Repackaging a much-loathed U.S. accounting rule for the Canadian market clearly isn’t going over well. The Canadian Securities Administrators’ proposed rule mandating internal control reporting is sparking an avalanche of criticism from the business community.

The CSA, apart from regulators in British Columbia, is essentially following the U.S.
lead and mimicking the provisions of the Sarbanes-Oxley Act’s Sec. 404, which requires companies to maintain adequate internal controls, to audit those controls and disclose any deficiencies. Companies that have been through the process in the U.S.
complain vociferously that the implementation of the section has proven time-consuming and expensive.

Small companies are particularly outraged
with the expense, and regulators appear aware of their concerns. The Securities and Exchange Commission has repeatedly delayed the application of SOX 404 to smaller companies. Following a round table in mid-April, the SEC established an advisory committee to consider the impact of its rules on smaller firms. It also released guidance in mid-May indicating that firms should have more flexibility and discretion in their internal control audits, suggesting that excessive implementation costs were the result of an unnecessarily rigid approach to implementation by firms and their auditors.

The same complaints are rife throughout the comments submitted on the Canadian version of the rule. The Ontario Securities Commission has received more than 40 comment letters on the proposed rule, and the overwhelming majority are critical of the proposal — in some cases, harshly so.

Companies commenting on the rule generally agree that more management attention to internal controls is warranted.
However, they worry that the CSA’s approach fails to consider that the corporate scandals that gave rise to the reform aren’t evident in Canada. Moreover, several commenters note, some of the big corporate scandals, such as Enron Corp. and WorldCom Inc., were actually the result of management fraud and not weak internal controls. As such, neither the SOX 404 requirements nor the CSA version would target the actual problem, they maintain.

“Greed and dubious ethics, not poor internal controls, are the problem,” Walter Ross, chairman of the audit committee of Toronto’s Trimin Capital Corp., wrote in a letter to regulators. “In my view, internal control reporting does not address this primary problem; any marginal improvement in business ethics resulting from the requirement to report on internal controls is not justified by the significant costs of implementation.”

Indeed, the expected costs of implementing the proposed rule, particularly when balanced against uncertain benefits, has many commenters weighing in. Marianne Harrison, executive vice president and controller of Toronto-based Manulife Financial Corp., says the cost to implement SOX 404 at her firm will be in the range of $20 million-$30 million a year. “Although we strongly believe in a well-controlled environment, it is our view that the costs far outweigh the benefits,” she wrote.

The concern for some is that the costs represent an unwarranted transfer of capital from firms and shareholders to their auditors. They worry that capital investment and, ultimately, economic growth will suffer at the hands of onerous internal control requirements.

“Companies such as High Liner [Foods Inc.] are spending disproportionate resources to meet new compliance initiatives,” comments Henry Demone, High Liner’s president and CEO. “It affects an issuer’s ability to spend on profit-generating investments in new machinery and equipment, new products, research and development and other growth initiatives.
These are investments that have a significant multiplier effect on the economy and these will now be reduced, to the direct detriment of investors.”

That fear is echoed by TSX Group Inc. CEO Richard Nesbitt. “Capital that could be put to use growing a smaller Canadian enterprise through exploration of mineral or oil and gas reserves, or in commercializing biotechnology research findings, may be compromised for the sake of compliance costs for which there is no demonstrated benefit,” he warns.

Firms are also fretting at tales of audit fee increases of 50%-100% that U.S. companies have faced as a result of SOX 404. One commenter, Mississauga, Ont.-based Kingsway Financial Services Inc., says auditing firms are taking advantage of the situation. “Public companies are being exploited by the major accounting firms, [which] are using their monopoly position to increase their fee levels significantly,” claims chief financial officer Shaun Jackson. “The current proposals seem to protect auditors against litigation rather than focusing on the manner in which auditors conduct assessments of internal controls.”

@page_break@Kingsway’s letter says more attention should be given to the quality of personnel conducting audits, noting that it has seen a decline in the calibre of such people. It suggests major accounting firms are having trouble recruiting good people due to the huge number of hours they work. Its comment letter requests that if the CSA must go ahead with the proposal, it should regulate or set caps on the hourly rates that accounting firms can charge for their services.

Capping audit fees is just one of many suggestions commenters propose for improving the CSA’s plans. Several suggest that Canada can avoid many of the problems that U.S. firms have encountered by providing a longer implementation period, taking a more risk-based approach to internal controls (as the SEC has conceded), auditing less risky areas less frequently and targeting audits at the enterprise level rather than the process or transaction level. The hope is that the modifications would allow firms to avoid the very costly, detailed compliance exercise that firms in the U.S. have gone through.

“If we focused on a top-down, risk-based approach for internal controls, with emphasis on entity controls, we might get to where the U.S. will get to, but without the detours and with a sounder legislated framework,” comments Harry Schaefer, president of advisory firm Schaefer & Associates and a corporate director.

As a result of a round table held in mid-May, the Institute of Chartered Accountants of Ontario and the Ontario Chamber of Commerce also made recommendation to the CSA and OSC. Among them: publicly commit to following the revised standards of compliance and enforcement that the SEC committed to in May; take a more principles-based approach that would allow firms flexibility in applying the rule; establish a Canadian equivalent to the SEC advisory committee on smaller public companies; and reassure audit firms that the use of reasonable judgment will be recognized and respected by regulators.

While much of the criticism of the CSA’s approach appears to be justified by the U.S.
experience, some of it is self-serving. Small issuers say the rule shouldn’t be adopted but, if it is, it shouldn’t apply to them. Big companies that are already complying with SOX 404 insist that Canadian rules are necessary, and that they should apply to small companies. Auditors, who are the chief beneficiaries of the rule, say that the use of auditors is essential to good internal control reporting. Not only should the rule apply to small companies, they say, but it should apply to companies that may otherwise be exempt because they don’t issue equity.

Wading through the propaganda and paranoia to divine the regulators’ approach is the next step. Former OSC chairman David Brown championed much of the CSA’s SOX-like proposals. Just prior to leaving the commission at the end of June, he told Investment Executive that regulators haven’t decided exactly what the rule will look like, but that they will probably adopt many of the business community’s more mainstream suggestions.

“We heard loudly and clearly that having a management report on internal controls is necessary, [and] having an auditor attestation on a management report is necessary,” he says. “But we need to rethink the direction [in which] the U.S. has gone by trying to focus more on entity controls and adopting a risk-based system to operational controls.”

The CSA will take longer to implement the rule than originally contemplated to allow time to assess the U.S. experience and set the appropriate Canadian direction.
IE