SOX-style regime comes to Canada
New corporate governance proposals will help bring convergence with US Sarbanes-Oxley rules, says Bruce McCuaig
The tough US Sarbanes Oxley corporate auditing and governance rules have, for all intents and purposes, arrived in Canada with the latest move by local securities market regulators.
The Canadian regulators took a major step in early February toward their goal of bringing Canadian securities legislation into line with Sarbanes Oxley with the issue of their proposals for new rules governing the certification of financial disclosure.
The announcement came in the form of a Proposed Multilateral Instrument 52-111: Reporting on Internal Control over Financial Reporting. Comments on the proposal are required by June 6.
Securities legislation is a provincial, not a federal mandate in Canada. There is no local equivalent to the US Securities and Exchange Commission, the federal agency that supervises US stock exchanges. Harmonising Canada's approach to securities regulation is the job of the Canadian Securities Administrators (CSA), a forum for the 13 securities regulators in the country's provinces and territories to coordinate regulation of the local capital markets. Their pronouncements are known as National Policy when all jurisdictions agree and Multilateral Instruments when they do not. In the case of proposed MI 52-111, British Columbia is excluded.
MI 52-111 contains few real surprises. It is the latest in a series of proposals, regulations and legislation governing public companies, their auditors and their boards. The proposals fall into place with a number of other rules governing continuous disclosure, audit committees and corporate governance practices. MI 52-111 proposes that the management of every issuer of shares to evaluates the effectiveness of internal control over financial reporting as of the end of the issuer's financial year. If approved, it will also require, like Sarbanes Oxley, an internal control audit report from the company's auditor expressing an opinion on management's assessment of internal control over financial reporting.
Under the proposals, management's internal control report content will conform closely to that of the US. It must contain, among other things:
· A statement of management's responsibility for establishing and maintaining adequate internal control over financial reporting
· A statement identifying the control framework used by management in their evaluation of control effectiveness
· Management's assessment of the effectiveness of internal control, including a statement as to whether internal control over financial reporting is effective as at the end of the year
· Disclosure of any material weaknesses in internal control over financial reporting. Significant deficiencies are to be reported only to the auditors and the board.
There are both subtle and significant differences from SOX in the approvals required by the proposed MI 52-111. A subtle difference is that the "management" who must certify is not defined. The omission is intentional. As a minimum, the "certifying officers", essentially the chief executive officer and chief financial officer, must sign the report. But it is left to the discretion of these certifying officers to determine which other members of management should also sign. Broader certification will encourage more review and analysis.
In another departure from US requirements, however, MI 52-111 requires the internal control report to be approved by the board of directors before being filed. This adds another very significant level of review and accountability to the certification process.
Finally, MI 52-111 provides a general framework for evidence retention by requiring that the evidence supporting management's evaluation be retained for the same period that Canadian tax rules require the retention of accounting records for each period.
Three exemptions
The provisions regarding internal control reports and internal control audit reports become effective for financial years ending after June 30, 2006. Transitional provisions establish exemptions for three categories of issuers based on market capitalization. S Issuers will be phased in gradually, based on market capitalization, by June 29, 2009.
Excluded from the internal control reporting requirements are investment funds, venture issuers and issuers who already comply with SOX 404 rules.
In preparing their internal control audit report, Canadian auditors will be guided by standards already proposed by the country's Auditing and Assurance Standards Board (AASB). These standards - "An Audit of Internal Control over Financial Reporting Performed in Conjunction with an Audit of Financial Statements" -are essentially identical to those issued by the Public Company Accounting Oversight Board (PCAOB), the US watchdog set up under Sarbanes Oxley to monitor the auditing profession.
Bruce McCuaig is principal consultant, collaborative assurance and risk design, with business accountability solutions firm Paisley Consulting. Email: bruce.mccuaig@paisleyconsulting.com
