Seminar in Accounting & Society SOX – Section 404 April 20, 2009

2 Seminar in Accounting & Society SOX Section 404 – April 20, 2009 Rick Andrews Partner KPMG Dana Plonka Director, Internal Audit Sigma-Aldrich Corp.

3 Agenda Introductions/Background Overview – What is Sarbanes-Oxley? Impact of SOX – An Internal Perspective Costs & Benefits of SOX Impact of AS5 The Economy & Risk - What Happened? What’s Next? Questions

4 About Sigma-Aldrich $2.2B global Life Science Company Publicly traded on NASDAQ as SIAL Develops, purchases, produces & sells biochemical and organic chemical products for use in scientific research, biotechnology, pharmaceutical development, the diagnosis of disease, and as key components in pharmaceutical and other high technology manufacturing 7,900 employees in 38 countries Over 130,000 products 65% of Sales outside the US

5 About KPMG KPMG LLP is a provider of audit, tax and advisory services KPMG LLP is #1 in the St. Louis market auditing 42% of St. Louis’ Top 50 Public Companies KPMG LLP is the U.S. member firm of the KPMG international network with a presence in ~ 150 countries KPMG has been recognized as a great place to work by Fortune, Working Mother, the Human Rights Campaign, Business Week, The Women’s Alliance, the Black Collegian, Diversity Inc and others KPMG LLP consists of 22,000 partners and staff across the U.S. The St. Louis office is supported by approximately 250 employees serving in the capacity of client support delivery or client service support functions

6 What is Sarbanes-Oxley? What is SOX 302? What is SOX 404? What is AS5?

7 Management’s Certifications The CEO and CFO must personally certify to the: Accuracy of financial statements Adequacy & effectiveness of disclosure controls and procedures (SOX 302) Adequacy & effectiveness of internal controls over financial reporting (SOX 404) Completeness of all disclosures that materially impact the financial statements or relate to frauds involving management with a significant role in internal controls over financial reporting

8 SOX 302 at Sigma-Aldrich Quarterly disclosure controls and procedures implemented in 2002 Robust certification process includes 138 managers worldwide Extensive questionnaire addresses multiple areas and implies personal responsibility Disclosure Committee reviews all responses to determine actions Certifying Officers (CEO & CFO) and external auditors receive unedited, complete reports

9 SOX 404 at Sigma-Aldrich Implemented web-based software to manage internal control documentation, assessments and testing in 2003 Control documentation required for all Sigma-Aldrich sites; updated annually by Business Process Owners at sites SOX 404 testing performed by Internal Audit on behalf of management Deficiencies reported to sites, management, KPMG, Audit Committee

10 Impact of SOX on Stakeholders SOX 404 & 302 had a significant impact on: -Board of Directors’ responsibilities -Management’s responsibilities -Internal Audit Department resources and responsibilities -Costs of compliance

11 Impact on Board of Directors Increased liability & responsibility for Audit Committee members Qualifications for Audit Committee members more stringent (“financial expert” requirement) Director, Internal Audit reports directly to the Chairman of the Audit Committee Whistleblower Policy implemented with reports to the Audit Committee Chair

12 Impact on Board of Directors As a result, the Audit Committee has: Increased focus on internal controls & audit results Demanded swift remediation of internal control weaknesses Supported the addition of Internal Audit resources to support compliance efforts Initiated discussion over business risk management strategies across the organization

13 Impact on Management Certifying officers (CEO & CFO) are personally liable for undisclosed issues and significant financial misstatements  Potential for large $$ penalties and prison sentences Increased accountability to Board with respect to maintaining internal controls and SOX compliance processes

14 Impact on Management As a result, Management has: Increased focus on internal controls & audit results Demanded swift remediation of internal control weaknesses Placed reliance on transparency of quarterly disclosure certification process Continued to set a strong “Tone at the Top” with respect to establishment and adherence to policies & controls

15 Impact on the Audit Profession “The Good” Stature of audit profession raised Bubble of demand for auditors Increased salaries “The Bad” Balance of work shifted to routine detail tests More challenging to find ways to provide value due to independence rules (external audit) & resource limitations (internal audit)

16 Cost of SOX 404 for SIAL Dollars: Costs of compliance $1M - $1.2M annually for Years 1 & 2 60% of cost related to internal resources After reengineering and AS5, reduced annual cost to $650K Other Costs: Internal resources diverted from more value-added activities

17 Benefits of SOX 404 & 302 Increased knowledge of internal controls throughout the organization Ownership of internal controls embedded within the organization More rapid remediation of significant control deficiencies Increased transparency over events that may impact the financial statements and disclosures (SOX 302)

18 Impact of AS5 External audit no longer opines on management’s approach to forming their opinion on internal controls over financial reporting Scales are balancing with more focus on a risk-based approach Management has increased flexibility in developing its compliance plan

19 Sigma-Aldrich SOX Timeline 2003 SOX 404 Compliance Startup year of compliance 25% of IA time th year of compliance AS5 released 25% of IA time 2006 Re-engineered our approach Reduced # of controls tested by 45% 40% of IA time nd year of compliance 70% of IA time st year of compliance Addition of 2 Sr. Auditors 90% of IA time 2002 SOX 302 Certification Process th year of compliance IA time remains at 25%

20 Global disruption of economy Massive stock market decline Bernie Madoff Mortgage backed Securities AIG bailout Lehman Bankruptcy Bank foreclosures What Happened??? Wall St VS. Main St

21 What’s Next? The Economy, Risk & SOX 404 Companies are dealing with issues that are still evolving! As a result of the global economic disruption and the turmoil in the financial markets, companies are dealing with certain accounting and reporting issues for the first time in decades, and for some, the first time EVER.

22 What’s Next? The Economy, Risk & SOX 404 Anticipate increased focus on Enterprise Risk Management (ERM) and integration of related control structure into organizations -Boards and management are being asked why they did not forsee the potential impact of major risks -Debt ratings agencies (Standard & Poor’s) are starting to ask about ERM

23 What’s Next? Will IFRS be the Next SOX? In 2011, the SEC will determine whether US filers must comply with International Financial Reporting Standards (IFRS) in lieu of US GAAP by 2014 SOX 404 controls will be significantly impacted -IFRS is “judgment” versus “principle” based -New key controls will rely on judgment -Skills and competency of persons performing controls will receive increased scrutiny

24 Agenda Introductions/Background Overview – What is Sarbanes-Oxley? Impact of SOX – An Internal Perspective Costs & Benefits of SOX Impact of AS5 The Economy & Risk - What Happened? What’s Next? Questions

25 Questions???