|
The
most essential understanding of how
DB-Examiner plays
such a critical role in Sarbanes – Oxley compliance
is based on acknowledging the hierarchy of relationships. |
| |
Overview
Section 404 of the Sarbanes-Oxley
Act of 2002 established requirements for issuers (corporations)
to include in their annual reports on Form 10-K an internal
controls report that: |
| |
(i) |
describes
management’s responsibilities with respect to internal
controls procedures and |
| |
(ii) |
contains
an assessment of the effectiveness of those procedures, and
also for auditors to attest to management’s assessment. |
| |
|
|
|
The
rules now proposed by the SEC to implement those provisions
go beyond the express requirements of Section 404, and would
require management to: |
| |
(i) |
evaluate
internal controls on a quarterly basis, |
| |
(ii) |
report
the results of that evaluation in quarterly & annual
SEC reports, |
| |
(iii) |
make
additional certifications regarding internal controls. |
| |
|
|
Internal
Controls Definition
The SEC has defined the term “internal controls and procedures for financial
reporting” consistently with existing definitions under generally accepted
accounting standards (GAAP). |
| |
|
|
|
The
term refers to controls pertaining to the preparation of
financial statements for external purposes that are fairly
presented in conformity with GAAP. The SEC believes the purpose
of internal controls should be to ensure that each issuer
has processes designed to provide reasonable assurance that: |
| |
• |
the
issuer’s transactions are properly authorized. |
| |
• |
the
issuer’s assets are safeguarded against unauthorized
or improper
use. |
| |
• |
the
issuer’s transactions are properly recorded and reported
to
permit the preparation of GAAP financial statements. |
| |
|
|
Management
and Auditor Reports
Under
the proposed rules, issuers would be required to include in their
10-K reports an internal controls report of management that contains: |
| |
• |
a
statement of management’s responsibilities for establishing
and maintaining adequate “internal controls and procedures
for financial reporting; |
| |
• |
conclusions
about the effectiveness of the issuer’s internal controls,
based on management’s evaluation of those controls
and procedures as of
the end of the issuer’s most recent fiscal year; |
| |
• |
a
statement that the issuer’s auditor has attested to,
and reported
on, management’s evaluation of the issuer’s internal controls. |
| |
|
|
Quarterly
Evaluations
The proposed rules would also require that an issuer’s management, with
the participation of its CEO and CFO, conduct an evaluation of the design and
operation of the issuer’s internal controls as of the end of the period
covered by quarterly and annual reports.
The
CEO’s and CFO’s conclusions about the effectiveness
of the issuer’s internal controls would be disclosed
in the relevant quarterly or annual report. This is separate
from,
and in addition to, the internal controls report that is required
annually. |
| |
|
|
CEO/CFO
Certifications
Pursuant to other provisions of the Act, CEOs and CFOs currently must provide
certifications regarding internal controls in quarterly and annual SEC reports,
addressing significant deficiencies or material weaknesses in internal controls,
any occurrence of fraud, and significant changes to internal controls since the
previous evaluation.
The
proposed rules would also require the CEO and CFO to certify
in such reports that they: |
| |
• |
are
responsible for establishing and maintaining internal controls; |
| |
• |
have
designed such internal controls (or caused them to be designed)
to provide reasonable assurances that the financial statements
are fairly presented
in conformity with GAAP; |
| |
• |
have
evaluated the effectiveness of the internal controls as of
the end
of the period covered by the report; and |
| |
• |
have
presented in the report their conclusions about the effectiveness
of the internal controls based on that evaluation. |
