Sarbanes-Oxley Act of 2002, and Changes in Auditing Standards (SAS 99)

Sarbanes-Oxley Act of 2002, and Changes in Auditing Standards (SAS 99) BFSG Meeting December 10, 2002 1

Sarbanes-Oxley Overview Sweeping legislation, passed July, 2002 Reforms in corporate governance, reporting, and audit profession Calls for further rule-making by SEC Applies to entities whose interests are publicly-traded on NYSE, NASDAQ 2

S-O – Overview (Continued) Prohibits external auditors from providing certain non-audit services Requires management to assess and report on internal controls Makes CEO and CFO personally accountable for financial statement accuracy Puts forth many other imperatives, which could be adopted under “best practices” criteria (See handout) 3

Impact on Not-for-Profits No direct applicability for MIT We do not file 10-K’s, or 10-Q’s with SEC Requirements of our auditors may impact us “Atmospheric” application, driven by trustees and peers Elect to comply with certain aspects as “best practices”, without increasing risk Gap analysis – review with Audit Committee in June, 2003 Remain vigilant for new requirements 4

Federal Sentencing Guidelines for Organizations (FSGO) Enacted in 1988 Sets penalties for organizations convicted of federal crimes (fraud, environmental violations, etc.) Leniency demonstrated toward organizations with effective compliance programs 5

Matters to Consider Responsibility for determining extent of voluntary adoption of S-O Code of Ethics/Business Conduct Audit Committee BFSG Process around violations Review of financial disclosures Approach to compliance 6

SAS 99 New auditing standard, to enhance auditors’ fraud detection procedures New procedures include: Queries about fraud risks Additional review of “override” controls (unusual transactions, exceptions, estimates, management judgments) Assessment of risk deterrent/risk mitigation programs Effective for fiscal 03 audit 7