CSA postpones implementation of internal control reporting requirements

Regulators need time to assess developments in U.S.

By: James Langton
July 29, 2005 July 29, 2005
10:20

The Canadian Securities Administrators are planning to put off implementation of controversial internal control reporting requirements until 2007.

In a notice, the CSA says that its timeline for the internal control reporting project is being extended in order to allow sufficient time:

to assess the potential impact of new developments in the U.S.;
to fully consider the submissions from commenters on its proposed rule; and
to respond to concerns from issuers and their advisors regarding the proposed timeline.

The earliest an internal control reporting instrument would apply is for financial years ending on or after June 30, 2007. The CSA adds that it will continue to update market participants on project developments and the timeline.

All CSA jurisdictions, apart from B.C., are proposing to implement internal control reporting provisions that essentially follow the U.S. Sarbanes-Oxley section 404. Under the proposed rule, management of an issuer would be required to evaluate the effectiveness of the issuer’s internal control over financial reporting at the end of its financial year against a suitable control framework. It would also be required to file a management report assessing those controls, and disclosing any deficiencies, and an auditor’s report on the controls.

The CSA published its proposed rule on February 4. The comment period ended June 30. It initially contemplated internal control reporting requirements would be phased in over four years, beginning with financial years ending on June 30, 2006.

The U.S. version of the rule, known as SOX 404, has been criticized as very expensive to implement, and without sufficient benefits. On March 2, the U.S. Securities and Exchange Commission extended the compliance date for foreign private issuers to July 15, 2006. The SEC also held a roundtable discussion on the implementation of the SOX 404 rules on April 13. As a result of those discussions, additional guidance from the SEC and the Public Company Accounting Oversight Board was published on May 16. It proposes to focus more on entity level controls and to take a risk-based approach, rather than the very detailed approach that proved so expensive the first time around in the U.S.