CopenhagenCompliance® focuses on all Major European and international Compliance, Risk and Governance issues. This is your opportunity to focus on the issues that are important to your organization. Copenhagen Compliance will provide new strategies for handling enterprise Compliance Risk and Governance management, EuroSox, IT security & controls, Best practices, Sarbanes-Oxley, Internal Controls, ethics and integrity, corporate governance, and more. Pre SOX Compliance demands. This graph depicts that (Sarbanes-Oxley Act) SOX did not materialize just as a result of the finance scandals at the turn of the century. There were a series of acts and provisions from the mid 1970’s that required Corporations to meet requirements of the modern day compliance practices. These were barely accomplished with various degrees of success. 30 years of Non-Compliance Kersi F. Porbunderwalla www.grccontrollers.com The year 2007 marks a thirty year anniversary of the passing of The Foreign Corrupt Practices Act of 1977 (FCPA) To celebrate the anniversary, let’s go thru the details and requirements of only one. FCPA and review the provisions as seen from The Investor Protection Act (SOX) perspective. In the late 1970’s I was the Financial Manager of a US multinational company in Scandinavia. I have distinct memories of the havoc and uncertainties, which were rather identical to the current workload, approvals and disclosures required by SOX. The FCPA is referred in the SEC’s final ruling on SOX section404. Similar to SOX the FCPA was originally enacted after a series of scandals involving questionable monetary transactions. The FCPA was influenced by the Treadway Commission. Treadway Commission created The COSO Framework from the late 1980’s. The over 25 year old COSO Framework with all its deficiencies still continues to remain the widely accepted framework for monitoring risk compliance in relation to SOX. Independent of prudence was required for FCPA purposes. It was proved later that prudent management judgement for compliance was either inadequate or not enough. Therefore The Sarbanes-Oxley Act of 2002 just as FCPA required in 1977, both acts require a system of effective disclosures, controls and procedures, a functional code of ethics, and an effective compliance program. Non Compliance similarities to SOX. An organization operates through its managers and therefore is liable for the offences committed by them; both acts have required that officers and employees have gone to prison. Both acts require company’s to implement detailed compliance and training programs. Both acts require high levels on internal control policies in place. FCPA with an enlarged focus when dealing within particular countries which was a priority 30 years ago, but is still valid. Explanation when corporations have unusual payment patterns in terms of high consulting, promotional, advertising or contribution expenses Enforcement of discipline. Auditing and monitoring of internal controls with results reported to the Audit Committee. FCPA requires companies with listed securities in the U.S. to meet its accounting and internal control provisions, policies and procedures. So does SOX Imposed significant fines and suspension from federal procurement contracting FCPA 0btain the agreement of other countries to enact similar legislation. SOX is now more or less international best practice with legislations in several countries. Reviewed from norms, any departure from normal standards including contracts. U.S. parent companies can be held liable for the acts of their foreign subsidiaries. In summary, both acts need a team to create control and compliance activities and to guide a corporation through implementation of the FCPA and SOX compliance process. Sarbanes-Oxley types of controls need to be established at a variety of levels while the FCPA was one dimensional. Both acts require a clear corporate policy with assignment of responsibility. With SOX it is normal to have positions like a compliance officer. While The FCPA required sub-certifications of internal controls need to be addressed quarterly particularly in foreign subsidiaries, SOX requires certification of the entire concern. FCPA and SOX violators can be barred from federal purchases and contracts, and adverse public relations including derivative lawsuits could be the consequences of a no-action policy. Compliance to Sarbanes-Oxley would have been a piece of cake, if strict adherence to decade old compliance regulations were implemented. Compliance . . . All stock-listed companies have to live with it . . . you can't live without it. Therefore gain knowledge on how to manage Compliance. Improve your company’s ability to add value and help improve your organization's Compliance management programs. Control processes by attending the courses, seminars and conferences offered by the unique events of CopenhagenCompliance®. How the world's most sophisticated companies dealing with the compliance challenge. How can your company ensure that it is not investing in the areas where it is most at risk? How can you demonstrate that your company is getting the best return on its compliance Euros? How are your competitors actively measuring and improving their compliance processes?