31, 2005, is fairly stated, in all material respects, based on the COSO criteria. Also, in our opinion, Wal-Mart Stores, Inc., maintained, in all material respects, effective internal control over financial reporting as of January 31, 2005, based on the COSO criteria. We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the consolidated balance sheets of Wal-Mart Stores, Inc. as of January 31, 2005 and 2004, and the related consolidated statements of income, shareholders’ equity and cash flows for each of the three years in the period ended January 31, 2005 and our report dated March 25, 2005 expressed an unqualified opinion thereon.
Rogers, Arkansas March 25, 2005 Management’s Report to Our Shareholders WAL-MART Management of Wal-Mart Stores, Inc. (“Wal-Mart”) is responsible for the preparation, integrity and objectivity of Wal-Mart’s consolidated financial statements and other financial information contained in this Annual Report to Shareholders. Those consolidated financial statements were prepared in conformity with accounting principles generally accepted in the United States. In preparing those consolidated financial statements, Management was required to make certain estimates and judgments, which are based upon currently available information and Management’s view of current conditions and circumstances. The Audit Committee of the Board of Directors, which consists solely of independent directors, oversees our process of reporting financial information and the audit of our consolidated financial statements. The Audit Committee stays informed of the financial condition of Wal-Mart and regularly reviews Management’s financial policies and procedures, the independence of our independent auditors, our internal control and the objectivity of our financial reporting. Both the independent auditors and the internal auditors have free access to the Audit Committee and meet with the Audit Committee periodically, both with and without Management present. We have retained Ernst & Young LLP, an independent registered public accounting firm, to audit our consolidated financial statements found in this annual report. We have made available to Ernst & Young LLP all of our financial records and related data in connection with their audit of our consolidated financial statements. We have filed with the Securities and Exchange Commission the required certifications related to our consolidated financial statements as of and for the year ended January 31, 2005. These certifications are attached as exhibits to our Annual Report on Form 10-K for the year ended January 31, 2005. Additionally, we have also provided to the New York Stock Exchange the required annual certification of our Chief Executive Officer regarding our compliance with the New York Stock Exchange’s corporate governance listing standards.
29
Report on Internal Control Over Financial Reporting. Management has responsibility for establishing and maintaining adequate internal control over financial reporting. Internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external reporting purposes in accordance with accounting principles generally accepted in the United States. Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Management has assessed the effectiveness of the Company’s internal control over financial reporting as of January 31, 2005. In making its assessment, Management has utilized the criteria set forth by the Committee of Sponsoring Organizations (“COSO”) of the Treadway Commission in Internal Control—Integrated Framework. Management concluded that based on its assessment, Wal-Mart’s internal control over financial reporting was effective as of January 31, 2005. Management’s assessment of the effectiveness of the Company’s internal control over financial reporting as of January 31, 2005 has been audited by Ernst & Young LLP, an independent registered public accounting firm, as stated in their report which appears in this Annual Report to Shareholders. Evaluation of Disclosure Controls and Procedures. We maintain disclosure controls and procedures designed to provide reasonable assurance that information, which is required to be timely disclosed, is accumulated and communicated to Management in a timely fashion. Management has assessed the effectiveness of these disclosure controls and procedures as of January 31, 2005 and determined they were effective as of that date to provide reasonable assurance that information required to be disclosed by us in the reports we file or submit under the Securities Exchange Act of 1934, as amended, is accumulated and communicated to Management, as appropriate, to allow timely decisions regarding required disclosure and are effective to provide reasonable assurance that such information is recorded, processed, summarized and reported within the time periods specified by the SEC’s rules and forms. Report on Ethical Standards. Our Company was founded on the belief that open communications and the highest standard of ethics are necessary to be successful. Our long-standing “Open Door” communication policy helps Management be aware of and address issues in a timely and effective manner. Through the open door policy all Associates are encouraged to inform Management at the appropriate level when they are concerned about any matter pertaining to Wal-Mart. Wal-Mart has adopted a Statement of Ethics to guide our Associates in the continued observance of high ethical standards such as honesty, integrity and compliance with the law in the conduct of Wal-Mart’s business. Familiarity and compliance with the Statement of Ethics is required of all Associates who are part of Management. The Company also maintains a separate Code of Ethics for our senior financial officers. Wal-Mart also has in place a Related-Party Transaction Policy. This policy applies to all of Wal-Mart’s Officers and Directors and requires material related-party transactions to be reviewed by the Audit Committee. The Officers and Directors are required to report material related-party transactions to WalMart. We maintain an ethics office which oversees and administers an ethics hotline. The ethics hotline provides a channel for Associates to make confidential and anonymous complaints regarding potential violations of our statements of ethics, including violations related to financial or accounting matters.
H. Lee Scott President and Chief Executive Officer
Thomas M. Schoewe Executive Vice President and Chief Financial Officer
30
About the Authors Cheryl de Mesa Graziano is a certified public accountant and Vice President of Research and Operations at Financial Executives Research Foundation, Inc. She received a Bachelor of Business Administration at Baruch College, City University of New York. She began her career at Coopers & Lybrand and went on to several private-sector positions, including controller and CFO. She has worked for CNBC, Perseus Books and Bi-Logix, Inc and is completing a master’s degree in journalism. Mark P. Holtzman, is Assistant Professor of Accounting at the Stillman School of Business, Seton Hall University, South Orange, NJ. After he received a Bachelor in Business Administration at Hofstra University, he began his accounting career in the New York office of Deloitte & Touche. He later earned a PhD in accounting at The University of Texas at Austin. Dr. Holtzman has published articles in The CPA Journal, Research in Accounting Regulation, Strategic Finance, and The Accounting Historian’s Journal. He can be reached at
[email protected].
About Financial Executives Research Foundation, Inc. Financial Executives Research Foundation, Inc. is the research affiliate of Financial Executives International. Financial Executives Research Foundation is the non-profit 501(c)(3) research affiliate of FEI. FERF researchers identify key financial issues and develop impartial, timely research reports for FEI members and non- members alike, in a variety of publication formats. The Foundation relies primarily on voluntary tax-deductible contributions from corporations and individuals. The views set forth in this publication are those of the author and do not necessarily represent those of the Financial Executives Research Foundation Board as a whole, individual trustees, employees, or the members of the Advisory Committee. Financial Executives Research Foundation shall be held harmless against any claims, demands, suits, damages, injuries, costs, or expenses of any kind or nature whatsoever except such liabilities as may result solely from misconduct or improper performance by the Foundation or any of its representatives. This and more than 80 other Research Foundation publications can be ordered by logging onto http://www.ferf.org Financial Executives Research Foundation, Inc. 200 Campus Drive Florham Park, New Jersey 07932 Copyright © 2005 by Financial Executives Research Foundation, Inc. All rights reserved. No part of this publication may be reproduced in any form or by any means without written permission from the publisher. International Standard Book Number 1-933130-18-0 Printed in the United States of America First Printing Authorization to photocopy items for internal or personal use, or the internal or personal use of specific clients, is granted by Financial Executives Research Foundation, Inc. provided that an appropriate fee is paid to Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923. Fee inquiries can be directed to Copyright Clearance Center at 978-750-8400. For further information please check Copyright Clearance Center online at http://www.copyright.com.
31
Financial Executives Research Foundation, Inc. would like to acknowledge the following for their support and generosity: PRESIDENT’S CIRCLE DONORS Abbott Laboratories, Inc. ALCOA AT&T The Coca-Cola Company Comcast Corp. Corning Incorporated Cummins, Inc. CVS Corp. Daimler Chrysler Corporation Fund Dell Inc. Dow Chemical Company Duke Energy Corporation E. I. du Pont de Nemours & Company Eli Lilly & Company Exxon Mobil Corporation FEI Chicago Chapter FEI Cincinnati Chapter FEI Houston Chapter FEI Pittsburgh Chapter FEI New York City Chapter FEI Silicon Valley Chapter General Electric Company, Inc. General Motors Georgia-Pacific Corporation Hewlett-Packard Company IBM Corporation Interpublic Group of Companies, Incorporated Johnson & Johnson Lockheed Martin Corporation Microsoft Corporation Medtronic, Inc. Motorola, Inc. Pfizer, Inc. Procter & Gamble Sony Corp. of America Tenneco Automotive, Inc. Verizon Foundation
32
33
Congratulations and Best Wishes to
James N. Clark Thank you for all your hard work and dedication! Sincerely,
© Robert Half International Management Resources. EOE
34
35
Congratulations, Jim. Thanks for your many years of service to FEI and the Cincinnati Chapter.
The 2005-2006 Board of Directors Salutes James N. Clark our 1984-85 Chapter President! Brad Hunkler, President Melissa Lueke Jim Acton Anna Allen Jeff Bastian Arslan El Guindy Juan Fraiz Tom Freeman Bob Jung Dave Meyer 36
Congratulations,
Jim on your many accomplishments!
FEI Office of the Chair
37
Christopher A. Persiani Xperianz 5400 Dupont Circle Cincinnati Ohio 45150 513-453-8101
Congratulations, Jim! Coleen and Tony Schement Suzan and Peter Brester
JIM, YOUR FOLLOWING FRIENDS AND COLLEAGUES EXTEND THEIR CONGRATULATIONS AND BEST WISHES!
The E. W. Scripps Company congratulates
●
Jim Clark on your many years of service to FEI and the Cincinnati Chapter
James L. Ollier, Tech/III, Inc. dba The Printing Plant ●
Phil Dober, National City Jacqueline Neumann, Deloitte & Touche LLP
●
38
βυσινεσσ / ρεσεαρχη