CEO challenge

January-February 2007 from CAmagazine – “Since 2004, three waves of CEO and CFO certification have washed over corporate Canada, and there are more to come. All are aimed at restoring investor confidence in financial reporting and related controls by improving accountability and transparency — terms seldom heard during the ’90s, a time of heady growth, but which, since 2001, have resurfaced as key business, governance and disclosure principles.

Certification was introduced to Canada in 2004 when the Canadian Securities Administrators (CSA) required the CEO and CFO of a reporting issuer to certify the financial information in quarterly and annual filings. In 2005, that was expanded to include certification about disclosure controls and procedures. Last year, the third wave arrived. It requires certifying officers of TSX and TSX-V issuers to file the full annual certificate for financial years ending on or after June 30, 2006 — which, for many reporting issuers, means the calendar year ended December 31, 2006.

The full annual certificate in CSA Multilateral Instrument 52-109 expands the certification to require CEOs and CFOs to state they have “designed such internal control over financial reporting, or caused it to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with the issuer’s GAAP.”

In addition, they are required to certify that the annual Management’s Discussion and Analysis (MD&A) discloses any changes in internal control over financial reporting (ICFR) that occurred in the latest interim reporting period that have materially affected, or could materially affect, the ICFR.

This third wave of certification applies only to the design of ICFR, not its operating effectiveness. That will be introduced in a fourth wave of certification, yet to come…"

The Next Wave of Certification provides a straightforward, business-focused, top-down and risk-based approach for CEOs and CFOs to follow in assessing and certifying the design of ICFR. This approach will also help companies prepare for the future evaluation of the effectiveness of ICFR...

The September 2006 CICA publication Internal Control 2006: The Next Wave of Certification provides a straightforward, business-focused, top-down and risk-based approach for CEOs and CFOs to follow in assessing and certifying the design of ICFR. This approach will also help companies prepare for the future evaluation of the effectiveness of ICFR.

180 View – Note that requirements kick in “for financial years ending on or after June 30, 2006”. Also note that the certification is limited to design and not operating effectiveness, which means that the most onerous work required in the US under Sarbanes-Oxley is not required in Canada – at least not yet. But because of the backlash by public companies related to the cost of Sarbanes-Oxley compliance, the U.S. may water down their compliance requirements to be similar to Canada.

The article later goes on to say “The Next Wave of Certification provides a straightforward, business-focused, top-down and risk-based approach.” Straightforward sounds great in principle, but it’s not clear what is meant by it. Risk-based leads to efficiency in that there is no point on spending time unnecessarily if risks are minimal. Business focus means “companies should view their assessment of ICFR (Internal Control over Financial Reporting) as a business improvement opportunity, not just a regulatory compliance task.”