Here is our current checklist for what every CFO and General Counsel needs to do right now.
1. Meet with your D&O carrier
Get clarity on exactly what's covered, what's not and what's expected from your company. Most D&O carriers have some very stringent rules about which issues need to be reported to them, and how fast. Do not delegate this to your risk manager; your personal net worth may be exposed and you want to know these rules and make sure your company is complying. As a bonus, since insurers frequently end up holding the bag on securities litigation, they have some great expertise on the act and will happily share it with clients. Remember the SEC is currently considering forcing defendants to pay all financial penalties out of pocket instead of using insurance to cover some fines.
2. Check the status of your 404 documentation project
Your firm should have this project in full swing and take advantage of the pushed back dates. If addressed now, utilization of internal resources is much more plausible. It will help keep cost down.
3. Review your current board structure
Is the knowledge base and expertise correct for your company? Do they challenge you by setting the bar high, have foresight and then give good advice to help you achieve those goals. By the way, new rules for nominating directors are getting cooked-up now, so get this done before you lose your flexibility.
4. Outsource your whistleblower compliance and pay particular attention to the treatment phase
The process and steps before handing incidents to corporate management or the Audit Committee is critical as there can be substantial risk if shortcut. All of us, outsource vendors, are very price-competitive (depending on the number of employees we will do this for as low as $1,500 per year). Further, experienced SEC legal specialists firmly believe that doing it internally or simply outsourcing the receipt phase exposes firms to substantial liability. For a very inexpensive high quality solution why would you take this risk?
5. Have a regular follow-up with your outside counsel and your internal legal department
A one-hour breakfast meeting about once a quarter should keep you adequately informed.
6. Have someone really take your corporate code of ethics apart
Make sure that it covers everything it should, and then reissue it to every employee. Make an example of anyone who acts unethically.
7. Make sure your controller, CFO and internal auditors have read the Treadway Commission report.
8. Develop a process of close coordination with the company's Human Resources specialists, both internally and externally because of the significant implications SOX manifests in the work place.
9. Signup for Corporate Compliance Partners free weekly newsletter
Our staff tracks all SOX-related rules and news items. This is our way of sharing information with interested parties.