Issues & Overview Is Your Company Meeting Its Compliance Obligations? You Will Be Expected To Know!

Tuesday, June 1, 2004 - 00:00

Robert E. Bostrom
Winston & Strawn LLP

Corporate scandals involving Enron, WorldCom, and a host of others leading up to the enactment of Sarbanes-Oxley have made it clear that traditional corporate governance structures, compliance programs, internal controls and risk management systems did not address the challenges faced by companies and Boards of Directors.

Events subsequent to Sarbanes-Oxley suggest that Sarbanes-Oxley may not have gone far enough as reports and disclosures of accounting irregularities, earnings restatements, violations of law, enforcement actions, and corporate governance breakdowns have continued unabated. Nortel Networks, Freddie Mac, Fannie Mae, the New York Stock Exchange, a growing number of mutual fund complexes and insurance brokers, Halliburton, AOL Time-Warner, Tenet Healthcare, Raytheon, Vivendi, Parmalat, Coca-Cola, Royal Dutch/Shell Group, and other companies have been the subject of more recent headlines. There continue to be weekly announcements of new situations that are the subject of investigation or review.

Reports being issued in connection with these more recent announcements, as well as reports issued in connection with earlier situations, continue to identify the same fundamental breakdowns of corporate governance. The Report of the Special Examination of Freddie Mac, the Report on Corporate Governance for the Future of MCI, and the multiple Reports of the Court-Appointed Examiner in the Enron Bankruptcy identified problems and proposed recommendations with disturbingly similar themes.

The problems identified in these Reports include:

•Inappropriate corporate culture and tone at the top

•Ineffective compliance and risk management systems

•Inadequate internal control structure

•Executive compensation programs

•Inadequate disclosure and transparency

•Inadequate Board oversight as a result of a variety of factors including cronyism, lack of relevant knowledge, and inattention to duties and responsibilities

The key themes which have emerged are the importance of culture, "tone at the top," transparency, trust, accountability, reputation and independence.

As a result of these developments and continuing legislative and regulatory changes, there is increased pressure in the boardroom, including particularly on the audit committee. As a result of the NYSE Listing Standards, Sarbanes-Oxley and the Public Company Accounting Oversight Board Audit Standard on Internal Controls, the audit committee's role and responsibility with respect to the oversight of risk management, compliance and internal controls is substantial. In addition, there are a number of sources of pressure that will force companies to go beyond the stated requirements of the law regarding corporate governance practices.

Corporate counsel will be looked to by the board, the audit committee and management to advise with respect to compliance issues and risk management, both with respect to legal requirements and those arising from these other pressures. Two emerging standards for an effective compliance system and risk management are the new U.S. Sentencing Guidelines and the draft COSO Framework for Enterprise-wide Risk Management, respectively. Corporate counsel will find a useful checklist of compliance issues in my article in the July and August issues.