Académique Documents
Professionnel Documents
Culture Documents
Elisabeth J. Page
1. Overview
Trinity Industries employs over 21,000 people and has seen significant growth in
revenues, operating profit, and net profit in recent fiscal years. Industry: According to its
website, businesses owned by Trinity Industries operate by, providing products and services to
the energy, chemical, agriculture, transportation, and construction sectors (Trinity Industries,
Inc. 2017). Trinity Industries has upwards of five operating segments and, according to a SWOT
Analysis by MarketLine, in fiscal 2015, the rail group segment accounted for 50.6% of the total
revenues, followed by railcar leasing and management services group (17.1%), and energy
equipment group segment (13.8%) (Trinity Industries, Inc. SWOT Analysis. 2016). Although
Trinity Industries also trades in energy, barge, and construction products, its rail and railcar
leasing and management service group segments constitute the majority of its revenue stream.
Trinity Industries was born out of the 1958 merger between Trinity Steel and Dallas Tank, both
struggling propane tank companies located in Dallas (Shultze 2011). Since that time, the
company has become an industry giant with a robust organizational structure. The Chief
Executive Officer, Timothy Wallace, along with ten directors, oversees the operations of the
company, delegating the management of important business units to key employees like the
Chief Financial Officer (CFO) and the Chief Operations Officer (COO). They in turn delegate
responsibilities to employees who manage the operations of the sub-units and report back up the
TRINITY INDUSTRIES SOX COMPLIANCE JOURNEY 2
ladder, and so on and so forth. Below is the organizational structure of Trinity Industries, Inc.:
A comparison of the revenues, operating profits, and net profits of Trinity Industries and
three comparable organizations within the same SIC on the SEC website: 3743, or Railroad
TRINITY INDUSTRIES SOX COMPLIANCE JOURNEY 3
Equipment, is as follows:
$6,000,000,000
$5,000,000,000
$4,000,000,000
$3,000,000,000
$2,000,000,000
$1,000,000,000
$0
FY 2015 Revenues FY 2015 Operating Profit FY 2015 Net Profit
For the fiscal year ended 2015, Trinity Industries consistently reported nearly double the
In light of Trinity Industries efforts to become SOX compliant before the legislation was
passed, it is evident that management places a high premium on a strong control environment
and the integrity of its financial reporting. Trinity Industries current CEO, Timothy Wallace, has
been at the company since 1976 and has led the company to incredible growth in recent years.
Wallace became CEO in 1999 and has since made many changes to Trinitys organizational
culture. In stark contrast to his fathers management style, Wallace, talks effusively about
and internal control initiatives in conjunction with Trinitys move to SOX compliance, Wallace
has fostered a strong control environment and nurturing organizational culture. Wallaces
TRINITY INDUSTRIES SOX COMPLIANCE JOURNEY 4
alternative management style has yielded impressive results in the past; during his tenure in the
railcar division at Trinity, Wallace led his team to, [increase] revenues from $76 million to
$1.25 billion (Borden 2000). Unlike under his fathers leadership, employees feel comfortable
promotes transparency and reduces the risk that Trinity will become involved in an accounting
scandal.
Prior to its first year of SOX compliance, Trinity Industries laid the foundation for a
successful transition. Trinity Industries commenced measures to become SOX compliant before
the passage of legislation requiring public companies to do so. This involved a complete
overhaul of its financial reporting system. One such update included consolidating its ledger
packages in one location: Oracle Financials. According to an article in the Journal of Information
Technology Teaching Cases, it was estimated that the Oracle project saved Trinity $.5 million
annually in SOX compliance expenses (Schultze 2011). Trinity Industries also successfully
outsourced their Accounting Success Center, or ASC, effectively standardizing all accounting
transactions by routing them through a third party. Implementing this change in conjunction with
especially in light of the challenges Trinity had previously experienced with large-scale IT
projects and the deep-seated resistance organizational members harbored toward outsourcing
(Schultze 2011). Trinity continued its trend of planning ahead by setting an internal deadline to
have a complete set of managements assertions ready six months prior to the official deadline.
According to Schultze, this early deadline would give Trinity an opportunity to fix any key
TRINITY INDUSTRIES SOX COMPLIANCE JOURNEY 5
weaknesses identified during the course of preliminary testing by the real deadline (Schultze
2011).
reporting process. Trinity Industries established a strong control environment from the inception
of its SOX initiative. A strong control environment is an effective tool for promoting ethical
financial reporting; conversely, a weak control environment creates many risks within the
control environment is, regarded as a strong indicator that a material weakness in internal
control exists (Ramos 2004). The PCAOB takes this principle one step further; according to
Auditing Standard 2201.02, if one or more material weaknesses exist, the company's internal
control over financial reporting cannot be considered effective (AS 2201 2017). The direct
correlation between poor control environment and material weakness in internal controls makes
Trinitys strong control environment a powerful preventative control. Trinity Industries also
adopted a process whereby the owners of internal controls are contacted on a quarterly basis and
asked to re-affirm their responsibility to monitor the controls assigned to them. According to
Ramos, in addition to reminding the owners of their commitment to maintain important financial
reporting safeguards, this process was effective at tracking changes in control ownership as it
regularly alerted Trinity if control ownership responsibilities had not been reassigned as people
left the company or changed jobs, for instance (Schultze 2011). The quarterly surveys function
Under the direction of the PCAOB, an auditor should, [focus] on entity-level controls
and [work] down to significant accounts and disclosures and their relevant assertions" (AS 2201
TRINITY INDUSTRIES SOX COMPLIANCE JOURNEY 6
2017). This methodology provides assurance that any material weaknesses in internal control
To call back to one of Trinity Industries successes, outsourcing the financial reporting
system to Oracle Financials and requiring an annual compliance audit of its data capturing
facility in India represented more important controls over financial reporting. Oracle Financials,
services for routine, organization-wide transaction processing such as billing, payroll, and AP
(Schultze 2011). Maintaining records on a consistent and centralized financial reporting platform
mitigates the risk of anomalies or otherwise prohibited activity going undetected; this makes the
centralized financial reporting system both a preventative and detective control as well.
Before evaluating controls for the potential of material weaknesses, we must define what
a material weakness is and what determines its severity. The PCAOB defines a material
reporting, such that there is a reasonable possibility that a material misstatement of the
company's annual or interim financial statements will not be prevented or detected on a timely
basis (Auditing standard no. 5). The severity of a material weakness depends on the likelihood
of a resulting misstatement and how badly the misstatement would skew the financial reports. To
likelihood (more than remote) that a significant (material) financial statement misstatement will
not be prevented or detected on a timely basis (Ramos 2004). This expansion sets parameters
for what it means to be likely for a misstatement to occur and remain undetected. Trinity
The railroad industry has seen slowly diminishing profits since the mid-1900s. In the age
of airplane and automobiles, travel by train is a fraction of what it once was. In addition to the
diminishing demand for consumer transportation, shipping giants like FedEx and UPS are often
more cost-effective options for small to mid-size corporations. Financial pressures in a strained
economy translate to influence, intentional or not, from the top to report favorable results. If the
control environment is weak, railroad and railroad equipment companies are susceptible to
pressure to meet certain financial performance measures. This is why it is critically important for
management to set a strong tone at the top to foster a solid control environment.
According to Ramos, two of the requirements for internal controls include, the
identification of the framework used to evaluate the internal controls (Ramos 2004) and a
statement as to whether the internal control system is effective as of yearend (Ramos 2004).
Trinity Industries adhered to these requirements from the very beginning of its SOX initiative,
implementing a number of initiatives to strengthen its internal controls and identify areas where
controls were lacking. Significant PCAOB standards affecting Trinity Industries included
Auditing Standards No. 2 and 3. According to an article from The Journal of Accounting and
Economics, while both PCAOB AS2 and AS3 were expected to enhance the quality of the
external audit, they also increased the amount of time required to complete the audit.
Consequently, many firms that routinely released preliminary earnings numbers after the
completion of audit fieldwork must now trade-off the market demand for timely information
against a possible reduction in reliability (Bronson 2011). According to the article, revisions to
preliminary announcements when filing the 10-K report would have been 35% lower during
TRINITY INDUSTRIES SOX COMPLIANCE JOURNEY 8
2005 if the historical frequency of issuing earnings releases after the audit report date had not
changed (Bronson 2011). In light of the staggering data, firms that strive to both make the audit
report deadline and facilitate a thorough audit are rarely able to achieve both. Trinity Industries
became a leader in SOX 404 Compliance because of its proactive approach and strong control
environment.
Trinity Industries was successful in its first year of SOX compliance because of its early
commitment to the transition, strong control environment, and internal deadliness which allowed
The SOX compliance initiative began well in advance of its deadline. By adopting the
spirit of Sarbanes-Oxley early, Wallace was able to leverage Trinitys holistic culture and his
tried-and-true management style into a strong control environment. Timothy Wallace has
embodied integrity and transparency since his first day as Chief Executive Officer; his efforts to
become SOX compliant well before the official deadline have been largely successful due to the
guidance of key Trinity employees. By establishing a two-way relationship with his employees,
Wallace could take advantage of their expertise while setting an example for how executive
TRINITY INDUSTRIES SOX COMPLIANCE JOURNEY 9
management should value its employees. All of these factors combined to facilitate the
In highly competitive markets, companies are always seeking new ways to gain the
advantage over competitors. The bottom-up approach to risk mapping is an effective choice for
companies looking to identify and mitigate the risks associated with their unique business
identifying the risks associated with them, and ranking them according to their significance. In
contrast to the top-down approach, which involves identifying the risks associated with the
organizations strategic initiatives and subsequently designing processes to mitigate those risks,
the bottom-up approach begins with, the census of the processes of the company (Zahra
2014). In addition to providing a detailed map of business processes and risks, data collected
through the bottom-up approach can be used to advance other management initiatives. For
example, the bottom-up approach may allow management to pinpoint processes that can be
It would have been in Trinity Industries best interest to keep its Accounting Service
Center (ASC) at its Trinity campus in Dallas, Texas instead of outsourcing those operations to
India. In spite of providing a 20% cost savings (Schultze 2011), moving the Accounting
Service Center would require, an annual compliance audit by a Trinity representative at the
coordinating the annual audit in India, there are numerous security risks associated with sending
information technology processes abroad. Not only does Trinity Industries have an incentive to
TRINITY INDUSTRIES SOX COMPLIANCE JOURNEY 10
protect its own confidential information, but the company also has a duty to protect its
customers private information. Outsourcing its Accounting Service Center may be good for
operating results; however, consumer confidence in Trinity Industries would plummet if the
company found itself at the center of a data security scandal. Although Trinity Industries
resistance organizational members harbored toward outsourcing (Schultze 2011), there will
always be an elevated threat of cyber sabotage in connection with the location of this business
unit.
The bottom-up and town-down methods are both valuable approaches to risk mapping
and it is recommended to, wherever possible, combine them according to the resources and
deadlines (Zahra 2014). Each approach has strengths and weaknesses that offset those of the
other. For example, the top-down approach is generally less costly to utilize than the bottom-up
approach and identifies the risks associated with the strategic initiatives of the business;
however, the bottom-up approach provides in-depth analysis of all major business processes and
can cover any blind spots that may result from adopting the top-down approach alone. This is
important because one of the main weaknesses of the top-down approach is identifying and
prioritization of the risks identified during this process can be destructive. In this way, the top-
down approach ensures that organization-wide goals are being met and prevents the silo effect.
While it is always more advantageous to adopt both the top-down and bottom-up
approaches when risk mapping, not all companies have the resources to implement both
TRINITY INDUSTRIES SOX COMPLIANCE JOURNEY 11
methodologies. The skills and resources needed to remain compliant can be quite costly and,
internal audit group consisted of only two people (Schultze 2011). Because of the limited
number of human resources in its internal audit department, it is important that Trinity adopt an
approach that is both cost effective and achievable in its first year of SOX compliance. Based on
the needs of the company and the timing of the transition, the top-down approach is a more
appropriate choice; it is generally less costly to utilize than the bottom-up approach and would
align the internal audit departments goals with Trinity Industries strategic initiatives.
initiatives, foregoing detailed knowledge of each business units major processes in order to put
the entitys best interests first. Trinity Industries internal control structure under this approach
should underscore a more conservative attitude toward risk since the top-down approach requires
no detailed analysis of each major business process. This will involve more control procedures in
addition to monitoring of controls as, according to an article in the Managerial Auditing Journal;
Bradford, a high degree of internal control activity and high degrees of monitoring lead to a
highly effective internal control system (Agbejule 2009). While most costly to implement,
adopting the bottom-up approach would give management greater insight into the risks
associated with each business process. Managers with this information are better equipped to
execute effective internal controls. If taking this approach, Trinity Industries should maintain a
high emphasis on internal controls; however, less emphasis may be placed on monitoring.
TRINITY INDUSTRIES SOX COMPLIANCE JOURNEY 12
For its first year of SOX compliance, Trinity Industries conducted pilot projects in two of
its business units: Highway safety and Tank-barge. Out of 83 and 67 key controls in place in
the Highway safety and Tank-barge business units, respectively, between 55-65% of internal
controls were preventative controls. Detective controls comprised 35-45% of key controls and
75-86% were manual controls. Systems controls made up 14-25% of key controls and between
13 and 19 controls gaps were discovered in each business unit. Of these control gaps, 9 and 15,
identified, the documentation teams worked with Corporate, the BU controllers and the Group
CFOs to gain agreement on each gap, its impact and mitigating control activities (Schultze
2011). Based on the data, it the majority of controls were preventative and detective. Most were
manual controls; therefore, there is opportunity to reduce the risk of human error and/or fraud by
Trinity tested its internal controls by creating, a self-assessment process that assigned
and managed control owners for every control at perpetuity (Schultze 2011). This allowed
management to periodically re-affirm its assertion on the reliability of internal controls and
verify that they are effective. Trinity Industries was proactive in its transition to SOX 404
compliance; 6 months prior to the deadline the company was ready to provide the management
assertion on the integrity of its internal controls. This early deadline would give Trinity an
opportunity to fix any key weaknesses identified during the course of preliminary testing by the
The most useful testing technique employed by Trinity Industries was the routine
dispatch of control certification letters to its control owners. By making each control owner,
accountable for the effectiveness of the internal control assigned to him/her (Schultze 2011),
memo
Trinity Industries strengthened its control environment and created an incentive for its key
management into the culture of the company, Trinity Industries can expect
Trinity could reduce the cost of SOX-related expenses by automating more controls; not
only would the company save on labor, but a reliable information system would strengthen the
internal controls at the same time. The prominence of IFRS may create challenges for Trinity
Industries in the near future. Implementation costs are notoriously high and that it was,
estimated that over 50% of IFRS conversion costs were related to IT (Schultze 2011) only
compounds the matter. Trinity Industries should take the same approach to adopting IFRS as it
took with the original SOX initiative; proceed under the assumption that the transition will be
Basingstoke, in order to prepare Trinity for its second year of SOX compliance, the steering
committee focused on two initiatives: (i) a top-down, risk-management approach to testing, and
(ii) the streamlining of controls across BUs (Schultze 2011). Upgrading to an amalgamated set
of internal controls across its 22 business units must have been extraordinarily costly to Trinity.
According to Auditing: A Journal of Practice & Theory, Section 404 costs can be
classified into three categories: additional audit fees, internal labor costs, and external
consulting/technology expenses (Krishnan 2008). Additional audit fees comprise roughly 25%
of Section 404 costs with external consulting/technology expenses coming in second. The most
When it comes to electronic data processing (EDP) software, the competition is fierce.
Some products offer exceptional quality and reliability, while much of Oracles and its
competitors appeal derives from the ability to integrate seamlessly with other applications.
According to commentary from BusinessWeek, selling the best individual product no longer
matter[s]; integration and simplicity d[oes] (Kerstetter 2003). Oracles top two competitors
during Trinity Industries SOX compliance initiative were SAP and PeopleSoft; Oracle acquired
Oracle. It appears that the software company failed because it lacked the software integrations
that other ERP giants were providing. According to The Journal of Computer Information
Systems, the driving force[s] behind the impending doom of first-- generation Electronic
Resource Planning programs are the Internet and the growth of e-commerce (Matthys 2000).
Unfortunately, PeopleSoft failed to effectively incorporate the internet and strategic partnerships
(e.g. cross-product integration) into its software and could not remain competitive in the age of
cloud computing.
At the time of Trinity Industries SOX compliance initiative, SAP would have been
Oracles biggest competitor. In 2000, SAP (Germany) [led] all other ERP vendors based on
revenue (Matthys 2000). SAP is a leader in the ERP software market; ironically, one drawback
of SAPs ERP software is related to its size. Evidently, a large vendor could actually mitigate
the benefits of ERP if the vendor is too large to adequately understand a mid-size company's
needs, budget, and culture (Matthys 2000). If SAP can improve its downward scalability it
may have a shot at gaining market share with smaller, growing companies.
TRINITY INDUSTRIES SOX COMPLIANCE JOURNEY 16
was a smart investment for the company. As the line between Accounting and Information
Technology continues to fade, brands offering integrations between risk management, financial
reporting, and other crucial business processes have become the top sellers of electronic data
processing software.
standards. Even now, numerous countries adhere to this set of standards for financial reporting
and many more are preparing to make the switch to full IFRS. The United States appears to be
headed in this direction; as a result, both publicly and non-publicly traded companies must
consider the impact the change in accounting standards would have on their bottom line.
According to the Journal of Insurance Regulation, publicly held U.S. companies should assess
the implications of adopting the international standards in order to have a well-planned approach,
not only to changes in accounting, but also to potential changes in capital requirements and
accounting, could prove financially draining to implement for many publicly traded companies
following U.S. GAAP, a rules-based approach. For example, in most industries, the International
Financial Reporting Standards require more in-depth assessment than their U.S. GAAP
counterparts; more resources are required to fulfill the true nature of IFRS accounting. The
increased costs are not without offsetting benefits; with IFRS widely accepted across the world,
smaller public companies, as well as private businesses, can leverage adoption of IFRS to be
more competitive on the global market. According to the Journal of Insurance Regulation,
TRINITY INDUSTRIES SOX COMPLIANCE JOURNEY 17
because the economy is increasingly becoming a global one, market forces might lead private
companies to adopt IFRS in order to remain competitive; raising capital in a foreign market or
knowledge of IFRS, if not reporting under IFRS (Lindberg 2010). Whatever the implications of
converting to a different set of accounting standards, the message is clear; IFRS is the future and
As the inevitable transition to IFRS draws closer, Trinity Industries should get a head
start on evaluating the impact the change in accounting principles will have on its internal
controls. While all internal controls should be evaluated, special attention should be paid to the
impact of IFRS on internal controls concerning IT; according to the ISACA Journal, moreover,
the implementation should be integrated with IT and internal controls in order to meet or exceed
Journal of Information Technology Teaching Cases about conversion costs across companies
concluded that, the need for new data, as well as changes in calculations and reporting required
by IFRS, would ultimately have to be implemented in a company's information systems. For this
reason, some estimated that over 50% of IFRS conversion costs were related to IT (Schultze
2011).
One result of moving to IFRS accounting is the impact of IAS 16 on Trinity Industries
accounting for the depreciation of its property, plant, and equipment. Unlike under U.S. GAAP,
fixed assets are broken down and depreciated by component when accounting under IFRS. A
TRINITY INDUSTRIES SOX COMPLIANCE JOURNEY 18
potentially detrimental effect of adopting IFRS will result from the differences in lease
accounting under IFRS and US GAAP. According to an article in Journal of Global Business
Issues, due to the bright-line rules under U.S. GAAP some companies can use those rules to
their own benefits which can result in some assets not on either the lessee or the lessor's balance
sheet (Lin 2013). If Trinity Industries accounts for any of its leases under US GAAPs rigid
criteria, the company may see unfavorable changes to its bottom-line when transitioning to IFRS
accounting.
Fortunately, in light of the differences between US GAAP and IFRS, Trinity Industries
the amount of reported net income is more than 5 percent higher under IFRS than under U.S.
GAAP for nearly 60 percent of the firms in the sample (Henry 2009). For example, under US
GAAP, four criteria must be met in order to recognize revenue as opposed to only two criteria
under IFRS.
Apart from the increased resources required to implement this change in accounting
principle, there are also far-reaching implications for IT. According to the Journal of Information
Technology Teaching Cases, the information systems at Trinity Industries, would therefore not
only need to accommodate new fields, but also new calculations, as well as new system and user
Governance, IT, and process buttress the goals of an organization when confronting a
compliance project like conversion to IFRS. As IFRS takes the lead as the preferred financial
reporting standard world-wide, there is a global call for businesses to embed the spirit of IFRS
into their governance, IT, and process infrastructures. The International Financial Reporting
TRINITY INDUSTRIES SOX COMPLIANCE JOURNEY 19
Standards are principles-based and, as such, there are areas where more in-depth analysis of
accounting inputs is required under this method. Governance plays an important role in
facilitating the transition to a principles-based form of accounting; management should set the
tone at the top and encourage the embrace of a more holistic approach to reporting. According to
imperative to facilitate the de facto IFRS convergence (Chen 2012). In other words, the
As IT and process are interrelated, the impact of IFRS accounting on these infrastructures
has broader implications. Many IFRS accounting principles require more detailed inputs to
accurately classify information; this means that while IFRS reporting has the potential to produce
more reliable information, if information is not recorded correctly at the lowest levels of the
business unit, there is a greater risk of material errors in the resulting outputs.
TRINITY INDUSTRIES SOX COMPLIANCE JOURNEY 20
References
Agbejule, A., & Jokipii, A. (2009). Strategy, control activities, monitoring and effectiveness.
https://pcaobus.org:443/Standards/Auditing/Pages/Auditing_Standard_5_Appendix_A.as
px
AS 2201: An audit of internal control over financial reporting that is integrated with an audit of
https://pcaobus.org:443/Standards/Auditing/Pages/AS2201.aspx
Bronson, S. N., Hogan, C. E., Johnson, M. F., & Ramesh, K. (2011). The unintended
doi:10.1016/j.jacceco.2010.06.002
Brown, W. C., & Pike, B. J. (2011). Questions that must be addressed for a successful IFRS
http://ezproxy.snhu.edu/login?url=https://search-proquest-
com.ezproxy.snhu.edu/docview/1142882732?accountid=3783
Chen, Y., & Rezaee, Z. (2012). The role of corporate governance in convergence with IFRS:
Henry, E., Lin, S., & Yang, Y. (2009). The european-U.S. "GAAP gap": IFRS to U.S. GAAP
http://ezproxy.snhu.edu/login?url=https://search-proquest-
com.ezproxy.snhu.edu/docview/208893635?accountid=3783
Kerstetter, J., & Hamm, S. (2003). Oracle vs. peoplesoft: And the winner is...sap. BusinessWeek,
(3839), 37.
Krishnan, J., Rama, D., & Zhang, Y. (2008). Costs to comply with SOX section 404. Auditing: A
Lin, J., & Fink, P. (2013). International financial reporting standards: Are they right for the
united states? Journal of Global Business Issues, 7(2), 59-67. Retrieved from
http://ezproxy.snhu.edu/login?url=https://search-proquest-
com.ezproxy.snhu.edu/docview/1461346221?accountid=3783
Lindberg, D. L., & Seifert, D. L. (2010). A new paradigm of reporting on the horizon:
International financial reporting standards (IFRS) and implications for the insurance
http://ezproxy.snhu.edu/login?url=https://search-proquest-
com.ezproxy.snhu.edu/docview/819664884?accountid=3783
Matthys, N., & Shorter, J. D. (2000). Electronic resource planning solutions for business
processes. The Journal of Computer Information Systems, 41(1), 45. Retrieved from
http://ezproxy.snhu.edu/login?url=https://search-proquest-
com.ezproxy.snhu.edu/docview/232574942?accountid=3783
industries
TRINITY INDUSTRIES SOX COMPLIANCE JOURNEY 22
Ramos, M. (2004). Section 404 compliance in the annual report. Journal of Accountancy,
Retrieved from
http://www.journalofaccountancy.com/issues/2004/oct/section404complianceinthea
nnualreport.html
Schultze, U. (2011). The SOX compliance journey at trinity industries. Journal of Information
doi://dx.doi.org.ezproxy.snhu.edu/10.1057/jittc.2011.11
http://ezproxy.snhu.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d
b=edb&AN=14278327&site=eds-live&scope=site
Trinity Industries, Inc. SWOT Analysis. (2016). Trinity Industries SWOT Analysis, 1-7.
Wilmerding, PA
Zahra, E. A. F., & Said, H. (2014). Application of the approaches top-down and bottom-up for
and Management, 16