Consulting Consultants IT Consulting
Search 180systems.com       
News Letter Signup
Home
Portals
ERP
CPM
BPI
CRM
About Us
Our People
Testimonials
Clients
Affiliations
Services
Software Selection
Business Process Review
Business Case
Project Management
Expert Witness
IT Governance Services
IT Business Alignment
IT Due Diligence
News & Articles
180 Blog
ERP Systems1
BI2
PSA3
CRM4
SCM5
BPI6
Business Case
Sarbanes-Oxley
IT Strategy
IT Project Management
Office Productivity
Internet
IT Marketing
IT Security
HR
IT Humour
Buyers Guide
Software Selection
Business Case
Total Cost of Ownership
Software Implementation
ERP Comparison1
ERP Customer Survey1
BI Comparison2
PSA Comparison3
CRM Comparison4
Accounting Software
Distribution Software
Manufacturing Software
System Reviews
VARs
White Papers
ERP1
CPM7
Contact Us
Office
Careers
Site Map

CEO / CFO Certification Requirements (CSA Staff Notice 52-319)

Background

On February 4, 2005, the securities regulatory authorities in every Canadian jurisdiction, other than British Columbia published for comment Proposed Multilateral Instrument (MI) 52-111 Reporting on Internal Controls over Financial Reporting (ICFR), which was going to have major implications for TSX listed companies. Effectively the instrument was going to require these companies to have to comply with similar rules that were enacted for U.S. publicly listed companies through section 404 of the Sarbanes-Oxley Act of 2002. Under Proposed MI 52-111, management of an issuer would have been required to evaluate the effectiveness of the issuers' ICFR, as at the end of the issuer's financial year, against a suitable control framework. In addition, the issuer would have been required to file the following with the securities regulators:

  • a report from management on its assessment of the effectiveness of the issuer's ICFR
  • a report from the issuer's auditor prepared in accordance with the Canadian Institute of Chartered Accountants' (CICA) auditing standard for internal control audit engagements

On March 10, 2006, based on the 64 comment letters received by the Canadian Securities Administrators (CSA) Staff Notice 52-313 was released, which in essence announced the CSA's plans not to proceed with MI 52-111 and proposed to expand MI 52-109 Certification of Disclosure in Issuers' Annual and Interim Filings to include the following with respect to ICFR:

  • The Chief Executive Officer (CEO) and Chief Financial Officer (CFO), or persons performing similar functions, would be required to certify in their annual certificates that they have evaluated the effectiveness of the issuer's ICFR as of the end of the financial year and caused the issuer to disclose in its annual Management Discussion and Analysis (MD&A) their conclusions about the effectiveness of the ICFR as of the end of the financial year based on such evaluation.
  • The issuer would not be required to obtain from its auditor an internal control audit opinion concerning management's assessment of the effectiveness of ICFR
  • The requirements would apply to all reporting issuers, other than investment funds, in all Canadian jurisdictions
  • These requirements would apply for all reporting issuers' years ending on or after December 31, 2007

On March 30, 2007, the CSA issued for comment a National Instrument (NI) 52-109 Certification of Disclosure in Issuers' Interim and Annual Filings which includes the requirements announced in CSA Staff Notice 52-313, to repeal and replace MI 52-109, and its related forms and companion policy. Highlights of the proposed NI 52-109 are as follows:

  • Management must evaluate the effectiveness of the issuers' ICFR at year-end and disclose the conclusions over the effectiveness in the MD&A
  • Management must disclose the process used to evaluate the effectiveness of the ICFR in the MD&A
  • Management must disclose any reportable deficiencies identified in either the design or operating effectiveness of the ICFR in the MD&A
  • Management must disclose in the annual MD&A the control framework used to design the ICFR or a statement that a framework was not used
  • No audit opinion would be required on the ICFR effectiveness
  • Design accommodations would be available for TSX Venture Issuers that cannot reasonably remediate reportable deficiencies
  • Scope limitations would be available for proportionately consolidated entities and variable interest entities, as well as recently acquired businesses
  • Requirements would be applicable to all reporting issuers except investment funds
  • The proposed requirements would come into effect for all issuers with no phased in implementation based on market capitalization
  • The changes would become effective for year ends on or after June 30, 2008

Today

The comment period for NI 52-109 expired June 30, 2007 and as a result of 53 comment letters received, on November 23, 2007 through CSA Notice 52-319, the CSA announced an update to the initiative to repeal and replace MI 52-109 Certification of Disclosure in Issuers' Annual and Interim Filings, the related forms and companion policy.

While CSA Notice 52-319 does not reveal the extent of the revisions proposed, it does update reporting issuers of the following:

Among other changes,

  • the amended version of the proposed materials will no longer require the CEO and CFO of a venture issuer to certify that they have designed and evaluated the effectiveness of Disclosure Controls and Procedures (DC&P) and ICFR
  • the CSA will not implement the proposed materials in final form on June 30, 2008 as originally planned

The current rules will remain in effect until a revised rule is adopted. Certain jurisdictions, however, will permit a venture issuer to file interim and annual certificates for periods ending on or after December 31, 2007 in a form that reflects the proposed changes. The expected effective date of the new rules will be included with the proposed materials when they are released for comment.

Our views on the effect of the changes to TSX Issuers

  1. The existing rule requiring certifying officers to certify that they have designed and evaluated the effectiveness of DC&P and ICFR remain in effect
  2. We believe it is likely that the revised proposed materials will include further revisions to the existing rules
  3. While the implementation date is no longer June 30, 2008, there has been no indication that the new effective date will fall beyond the 2008 calendar year. Therefore, for issuers with December 31 year ends, there could be no change in implementation timelines from the original June 30, 2008 effective date.

Therefore, based on the above, we believe TSX issuers should continue with their certification efforts as planned towards certifying the operating effectiveness of ICFR. As many companies have found, this is a process that can require significant time and resource commitments. Evaluating the operating effectiveness of ICFR has become and continues to be an important part of every organization in ensuring the reporting of reasonably accurate and timely information to the external stakeholders of the organization. At the end of the day, it's about ensuring organizations are meeting their financial reporting objectives, and this should be built within their overall framework. The scope of the evaluation will be different based on the size and complexity of the organization, and this will require judgment to determine what approach is best suited to provide the CEO and CFO with enough assurance that their certifications are appropriate.

Our views on the effect of the changes to TSX Venture Issuers

For those commissions that have provided exemptive relief for full annual and interim certificates (Ontario, British Columbia and Alberta), the certifying officers must still file basic annual and interim certificates.
In contrast to the certificate required under MI 52-109, this basic certificate does not include representations relating to the establishment and maintenance of DC&P and ICFR. In particular, the certifying officers filing this certificate are not making any representations relating to the establishment and maintenance of:

  • controls and other procedures designed to provide reasonable assurance that information required to be disclosed by the issuer in its annual filings, interim filings or other reports filed or submitted under securities legislation is recorded, processed, summarized and reported within the time periods specified in securities legislation; and
  • a process to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with the issuer's GAAP.

Under the basic certificate, the issuer's certifying officers are responsible for ensuring that processes are in place to provide them with sufficient knowledge to support the representations they are making in this certificate. These representations are:

  • based on their knowledge, having exercised reasonable diligence, the annual filings do not contain any untrue statement of a material fact or omit to state a material fact required to be stated or that is necessary to make a statement not misleading in light of the circumstances under which it was made, for the period covered by the annual filings
  • based on their knowledge, having exercised reasonable diligence, the annual financial statements together with the other financial information included in the annual filings fairly present in all material respects the financial condition, results of operations and cash flows of the issuer, as of the date of and for the periods presented in the annual filings

There is no specific guidance as to what constitutes "reasonable diligence" or "processes", and we believe when certifying officers are making such a certification they must consider what a reasonable person would expect the definition of diligence to be, and what processes would be required to exercise such diligence. This requires judgment and by no means removes the certifying officers of responsibility from ensuring the reasonable accuracy of the financial information being reported.

Conclusion

In summary it is our opinion, that certifying officers remain to have a responsibility to the organization in which they oversee as well as the external shareholders. It is important to understand your regulatory requirements and ensure compliance with the appropriate laws and regulations.

While compliance provides a standard that must be followed, the CEO and CFO have a duty beyond the requirements to ensure organizational objectives are being met. The medium through which objectives are communicated and executed is through the accurate and timely reporting of information by the organization both internally and externally. That is why it is critical that senior management understand their control environment and is reasonably assured it is effective. This can only be achieved through developing processes and monitoring those processes that make up the control framework, beginning with the tone from the top. At the end of the day, risk management isn't only about achieving compliance; it's about taking care of business.

For further details on the recently released CSA Notice 52-319 or an interpretation of what this means for your organization, please contact Geoff Rodrigues at 416-596-1711, ext. 212 or grodrigues@hto.com.

CSA Notice 52-319 as well as the form and content of the new Venture Issuer Basic annual and interim certificates can be accessed at the following links:

http://www.osc.gov.on.ca/Regulation/Rulemaking/Current/Part5/csa_20071123_52-319_status-52-109.jsp

http://www.osc.gov.on.ca/Regulation/Rulemaking/Current/Part5/sn_20071123_52-717_venture-issuer.jsp

Author

Geoff Rodrigues, CA, ORMP
Senior Manager, Risk Management Services
Horwath Orenstein LLP

Geoff is a chartered accountant and operational risk management professional. His focus is on corporate governance, operational risk management, and Canadian and U.S. regulatory compliance for public reporting issuers with respect to certification of internal controls over financial reporting. Geoff began his risk management career with one of Horwath's U.S. affiliate offices in Chicago. While working in the United States, Geoff consulted large public companies on Sarbanes Oxley section 404 compliance. Geoff currently works with Horwath's affiliate office in Toronto, consulting TSX listed companies on compliance with CSA regulations, as well as operational risk management programs for private enterprise, government agencies and non-profit organizations.

 
 
1enterprise resource planning | 2business intelligence | 3professional services automation
4customer relationship management | 5supply chain management | 6business process improvement | 7corporate performance management
  © 2009 One Hundred & Eighty Degrees Systems Limited. All Rights Reserved
Web Site optimized by Toronto Search Engine Optimization | resources