| Starting in 2005, annual CEO/CFO certification requirements will expand to disclosure controls and procedures and internal controls over financial reporting.
This will mean three things for CEOs and CFOs. They will be required to certify they have:
- Designed disclosure controls and procedures that provide reasonable assurance that material information relating to their company is made publicly known.
- Evaluated the effectiveness of their company’s disclosure controls and procedures.
- Disclosed in the annual Management Discussion & Analysis their conclusions about the effectiveness of the disclosure controls and procedures.
These new requirements have implications not only for CEOs and CFOs, but also for audit committees. While the CEO/CFO must provide overall leadership, the audit committee must provide oversight to ensure management puts in place the necessary policies, procedures and systems for complete and timely regulatory filings.
Determine your effectiveness
Below is a self assessment tool for management and audit committees to help them determine effectiveness of their organization’s disclosure control policies and procedures as well as their readiness to respond to the requirement for disclosure control certification. A second tool is included in Getting ready for Disclosure Control Certification. This planning and evaluation checklist highlights the factors that should be taken into consideratoin by management and their compliance team.
Formulating and executing your vision for compliance
Organizations cannot afford to underestimate the impact of the new CSA proposals rules regarding CEO/CFO certification and disclosure controls. The timelines as to when certification is required is approaching. It is imperative to start the process early to ensure that any compliance issues are addressed in time for a clean certification to be issued.
Deloitte’s CEO/CFO certification professionals offer a range of solutions — both organizational and technological — that can be customized to meet your organization's specific compliance needs. Let us help design a strategy that can turn the certification requirements into value generators for your organization.
Management and Audit Commitee effectiveness/readiness assessment tool
The following rating tool can help management complete a thorough assessment of the effectiveness of their organization’s disclosure control policies and procedures as well as its readiness to respond to the requirement for disclosure control certification.
For each question, management should rate its organization’s effectiveness on a scale from one to four, where one means less effective/requires improvement, and four means highly effective/adequately addressed. A comments area helps capture what cannot be properly expressed or reflected by numerical assessment.
|
Questions
|
|
Rating |
-
The CEO and CFO played essential roles in the disclosure controls process.
They established an effective “Tone at the Top” to convey the importance of the task. They will continue to play key roles in the certification of disclosure controls.
|
□1 |
□2 |
□3 |
□4 |
- Management has created an effective “disclosure culture”.
The organization’s disclosure policy encourages open, timely disclosure of material events.
|
□1 |
□2 |
□3 |
□4 |
- The organization has an effective continuous disclosure policy and has documented disclosure controls and procedures.
In the design of the disclosure policy and controls, both the external reporting aspects as well as the internal communication component have been considered.
|
□1 |
□2 |
□3 |
□4 |
- The organization’s disclosure policy is reviewed on a frequent basis.
The audit committee plays a vital role in this review process. The assessment of the design of the organization’s disclosure controls and procedures includes the following items:
- the disclosure policy
- the need for a disclosure committee
- the control procedures established to implement the disclosure policy
|
□1 |
□2 |
□3 |
□4 |
- Management takes steps to ensure that its disclosure policies are clearly understood throughout the organization.
Management has established a training program for new and existing employees related to their disclosure responsibilities.
|
□1 |
□2 |
□3 |
□4 |
- All filings have been in compliance with regulatory requirements.
Management has adequately addressed any external feedback regarding the organization’s disclosures, controls and procedures.
|
□1 |
□2 |
□3 |
□4 |
- Management has implemented a sub-certification process for disclosure controls.
The effectiveness of the sub-certification process has been evaluated.
|
□1 |
□2 |
□3 |
□4 |
- Any comments that have been received from regulators, legal counsel, investors, or external auditors about the organization’s disclosures have been adequately addressed by management.
|
□1 |
□2 |
□3 |
□4 |
- Management has developed a comprehensive plan to implement the annual disclosure controls certification.
|
□1 |
□2 |
□3 |
□4 |
- Management has adequately addressed all disclosure issues faced by the organization during the most recent year.
The likelihood that external parties would have reached the same conclusions as management regarding disclosure in these situations is high.
|
□1 |
□2 |
□3 |
□4 |
- Any reports to the organization’s whistleblower process regarding it’s disclosures or disclosure controls and processes were efficiently and effectively dealt with.
|
□1 |
□2 |
□3 |
□4 |
|
|
|
