The 4-1-1 on 404

A look at the efforts behind a critical Finance initiative

BY ANNE EISELE

If someone asked you what Boeing President and CEO Harry Stonecipher, the Boeing Board of Directors and Chief Financial Officer James Bell consider to be the most critical Finance initiatives under way right now at Boeing, what would you say?

Maximizing stock valuation? More accurately forecasting cash flow? Achieving better returns on our investments? Clearly, Boeing is committed to driving improvements in each of these areas, among others.

But chances are the company's most important Finance priority for 2004-achieving compliance with new federal regulations governing the effectiveness of public companies' internal financial controls-is one you've never even heard of. But the stakes couldn't be higher.

Section 404 of the Sarbanes-Oxley Act ("SOX"), adopted in 2002 by the Securities and Exchange Commission, requires management of publicly traded companies annually to assess the design and operational effectiveness of internal controls over their financial reporting. Among the examples of financial controls: how Boeing closes the books for the quarter.

Section 404 also requires management to include in the company's annual report to shareholders its assessment of whether the company's internal control is effective and whether there are any material weaknesses. An independent auditor must attest to those assessments.

"Readying for SOX 404 compliance is an enormous task, but it's one we can't afford not to get right," said Harry McGee, controller for Boeing. "Beyond the strict regulatory requirements, by reviewing and testing our internal financial controls we are planting seeds for continuous process improvement and helping change the way Boeing does business in the future."

While The Boeing Company has always valued the importance of internal controls over financial reporting, the new legislation raises the documentation standard, requiring all financial controls and processes be mapped out and clearly explained.

An enterprisewide team including business-unit and corporate Finance professionals, representatives from Internal Audit, outside consultant Jefferson Wells and Boeing auditor Deloitte & Touche all have been contributing their "A" game to the effort, McGee said. That's meant lots of late nights and carryout dinners for the 800-strong Boeing "SOX"-ers.

So why is SOX 404 compliance so important? Because it underscores the fidelity and transparency of our reported financial information to current and prospective investors. And because it's the right thing to do, Bell said.

"Our efforts in this matter are far more important than 'checking a box' for regulatory purposes," he said. "They're actually helping support profitable and efficient business performance over the long run."

Successful completion of SOX 404 will demonstrate Boeing has processes that are financially sound, that will lead to improved competitive advantage and that contribute to efforts to restore corporate reputation. It also will help Boeing evolve toward financial processes and systems of the future and strengthen overall risk-reduction and assurance, McGee explained.

"The process of preparing for compliance shines a light on possible inefficiencies or internal control weaknesses, so Boeing can address them and drive better performance over the long run," he said. Understanding the current state of our processes and systems will help us identify areas of possible commonality or future improvement.

To some extent, the ambitious initiative to document and test more than 1,800 processes and systems also lays the groundwork for a planned migration to common cross-enterprise Finance systems recently agreed to by senior leadership. Baselining the current state of Finance processes and systems to achieve SOX 404 compliance also complements development of an integrated people-development framework for all Boeing Finance professionals by helping leaders brainstorm changing future skill needs.

Preparing to be SOX compliant is a very complex and labor-intensive process that involves several progressive steps. They include:

• Identifying and documenting existing processes, supporting systems and embedded controls.
• Testing those controls for design and operating effectiveness.
• Identifying applicable areas of risk and evaluating if any risk areas are not subject to the controls.
• Designing and documenting new controls affecting identified risk areas not covered by existing controls or subject to inadequate existing controls.
• Testing the new controls' design and operating effectiveness and documenting the results of that testing.
• Discussing the procedures and results with the Company's Audit Committee.
• Obtaining official auditor attestation.

"Clearly, it's a lot of work under a tight deadline, but the benefits will be well worth it" McGee said.

anne.f.eisele@boeing.com