June 22, 2006
Bank of China - "Costs of Sarbox are too high"
The upcoming IPO of the Bank of China is a big event in the investment world. Just today, the Chairman of the bank is quoted in Forbes (click here) as saying that "There would be no legal problems for a listing in the US, but I believe the Sarbanes-Oxley law actually adds unnecessary costs for listed companies."
Can't you just hear the Chicken Littles on Wall Street, "The sky is falling! Our fees are falling!".
They have short memories. It was only four years ago that a compliance black hole at the Bank of China was revealed to the tune of at least $500 million. Regulators in Hong Kong and China were unable to detect for a decade a "skimming and money laundering" scheme with international connections. Click here to read more.
One can only speculate about the soundness of the Bank of China's internal controls as of today. (Note: Speculating when it comes to a bank's control system can't be a good thing) You would think that a large bank would be up to the challenge and would want to meet the highest standards.
In any event, we can be assured that because they will not come under the same level of compliance scrutiny and transparency as required by SOX that the potential for weaker controls and higher risks has increased. Investors will not be as well protected. Caveat emptor.
If your company is required to meet SOX compliance standard, please go to www.issuescentral.com to learn more about the Compliance Playbook(TM). If you are a Canadian-based SOX or MI 52-109 filer, please visit our Canadian distributor, Thomson-Carswell's website, www.compliancepartner.ca , to learn more about Compliance Partner(TM).
Can't you just hear the Chicken Littles on Wall Street, "The sky is falling! Our fees are falling!".
They have short memories. It was only four years ago that a compliance black hole at the Bank of China was revealed to the tune of at least $500 million. Regulators in Hong Kong and China were unable to detect for a decade a "skimming and money laundering" scheme with international connections. Click here to read more.
One can only speculate about the soundness of the Bank of China's internal controls as of today. (Note: Speculating when it comes to a bank's control system can't be a good thing) You would think that a large bank would be up to the challenge and would want to meet the highest standards.
In any event, we can be assured that because they will not come under the same level of compliance scrutiny and transparency as required by SOX that the potential for weaker controls and higher risks has increased. Investors will not be as well protected. Caveat emptor.
If your company is required to meet SOX compliance standard, please go to www.issuescentral.com to learn more about the Compliance Playbook(TM). If you are a Canadian-based SOX or MI 52-109 filer, please visit our Canadian distributor, Thomson-Carswell's website, www.compliancepartner.ca , to learn more about Compliance Partner(TM).
June 13, 2006
NYSE Takeover of Euronext: Implications for Compliance
Marshall McLuhan (he of "The medium is the message" fame), once said that "The new electronic independence recreates the world in the image of a global village".
Most investors have traditionally had a bias towards their home markets. This is going to change dramatically over the next few years as McLuhan "global village" analogy becomes real.
So, consider the implications of the integration of international trading markets, such as NYSE acquiring Euronext, that is underway and the upcoming impact on national regulatory structures and compliance standards.
Some trends are clear:
Most investors have traditionally had a bias towards their home markets. This is going to change dramatically over the next few years as McLuhan "global village" analogy becomes real.
So, consider the implications of the integration of international trading markets, such as NYSE acquiring Euronext, that is underway and the upcoming impact on national regulatory structures and compliance standards.
Some trends are clear:
- The push for common accounting and compliance standards around the world will only increase. Investors will want assurances that they can interpret financial information in a consistent manner. There will be lots of nationalism about the superiority of one set of regulatory approach over another. However look at what is already happening with the implementation of IFRS in Europe. Commentators are even saying that SOX facilitates aspects of IFRS.
- Technology infrastructures will be integrated over time in order to reduce transactions costs and to provide investors and issuers with integrated and transparent investing platforms.
- The world is becoming a small place. If an investor in the U.S. chooses to invest in an exchange that has lax, or "flexible", compliance standards and suffers losses because of improper reporting, etc, who will the investor turn to for comfort. Probably not the SEC. However, if an exchange promotes its offerings heavily to U.S. investors will U.S. regulations apply? Only time will tell.
The SEC issued a Fact Sheet on Potential Cross-Border Exchange Mergers today - Click here for more information.
Marshall McLuhan would chuckle.
To streamline your journey to cost-effective SOX 404 compliance, please go to www.issuescentral.com to learn more about Compliance Playbook(TM). If you are a Canadian-based filer, looking to comply with MI 52-109 or SOX 404, please visit Thomson-Carswell's site at www.compliancepartner.ca for more information on Compliance Partner(TM).
June 08, 2006
Are Canadian Directors more exposed to liability because of the proposed revisions to MI 52-109 under CSA Staff Notice 52-313?
Maybe.
Think about it. With the increase in civil liabilities introduced on January 1, 2006 (Bill 198), coupled with the proposed removal of external auditor attestation on a company's internal controls over financial reporting (withdrawal of MI 52-111 as outlined in CSA Staff Notice 52-313), some directors may start to feel a little exposed.
For issuers based on U.S. exchanges, the SOX 404 (Management and Auditor Report on Internal Controls over Financial Reporting) process to a certain extent transfers some of the risk for review over ICFR to the outside auditors and a board member can "rely" more heavily on the auditors' independent assessment of ICFR effectiveness. Not so, with the Canadian approach. Such a trusting country. Indeed it is more than a trust issue. The Canadian market is comprised of many more micro and small cap companies and regulators are worried about companies getting buried in auditor fees. How do Canadian investors feel about this approach? Probably a little exposed just like the directors.
The reality is that the Canadian approach is going to force boards, particularly audit committees, to question CEOs and CFOs more aggressively with respect to disclosure and ICFR activities. Can't you just hear the late night conversations emanating from Bay Street and Howe Street, "Where were you on the night of Year End close? This is the last time I'm going to ask."
In addition, I suspect that board members are not going to be happy about their potential increase in liability so they will make greater use of internal audit functions, and compliance tools (excellent!) to invigorate their organizations.
For TSX and TSX-V based companies looking to get a better fix on what the proposed changes proposed by CSA Notice 52-313 please click here to find out more about sessions being presented by Thomson-Carswell and Torys LLP on June 21st and June 22nd.
Go Oilers!
Think about it. With the increase in civil liabilities introduced on January 1, 2006 (Bill 198), coupled with the proposed removal of external auditor attestation on a company's internal controls over financial reporting (withdrawal of MI 52-111 as outlined in CSA Staff Notice 52-313), some directors may start to feel a little exposed.
For issuers based on U.S. exchanges, the SOX 404 (Management and Auditor Report on Internal Controls over Financial Reporting) process to a certain extent transfers some of the risk for review over ICFR to the outside auditors and a board member can "rely" more heavily on the auditors' independent assessment of ICFR effectiveness. Not so, with the Canadian approach. Such a trusting country. Indeed it is more than a trust issue. The Canadian market is comprised of many more micro and small cap companies and regulators are worried about companies getting buried in auditor fees. How do Canadian investors feel about this approach? Probably a little exposed just like the directors.
The reality is that the Canadian approach is going to force boards, particularly audit committees, to question CEOs and CFOs more aggressively with respect to disclosure and ICFR activities. Can't you just hear the late night conversations emanating from Bay Street and Howe Street, "Where were you on the night of Year End close? This is the last time I'm going to ask."
In addition, I suspect that board members are not going to be happy about their potential increase in liability so they will make greater use of internal audit functions, and compliance tools (excellent!) to invigorate their organizations.
For TSX and TSX-V based companies looking to get a better fix on what the proposed changes proposed by CSA Notice 52-313 please click here to find out more about sessions being presented by Thomson-Carswell and Torys LLP on June 21st and June 22nd.
Go Oilers!
June 05, 2006
If a CEO/CFO certifies that internal controls are effective, does that make it so?
Both Section 302 of the Sarbanes-Oxley Act (in place for the last 3 years), and the existing Canadian equivalent Multi-Lateral Instrument 52-109 (internal controls portion to begin for fiscal y/e on/after June 30, 2006, pre-March 10, 2006 proposed revision - CSA Notice 52-313), take a significant step by mandating that a CEO/CFO certify internal controls over financial reporting (ICFR) in terms of "any significant changes that have occurred", and "all significant deficiencies and material weaknesses in the design or operation of internal controls ...likely to adversely affect ... financial information", and "any fraud, whether or not material, that involves management .... who have a significant role in the registrant's internal control over financial reporting".
Wouldn't it make sense, particularly for U.S. filers, that much of the ICFR work was already done prior to Section 404 (management evaluation and auditor attestation kicking in)?
I'm not so sure. So, where am I going with this topic?
What if the ICFR portions of SOX 302 and the current (not proposed) version of MI 52-109, which are essentially self-policing, are not really getting much emphasis by the CEO and CFO? Maybe it takes external validation (the external auditor) to energize the average management team to really take a good look at ICFR. Thus, SOX 404.
Kind of like leaving your place messy until the neighbors come over for dinner.
In the SOX context, a March 2006 study by Lord & Benoit highlights (click here) that only 1 in 8 firms disclosed material weaknesses via SOX 302 disclosure and certification in the quarter prior to the disclosure of SOX 404 material weaknesses. Keep in mind that there were 613 restatements in 2004, and 1195 in 2005 according to research by Glass Lewis. Definitely a sign of internal control issues.
It seems that the quality of self-reporting is not very high unless it is backed up by the threat of some outside review.
Sad.
So, what does this mean for the future?
Three things come to mind:
Wouldn't it make sense, particularly for U.S. filers, that much of the ICFR work was already done prior to Section 404 (management evaluation and auditor attestation kicking in)?
I'm not so sure. So, where am I going with this topic?
What if the ICFR portions of SOX 302 and the current (not proposed) version of MI 52-109, which are essentially self-policing, are not really getting much emphasis by the CEO and CFO? Maybe it takes external validation (the external auditor) to energize the average management team to really take a good look at ICFR. Thus, SOX 404.
Kind of like leaving your place messy until the neighbors come over for dinner.
In the SOX context, a March 2006 study by Lord & Benoit highlights (click here) that only 1 in 8 firms disclosed material weaknesses via SOX 302 disclosure and certification in the quarter prior to the disclosure of SOX 404 material weaknesses. Keep in mind that there were 613 restatements in 2004, and 1195 in 2005 according to research by Glass Lewis. Definitely a sign of internal control issues.
It seems that the quality of self-reporting is not very high unless it is backed up by the threat of some outside review.
Sad.
So, what does this mean for the future?
Three things come to mind:
- What have Audit Committees been doing prior to SOX 404 kicking in (or the Canadian equivalent)? Has anyone been asking the CEO/CFO tough questions and asking for some evidence of real ICFR activity?
- Expect a big increase in deficiencies/weaknesses from non-accelerated SOX filers. Their 302 reports with respect to ICFR are bound to go negative once the SOX 404 auditor attestation debate is nailed down . Honey, the neighbors are coming for dinner! And boy, are they hungry!
- The value of MI 52-109 ICFR requirements without external auditor attestation. Canadians are nice people but no more principled than their U.S. cousins. Expect that if the CSA and regulators like the OSC did "spot audits" of ICFR that they would find the quality of work quite lacking - particularly with the smaller companies. Would investors be surprised? No, that is one of the reasons that they will place a greater risk premium on Canadian equities that are not SOX compliant.
I'm not a big fan of the "externals" and the excessiveness of many of their ICFR engagements. However, wouldn't it be nice if management and the board/audit committee got their financial houses in order without the threat of outside intervention. Oh well, I guess it is no surprise, just take a look at the next big thing on the horizon, "Executive Compensation and the Link to Company Performance". Now that is an "internal control" problem!
If you'd like to get on with strengthening your internal controls over financial reporting, either because you have to, or just because you'd like to, please go to www.issuescentral.com to learn more about the award-winning Compliance Playbook(TM). For Canadian-based companies, please go to our friends at www.compliancepartner.ca to learn about the product that is the market leader - Compliance Partner(TM).
June 03, 2006
PCAOB Takes on Challenge to Sort out AS2
The PCAOB is wasting no time in trying to resolve implementation issues with AS#2. The current lack of a risk based approach by external auditors has driven up costs and not improved quality.
This is good to see because the absolute nit-picking on form over substance that has gone on by external audit firms has been legendary. Strict and rigid interpretation of AS#2 has caused undue busy work by firms and has not addressed the important spirit of the Act which is Tone at the Top, integrity, etc.
The problem is that external auditors are accountants and they are being asked to review "soft items" such as audit committee effectiveness and management's commitment to competence, etc. They were not taught this in school. They are out of their depth. This will be the most important challenge that the PCAOB has to take on: Getting audit firms to train their staffs in entity level controls not just overkilling AP or payroll process controls.
An excerpt from an article is here:
"PCAOB Schedules June SAG Meeting
June 2, 2006 (SmartPros)
— The Public Company Accounting Oversight Board has scheduled a Standing Advisory Group meeting to discuss topics related to audits of internal control over financial reporting and other standards-setting topics.
The meeting is scheduled for June 12-13 in Washington, D.C.
Specifically, the group will discuss current PCAOB activities regarding implementation of the internal control provisions of the Sarbanes-Oxley Act of 2002 and the PCAOB's Auditing Standard No. 2.
In addition, the group will engage in a panel discussion about two aspects of internal control auditing in which the PCAOB may consider refinements to its auditing standard: the role of company-level controls in audits of internal control over financial reporting and the auditor's involvement in management's assessment of internal control. The group will also hear a panel of analysts discuss their compilations of data on corporate disclosures about internal control. The group will then identify and discuss areas of auditing and accounting that, based on this data, may pose special challenges to auditors.
Finally, the group will hear a panel of academic researchers discuss their compilations and syntheses of research related to auditing fair value and auditors' risk assessments.
The agenda and other documents for this meeting can be found on the PCAOB Web site."
If your company has to comply with Sarbanes-Oxley or MI 52-109, see www.issuescentral.com to learn more on how to effectively and rapidly comply with this legislation. See what the Compliance Playbook(tm) and Compliance Partner(tm) have to offer your company's internal controls over financial reporting project.
This is good to see because the absolute nit-picking on form over substance that has gone on by external audit firms has been legendary. Strict and rigid interpretation of AS#2 has caused undue busy work by firms and has not addressed the important spirit of the Act which is Tone at the Top, integrity, etc.
The problem is that external auditors are accountants and they are being asked to review "soft items" such as audit committee effectiveness and management's commitment to competence, etc. They were not taught this in school. They are out of their depth. This will be the most important challenge that the PCAOB has to take on: Getting audit firms to train their staffs in entity level controls not just overkilling AP or payroll process controls.
An excerpt from an article is here:
"PCAOB Schedules June SAG Meeting
June 2, 2006 (SmartPros)
— The Public Company Accounting Oversight Board has scheduled a Standing Advisory Group meeting to discuss topics related to audits of internal control over financial reporting and other standards-setting topics.
The meeting is scheduled for June 12-13 in Washington, D.C.
Specifically, the group will discuss current PCAOB activities regarding implementation of the internal control provisions of the Sarbanes-Oxley Act of 2002 and the PCAOB's Auditing Standard No. 2.
In addition, the group will engage in a panel discussion about two aspects of internal control auditing in which the PCAOB may consider refinements to its auditing standard: the role of company-level controls in audits of internal control over financial reporting and the auditor's involvement in management's assessment of internal control. The group will also hear a panel of analysts discuss their compilations of data on corporate disclosures about internal control. The group will then identify and discuss areas of auditing and accounting that, based on this data, may pose special challenges to auditors.
Finally, the group will hear a panel of academic researchers discuss their compilations and syntheses of research related to auditing fair value and auditors' risk assessments.
The agenda and other documents for this meeting can be found on the PCAOB Web site."
If your company has to comply with Sarbanes-Oxley or MI 52-109, see www.issuescentral.com to learn more on how to effectively and rapidly comply with this legislation. See what the Compliance Playbook(tm) and Compliance Partner(tm) have to offer your company's internal controls over financial reporting project.
