Deloitte & Touche LLP   Deloitte & Touche LLP
   
Implications of the current governance environment for Canadian companies
An analysis of the implications of the CSA’s proposed approach for reporting on internal controls
In March 2006, the Canadian Securities Administrators (CSA) issued Notice 52-313, which proposed some significant changes with regards to the CEO/CFO certification process, specifically the requirements dealing with reporting on internal control over financial reporting (ICFR). This decision, which effectively shifts the responsibility for evaluating ICFR from an external auditor to the board of directors, impacts a number of stakeholders, including corporate directors, senior management, auditors and Canadian capital markets.

The Canadian Securities Administrators issued a notice in March 2006 stating its intention to revise Multilateral Instrument 52-109, and to remove proposed Multilateral Instrument 52-111, Reporting on Internal Controls over Financial Reporting (ICFR). The major changes envisioned to MI 52-109 are as follows:

  • CEOs and CFOs of reporting issuers will be required to evaluate the effectiveness of ICFR, but will not have to issue a separate management report on internal control as was originally proposed;
  • The annual CEO/CFO certificates will be expanded to state that the CEO and CFO have evaluated the effectiveness of the issuer's ICFR;
  • The conclusions of the CEO's and CFO's evaluation of the effectiveness of ICFR will be disclosed in the issuer's annual Management Discussion & Analysis (MD&A);
  • Issuers will not be required to obtain an external auditor opinion of management's assessment of the effectiveness of internal control or the auditor's own assessment of the effectiveness of internal control;
  • The requirements will apply to all reporting issuers, including all public companies listed on the Toronto Stock Exchange and TSX Venture Exchange, in all Canadian jurisdictions; and
  • The proposals will not come into effect before financial years ending on or after December 31, 2007.

Implications for CEOs and CFOs
When the CSA decided to remove the auditor attestation requirement from CEO/CFO certification in early 2006, it also removed the auditing standard. Effectively, this means that there remains virtually no guidance for management. Therefore, the first issue facing CEOs and CFOs is that, starting in 2006, they are now required to certify on the design of internal control, and will likely be required to certify on the evaluation of operating effectiveness of these controls starting in 2007 — without any guidance as to how to go about the compliance process. Some guidance is expected to be included in the CSA's release that is due to be issued to support the certifications, but the question remains as to how detailed this guidance will be, and when it will be issued.

Implications for corporate directors and audit committees
Boards and audit committees now bear responsibility for oversight of the certification process. "This situation is due to the fact that the results of the certification process — the conclusion of it — will be expressed and presented in Management's Discussion & Analysis," says Jim Goodfellow, senior partner and vice-chair at Deloitte. "The MD&A, of course, is part of the annual report — which the audit committee is required to review and approve." Furthermore, since the board and the audit committee have to review and approve the financial statements and the MD&A, they must necessarily be concerned about the controls over the processes that produce the information contained in those documents.

Implications for venture issuers
Another imminent change in Canadian regulatory requirements is that, starting in 2007, venture issuers will be required to certify as to the evaluation of operating effectiveness of their ICFR. They were already required to certify as to the design of these controls in 2006, but according to the CSA's proposal they will also be required to perform the evaluation and present their conclusions in the MD&A.

Implications for Canada's capital markets
The final implication for Canadian capital markets is that there are now three disclosure systems operating around the world:

  • the U.K. approach, where the focus is on the board, with board reporting on risk management and internal control;
  • the U.S. approach, which requires management reporting with auditor attestation; and
  • the Canadian approach, which is centred around the CEO/CFO certification with board oversight.

This implication may be best summarized as one of reputational risk. The departure of Canadian regulatory requirements from those of the United States and Sarbanes-Oxley could have severe implications for Canada's capital markets if they are viewed as being less stringent, less effective or as providing less information to investors than the approaches followed in other countries. "It is imperative that the Canadian business community ensures that the proposed Canadian approach works," says Goodfellow.

  
The CSA's proposed changes to regulatory requirements 

 Read other articles about Corporate Governance
Contact us for more information about this topic.
 
Source: Deloitte & Touche LLP - Canada (English)

Print this page    Email To A Colleague
  Security | Legal | Privacy    

© 2008 Deloitte & Touche LLP and affiliated entities.


Deloitte, one of Canada's leading professional services firms, provides audit, tax, consulting, and financial advisory services through more than 7,600 people in 56 offices. Deloitte operates in Québec as Samson Bélair/Deloitte & Touche s.e.n.c.r.l. The firm is dedicated to helping its clients and its people excel. Deloitte is the Canadian member firm of Deloitte Touche Tohmatsu.

Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms.

RSS Feed iconDeloitte Canada RSS Feeds