On August 29, 2002, the SEC issued final rules that:
-
Implement the requirement under Section 302 of the Sarbanes-Oxley Act that quarterly and annual reports include certifications of principal executive and financial officers.
-
Require that reporting companies maintain and evaluate disclosure controls and procedures.
Section 302 Certification:
-
Who Must File Certifications. All companies that file periodic reports under Sections 13(a) or 15(d) of the Securities Exchange Act of 1934 must now include in their annual and quarterly reports (including transition reports and amendments) the certifications of their principal executive officers and principal financial officers required by Section 302 of the Sarbanes-Oxley Act. The new rules make clear that the certification requirement applies to:
-
small business issuers;
-
registered investment companies;
-
unit investment trusts;
-
foreign private issuers filing annual reports on Form 20-F and Canadian issuers filing on Form 40-F;
-
banks and savings associations; and
-
issuers of asset-backed securities.
-
Content of Certification. The new rules do not materially alter the content of the certification as required by Section 302 of the Sarbanes-Oxley Act. The form of certification for each of the 10-K and the 10-Q prescribed by the new rules is attached as Annex A. (The forms of certification prescribed for registered investment companies, unit investment trusts, small business investment companies and asset-backed issuers are tailored to those entities and are slightly different). No changes (even inconsequential changes) to the wording of the prescribed form is permitted.
-
GAAP and Beyond. The concept of “fairly present” in the certification statement with respect to financial statements and other financial information is broader than mere compliance with generally accepted accounting principles. A “fair presentation” encompasses not only the selection and application of appropriate accounting policies, but also disclosure of other financial information, including management’s discussion and analysis.
-
Current Reports Not Subject to Certification Requirements. The new rules make clear that Section 302 certifications do not need to be filed in current reports on Form 8-K, even if they include financial statements or other financial information.
-
Location of Certification. The certifications must appear immediately after the signatures section of the report.
-
Certification Signatures. The certifications may not be signed by power of attorney. Additionally, original signature copies must be retained for five years.
-
Section 302 Certification Required in Addition to Section 906 Certification. The certification required by Section 302 is required in addition to the certification required under Section 906 of the Sarbanes-Oxley Act. This means that each covered report must include the Section 302 certification after the signatures section of the report and also be, accompanied by the Section 906 certification.
-
Disclosure Controls and Procedures. The new rules require companies to maintain and regularly evaluate “disclosure controls and procedures.”
-
Disclosure Controls and Procedures Different from Internal Controls. The rules define “disclosure controls and procedures” as controls and other procedures designed to ensure that information required to be disclosed in all periodic and other reports and definitive proxy materials and information statements filed under the Exchange Act is recorded, processed, summarized and reported, within the required time periods. Disclosure controls and procedures include, without limitation, controls and procedures designed to ensure that information required to be disclosed is accumulated and communicated to company management, including the CEO and CFO, as appropriate to permit timely decisions regarding the required disclosure. This newly defined term is distinguished from “internal controls,” which refers to controls relating to financial reporting and control of assets.
-
Maintain and Evaluate Procedures. Companies must:
-
maintain sufficient procedures to provide assurance that the company can collect, process and disclose on a timely basis, both financial and non-financial information required to be disclosed in their periodic and current reports; and
-
within 90 days prior to filing each periodic report, evaluate, under the supervision and with the participation of management, the effectiveness (“of the design and operation of their procedures”).
-
Disclosure Committee. The SEC recommends that companies create disclosure committees that would report to senior management and be responsible for considering the materiality of information and determining disclosure obligations on a timely basis.
-
Disclosure of “Disclosure Controls and Procedures” and “Internal Controls”. Consistent with the required certification statements, companies must disclose in their periodic reports:
-
the CEO/CFO’s conclusions as to the required evaluations of the effectiveness of the disclosure controls and procedures; and
-
whether or not there were significant changes in the internal controls or in other factors that could significantly affect internal controls subsequent to the date of the CEO/CFO evaluations, including any corrective actions with regard to significant deficiencies and material weaknesses.
-
Effectiveness Date. The new rules are effective as of August 29, 2002. Certifications must be included in all reports filed after August 29, 2002, except that certification statements as to disclosure controls and procedures and internal controls (statements 4, 5 and 6) are only required in reports covering periods ended after August 29, 2002. Additionally, the disclosure in the report relating to changes in disclosure procedures and controls is only required in reports covering periods ended after August 29, 2002. Note, however, that the disclosure relating to changes in internal controls must be included in all reports filed after August 29, 2002. The SEC staff has confirmed, on an informal basis, that in determining whether there are any changes to internal controls that need to be reported, companies should consider changes occurring in the prior 12 months. A source to be reviewed by companies in connection with this disclosure obligation are management letters from outside auditors and, in particular, any concerns cited in such letter about internal controls.
-
Certification of Proxy Statements and Other Documents. The SEC is also considering whether certifications should also be required in proxy statements and other documents filed under the Exchange Act and has solicited comments on this question.
Recommendations: Companies should immediately develop and implement procedures designed to ensure that the required certifications can be made, including to establish disclosure controls and procedures in compliance with the new rules. Each company will need to develop a system that makes sense for its particular circumstances; however, the following steps would be reasonable for many companies:
-
Certification Process.
-
Memo on Certification Process. The CEO and CFO would send a memo to the Disclosure Committee (described below) and others in the company who had a direct role in preparing the covered report, explaining the purpose of the certification. That communication would ask each of the recipients to review the covered report and the methods and procedures he or she employed to gather and verify the information for which they were responsible, and to be prepared to attend a meeting at which the reports would be reviewed.
-
Internal Due Diligence Meeting. The internal meeting would include the CEO, CFO, and members of the Disclosure Committee. Others attending the meeting might include, as appropriate, the internal auditor and other company officials and division heads. At the meeting, participants would review the process followed in preparing the report, and the contents of the filing would be discussed, with particular emphasis on compliance with SEC reporting requirements and accounting policies and critical accounting estimates. Some of the items to be considered might include: off-balance sheet items, contingencies, reserves, revenue recognition, liquidity and capital resources, material trends, and differences from the previous report. There should be an adequate opportunity for discussion and questions.
-
Meeting with Independent Accountants. The CEO, CFO, general counsel and other appropriate officials would meet with the independent accountants to discuss items covered by the certification.
-
Audit Committee Meeting. The audit committee would meet with the CEO, CFO and other appropriate officials to discuss items covered by the certification.
-
Disclosure Controls and Procedures.
-
Disclosure Committee. The company should establish a Disclosure Committee that reports to senior management that is responsible for
-
considering the materiality of information and determining disclosure obligations on a timely basis; and
-
overseeing the process for collecting, considering, summarizing and reporting such information.
-
Composition of Disclosure Committee. The officers and employees who might serve on the Disclosure Committee include:
-
the principal accounting officer or controller;
-
the general counsel or other senior legal official with responsibility for disclosure matters;
-
the principal risk management officer;
-
the chief investor relations officer; and
-
other officers or employees, including individuals associated with the company’s business units, as the company deems appropriate.
-
Update Current Controls and Procedures. The company should review, update as appropriate, and put into writing their current procedures with respect to disclosure.
-
Evaluation. Within 90 days prior to filing each periodic report, the Disclosure Committee, the principal executive and financial officers, and other appropriate company officials should hold a meeting to evaluate the disclosure controls and procedures. Items to be considered could include:
-
any material weakness in the control procedures;
-
any other deficiency that could significantly adversely affect the company’s ability to collect, process or disclose on a timely basis required information; and
-
any significant changes in these controls and procedures, including any corrective actions that have been or are being taken with regard to identified significant deficiencies and material weaknesses.
Contact Information
If you have any questions or would like to learn more about the new rules, please contact the lawyer who normally represents you.
Annex A
Form of Section 302 Certification for 10-Q
CERTIFICATIONS1
I, [identify the certifying individual], certify that:
1. I have reviewed this quarterly report on Form 10-Q of [identify registrant];
2. Based on my knowledge, this quarterly report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this quarterly report;
3. Based on my knowledge, the financial statements, and other financial information included in this quarterly report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this quarterly report;
4. The registrant’s other certifying officers and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-14 and 15d-14) for the registrant and we have:
a) designed such disclosure controls and procedures to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this quarterly report is being prepared;
b) to the filing date of this quarterly report (the “Evaluation Date”); and evaluated the effectiveness of the registrant’s disclosure controls and procedures as of a date within 90 days prior
c) presented in this quarterly report our conclusions about the effectiveness of the disclosure controls and procedures based on our evaluation as of the Evaluation Date;
5. The registrant’s other certifying officers and I have disclosed, based on our most recent evaluation, to the registrant’s auditors and the audit committee of registrant’s board of directors (or persons performing the equivalent function):
a) all significant deficiencies in the design or operation of internal controls which could adversely affect the registrant’s ability to record, process, summarize and report financial data and have identified for the registrant’s auditors any material, weaknesses in internal, controls; and
b) any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant’s internal, controls; and
6. The registrant’s other certifying officers and I have indicated in this quarterly report whether or not there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of our most recent evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses.
Date:
[Signature]
1 Provide a separate certification for each principal executive officer and principal financial officer of the registrant. See Rules 13a-14 and 15d-14. The required certification must be in the exact form, set forth above.
Authors
Stay Up To Date with Ropes & Gray
Ropes & Gray attorneys provide timely analysis on legal developments, court decisions and changes in legislation and regulations.
Stay in the loop with all things Ropes & Gray, and find out more about our people, culture, initiatives and everything that’s happening.
We regularly notify our clients and contacts of significant legal developments, news, webinars and teleconferences that affect their industries.