Erik Gellatly, JD Matrix Logic Corporation (415) x235 Achieving Sarbanes- Oxley Compliance with Hummingbird Solutions
Agenda n Introduction n What is Sarbanes-Oxley and Why Do We Care? n Compliance Requirements of Sarbanes-Oxley n ‘Document Intelligence’ Defined n Using Hummingbird DM / Collaboration n Bringing It All Together n Questions and Answers
Agenda n Introduction n What is Sarbanes-Oxley and Why Do We Care? n Compliance Requirements of Sarbanes-Oxley n ‘Document Intelligence’ Defined n Using Hummingbird DM / Collaboration n Bringing It All Together n Questions and Answers
Introduction n Matrix Logic is a Hummingbird Premier Partner and has over 400 clients across the US and abroad. n Matrix Logic integrates other products around the document management system to enhance DM/RM administration, collaboration and security. n Prior to joining the company, Erik Gellatly earned a law degree from Willamette University in 1998 and has worked with technology companies serving the legal profession since that time.
Agenda Introduction n What is Sarbanes-Oxley and Why Do We Care? n Compliance Requirements of Sarbanes-Oxley n ‘Document Intelligence’ Defined n Using Hummingbird DM / Collaboration n Bringing It All Together n Questions and Answers
What is Sarbanes-Oxley... n Sarbanes-Oxley is the U.S. government’s response to Enron / WorldCom / Adelphia / Tyco scandals n CEOs and CFOs of public companies now must swear under oath that the financial statements of public companies are accurate and complete n SEC filing deadlines are more compressed n Audit committees must establish and maintain internal controls for financial systems and have them certified by public accountants
... And We Care Deeply n Executives that knowingly sign falsified reports and anyone that destroys audit records can receive up to 10 years in prison and fines n Destruction, falsification, alteration of documents in federal investigations and bankruptcy proceedings can lead to sentences of up to 20 years in prison and fines n A new non-governmental watchdog agency, the Public Company Accounting Oversight Board, will scrutinize audits of all public companies
Who’s Neck Is It, Anyway? n Executives have a very short time to report any “material changes” to financial statements n Audit committees are responsible for assuring that proper controls are in place to allow them to fulfill their reporting obligations n IT managers are being asked to enforce document retention policies (think Enron / Arthur Anderson shredding scenario) n Investors need to have confidence that executive and auditor claims are accurate and complete
Agenda Introduction What is Sarbanes-Oxley and Why Do We Care? n Compliance Requirements of Sarbanes-Oxley n ‘Document Intelligence’ Defined n Using Hummingbird DM / Collaboration n Bringing It All Together n Questions and Answers
Compliance Requirements: CEO/CFO Attestations n CEO and CFO have reviewed the filing personally n Filings contain no untrue statement of material fact n Filings fairly report the company’s financial position n Any significant deficiencies, material weaknesses and fraud (material or not) have been disclosed to the audit committee and the external auditor n What internal controls are in place
Compliance Requirements: Disclosure Procedures n CEOs and CFOs must certify that processes are in place to ensure that material information relating to the company will be made known to them n “Fair presentation” of company’s results is stronger than GAAP standard – transparency is the goal n SEC recommends that Boards have special Disclosure Committees that determine what is material information and are responsible for regular public disclosures
Compliance Requirements: Records Retention n Anti-tampering provisions in §1102 and anti- destructions provisions in §1519 apply to records that are subject to an investigation n New crimes for attempted destruction and conspiracy to destroy records under §1349 n Accountants must retain audit records for public companies for seven years after a review is complete under Reg. S-X (Jan. 22, 2003 update) n Organizations can still destroy records according to a defined and communicated records retention policy
Agenda Introduction What is Sarbanes-Oxley and Why Do We Care? Compliance Requirements of Sarbanes-Oxley n ‘Document Intelligence’ Defined n Using Hummingbird DM / Collaboration n Bringing It All Together n Questions and Answers
‘Document Intelligence’ Defined n The alignment of your document repository structure with your reporting and disclosure requirements. n The extension of your existing document repository to support retention automation, true enterprise search and security. n The communication and enforcement of policies and procedures for handling electronic documents and records throughout the enterprise
‘Document Intelligence’ Applied n Hummingbird DM/RM together provide out-of-the- box functionality that can be applied to your new business process requirements Capture of financial reports for executive roll-ups Enterprise search capability for managers and analysts Retention Schedules by document type n Hummingbird Collaboration offers activity reports for managers and stakeholders for external users n Third-Party Extensions for wireless and security
Agenda Introduction What is Sarbanes-Oxley and Why Do We Care? Compliance Requirements of Sarbanes-Oxley ‘Document Intelligence’ Defined n Using Hummingbird DM / Collaboration n Bringing It All Together n Questions and Answers
Using Hummingbird Products n The out-of-the-box functionality is very helpful for executives, finance department when dealing with compressed filing deadlines n Hummingbird DM – in-progress documents n Hummingbird RM – legacy information, paper records, read-only electronic documents n Hummingbird Collaboration – working with outside individuals on specific matters/projects (external auditors, counsel, board members)
Automating Document Retention n Retention schedules can be specified for specific cases/matters or document types n Document types should map to Sarbanes-Oxley reporting requirements (think CONTRACT, FILING, MINUTES, REPORT and RESOLUTION) n Document deletion can be restricted (think “Arthur Anderson” scenario - electronic file shredding) n No limitation on format: , documents, memorandums, even instant messaging
Hummingbird DM Use Document Types in your Quick Searches - New “Easy Search” allows for quick, intuitive queries - Easy adoption for new users via Windows Explorer
Hummingbird Collaboration provides an intuitive web interface for specific groups (such as an Audit Committee)
Agenda Introduction What is Sarbanes-Oxley and Why Do We Care? Compliance Requirements of Sarbanes-Oxley ‘Document Intelligence’ Defined Using Hummingbird DM / Collaboration n Bringing It All Together n Questions and Answers
Bringing It All Together n Better risk management and public disclosure are the goals of Sarbanes-Oxley n Throwing bodies at compliance and security problems is not a long-term or scalable solution n Hummingbird products reduce overdependence on and improves information flow n Consider hand-held connectivity for busy managers, document encryption and watermarking for outgoing attachments that leave the DM
Audit Committee Process? Over-reliance on , manual processes and questionable security practices
or Audit Committee Process! Inside the “four walls”, Hummingbird DM provides enterprise search, mobility and document retention policy enforcement. Board members can collaborate securely and sign off on documents electronically over the Internet.
Wireless & Security Add-ons
Questions?