Sarbanes-Oxley/Bill 198 Compliance
Requirements – Are You Ready?

Did you know that Chief Executive Officers and Chief Financial Officers of all Canadian public companies traded on the Toronto Stock Exchange or TSX Venture Exchange will be required to certify that they have designed and established appropriate controls over financial reporting? These controls must provide reasonable assurance regarding the reliability of financial reporting in accordance with GAAP. This requirement is effective for fiscal years ending after June 29, 2006. Therefore, if your company’s year end is December 31, 2006, the Officers will be certifying for the first time that they have designed and established appropriate controls over financial reporting at the end of the December. ARE YOU READY?

What Needs to be Done

In order to meet the above certification requirements management should as a minimum:

• Document all critical policies, practices and processes;
• Identify and document  key controls; and
• Perform high level walkthroughs to ensure that such key controls are properly designed and operating effectively.

It should be noted, that the companies will have one more year prior to being required to evaluate these controls through detailed testing.

The Small Company Dilemma

While many of the larger size companies are already compliant or well down the path to becoming compliant, smaller firms have either recently commenced or are just now thinking about their compliance program. Generally speaking, smaller companies face the following challenges:

• Limited resources (people and dollars);
• Minimal segregation of duties;
• Lack of internal expertise; and
• No internal audit function.

The Recommended Approach

In order to cope with the above challenges and given the short timelines available, smaller companies must be highly efficient and effective in their compliance initiatives. This can be achieved by adopting a focused top-down, risk-based approach for their compliance program.

It is recommended that small companies place a heavy reliance on the following top level controls:

• Governance Controls (such as proper board composition, written board and committee mandates, documented roles & responsibilities and in-camera sessions between the independent board members and auditors)
• Disclosure Controls & Procedures (such as Disclosure Policy, documented and well controlled processes for financial reporting, accounting estimates, non-routine journal entries, selection of accounting policies and reporting of these items to the Audit Committee)
• Entity Level Controls (such as Code of Ethics, Risk Management Procedures, Whistle Blower Practices, Management Oversight Controls and well defined authority guidelines and job descriptions).

The effectiveness of these top level controls in design and operation create the right environment for all other controls to operate effectively. Strong controls at the top could also compensate for the ineffectiveness of controls at the lower levels particularly with respect to the lack of segregation of duties.

It is highly recommended that at least 75% of the compliance effort of smaller companies be focused on the design, establishment and monitoring of the top level controls described above with the remainder of compliance effort dedicated to accounting and transaction level processing controls. At these lower levels, the compliance effort should be focused on the areas which have a higher risk of fraud or material error and should be approached by setting clear priorities for the design and documentation of processes. The same risk based approach should be applied to Information Technology controls focusing on security and access controls, spreadsheet controls and outsourcing controls if the IT services are outsourced to outside service providers.

The Results

By adopting this top-down, risk-based approach, smaller companies will be better able to contain the cost of becoming compliant and drastically advance the completion date of the project. 

Alec Moore and Massood Oroomchi, Partner, FinEx Goup. FinEx Group assists companies with integrating their compliance requirements with their daily business activities and deriving bottom line benefits. For further information, please fill out our contact form or contact Massood Oroomchi at (519) 574-8691 or Alec Moore at (519) 580-3690.

Click here to return to the articles and links page.