Stock Plan Admins Cautioned on Controls, Process

Chicago, Illinois. November 1, 2005 ( - Stock plan administrators now find themselves stepping gingerly around new financial disclosures to avoid downstream hazards that may rear their head on certified financial statements.

The new cautions arrive courtesy of Sarbanes Oxley Section 404, which requires internal control reporting and evaluation—and Section 302, which requires CEO and CFO certification that internal controls have been established, tested, and are effective to ensure all material information is disclosed. To avoid causing headaches for their executives come audit time, or even the potential for an earnings restatement, Manatt, Phelps & Phillips, LLP partners John Heber and Craig Tanner in conjunction with KPMG LLP partner Lincoln Terzian, encouraged attendees at the 13 th  annual National Association of Stock Plan Professionals (NASPP) conference to adopt internal controls around how financials are developed and disseminated out of the stock plan administration group.

“Financial reporting around stock based compensation has both a financial element and a tax element. We need to have some controls around this,” stresses Terzian. “This is now a significant issue for financial reporting and tax.”

Hebner pointed to the onus placed on the stock plan administration business by SOX 302, which requires C-suite certification that financial statements contain no untrue statements of material fact, or material omissions and that financial statements fairly represent, in all material respects the financial condition of the company.  

But, for all the attention on “material information,” what all does that encompass?   “From an accounting standpoint it really depends on the facts and statements of a particular client,” said Terzian. “Really you need to look at the numbers to determine what is material.”

Case Study

Viewed in the context of a stock plan administrator’s role, Hebner said particular scrutiny should be given to compensation expense—due to the FAS 123(r) requirements to expense stock options—common stock and additional paid in capital. To ensure a broad base is provided to cover these potential issues the partners from Manatt suggest that SPA’s:

  • identify and describe the potential risks,
  • identify potentially affected accounts,
  • describe controls, processes and procedures to mitigate the identified risks,
  • confirm and document whether the established control activities are effective,
  • identify gaps,
  • identify opportunities for process improvement.

Applying this process to Employee Stock Purchase Plans (ESPPs), the presenters walked through a sample review of the plan. First, a stock plan administrator must identify risks within affected accounts.   With ESPP plans they claim the most common are situations in which:

  • employees are allocated an incorrect number of shares,
  • assumptions used to calculate compensation expenses are not supported, or
  • all full-time employees are not being offered participation.  

Having considered the risks, a prudent administrator would then describe the controls, processes and procedures in place—matching control activities with corresponding risks and then identifying the level of effectiveness—to mitigate any risks. "These control objectives are related to the risks you are trying to minimize," said Hebner.

Most common among these risks, and likely the easiest to repair, are issues in which all employees have not been enrolled in the plan and certain full-time employees were not allowed to participate. However, the Manatt group says the fix to these conditions can be as simple as confirming the inputs from the stock plan administration system with the company's HRIS system and ensuring the offering documentation has been sent to all active full-time employees by obtaining signed confirmations from employees that do not wish to participate.

Along the way, the process should be documented, stresses Hebner because of the level of input required from not only the stock plan administrator, but also the finance, human resources, legal and tax departments: "The way to do it, is to put all these people in the same room and document all of the processes and procedures at each step."

"You need to communicate with these people on a regular basis," adds Terzian. "So that when issues arise, we are all on the same page and your controls reflect this."

With that in hand, Hebner says, the all involved parties can see what processes need the most work and steps can be taken to affect positive change. "The final step would be to run a test on the system once you have put the improvements in place," he said.