Securities Law & Instruments

IN THE MATTER OF

THE SECURITIES ACT,

R.S.O. 1990, c. S.5, AS AMENDED

AND

IN THE MATTER OF

NORTEL NETWORKS CORPORATION AND

NORTEL NETWORKS LIMITED

(collectively, "Nortel")

 

ORDER

(Sections 127 and 127.1)

WHEREAS the Ontario Securities Commission (the "Commission") issued a Notice of Hearing dated May 16, 2007 pursuant to sections 127 and 127.1 of the Securities Act, R.S.O. 1990, c. S.5, as amended (the "Act") announcing that it proposed to consider a settlement agreement entered into by Nortel and Staff of the Commission;

AND WHEREAS on May 16, 2007 Staff of the Commission filed a Statement of Allegations in respect of Nortel;

AND WHEREAS Nortel entered into a settlement agreement dated May 16, 2007 (the "Settlement Agreement") with Staff of the Commission in relation to the matters set out in the Statement of Allegations;

AND UPON reviewing the Settlement Agreement, the Notice of Hearing and the Statement of Allegations, and upon considering submissions of Nortel and of Staff of the Commission;

AND WHEREAS the Commission is of the opinion that it is in the public interest to make this Order;

IT IS HEREBY ORDERED THAT:

1. the Settlement Agreement is approved;

2. pursuant to sections 127(1)4 and 127(2) of the Act:

(i) during the Reporting Period (as defined below), within 30 days of filing each of its quarterly and annual reports, Nortel shall deliver to Staff of the Commission a written report (a "Remediation Progress Report" or "Report") detailing its progress in implementing the Remediation Plan, as outlined in Schedule "A" to this Order, and addressing the other matters described in Schedule "B" to this Order. Remediation Progress Reports shall be delivered for the period commencing the first quarter-end after the date of this Order and ending the earlier of (a) the quarter-end after Nortel has remedied all material weaknesses in its internal control over financial reporting to the satisfaction of its external auditors, and (b) the date when Nortel has reported to Staff of the Commission, to the reasonable satisfaction of Staff, that Nortel has completed the implementation of the Remediation Plan (the "Reporting Period");

(ii) Remediation Progress Reports shall be prepared substantially in accordance with the instructions in the reporting template attached as Schedule "B";

(iii) Remediation Progress Reports shall be signed by the Chief Financial Officer and the Controller of Nortel and will include confirmation that the Report has been reviewed by the Chief Compliance Officer and the Audit Committee of Nortel and reflects their comments, if any, on the Report;

(iv) Staff of the Commission shall be entitled to engage a third party expert or experts (the "Consultant"), acceptable to and at the expense of Nortel, to assist Staff with their review and assessment of any Remediation Progress Report or Reports; and

(v) at the request of, and on reasonable notice from, Staff of the Commission and/or the Consultant, representatives of Nortel (including, where appropriate, the Chief Financial Officer, the Controller, the Chief Compliance Officer and/or the Chair of the Audit Committee of Nortel) will meet with the Staff and/or the Consultant to discuss and answer questions on any Report; and

3. pursuant to section 127.1 of the Act, Nortel shall make a payment to the Commission in the amount CDN $1,000,000 as a contribution towards the costs of the investigation.

Dated at Toronto, Ontario this 22nd day of May, 2007

"Wendell S. Wigle "

"Suresh Thakrar"

"Margot C. Howard"

 

SCHEDULE "A"

REMEDIATION PLAN REFERRED TO IN PARAGRAPH 77

OF THE SETTLEMENT AGREEMENT DATED MAY 16, 2007

BETWEEN STAFF OF THE ONTARIO SECURITIES COMMISSION AND

NORTEL NETWORKS CORPORATION AND NORTEL NETWORKS LIMITED.

 

 

ACTION{1}

 

ESTIMATED

 

ADDITIONAL INFORMATION

 

 

 

 

TARGET DATE${1}

 

 

 

Material Weakness Remediation Plan

Implement and continue to develop the following remediation plan to address the root causes of the material weakness in the Company's internal control over financial reporting referred to in paragraph 74 of the Settlement Agreement, as well as other deficiencies in other revenue related controls referred to below:

 

 

 

 

 

 

(a)

Cross-Functional Communication:

 

 

 

 

 

 

(i)

conduct analyses of selected revenue related prior period adjustments ("PPAs") initially reported in periodic reports filed during 2006, that were restated as part of the restatement included in the 2006 Annual Report, including those related to LG-Nortel, in order to achieve a better understanding of the root causes of the adjustments and identify other appropriate remedial actions and incorporate those actions into the remediation plan;

 

Q2 2007

Initial focus of this analysis will be on revenue related PPAs representing approximately 80% of the total dollar value of all revenue related PPAs initially reported in periodic reports filed during 2006. This analysis will include, among other actions, determining the root cause of the adjustment, whether the root cause indicates a broader issue regarding control deficiencies, and whether additional training may be required on a specific aspect of revenue recognition.

 

 

 

 

 

 

Interviews will be held with the initiators of these PPAs using a detailed template to capture information for further analysis.

 

 

 

 

 

 

PPAs recorded in the first quarter of 2007 affecting revenues, if any, will be included in the analysis.

 

 

(ii)

conduct further analyses to obtain a more comprehensive understanding of the end-to-end revenue cycle, including the manner and timing of information flow from one functional group to another throughout the Company, in order to identify the specific gaps in communication and to further define roles and responsibilities for communication within the revenue cycle; and

 

Q2 2007

Information will be collected and consolidated on the various components of the revenue cycle, such as Order Management, Project Management, Invoicing and Revenue Recognition.

 

 

 

 

 

 

End-to-end flowcharts of the revenue cycle will be created and confirmed with the relevant managers/directors.

 

 

 

 

 

 

Information collected through this end-to-end review will be compared with information collected through the analysis of PPAs to identify any inconsistencies.

 

 

 

 

 

 

Control points will be identified, such as points in the revenue cycle where information relevant to revenue accounting is transferred from one group/system to another.

 

 

(iii)

implement internal control process changes (including any necessary redefined roles and responsibilities) to address the identified root causes and gaps in cross-functional communication.

 

Q3 2007

Controls will be assessed to determine whether they are designed to ensure that information flows completely and accurately throughout the revenue cycle.

 

 

 

 

 

 

Existing controls will be enhanced or new controls will be implemented, as appropriate, including revising job descriptions where necessary to ensure there is clear accountability for these controls.

 

 

 

 

 

 

If it is determined that a control design is adequate, but is not operating effectively, appropriate remediation plans (for example, additional training) will be implemented.

 

 

(b)

Segregation of Duties:

 

 

 

 

 

 

(i)

identify and implement revisions to corporate security policy;

 

Q2 2007

The corporate security policy is being reviewed by the SOX technical support team to identify areas where it should be expanded to address issues identified during the 2006 SOX 404 assessment: for example, Information Services personnel having access to business systems.

 

 

(ii)

address the specific revenue related segregation of duties deficiencies in internal controls identified in the 2006 SOX 404 assessment, which specifically included lack of segregation of duties in certain instances; and

 

Q2 2007

Remediation of deficiencies related to segregation of duties will be tracked as part of the overall deficiency remediation reporting to the SOX management team on a weekly basis and to the SOX Steering Committee on a biweekly basis.

 

 

(iii)

as certain of the identified deficiencies relate to insufficient segregation of duties regarding access to computer systems, define and implement an expanded semi-annual user review.

 

Q3 2007

Discussions are underway with the Information Services group as to how the group's role needs to change to support the expanded semi-annual user review.

 

 

 

 

 

 

A detailed project plan has been developed specifically to address segregation of duties issues regarding access to computer systems, which is reviewed by the VP SOX on a weekly basis in conjunction with the SOX technology team leader.

 

 

 

 

 

 

As part of Nortel's Finance Transformation project, the Company will implement further programmed rules within computer systems as a layer of preventive controls within the systems in order to avoid segregation of duties issues.

 

 

(c)

LG-Nortel:

 

 

 

 

 

 

(i)

develop and implement a finance training policy as part of LG-Nortel's internal controls, similar to the Company's finance training policy;

 

Q2 2007

Training of LG-Nortel personnel will be monitored directly by the CFO of LG-Nortel.

 

 

 

 

 

 

LG-Nortel recently appointed an individual from the Control function with U.S. GAAP experience as Assistant Controller of LG-Nortel.

 

 

(ii)

in addition to the training on revenue arrangements with multiple deliverables delivered to and completed by Finance and sales personnel of LG-Nortel in Q1 2007, completion of three-day revenue recognition course by appropriate Finance personnel of LG-Nortel; and

 

Q2 2007

 

 

 

 

(iii)

address the deficiencies in internal controls identified in the 2006 SOX 404 assessment specific to LG-Nortel.

 

Q2 2007

Other revenue recognition issues to be addressed regarding LG-Nortel are subsumed within the other relevant action items in this Schedule D.

 

 

(d)

End User Computing Applications:

 

 

 

 

 

 

(i)

implement remedial actions to address the revenue related deficiencies in end user computing applications ("EUCAs") identified in the 2006 SOX 404 assessment, and in particular the elimination of unauthorized access to EUCAs.

 

Q2 2007

Standards and guidelines for EUCAs (such as spreadsheets) have been revised to address the issues identified in the 2006 SOX 404 assessment, and have been reviewed with the Company's independent accountants.

 

 

 

 

 

 

Remediation of EUCA deficiencies are tracked through the Company's SOX compliance tool, NICAT.

 

 

 

 

 

 

Testing of each EUCA in scope for the 2006 SOX 404 assessment has been scheduled and will take place during April, with overall conclusion on remediation of EUCA deficiencies targeted for May.

 

 

(e)

Other Revenue Recognition Training:

 

 

 

 

 

 

(i)

completion of three-day revenue recognition training and one-day revenue recognition model for revenue arrangements training by targeted population;

 

Q3 2007

Targeted populations for training are being re-confirmed since a number of staff have moved between Finance functions.

 

 

 

 

 

 

Reports on attendance are generated monthly to monitor progress and escalate training where required.

 

 

(ii)

identify appropriate target population in the sales organization and complete training on revenue recognition and transaction structure models;

 

Q4 2007

 

 

 

 

(iii)

develop revenue recognition training program for the identified order management target population; and

 

Q2 2007

 

 

 

 

(iv)

implement revenue recognition training program for the identified order management target population.

 

Q4 2007

 

 

 

 

(f)

Aid to Implementation of Revenue Recognition Guidelines:

 

 

 

 

 

 

(i)

develop and implement aids to revenue related accounting guidelines by the Global Revenue Governance group with the goal of heightening the awareness of the Contract Assurance team on identified items.

 

Q2 2007

Progress is being monitored through weekly material weakness remediation meetings.

 

 

 

 

 

 

Examples of aids under development include: highlighting that all contracts with a certain type of network element assume a level of customer support for which the fair value is not known, and hence deferral of revenue should be considered; and Rural Utility Service (RUS) contracts most often contain a liquidated damages provision, and hence all RUS contracts should be evaluated with Finance to ensure proper revenue recognition treatment.

 

 

(g)

General Computing Controls ("GCC"):

 

 

 

 

 

 

(i)

remediate the remaining deficiencies in systems that support the end-to-end revenue cycle, such as access by the Information Services group to production systems.

 

Q2 2007

The VP SOX meets biweekly with the Information Services SOX leader to review the status of Information Services activities in addressing remaining revenue related deficiencies.

 

 

 

 

 

 

As at April 12, 2007, approximately 57% of the 2006 GCC deficiencies related to revenue recognition had been remediated.

 

 

(h)

Deficiency Remediation:

 

 

 

 

 

 

(i)

apart from those noted in the items above, remediate all specific deficiencies in internal controls identified in the 2006 SOX 404 assessment that impact upon the end-to-end revenue cycle.

 

Q2 2007

Reports are generated weekly to highlight progress made on remediation of the specific deficiencies that impact upon the end-to-end revenue cycle, and are reviewed by the VP SOX.

 

 

 

 

 

 

These reports will be distributed to the SOX Steering Committee every two weeks.

 

People

Review of the skill sets and training of individuals occupying those key positions against the Competency and Training Model to verify individuals occupying those positions have the necessary skill sets and training, and the appropriate professional development plan.

 

Q2 2007

 

 

 

 

Review the Company's existing mandatory training requirements against the Competency and Training Model and identify any revisions to be made to those mandatory training requirements.

 

Q3 2007

 

 

 

Technology

Deployment of SAP system functionality for the general ledger, inter-company accounts, consolidation, direct accounts payable and accounts receivable.

 

Q2 2007

 

 

 

 

Deployment of SAP system functionality for direct tax, advanced planning, indirect purchasing, fixed assets, research & development, and treasury activities.

 

Q3 2007

 

 

{1} The following action items and estimated target dates represent current planned remedial actions and the estimated fiscal quarter for completion of the particular remedial action, and may be subject to future modifications and adjustments. Remediation Progress Reports will include reasonable details of all such modifications and adjustments and the principal reasons therefor.

 

SCHEDULE "B"

REMEDIATION PROGRESS REPORT TEMPLATE REFERRED TO IN PARAGRAPH 79

OF THE SETTLEMENT AGREEMENT DATED MAY 16, 2007

BETWEEN STAFF OF THE ONTARIO SECURITIES COMMISSION AND

NORTEL NETWORKS CORPORATION AND NORTEL NETWORKS LIMITED.

1. REPORTING PERIOD

Each report will identify the period to which the report relates (the "reporting period").

2. PROGRESS OF REMEDIATION PLAN

Each report will provide reasonable details of the actions taken during the reporting period for, and status of, each of the remedial measures identified in the Remediation Plan (as set forth on Schedule "D" to the Settlement Agreement). The reports will indicate whether the Company has met or is on track to meet the target timeline for implementation of each remedial measure and, if not, what actions remain outstanding, the principal reasons for the delay and any revised internal timeline to complete such actions. The reports will also include reasonable details of all modifications or adjustments in any of the planned remedial measures identified in the Remediation Report and the principal reasons for such modifications or adjustments.

Should the existing material weakness (as referred to at paragraph 74 of the Settlement Agreement) remain, in whole or in part, at the end of the reporting period, the report will include reasonable details as to the following in respect of each such material weakness:

(i) a description of the material weakness;

(ii) a description of the root causes of the material weakness as identified by management;

(iii) a description of the principal compensating procedures and processes that management has put in place to ensure the reliability of the Company's financial reporting in light of the material weakness;

(iv) the specific remedial actions which management has identified are required to be taken to fully remedy the material weakness or, if such actions have yet to be identified, the process which management proposes to follow to identify such remedial actions; and

(v) the estimated internal timeline for implementing such remedial actions and/or process.

3. TRAINING, COMPLIANCE, ETHICS AND INTERNAL AUDIT

Each report will provide an overview of the areas of focus and activities of the Company's financial accounting training programs and Compliance, Ethics and Internal Audit functions (as described in paragraphs (iv), (v) and (xviii) of Schedule "C" to the Settlement Agreement) during the reporting period, including (without limitation) reporting on:

(i) the activities of the Company's Global Finance Training and Communications group, including remedial and on-going financial accounting training programs developed for Finance, Control and FP&A employees and including the minimum annual training requirements established for Finance employees;

(ii) the communications activities of the Ethics and Compliance functions, including activities directed towards the promotion of Nortel's ethics "hot line", the volume of calls received by the hot line and an overview of the categories of areas raised in such calls; and

(iii) progress on the testing and deployment of the SAP system.

4. CONFIRMATIONS

Each report will confirm that the report has been reviewed by the Company's Chief Compliance Officer and the Audit Committee and reflects their comments, if any, on the report.

Where applicable, a report will confirm whether:

(i) the Company has remedied the material weakness in its internal controls over financial reporting to the satisfaction of its external auditors; and/or

(ii) the Company has completed the implementation of the Remediation Plan.

5. SIGNATURES

Each report will be signed by the Chief Financial Officer and Controller of the Company.