March/April 2005

Complex maze of laws

Although the Sarbanes-Oxley Act of 2002 (“Sarbanes-Oxley) has received much publicity, your responsibilities an audit committee member or officer are governed by a complex maza of law. State statutory law such as the corporation or other governing laws of your state of organization remains the primary law governing your responsibilities. Your state’s governing laws set forth the requirements for your organization’s financial statements, your fiduciary duties, and, most importantly, your protections from liability.

Other laws include state common law, such as contract law. You implicitly agree by accepting to serve as an audit committee member or officer of an organized to comply with the organization’s governing documents, including its regulations or bylaws, any committee charters, any codes of conduct, and other policies of the organization applicable to you.

You may also have responsibilities under federal securities laws, if your organization is a stock company, or federal tax laws, if your organization is a non-stock or tax-exempt entity. If your organization is in a regulated industry such as banking or insurance, your responsibilities are also governed by the law governing those industries, such as federal or state banking laws or state insurance laws.

Finally, if you are in a regulated profession such as accounting or law, your responsibilities are also governed by the ethics and laws governing your profession, such as the Model Rules or Code of Professional Responsibility governing lawyers.

Basic principle of Sarbanes-Oxley

To understand your responsibilities in a post-Sarbanes-Oxley environment, you should understand the basic principle of Sarbanes-Oxley. This basic principal is that the first and best line of defense against corporate mismanagement and fraud is independent oversight of management by independent directors with the assistance of independent advisers, including independent audits of financial statements by independent auditors, and with accountability of executives for the information provided. In a post-Sarbanes-Oxley environment, the first and best line of offense for good government is also this independent oversight.

The three key areas of oversight that have developed since Sarbanes Oxley are:

1. The financial statement. preparation and review processes;
2. Executive compensation; and 
3. Board and management succession planning.

These are the key areas for oversight because the life of any organization depends upon:

1. Accuracy of its financial statement
2. Reasonableness of its compensation
3. Appropriateness of its actions taken for succession

What You Should Know About Directors

The three widely recognized functions of directors are:

• Decision-making regarding matters of policy, direction, strategy and governance; 
• Oversight of matters critical to the health of the company on behalf of its stakeholders; and
• Mentorship to the CEO and senior officers. The two basic duties of directors include:

Directors have statutory duties in performing these functions. These duties include:

Duty of care – Exercising the care that an ordinarily prudent person in a like position would use under similar circumstances; and

Duty of loyalty – Acting in good faith, in a manner the director reasonably believes to be in (or not opposed to) the best interests of the organization. 

The duty of loyalty for directors is a range: from “in the best interests” at one end of the range, to “not opposed to the best interests” at the other end. This range is much broader for directors than it is for officers because corporate and most other state organization laws contemplates that directors, especially those from outside the organization, will have a variety of interests and experience, especially because of the mentorship function.

Directors must identify whose “interests” determine the best interests of their organization. If the organization is a company with stock or other form of ownership, directors must take into account the interests of the shareholders or owners. If the organization is a non-stock or tax-exempt entity with no owners such as shareholders, the best interests of the corporation are determined by the constituencies served by the mission of the corporation.

Directors of most organizations under state law may take into account other interests such as the organization’s employees, suppliers, creditors, and customers, as well as broader interests such as the economy of the state and nation, and community and societal considerations.

There is one important exception in determining what interests are to be served by the duty of loyalty. If the organization is insolvent or within the zone of insolvency, then the interests to be served must include, and in certain circumstance may need to be exclusively, the interests of the organization’s creditors, especially its unsecured creditors. Insolvent general means liabilities exceeding assets or an inability to pay current obligations as they become due, and being within the zone of insolvency generally means incurring a transaction or failing to take a prudent action is likely to result in such insolvency.

State law provides directors are with several protections from liability in exercising their functions and performing their duties, including:

• The business judgment rule. Courts do not inquire into the wisdom of actions taken by directors in the absence of self interest, fraud, bad faith, or abuse of discretion. However, this rule requires directors to make a decision – it does not protect directors if they fail to make a decision.
• The right of reliance on others. Directors may rely on officers or employees of the organization as to matters for which they are reasonably believed to be reliable and competent; legal counsel, public accountants, or other experts as to matters reasonably believed to be within their professional competence; and committees as to matters within their designated authority and that the director reasonably believes to merit confidence.
• Statutory indemnification. A director who is successful on the merits or otherwise in defense of any action, suit, or proceeding in which he or she is named by reason of being a director, officer, employee or other agent is entitled to be indemnified against expenses, including attorney's fees incurred in connection with the action, suit, or proceeding.
• Contractual indemnification. Broader indemnification than statutory indemnification is permitted if the director acted in good faith; acted in a manner reasonably believed to be in or not opposed to the best interests of the corporation; and with respect to any criminal action or proceeding, had no reasonable cause to believe the person's conduct was unlawful. Broader indemnification includes advancement of expenses, including legal fees and expenses, and indemnification even if the director is not successful on the merits.
• Director & Officer insurance. Ohio and most other states’ laws permit broader coverage under D&O insurance than under statutory indemnification. Perhaps the most important value of D&O insurance is that it is available even if the corporation is insolvent and even after a change in control.

With respect to nonprofits, volunteer directors (and others) of charitable organizations are immune from civil suits for damages under the Federal Volunteer Protection Act and the Ohio Volunteer Immunity Statute. Volunteer means the director was not compensated other than reimbursement of expenses.

State laws governing corporations and similar organizations contemplate that directors will delegate management of the organization to officers. Accordingly, directors and officers should understand that, in order to be able to rely upon officers when doing, directors must reasonably believe the officers are reliable and competent in those matters. Although directors may determine competence of an officers based upon the officer’s background and experience, directors must ask questions in order to determine reliability of officers. 

To comply with their duties under state governing laws, members of the audit committee are well advised to:

• Ask questions designed to verify the reliability of the key participants in the fiancial statement preparation and audit process, i.e., the CEO, CFO, CLO, any internal auditor, and representative of the external auditor.
• Ask the same questions separately of each of these participants;
• Compare the consistencies of the answers. 

Directors should expect the answers of the various participants will be different depending upon the role and personality of each person. For example, the CEO is likely to describe matters in a big picture and be very optimistic in outlook while the CLO is more likely to describe details of the matter and be much more cautious in outlook. Therefore, directors should look to the consistency of the answers,feel comfortable to stop asking questions if the answers among the varouis participants, given their separate roles and personalities, are consistent. However, if the answers are not consistent, directors must delve deeper.

What You Should Know About Officers

Although all of an organization’s authority is vested in its board, a board does not directly exercise all of that authority. Instead, it is exercised “under the direction” of the board. Day-to-day running of the organization and its business is the function of officers. 

Officers like directors must perform this function with a duty of care and a duty of loyalty similar to those of directors. The duty of loyalty of officers is much higher for officers than it is for directors. While a director’s duty of loyalty ranges from being “in” to “not opposed to” the best interests of the organization, an officer’s duty of loyalty requires the officer always to act in a manner the officer reasonably believes to be “in” the best interests of the organization

Officers, most so than directors, have duties created at common law, such as through employment contracts, restrictive covenants and other agreements to which an officer is a party as well the organization’s policies and procedures governing officers or employees. Officers are also subject to prohibitions under federal securities laws; federal tax laws, state securities laws, and state regulatory laws if the organization is in a regulated industry.

Sarbanes-Oxley has expanded greatly the accountability of the CEO, CFO and CLO of publicly traded companies. Generally accepted auditing standards is extending this greater accountability to officers of all organizations having audited financial statements. The accountability has been expanded so that the CEO and CFO are to certify to the SEC and investors, with respect to publicly traded companies, or to the external auditor, with respect to other audited organizations, the accuracy and completeness, based upon personal knowledge after review, of the organizations:

• Financial statements;
• Financial disclosures;
• Internal controls; and
• With respect to publicly traded companies, disclosure controls.

The CEO and CFO also have an obligation to “report up” significant deficiencies, material weaknesses and fraud involved in internal controls and disclosure controls.

Additionally, CLOs now have an obligation to investigate or cause investigation of evidence coming to their attention of material violations of law or breaches of fiduciary duty. They, too, have an obligation to “report up” material violations of law or breaches of fiduciary duty.

External auditors now are obligated to “report up” reportable events, including significant deficiencies and material weaknesses in internal controls. In addition, external auditors are obligated to “report up” and, if not corrected, “report out” undisclosed illegal acts and third-party transactions.

State law provides officers, similarly to directors, with several protections from liability in exercising their functions and performing their duties, including statutory indemnification, contractual indemnification, and D&O insurance. However, unlike directors, officers have no statutory right of reliance on other or statutory business judgment rule because state law assumes such executives are accountable for the execution of the business and operations of their organizations.

What You Should Know About the Audit Process

During the audit process, the audit committee is responsible for hiring, discharging, and determining the scope of work and approve the fees of the external auditor. In addition, the audit committee is to oversee management in its responsibilities in the process, including the internal audit process. The audit committee also is the primary recipient of most reports and other communications from the external auditor. Further, the audit committee is responsible for instituting procedures for receiving and investigating risks (including complaints).

Management is responsible for maintaining an effective system of internal controls; maintaining accurate books and records in accordance with GAAP; accurately recording transactions in such books and records, preparing financial statements and related disclosures; allowing unfettered review by the external auditor of such financial statements and, more importantly, the underlying books and records and recording of transactions.

The external auditor is responsible for obtaining objective evidence supporting the amounts and the disclosures in the financial statements; assessing accounting principles used and significant estimates made by management; assessing overall financial statement presentation; and providing an opinion on the overall financial statements. In addition, external auditors perform the following key steps:

• Establishing terms of the engagement;
• Assessing materiality and risks;
• Determining the nature, timing and extent of audit tests (i.e., the audit plan);
• Discussing the audit planning process with the audit committee;
• Performing tests of controls and interim substantive tests of transactions and balances;
• Reassessing the audit plan in light of preliminary testing results;
• Conducting year-end audit testing of transactions and balances;
• Performing final evaluations of conclusions and sufficiency of evidential matter;
• Reviewing financial statements and footnotes;
• Completing quality control review procedures;
• Communicating with management and the audit committee regarding audit results, including audit adjustment proposals and significant deficiencies and material weaknesses in controls; and
• Issuing financial statement audit report, management letter, and report on internal controls.

The external auditor also communicates with the audit committee regarding judgments and estimates, material accounting policies, significant audit adjustments, other information included in the document with audited financial statements, difficulties encountered during the audit, disagreements with management, auditors judgment about the quality not just the acceptability of accounting principles, illegal acts, reportable conditions with internal controls, and material violation of law or breach of fiduciary duty.

Conclusion

Unfortunately, all of the functions, duties, protections, and processes discussed above set the “minimum” or, at best, “generally accepted” standards to avoid liability for directors and officers. Investors and other stakeholders such as lenders as well as regulators are beginning to expect directors and officers to act with better practices that those minimum or generally accepted standards. Demand is increasing for greater transparency in financial reporting; more principal-based accounting principles; reduction of interlocking boards or common membership among related organizations; avoidance of self interest in the approval of transactions; fuller disclosure of executive compensation with comparison to performance; and ongoing succession planning for both the board as well as management.

Meeting this demand is essential for restoring confidence in our stock trading markets. 

More importantly, restoring confidence in our stock trading markets is essential for avoiding the crises in social security feared by President Bush. Not restoring confidence before the “baby-boomer” population reaches retirement age will result in substantial demands upon the social security system because private pensions will likely not provide adequate retirement income.

Hopefully, all of us will focus on best practices rather than minimum or generally accepted practices in the future.