March 15, 2007
"My Friend" is not Ready for MI 52-109, but I am!
Remember as a kid when you needed to find out information from an expert? You told the "expert" that your friend had this problem and you needed to help your friend, so could you please have the answer?
So goes the results from a Symantec Corp.(Nasdaq: SYMC) survey of Canadian public companies published yesterday.
An excerpt here " only 10 per cent of executives believe Canadian businesses are fully prepared to conform to Bill 198 compliance legislation. Moreover, only 67 per cent of C-level respondents reported having a clearly defined role in supportingcompliance processes..."
The basis of this survey is a little erroneous when it assumes that the deadline for all companies was in fact December 31 for phase 1 of MI 52-109. The phase 1 deadline is based on a company's fiscal year end. So other companies with June 30 and September 30 year ends have already filed. Additionally, companies with year ends through June 29 have yet to file. This is the first phase of the legislation, the "Design and Implement" portion.
However, the point is still well taken that very few companies have fully embraced this exercise nor have a great deal of comfort with it. Further the Canadian Securities Regulators has not publicized the legislation.
From the survey: Despite the deadline, stiff penalties, and the legislation's intentions, more than half (55 per cent) of respondents from across Canada indicated their companies were, at best, "mostly but not completely compliant."
Wow! And you have to wonder what "mostly" means. Is that like: we have started this project but have not finished it...
Another piece of misinformation is this: "With only nine months left until plans must be fully implemented, Karbaliotis advises executives responsible for compliance to make the effort an organizational priority". On February 9, 2007, the Canadian Securities Administrators (CSA)
issued staff notice 52-317 revising the deadline for Phase 2 of MI 52-109 to allow companies more time on "Effectiveness Testing" of internal controls. So now the deadline is "in respect of financial years ending on or after June 30, 2008" instead of 2007.
This allows more time. But if the survey results are true and our experience would find them to very true, companies should finalize the first phase of the legislation and get it right because you cannot test what you do not have documented or designed.
There will be a company who has a serious fraud or problem. It is a statistics game. Just wait! Then their internal control reports will be reviewed and if they are found to be non-existent or worse yet, fraudulent, a bright light will be shining on the legislation requirements.
It would be best to embrace good governance for the right reasons. Then if there is a problem, a company would know it WAS covered by good project planning and good execution. Most companies do not have adequate internal controls over financial reporting if they have never designed them or documented them. This is our experience over the last five years of working typical North American companies. Good controls do not just happen. They have to be deliberately designed, tested and periodically recalibrated. It is good business to have good controls.
If your company needs assistance in the effective and sustainable compliance in SOX 404 or MI 52-109, contact http://www.issuescentral.com/ for more information on Compliance Playbook® for companies based outside of Canada. For Canadian based companies, see http://www.compliancepartner.ca/ for more information on Compliance Partner™ from Thomson Carswell.
So goes the results from a Symantec Corp.(Nasdaq: SYMC) survey of Canadian public companies published yesterday.
An excerpt here " only 10 per cent of executives believe Canadian businesses are fully prepared to conform to Bill 198 compliance legislation. Moreover, only 67 per cent of C-level respondents reported having a clearly defined role in supportingcompliance processes..."
The basis of this survey is a little erroneous when it assumes that the deadline for all companies was in fact December 31 for phase 1 of MI 52-109. The phase 1 deadline is based on a company's fiscal year end. So other companies with June 30 and September 30 year ends have already filed. Additionally, companies with year ends through June 29 have yet to file. This is the first phase of the legislation, the "Design and Implement" portion.
However, the point is still well taken that very few companies have fully embraced this exercise nor have a great deal of comfort with it. Further the Canadian Securities Regulators has not publicized the legislation.
From the survey: Despite the deadline, stiff penalties, and the legislation's intentions, more than half (55 per cent) of respondents from across Canada indicated their companies were, at best, "mostly but not completely compliant."
Wow! And you have to wonder what "mostly" means. Is that like: we have started this project but have not finished it...
Another piece of misinformation is this: "With only nine months left until plans must be fully implemented, Karbaliotis advises executives responsible for compliance to make the effort an organizational priority". On February 9, 2007, the Canadian Securities Administrators (CSA)
issued staff notice 52-317 revising the deadline for Phase 2 of MI 52-109 to allow companies more time on "Effectiveness Testing" of internal controls. So now the deadline is "in respect of financial years ending on or after June 30, 2008" instead of 2007.
This allows more time. But if the survey results are true and our experience would find them to very true, companies should finalize the first phase of the legislation and get it right because you cannot test what you do not have documented or designed.
There will be a company who has a serious fraud or problem. It is a statistics game. Just wait! Then their internal control reports will be reviewed and if they are found to be non-existent or worse yet, fraudulent, a bright light will be shining on the legislation requirements.
It would be best to embrace good governance for the right reasons. Then if there is a problem, a company would know it WAS covered by good project planning and good execution. Most companies do not have adequate internal controls over financial reporting if they have never designed them or documented them. This is our experience over the last five years of working typical North American companies. Good controls do not just happen. They have to be deliberately designed, tested and periodically recalibrated. It is good business to have good controls.
If your company needs assistance in the effective and sustainable compliance in SOX 404 or MI 52-109, contact http://www.issuescentral.com/ for more information on Compliance Playbook® for companies based outside of Canada. For Canadian based companies, see http://www.compliancepartner.ca/ for more information on Compliance Partner™ from Thomson Carswell.
