Member Article

On October 22, 2002, the SEC proposed rules implementing Sections 404, 406 and 407 of the Sarbanes-Oxley Act of 2002 (the “Act”). The proposed rules would require public companies to (i) include an internal control report in their annual reports (Section 404); (ii) disclose in their annual reports whether they have adopted a code of ethics for their principal executive officer and senior financial officers, and, if not, the reasons why not, and promptly disclose changes to, and waivers of, their code of ethics (Section 406); and (iii) disclose in their annual report the identities of their audit committee members who are financial experts, or explain why their audit committee has no financial experts (Section 407). MANAGEMENT’S ASSESSMENT OF INTERNAL CONTROLS AND PROCEDURES FOR FINANCIAL REPORTING – SECTION 404 OF THE ACT Annual Disclosure The proposed rules implementing Section 404 of the Act would require public companies to include in their annual reports on Form 10-K (U.S. companies), Form 40-F (Canadian companies) or Form 20-F (non-U.S. companies) an internal control report of management containing: A statement of management’s responsibilities for establishing and maintaining adequate internal controls and procedures for financial reporting; Conclusions about the effectiveness, as of the end of the company’s most recent fiscal year, of the company’s internal controls and procedures for financial reporting; A statement that the company’s external auditors have attested to, and reported on, management’s evaluation of the internal controls and procedures for financial reporting; and The external auditor’s attestation report. The SEC has not proposed a form of the internal control report, as it believes that the report should be tailored to each company’s particular circumstances. Quarterly Disclosure The SEC has previously adopted rules implementing Section 302 of the Act that require the principal executive officers and principal financial officers of public companies to file certifications with each quarterly report and annual report. The certifications required under Section 302 of the Act contain statements regarding “disclosure controls and procedures” that are similar to the statements in the proposed Section 404 rules regarding “internal controls and procedures for financial reporting.” The certifications required under Section 302 of the Act also contain statements regarding “internal controls” that are not as detailed as the statements in the proposed Section 404 rules regarding “internal controls and procedures for financial reporting.” In order to resolve the differences between the manner in which the existing rules under Section 302 of the Act and the proposed rules under Section 404 of the Act address their similar subject matters, the SEC has proposed changes to the rules under Section 302 of the Act. The proposed changes to the Section 302 rules would: Replace references to the phrase “internal controls” in the Section 302 rules with the phrase “internal controls and procedures for financial reporting” that appears in the proposed Section 404 rules to confirm that both sets of rules require disclosure regarding the same subject matter; Require that the proposed disclosure for annual reports regarding conclusions about the effectiveness of internal controls and procedures for financial reporting also appear in each quarterly report; Require that the evaluation of disclosure controls and procedures that appears in each annual and quarterly report be undertaken as of the end of the period covered by the report, instead of a date within 90 days of filing of the report; and Generally, conform the form of certificate required to be filed under Section 302 of the Act to the proposed changes listed in the above bullet points Definitions of “Disclosure Controls and Procedures” and “Internal Controls and Procedures for Financial Reporting” When the SEC adopted rules implementing Section 302 of the Act, it coined the new term “disclosure controls and procedures.” The SEC has defined “disclosure controls and procedures” as controls and other procedures of a public company that are designed to ensure that information required to be disclosed by the company in its public reports is recorded, processed, summarized and reported, within the time periods specified in the SEC’s rules and forms. “Disclosure controls and procedures” include, without limitation, controls and procedures designed to ensure that information required to be disclosed in public reports is accumulated and reported to management to allow timely decisions regarding required disclosure. The SEC intends for the term “disclosure controls and procedures” to cover a broader range of information than the term “internal controls and procedures for financial reporting” that appears in Section 404 of the Act. In the proposed rules, the SEC has stated that the purpose of “internal controls and procedures for financial reporting” is to ensure that companies have processes designed to provide reasonable assurance that: The company’s transactions are properly authorized; The company’s assets are safeguarded against unauthorized or improper use; and The company’s transactions are properly recorded and reported to permit the preparation of the company’s financial statements in accordance with generally accepted accounting principles. To achieve these goals, the SEC proposes to define “internal controls and procedures for financial reporting” by reference to the existing definition of “internal controls” found in the American Institute of Certified Public Accountants Codification of Statements on Auditing Standards Section 319. The proposed rules would define “internal controls and procedures for financial reporting” as controls that pertain to the preparation of financial statements for external purposes that are fairly presented in conformity with generally accepted accounting principles as addressed by the Codification of Auditing Standards Section 319 or any superseding definition or other literature that is issued or adopted by the Public Company Accounting Oversight Board. The Public Company Accounting Oversight Board is the new regulatory board to be established under the Act. Phase in Period Because the SEC anticipates that companies and auditors will require substantial time to develop processes and train personnel to ensure compliance with Section 404 of the Act and because the new Public Company Accounting Oversight Board will need time to set standards for auditor attestations, the SEC has proposed that the new rules, if adopted, apply to public companies whose fiscal years end on or after September 15, 2003. Until the new rules are adopted and become effective, companies should continue to use the current form of certification under Section 302 when filing their quarterly and annual reports.

 

Link to article