Time to assess your internal controls
by Ajay Gupta

People modify their cars all the time — depending on your needs and taste, you could add a GPS system, alloy rims or a new stereo. Every car, however, must have a standard set of brakes to control and reduce the vehicle’s speed.

Similarly, while the CEO of a public company is free to make many decisions about how to run the business, the company must have internal controls over financial reporting (ICFR). In the United States, the Sarbanes-Oxley Act of 2002 (SOX) requires all U.S. publicly listed companies to have the effectiveness of their ICFR attested by auditors. This rule also applies to Canadian companies with U.S. listings or U.S. parents.

In this country, the Canadian Securities Administrators (CSA) requires CEO and CFO certification of ICFR, as per the proposed National Instrument 52-109. Although there is no requirement for an auditor attestation, Canadian-listed companies must undertake an ICFR project to meet new certification requirements, effective for fiscal years ending on or after June 30, 2008.

In general, an ICFR certification project requires the following main steps:

  • Establishing a suitable internal control framework, such as COSO*, to effectively assess internal controls over financial reporting;
  • Assessing risk using a top-down, risk-based approach, and documenting the key business processes to make the overall ICFR project more efficient and cost effective;
  • Evaluating the design of ICFR to ensure the internal controls are designed effectively; and
  • Evaluating the effectiveness of ICFR to ensure the internal controls are operating effectively.

Companies need to evaluate their internal controls annually to ensure they are operating effectively with a robust and compliant regime in place. Contact your auditor or a regulatory and governance advisor that provides SOX and ICFR-certification services for Canadian-listed, U.S.-listed and cross-border-listed companies.

* COSO is a U.S. private-sector initiative, formed in 1985 to study the factors that can lead to fraudulent financial reporting and to develop recommendations to reduce its incidence.

Ajay Gupta is an Assurance & Advisory Manager with the Public Company Team and the Regulatory & Governance Team. He can be reached at (416) 644-4367 or by e-mail at ajay_gupta@mintzca.com.

Mintz & Partners | 1 Concorde Gate, Suite 200, North York, Ont., M3C 4G4 | www.mintzca.com
Phone: (416) 391-2900 | Fax: (416) 391-2748 | E-mail: info@mintzca.com

The Statement is an e-newsletter written by the Public Company Team of Mintz & Partners LLP. Please go to http://www.mintzca.com/index.php?section=pcdirectory to learn more about our Public Company Team The issues raised are for information purposes only. Readers are urged to contact their professional advisors before acting on the basis of the material contained herein.

This office is an independently owned and operated member of the Collins Barrow National Cooperative Incorporated. The Collins Barrow trademarks are used under license. For more information about Mintz & Partners, please visit our Web site at www.mintzca.com.

[Close Window]