The Canadian Securities Administrators (the CSA) recently announced that, after a protracted comment and review period, they will not continue with plans to implement proposed Multilateral Instrument 52-111 - Reporting on Internal Control over Financial Reporting, the Canadian equivalent of s. 404 of the U.S. Sarbanes Oxley Act. Instead, the CSA are proposing to expand existing Multilateral Instrument 52-109 - Certification of Disclosure in Issuers’ Annual and Interim Filings (MI 52-109 or the Existing Certification Rule). This represents an important departure from the CSA’s previously stated intentions and includes, among other significant changes, the decision to abandon mandated auditor attestation of an issuer’s internal controls over financial reporting.

Pursuant to CSA Notice 52-313, the CSA intend to expand the Existing Certification Rule by requiring the CEO and CFO of a reporting issuer, or persons performing similar functions, to certify in their annual certificates that, as of the end of the financial year, they have:

It is also proposed that issuers include a description of the process used for evaluating the effectiveness of the issuer’s internal control over financial reporting and conclusions about such effectiveness in the corresponding annual MD&A.

Consistent with the current scope of MI 52-109, these new requirements are expected to apply to all reporting issuers other than investment funds to whom MI 52-109 currently applies, with no distinction drawn between non-venture issuers and venture issuers. These reporting issuers, regardless of their capitalization or listing, will likely be required to comply with these additional certification and reporting requirements as of a single implementation date, which is currently expected to be no earlier than in respect of financial years ending on or after December 31, 2007 (i.e. for certificates filed in 2008).  MI 52-109 currently exempts issuers that comply with U.S certification rules from compliance with Canadian certification requirements provided certain conditions are satisfied.  The CSA’s new proposals are not expected to change the availability or application of these exemptions.

These new proposals are not likely to affect the timing or content of existing certification requirements relating to internal or disclosure controls under MI 52-109. Under the Existing Certification Rule, commencing with certificates filed in respect of financial years ending on or after June 30, 2006, CEOs and CFOs, or persons performing similar functions, are required to provide certifications relating to the establishment, maintenance and design of internal controls over financial reporting and confirm that any changes in such controls that have materially affected, or are reasonably likely to materially affect, the issuer’s internal controls over financial reporting, in the issuer’s MD&A.

As has been required for all certificates filed for financial years ending on or after March 31, 2005, CEOs and CFOs will continue to be required to provide certifications as to the design, establishment, maintenance and effectiveness of disclosure controls and procedures, with corresponding disclosure about the effectiveness of such disclosure controls and procedures in the issuer’s annual MD&A.

Under the abandoned internal control certification proposals, issuers would have been required to evaluate the effectiveness of the issuer’s internal control over financial reporting against a suitable control framework and file, with securities regulatory authorities, a report of management on management’s assessment of the effectiveness of such controls, along with a corresponding statement of effectiveness prepared by the issuer’s auditor. Although the CSA will no longer require auditor attestation, they have stated that boards, together with audit committees and management, may want to consider whether the external auditor should be engaged to assist them in discharging their respective duties, specifically in respect of the issuer’s internal controls and review and approval of its MD&A. The CSA have also commented that these changes to the proposed internal control certification requirements do not diminish the external auditor’s existing obligations to (a) understand the issuer’s internal control systems, and (b) read and assess, and take appropriate action where it becomes aware of material misstatements of fact or misrepresentations contained in, material with which it is deemed to be associated (such as MD&A).

According to the CSA, their new proposals are designed to achieve the objectives of quality, reliability and transparency of financial reporting while balancing the associated costs and benefits. The CSA have stated that they intend to monitor implementation to evaluate how well these objectives are being achieved. Based on such review, and on Canadian and international experience with similar certification measures, the CSA have left open the possibility of considering mandated auditor involvement in the internal control certification process.