When buying a stock, it’s natural for clients and their advisors to examine the value of the underlying company. Those who are more sophisticated will pore through annual reports and quarterly filings, applying advanced analytical tools. But while it’s important to be rigorous, a more fundamental question should not be overlooked: what’s behind the curtain?

Investors need to have confidence in the financial information that public companies report. Trust can be enhanced when a company implements a system of internal control over financial reporting (ICFR). However, a recent study has found even this is not enough. After U.S.-listed companies began to audit their ICFR, to be in compliance with the Sarbanes-Oxley Act of 2002, 87% of companies were found to have serious deficiencies. In many cases, these were detected shortly after the CEOs and chief financial officers certified the effectiveness of those very same internal controls — as required by section 404 of SOX.

In March 2006, the Canadian Securities Administrators announced they would not follow the U.S.’s lead and implement all SOX provisions. The CSA started by issuing multilateral instruments, the first being MI 52-109, which focused on CEO and CFO certification of annual and quarterly reports. This SOX provison was one of the most controversial, yet Canada moved forward with it. MI 52-109 is also focused on Canadian companies adopting disclosure controls and procedures concerning financial reporting, or ICFR.

A 2005 Canadian federal government report stated, “Section 404 aimed at improving internal controls is laying the groundwork for sounder financial reporting and better investment decisions.” That was a fair statement then — and still is two years later.

The CSA has given deadlines for the design, testing and implementation of these controls. And Canadian publicly-traded companies are rushing into the marketplace to find accountancy firms to help them through this process. But the process has just started.

The CSA chose not to implement all the changes to corporate governance and financial disclosures because the Canadian market is different from the U.S. market and because SOX has been criticized for being hasty, expensive and a work-in-progress. As a result, companies listed only on Canadian exchanges are not required to have their CEO/CFO certifications of ICFR audited, as is required of U.S.-listed companies.

Some argue investors will not have the same confidence in Canadian-listed companies as they do in those listed on U.S. exchanges. They note that while the audit process may be expensive, being exposed to fraud or misstatement in financial statements because of weakness in ICFR may prove a greater expense.

Further, with a number of Canadian companies also subject to SOX through their U.S. listings, we now face a tiered system. What offers more comfort: companies listed only on a Canadian exchange, or Canadian companies that are also listed on a U.S. exchange?

Some investment community members wonder whether a discount should apply to Canadian firms that don’t have their ICFR audited — either voluntarily or under SOX.

Should the CSA reconsider its decision to not require the immediate annual audit of ICFR? All Canadian public companies should act as though SOX, particularly section 404, applies. More accountability and transparency will give investors more confidence.

The benefits of this approach are broader than they first appear. Monty Bhardwaj, a chartered accounted who specializes in investigative and forensic accounting and the leader of Mintz & Partners LLP’s fraud and dispute team, says: “Controls provide safeguards against asset loss and fraud going undetected. This is especially important in smaller companies in which personnel may have a wider range of duties.”

Effective internal controls double as management tools, improving the quality and timeliness of information for making business decisions. But this has taken a backseat, primarily because of cost. Although compliance is costly, the costs are coming down thanks to the lessons learned from SOX. A recent Financial Executives International survey reported that SOX 404 compliance costs have dropped 23% in the past year, mostly because of increased efficiencies.

In May, the U.S. Securities and Exchange Commission provided new guidance that allows public companies under its jurisdiction to focus their attention on their biggest reporting risks, giving CEOs and CFOs more discretion and allowing for fewer tests of ICFR by auditors. Adopting SOX 404-style regulations in Canada would be far less expensive than has been the case in the U.S.

@page_break@It’s a shame we have to challenge the assertions of management in our audit, but confidence is king. We feel as if the pendulum has swung from us being advisors to adversaries.

The era that led to SOX was catastrophic for many investors. Legislation and regulation in the U.S. is returning confidence in U.S. markets — albeit at a cost, financial and otherwise. IE



Allan Cheskes is an assurance and advisory partner with Mintz & Partners LLP in Toronto.