In the latest of our weekly Q&As with governance and compliance executives, we talk to Bert Notini, chief operating officer at $170.7 million Sonus Networks. An index of previous conversations is available here.
In last year’s annual report, your company listed 10 material weaknesses. How do you sort out which ones to remedy first?
Well, we’ve been experiencing some strong growth and we’re very much focused on growth … We’ve been scaling our operations internationally for the last 18 months to two years, so against that backdrop you start to think about setting priorities to address material weaknesses in financial reporting. We set those priorities in the context of the way we were managing and growing the business; we focused on those things that would help most for financial reporting, but did it in a way that mapped against the operating plans we were driving. It was very much an “execution” focus.
To set those priorities, you start with a systems-level aspect to it, a process-level aspect, and then an execution-level aspect to it. The approach we took was to build a very granular, detailed work plan, listing things item by item, that cut across the weaknesses mapped against operational initiatives, and then set off to drive change and organize our resources around them.
Give an example of that. Did any particular weaknesses emerge as the first to be resolved?
We didn’t really prioritized them in that sense. The weaknesses reported were associated with financial reporting, and I wouldn’t want to say any were more or less important than any others; we took them all seriously. I will say there’s a logical sequence to it, that the systems piece is a foundation-level issue, and on top of that comes processes and then operating initiatives. So the systems piece was a high priority; issues related to financial-close processes also obviously were very important to us.
Talk about your systems, then. Did you make wholesale changes to your IT systems or internal controls?
We did upgrade our ERP infrastructure, which is the backbone tool for financial reporting. As part of that, we upgraded modules and functionality related to manufacturing and purchasing, and upgraded the amount of data-capture within the system and re-constructed the transaction flow in the company that starts with the placement of a purchase order and ends with the shipment of a product and invoice, and collection of revenue. The system architecture that we laid in captures globally the lifecycle of our transaction process. We did add some functionality as we rolled that out. We run our system on Oracle, so we really just upgraded it and feel good about our achievements.
You hired outside consultants to review your IT systems, correct?
We brought on a number of outside resources to help us, and also added meaningfully to our Sonus-side talent. Internal additions were our preference, but we absolutely had outside help from individuals who specialize in the controls work necessary to meet Sarbanes-Oxley standards. They’d help guide us to the architecture we’d need to achieve, and then another group of individuals who had knowledge in the systems themselves would come in and help us implement to meet those specifications. So it’s been a structured set of engagements, mapped against a detailed plan.
You also hired a new CFO. What other internal manpower did you employ?
We did have Ellen Richstone join us last January as our chief financial officer, and she’s been great. She has responsibility for the information-systems side of our operations, and has added talent in different places. We’ve also had an excellent director of IT who has led things effectively. It’s really about supplementing what we thought was, and believe today, is a very competent organization to achieve this outcome.
THE WEAKNESSES
The excerpt below is from the "Controls and Procedures" section of Sonus Networks' July 27, 2004, Form 10-K/A. The weaknesses have been highlighted by CW:
In connection with our restatement, we and Ernst & Young LLP, our
independent auditors, identified and reported to our audit committee
significant internal control matters that collectively constitute
"material weaknesses." These internal control matters, any one or more of
which may individually or together constitute a material weakness,
include: insufficient contract review and documentation; inadequate
supervision and review within the finance and accounting department;
inadequate segregation of duties; insufficient supporting documentation
for and review of account reconciliations; lack of adequate controls over
cash receipts; lack of adequate technical accounting expertise;
insufficient equity review procedures and documentation; flawed
foundations for accounting estimates; and inadequate quarterly and
year-end financial statement close and review procedures.
Source:
Sonus Networks' Form 10-K/A Item 9A ("Controls and Procedures"), Filed July 27, 2004
How do you decide what level of detail to disclose in your filings, to placate investors curious about your efforts?
We work really hard to disclose any information that is material to an investor valuing the total mix of information available about Sonus. In that regard, we’re very robust in our depiction of where we thought there were weaknesses in our control environment. As we go forward, we look forward to updating our investors on the progress we’ve made in our 10-K … At that time, we’ll be forthcoming in our disclosures. There’s no canned formula to what is or is not something to disclose.
But do you think investors expect more disclosure from you, giving Sonus’ history of weaknesses?
I’d say that that is one of many disclosures we make. It’s an important one, but there are others as well. We do our best to provide material information to help investors know about our company. We’re comfortable with that, and very straightforward about it.
Revenue recognition is always tricky for software businesses. How do you train your staff on those rules?
We have an ongoing training program in our company in all our areas, from our product sets to business practices, or obviously anything where controls are involved or translate into financial reporting. We’ve done a lot training as we’ve become familiar with best practices emerging in the Sarbanes environment, so we’ve designed and implemented a set of training materials that speak to the way these new rules—as well as routine accounting principles within our company—apply to the business we do.
Is this training you developed internally, or purchased somewhere?
I’m not really the person to speak specifically about how we assembled the training package. There’s a fair amount developed internally, and we certainly look externally for the best information and tools available. But I feel good about the material we have, and it’s highly customized to our unique business.
As I mentioned at the beginning, the exciting thing here is to leverage some of the new best practices coming out of the reporting environment to drive the growth of our business, so the training has to be fairly customized. We have a good training team internally, cross-functional and a core part of our operations … And we have a global presence, so it’s important to bring up to speed our employees in non-U.S. areas on matters that relate to our business, including these.
You were previously chair of Sonus’ audit committee. What sort of relationship should audit committees have with non-CEO executives?
In this day and age, and from the best practices emerging now, it should be a very open relationship with as much opportunity to meet with other executives as the committee wants—and I think audit committees take advantage of that. It’s typically the case at board meetings that a number of executives are available and they engage with the audit committee. That’s the practice here and elsewhere. It’s a very open and constructive dialogue and access.
Do you or your CFO ever meet with the audit committee without Sonus’ chief executive present?
The specific way in which we operate is something I wouldn’t want to comment on, but I think we have a very open and candid relationship with all our board members. That includes our CEO, myself, our CFO and other levels of management.
So in this last year of remediation, how did you balance that with daily running of the business?
We’ve taken very much an operating approach to implement our improvements. We use them to leverage the growth that we’re seeing and the scale we’re driving globally. I’d say it’s all been part of building the company, and we feel very comfortable with how we’re doing.
Thanks, Bert.
Compliance Week regularly profiles corporate executives responsible for governance, compliance, ethics and risk. Click here for recent Q&As. If you would like to be considered for a future Q&A, or if you would like to nominate a public company executive for a Q&A, please email Matt Kelly.
Click here for upcoming Webcasts with compliance officers.
No comments yet