New Internal Control Requirements for Public Companies.Originally published August 2008 The Canadian Canadian (kənā`dēən), river, 906 mi (1,458 km) long, rising in NE New Mexico. and flowing E across N Texas and central Oklahoma into the Arkansas River in E Oklahoma. securities regulators are adopting additional requirements for internal control over financial reporting, which will expand the current CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. and CFO See Chief Financial Officer. certificates and require additional disclosure in MD&A. Accompanying these new requirements is extensive guidance on how disclosure and internal controls should be designed and evaluated. The new requirements are to come into force on December December: see month. 15, 2008 and will apply to December 31, 2008 financial statements. Background The current rules (Multilateral mul·ti·lat·er·al adj. 1. Having many sides. 2. Involving more than two nations or parties: multilateral trade agreements. Instrument 52 -109 Certification of Disclosure in Issuers' Annual and Interim Filings) require a public company's chief executive officer and chief financial officer, or persons performing similar functions, (CEOs and CFOs) to personally certify cer·ti·fy v. cer·ti·fied, cer·ti·fy·ing, cer·ti·fies v.tr. 1. a. To confirm formally as true, accurate, or genuine. b. that: the company's filings do not contain any misrepresentations (for annual and interim filings); the financial statements and other financial information in filings is fairly presented (for annual and interim filings); they have designed, or caused to be designed under their supervision, disclosure controls and procedures and internal control over financial reporting (for annual and interim filings); they have evaluated, or caused to be evaluated under their supervision, the effectiveness of disclosure controls and procedures, and disclosed their conclusions in MD&A (for annual filings only); and any change that has, or is likely to, materially affect the company's internal control has been disclosed in MD&A (for annual and interim filings). The current rules are to be replaced by the new rules (National Instrument 52-109 Certification of Disclosure in Issuers' Annual and Interim Filings). The Canadian securities regulations Canadian securities regulation is managed through laws and agencies established by Canada's 13 provincial and territorial governments. Each province and territory has a securities commission or equivalent authority. are also to adopt new guidance (Companion Policy to National Instrument 52-109) on how the new rules are to be interpreted and applied, including how disclosure and internal controls should be designed and evaluated. The CEOs and CFOs of companies whose securities are not listed on the Toronto Stock Exchange Toronto Stock Exchange (TSE) Canada's largest stock exchange, trading approximately 1,200 company stocks and 33 options. or another major U.S. exchange have been exempted from the requirements under the current rules to certify that they have designed and evaluated disclosure controls and procedures and designed internal control over financial reporting. Under the new rules, these companies will continue to be exempt from those requirements as well as the new certification and MD&A disclosure requirements. See "Venture and Debt-Only Companies" below. Under the new rules, public companies will continue to not be required to obtain an external audit opinion for internal control over financial reporting, as is required for U.S. public companies. New CEO and CFO Certification Requirements Under the new rules, CEOs and CFOs will, in addition to the existing requirements, be required to make up to five additional certifications: 1. CEOs and CFOs must certify that they have evaluated internal control CEOs and CFOs will be required to certify that they have evaluated, or caused to be evaluated under their supervision, the effectiveness of the public company's internal control over financial reporting at the financial year end, and disclosed in its annual MD&A their conclusions from this evaluation. This requirement only applies to annual certificates. The new rules do not prescribe pre·scribe v. To give directions, either orally or in writing, for the preparation and administration of a remedy to be used in the treatment of a disease. how CEOs and CFOs should evaluate internal controls. However, the new guidance provides considerable detail on how this requirement should be interpreted and applied. See "New Guidance on the Evaluation of Disclosure and Internal Controls" below. 2. Where a material weakness in internal control has been identified, CEOs and CFOs must certify that this has been disclosed in MD&A If a public company determines that it has a "material weakness" in its internal control over financial reporting at the end of the period covered by its annual or interim filings, it is required to disclose in its MD&A for that period: a description of the material weakness; the impact of the material weakness on its financial reporting and internal control; and its current plans, if any, or any action undertaken, for remediating the material weakness. A "material weakness" means a deficiency, or a combination of deficiencies, in internal control such that there is a reasonable possibility that a material misstatement mis·state tr.v. mis·stat·ed, mis·stat·ing, mis·states To state wrongly or falsely. mis·state  ment n. of the public
company's annual or interim financial statements will not be
prevented or detected on a timely basis. The new guidance provides that
if the certifying officers identify a component of internal control that
does not operate as intended, they should consider whether there is a
compensating control that addresses the same financial reporting risk.
If there is no compensating control, the public company would have a
deficiency relating to relating to relate prep → concernantrelating to relate prep → bezüglich +gen, mit Bezug auf +acc the operation of internal control. A public company may have one or more mitigating mit·i·gate v. mit·i·gat·ed, mit·i·gat·ing, mit·i·gates v.tr. To moderate (a quality or condition) in force or intensity; alleviate. See Synonyms at relieve. v.intr. To become milder. procedures that reduce the financial reporting risks that the deficient de·fi·cient adj. 1. Lacking an essential quality or element. 2. Inadequate in amount or degree; insufficient. deficient a state of being in deficit. internal control component failed to address and may disclose those procedures in its MD&A, but such disclosure should not imply that the mitigating procedures eliminate the existence of a material weakness. A public company is not required to remediate re·me·di·a·tion n. The act or process of correcting a fault or deficiency: remediation of a learning disability. re·me a material weakness that it identifies. If a material weakness relating to either the design or operation of the internal control over financial reporting is identified, CEOs and CFOs will be required to certify that the required disclosure has been made in MD&A. This requirement will apply to both annual and interim certificates in the case of a material weakness in design, but only to the annual certificate in the case of a material weakness in operation. 3. CEOs and CFOs must certify that they have reported certain fraud to the auditors AUDITORS, practice. Persons lawfully appointed to examine and digest accounts referred to them, take down the evidence in writing, which may be lawfully offered in relation to such accounts, and prepare materials on which a decree or judgment may be made; and to report the whole, together and either the board or audit committee Under existing laws (National Instrument 51-102 Continuous Disclosure Obligations), the board of directors must approve a public company's annual MD&A, including the required disclosure concerning disclosure and internal controls, before it is filed. To provide reasonable support for the board of directors' approval of a company's MD&A disclosure concerning internal control over financial reporting, including any material weaknesses, the board of directors should understand the basis upon which the certifying officers concluded that any particular deficiency or combination of deficiencies did or did not constitute a material weakness. Similarly, current laws (National Instrument 52-110 Audit Committees) also require the audit committee to review a public company's financial disclosure and to establish procedures for dealing with complaints and concerns about accounting or auditing matters. CEOs and CFOs will be required to certify that they have disclosed, based upon their most recent evaluation of internal control over financial reporting, to the company's auditor auditor n. an accountant who conducts an audit to verify the accuracy of the financial records and accounting practices of a business or government. A proper audit will point out deficiencies in accounting and other financial operations. , and either the board of directors or audit committee, any fraud involving management or employees who have a significant role in those internal controls. This requirement only applies to annual certificates. 4. CEOs and CFOs must certify which control framework was used to design internal control A public company will be required to use a control framework to design its internal control over financial reporting. Although the new rules do not mandate a specific control framework, the new guidance provides that the Risk Management and Governance Governance makes decisions that define expectations, grant power, or verify performance. It consists either of a separate process or of a specific part of management or leadership processes. Sometimes people set up a government to administer these processes and systems. : Guidelines guidelines, n.pl a set of standards, criteria, or specifications to be used or followed in the performance of certain tasks. on Control, published by The Canadian Institute of Chartered Accountants The Canadian Institute of Chartered Accountants (CICA) is the umbrella body for the Chartered Accountant profession in Canada and Bermuda. Membership of the CICA totals 70,000 Chartered Accountants and 8,500 students. , is suitable. Other suitable frameworks are the Internal Control - Integrated Framework, published by The Committee of Sponsoring Organizations of the Treadway Commission
Committee of Sponsoring Organizations of the Treadway Commission (COSO), is a U.S. private-sector initiative, formed in 1985. (COSO COSO Committee of Sponsoring Organizations of the Treadway Commission COSO Church of Spiral Oak COSO Corporate South COSO Class of Service Override COSO Combat Oriented Supply Operations (USAF) ), and the Guidance on Internal Control, published by The Institute of Chartered Accountants char·tered accountant n. Chiefly British Abbr. CA A member of one of the institutes of accountants granted a royal charter. in England and Wales England and Wales are both constituent countries of the United Kingdom, that together share a single legal system: English law. Legislatively, England and Wales are treated as a single unit (see State (law)) for the conflict of laws. . Smaller public companies can also refer to Internal Control over Financial Reporting - Guidance for Smaller Public Companies, published by COSO, which provides guidance on the implementation of COSO's control framework. CEOs and CFOs will be required to certify which control framework was used by the public company to design its internal control over financial reporting. This requirement will apply to both annual and interim certificates. 5. Where a proportionately pro·por·tion·ate adj. Being in due proportion; proportional. tr.v. pro·por·tion·at·ed, pro·por·tion·at·ing, pro·por·tion·ates To make proportionate. consolidated or variable interest entity, or a recently acquired business, is excluded from disclosure or internal controls, CEOs and CFOs must certify that this has been disclosed in MD&A The new rules permit a public company to limit its design of disclosure controls and procedures and internal controls over financial reporting to exclude: proportionately consolidated entities or variable interest entities where there is not sufficient access to these entities to design and evaluate controls, policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental carried out by that entity; and businesses acquired not more than 365 days before the end of the applicable interim or annual financial period. If a public company limits the design of its disclosure or internal controls in such a manner, its MD&A must disclose that limitation and contain summary financial information about the proportionately consolidated entity, variable interest entity or business acquired. Also, in the case of such a limitation, the CEO and CFO will be required to certify that the required disclosure has been made in MD&A. This requirement will apply to both annual and interim certificates. New Guidance on the Design of Disclosure and Internal Controls The new rules do not prescribe how disclosure or internal controls should be designed, but the new guidance does provide the following: Top down, risk-based approach - The Canadian securities regulators believe that a "top-down, risk-based approach" is an efficient and cost effective approach to design disclosure and internal controls. In the case of disclosure controls, the certifying officers identify the risks that could, individually or in combination with others, reasonably result in a material misstatement in annual filings, interim filings or other reports. In the case of internal control, the certifying officers identify those risks that could, individually or in combination with others, reasonably result in a material misstatement of the financial statements (financial reporting risks). When identifying risks, certifying officers should explicitly consider the vulnerability of the company to fraudulent The description of a willful act commenced with the Specific Intent to deceive or cheat, in order to cause some financial detriment to another and to engender personal financial gain. activity. Certifying officers then design specific controls, policies and procedures that, in combination with the public company's control environment, appropriately address the risks identified. Control environment - The Canadian securities regulators are of the view that an effective control environment contributes to the reliability of all other controls, processes and procedures by creating an atmosphere where errors or fraud are either less likely to occur, or if they occur, more likely to be detected, and also supports the flow of information within the public company, promoting compliance with its disclosure policies. A key element of a public company's control environment is the attitude towards controls demonstrated by the board of directors, audit committee and senior management (the "tone at the top"). In addition to an appropriate tone at the top, certifying officers should consider the following elements of the control environment: organizational structure  This article has no lead section.To comply with Wikipedia's lead section guidelines, one should be written. - a structure which relies on established and documented lines of authority and responsibility may be appropriate for some companies, whereas a structure which allows employees to communicate informally with each other at all levels may be more appropriate for others; management's philosophy and operating style - a philosophy and style that emphasizes managing risks with appropriate diligence and demonstrates receptiveness re·cep·tive adj. 1. Capable of or qualified for receiving. 2. Ready or willing to receive favorably: receptive to their proposals. 3. to negative as well as positive information will foster a stronger control environment; integrity, ethics ethics, in philosophy, the study and evaluation of human conduct in the light of moral principles. Moral principles may be viewed either as the standard of conduct that individuals have constructed for themselves or as the body of obligations and duties that a , and competence of personnel - controls, policies and procedures are more likely to be effective if they are carried out by ethical, competent and adequately supervised su·per·vise tr.v. su·per·vised, su·per·vis·ing, su·per·vis·es To have the charge and direction of; superintend. [Middle English *supervisen, from Medieval Latin employees; external influences that affect operations and risk management practices - these could include global business practices, regulatory supervision, insurance coverage and legislative requirements; and human resources The fancy word for "people." The human resources department within an organization, years ago known as the "personnel department," manages the administrative aspects of the employees. policies and procedures - hiring, training, supervision, compensation, termination and evaluation practices can affect the quality of a public company's workforce and its employees' attitudes towards controls. Controls, policies and procedures to include in design - Disclosure controls and procedures should generally include the following components: written communication to the company's employees and directors of its disclosure obligations, including the purpose of disclosure and disclosure controls and procedures and deadlines for specific filings and other disclosure; assignment of roles, responsibilities and authorizations relating to disclosure; guidance on how authorized au·thor·ize tr.v. au·thor·ized, au·thor·iz·ing, au·thor·iz·es 1. To grant authority or power to. 2. To give permission for; sanction: individuals should assess and document the materiality MATERIALITY. That which is important; that which is not merely of form but of substance. 2. When a bill for discovery has been filed, for example, the defendant must answer every material fact which is charged in the bill, and the test in these cases seems to of information or events for disclosure purposes; and a policy on how the company will receive, document, evaluate and respond to complaints or concerns received from internal or external sources regarding financial reporting or other disclosure issues. A public company might choose to include these components in a formal disclosure policy. The Canadian securities regulators encourage (National Policy 51- 201 Disclosure Standards) public companies to establish a written disclosure policy. Internal control over financial reporting should generally include the following components: controls of initiating, authorizing, recording and processing transactions relating to significant accounts and disclosures; controls for initiating, authorizing, recording and processing non-routine transactions and journal entries, including those requiring judgments and estimates; procedures for selecting and applying appropriate accounting policies that are in accordance Accordance is Bible Study Software for Macintosh developed by OakTree Software, Inc.[] As well as a standalone program, it is the base software packaged by Zondervan in their Bible Study suites for Macintosh. with GAAP GAAP See: Generally Accepted Accounting Principles GAAP See generally accepted accounting principles (GAAP). ; controls to prevent and detect fraud; controls on which other controls are dependent, such as information technology general controls; and controls over the period-end financial reporting process, including controls over entering transaction totals in the general ledger General Ledger A company's accounting records. This formal ledger contains all the financial accounts and statements of a business. Notes: The ledger uses two columns: one records debits, the other has offsetting credits. , over initiating, authorizing, recording and processing journal entries in the general ledger and over recording recurring re·cur intr.v. re·curred, re·cur·ring, re·curs 1. To happen, come up, or show up again or repeatedly. 2. To return to one's attention or memory. 3. To return in thought or discourse. and non-recurring adjustments to the financial statements (e.g., consolidating adjustments and reclassifications). Identifying significant accounts and disclosures and their relevant assertions - A top-down, risk-based approach to designing internal control involves identifying significant accounts and disclosures and the relevant assertions that affect each significant account and disclosure. A minimum threshold expressed as a percentage or a dollar amount could provide a reasonable starting point Noun 1. starting point - earliest limiting point terminus a quo commencement, get-go, offset, outset, showtime, starting time, beginning, start, kickoff, first - the time at which something is supposed to begin; "they got an early start"; "she knew from the for evaluating the significance of an account or disclosure. However, certifying officers should use their judgment, taking into account the following factors when determining whether an account or disclosure is significant: the size, nature and composition of the account or disclosure; the risk of overstatement o·ver·state tr.v. o·ver·stat·ed, o·ver·stat·ing, o·ver·states To state in exaggerated terms. See Synonyms at exaggerate. o or understatement of the account or disclosure; the susceptibility susceptibility the state of being susceptible. Refers usually to infectious disease but may be to physical factors such as wetting or to psychological factors such as harassment. to misstatement due to errors or fraud; the volume of activity, complexity and homogeneity Homogeneity The degree to which items are similar. of the individual transactions processed through the account or reflected in the disclosure; the accounting and reporting complexities associated with the account or disclosure; the likelihood (or possibility) of significant contingent liabilities Contingent Liability 1. The possibility of an obligation to pay certain sums dependent on future events. 2. Defined obligations by a company that must be met, but the probability of payment is minimal. Notes: 1. in the account of disclosure; the existence of related party transactions; and the impact of the account on existing debt covenants. The certifying officers then identify those assertions for each significant account and disclosure that presents a risk that could reasonably result in a material misstatement in that significant account or disclosure, including the following: existence or occurrence - whether assets or liabilities exist and whether transactions and events that have been recorded have occurred and pertain to pertain to verb relate to, concern, refer to, regard, be part of, belong to, apply to, bear on, befit, be relevant to, be appropriate to, appertain to the company; completeness - whether all assets, liabilities and transactions that should have been recorded have been recorded; valuation or allocation The apportionment or designation of an item for a specific purpose or to a particular place. In the law of trusts, the allocation of cash dividends earned by a stock that makes up the principal of a trust for a beneficiary usually means that the dividends will be treated as - whether assets, liabilities, equity, revenues and expenses have been included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded; rights and obligations - whether assets are legally owned by the company and liabilities are the obligations of the company; and presentation and disclosure - whether particular components of the financial statements are appropriately presented and described and disclosures are clearly expressed. The certifying officers do not need to design all possible components of internal control over financial reporting to address each relevant assertion, but should identify and design an appropriate combination of controls, policies and procedures to address all relevant assertions. Corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. for internal control - The board of directors of a public company is encouraged to consider adopting a written mandate to explicitly acknowledge responsibility for the stewardship stewardship the occupation of being a steward or custodian. Referring to animals it implies the caring sort of relationship based on an acceptance of the need to include the rights of animals in overall plans to maintain financial viability. of the public company, including responsibility for internal control and management information systems. Maintaining design - Following their initial development and implementation of disclosure and internal controls, and prior to certifying their design each quarter, certifying officers should consider: whether the company faces any new risks and whether each design continues to provide a sufficient basis for the representations about reasonable assurance required in their certificates; the scope and quality of ongoing monitoring of disclosure and internal controls, including the extent, nature and frequency of reporting the results from the ongoing monitoring of disclosure and internal controls to the appropriate levels of management; the work of the company's internal audit function; communication, if any, with the company's external auditors The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. ; and the incidence of weaknesses in disclosure controls and procedures or material weaknesses in internal control over financial reporting that have been identified at any time during the financial year. Documenting design - The certifying officers should generally maintain documentary evidence A type of written proof that is offered at a trial to establish the existence or nonexistence of a fact that is in dispute. Letters, contracts, deeds, licenses, certificates, tickets, or other writings are documentary evidence. sufficient to provide reasonable support for their certification of design of disclosure and internal controls. The extent of documentation for each interim and annual certificate will vary depending on the certifying officers' assessment of risk, as well as the size and complexity of the company's disclosure and internal controls. The documentation might take many forms (e.g., paper documents, electronic, or other media) and could be presented in a number of different ways (e.g., policy manuals, process models, flowcharts, job descriptions, documents, internal memoranda, forms, etc.). Certifying officers should use their judgment, acting reasonably, to determine the extent and form of documentation, but the new guidance suggests certain minimum documentation. In the case of the design of disclosure controls and procedures, certifying officers should generally document the processes and procedures that ensure information is brought to the attention of management, including the certifying officers, in a timely manner to enable them to determine if disclosure is required, as well as, the items described in "Controls, policies and procedures to include in design" above. In the case of the design of internal control over financial reporting, the certifying officers should generally document: the company's ongoing risk-assessment process and those risks which need to be addressed in order to conclude that the certifying officers have designed internal controls; how significant transactions, and significant classes of transactions, are initiated, authorized, recorded and processed; the flow of transactions to identify when and how material misstatements or omissions could occur due to error of fraud; a description of the controls over relevant assertions related to all significant accounts and disclosures in the financial statements; a description of the controls designed to prevent or detect fraud, including who performs the controls and, if applicable, how duties are segregated; a description of the controls over period-end financial reporting processes; a description of the controls over safeguarding of assets; and the certifying officers' conclusions on whether a material weakness relating to the design of internal control exists at the end of the period. New Guidance on the Evaluation of Disclosure and Internal Controls The new rules do not prescribe how certifying officers should evaluate disclosure or internal controls to determine if they are operating as intended, however, the new guidance does provide the following: Scope of evaluation - The Canadian securities regulators are of the view that certifying officers can use a top-down, risk-based approach to evaluate disclosure controls and procedures or internal control over financial reporting in order to limit the evaluation to those controls and procedures that are necessary to address the risks that might reasonably result in a material misstatement. The scope of the internal control over financial reporting evaluation must be sufficient to identify any material weaknesses. Use of external auditor - If a public company chooses to engage its external auditor to assist the certifying officers in the disclosure and internal controls evaluations, the certifying officers should be actively involved in determining the procedures to be performed, the findings to be communicated and the manner of communication. The certifying officers should not rely on internal control over financial reporting-related procedures performed and findings reported by the company's external auditor solely as part of the financial statement audit. However, if the external auditor is separately engaged to perform specified internal control over financial reporting-related procedures, the certifying officers might use the results of those procedures as part of their evaluation even if the auditor uses those results as part of the financial statement audit. Evaluation tools - Certifying officers can use a variety of tools to perform their disclosure and internal controls evaluations. These tools include: certifying officers' daily interaction with the control systems - this daily interaction could provide an adequate basis for the certifying officers' evaluation of disclosure or internal controls if the operation of controls, policies and procedures is centralized cen·tral·ize v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es v.tr. 1. To draw into or toward a center; consolidate. 2. and involves a limited number of personnel. Reasonable support of such daily interaction would include memoranda, e-mails and instructions or directions from the certifying officers to other employees; walkthroughs - tracing a transaction from origination Origination The process through which a mortgage lender creates a mortgage secured by some amount of the mortgagor's real property. Notes: Also known as loan origination, everyone must go through the origination process when securing a mortgage for a piece of real , through the company's information systems, to the company's financial reports, can assist certifying officers to confirm that: they understand the components of internal controls, including those components relating to the prevention or detection of fraud; they understand how transactions are processed; they have identified all points in the process at which misstatements related to each relevant financial statement assertion could occur; and the components of internal controls have been implemented. interviews of individuals who are involved with the relevant controls; observation of procedures and processes, including adherence adherence /ad·her·ence/ (ad-her´ens) the act or condition of sticking to something. immune adherence to corporate policies;" reperformance - the independent execution of certain components of the disclosure or internal controls that were performed previously, including inspecting records whether internal (e.g. a purchase order prepared by the company's purchasing department Noun 1. purchasing department - the division of a business that is responsible for purchases business department - a division of a business firm ) or external (e.g. a sales invoice An itemized statement or written account of goods sent to a purchaser or consignee by a vendor that indicates the quantity and price of each piece of merchandise shipped. A consular invoice is one used in foreign trade. prepared by a vendor), in paper form, electronic form or other media. An example of reperformance is inspecting whether the quantity and price information in a sales invoice agree with the quantity and price information in a purchase order, and confirming that an employee previously performed this procedure; and review of documentation that provides evidence that controls, policies or procedures have been performed. Certifying officers should use a combination of tools for the disclosure and internal controls evaluations. Although inquiry and observation alone might provide an adequate basis for an evaluation of an individual control with a lower risk, they will not provide an adequate basis for the evaluation as a whole. The nature, timing and extent of evaluation procedures necessary for certifying officers to obtain reasonable support for the effective operation of a component of disclosure or internal controls depends on the level of risk the component of disclosure or internal controls is designed to address. The level of risk for a component of disclosure or internal controls could change each year to reflect management's experience with a control's operation during the year and in prior evaluations. Self-assessments - A walk-through walk-through n. 1. A brief rehearsal, as of a play or role, performed usually in an early stage of production. 2. A television rehearsal during which no cameras are used. 3. or reperformance of a control, or another procedure to analyze the operation of controls, performed by an individual who might or might not be involved in operating the control could be done by personnel who operate the control or members of management who are not responsible for operating the control. The evidence of operating effectiveness from self-assessment Self-assessment in an organisational setting, according to the EFQM definition, refers to a comprehensive, systematic and regular review of an organisation's activities and results referenced against the EFQM Excellence Model. activities depends on the personnel involved and how the activities are conducted. When one certifying officer has performed a self-assessment, it is appropriate for the other certifying officer to perform direct testing of the control to enable that officer to have a basis to sign his or her certificate. Documenting evaluations - The certifying officers should generally maintain documentary evidence sufficient to provide reasonable support for their certification of disclosure and internal controls evaluations. The extent of documentation used to support the certifying officers' evaluations of disclosure and internal controls for each annual certificate will vary depending on the size and complexity of the company's disclosure and internal controls. To provide reasonable support for a disclosure and internal controls evaluation the certifying officers should generally document: a description of the process the certifying officers used to evaluate disclosure and internal controls; how the certifying officers determined the extent of testing of the components of disclosure and internal controls; a description of, and results from applying, the evaluation tools discussed in "Evaluation tools" above or other evaluation tools; and the certifying officers' conclusions about the operating effectiveness of disclosure and internal controls, as applicable, and whether a material weakness relating to the operation of internal controls existed as at the end of the period. New Guidance on the Use of a Service Organization or Specialist for Internal Control Where a public company outsources a significant process to a service organization, such as payroll or other bookkeeping bookkeeping, maintenance of systematic and convenient records of money transactions in order to show the condition of a business enterprise. The essential purpose of bookkeeping is to reveal the amounts and sources of the losses and profits for any given period. services, the certifying officers might identify the need for controls, policies and procedures relating to the outsourced process. Certifying officers should consider whether: the service organization can provide a service auditor's report Auditor's Report Recorded in the annual report, the auditor's report tests to see that a corporation's financial statements comply with GAAP. This is sometimes referred to as the clean opinion. Notes: Most auditor's reports consist of three paragraphs. on the design and operation of controls placed in operation and tests of the operating effectiveness of controls at the service organization; the certifying officers have access to the controls in place at the service organization to evaluate the design and effectiveness of such controls; or the company has controls that might eliminate the need for the certifying officers to evaluate the design and effectiveness of the service organization's controls relating to the outsourced process. If a service auditor's report is available, the certifying officers should evaluate whether the report provides them sufficient evidence to assess the design and effectiveness of controls relating to the outsourced process, including considering the following factors: the time period covered by the tests of controls and its relation to the as-of date of the certifying officers' assessment of the internal control; the scope of the examination and applications covered and the controls tested; and the results of the tests of controls and the service auditor's opinion on the operating effectiveness of controls. Where a service auditor's report is not available, the certifying officers do not have access to controls in place at the service organization and the certifying officers have not identified any compensating controls performed by the public company, a material weakness may exist. Where a public company arranges for a specialist to provide certain specialized spe·cial·ize v. spe·cial·ized, spe·cial·iz·ing, spe·cial·iz·es v.intr. 1. To pursue a special activity, occupation, or field of study. 2. expertise such as actuarial ac·tu·ar·y n. pl. ac·tu·ar·ies A statistician who computes insurance risks and premiums. [Latin services, taxation services or valuation services, certifying officers should ensure the public company has controls, policies or procedures in place relating to the source data and the reasonableness of the assumptions used to support the specialist's findings. The certifying officers should also consider whether the specialist has the necessary competence, expertise and integrity. Venture and Debt-Only Companies Under the new rules, the CEO and CFO certificates for a venture public company (i.e. a public company not listed on the Toronto Stock Exchange or a major U.S. exchange) will be abbreviated and will not refer to disclosure controls and procedures or internal control over financial reporting. Venture public companies will also not be required to include the related disclosure in their MD&A. The CEO and CFO certificates for a venture public company will include a note to readers explaining how the certificate differs from that of a non-venture public company. U.S. Reporting Companies As under the current rules, public companies that comply with U.S. laws regarding certification and internal controls are exempt from providing the certification and MD&A disclosure required in Canada Canada (kăn`ədə), independent nation (2001 pop. 30,007,094), 3,851,787 sq mi (9,976,128 sq km), N North America. Canada occupies all of North America N of the United States (and E of Alaska) except for Greenland and the French islands of , as long as they file their U.S. certifications and related documents with the applicable Canadian securities regulators. About Trevor Trev·or , William Originally William Trevor Cox. Born 1928. Irish writer noted for his darkly comedic stories and novels, including The Old Boys (1964) and The Day We Got Drunk on Cake (1967). Scott Trevor Scott is a solicitor solicitor, in English law, person duly admitted to practice before the supreme court of judicature. He is the agent of the person whose suit he handles, and is distinguished from a barrister, who argues cases before the judge (see attorney). at Farris For people named Farris, see . Farris is the name of a 20 km long fresh water moraine-dammed lake near the Norwegian coastal town Larvik. The lake would have been a salt water fjord had it not been dammed by an end moraine left by the latest ice age. and provides strategic and legal advice in diverse business areas. He has extensive experience in debt and equity financings Equity Financing The act of raising money for company activities by selling common or preferred stock to individual or institutional investors. In return for the money paid, shareholders receive ownership interests in the corporation. for public and private companies, representing both issuers and investment banks The following is a list of investment banks Financial conglomerates Large financial-services conglomerates combine commercial banking and investment banking, and sometimes insurance. . He also regularly advises on business acquisitions, divestments and take-over bids, including compliance issues with the Competition Act and assisting foreign investors with Investment Canada Act Canada Act, also called the Constitutional Act of 1982, which made Canada a fully sovereign state. The British Parliament approved it on Mar. 25, 1982, and Queen Elizabeth II proclaimed it on Apr. 17, 1982. matters. Trevor also advises on corporate governance matters. If you wish to discuss any aspect of this commentary, please contact Trevor Scott or any member of Farris' Securities Practice Group. [c] 2008 Farris, Vaughan, Wills & Murphy LLP LLP - Lower Layer Protocol This summary is necessarily of a general nature and should not be construed as the giving of legal advice. You are urged to seek legal advice on areas of specific interest or concern. Mr Trevor Scott Farris, Vaughan, Wills & Murphy LLP PO Box 10026, Pacific Centre South 25th Floor, 700 W Georgia Georgia, country, Asia Georgia (jôr`jə), Georgian Sakartvelo, Rus. Gruziya, officially Republic of Georgia, republic (2005 est. pop. 4,677,000), c.26,900 sq mi (69,700 sq km), in W Transcaucasia. St Vancouver British Columbia British Columbia, province (2001 pop. 3,907,738), 366,255 sq mi (948,600 sq km), including 6,976 sq mi (18,068 sq km) of water surface, W Canada. Geography V7Y 1B3 CANADA Tel: 6046849151 Fax: 6046619349 E-mail: Blill@farris.com URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. : www.farris.com Click Here for related articles (c) Mondaq Ltd, 2008 - Tel. +44 (0)20 8544 8300 - http://www.mondaq.com |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion