[Federal Register Volume 68, Number 117 (Wednesday, June 18, 2003)]
[Rules and Regulations]
[Pages 36636-36673]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 03-14640]
[[Page 36635]]
-----------------------------------------------------------------------
Part II
Securities and Exchange Commission
-----------------------------------------------------------------------
17 CFR Parts 210, 228, et al.
Management's Report on Internal Control Over Financial Reporting and
Certification of Disclosure in Exchange Act Periodic Reports; Final
Rule
��Federal Register / Vol. 68, No. 117 / Wednesday, June 18, 2003 /
Rules and Regulations��
[[Page 36636]]
-----------------------------------------------------------------------
SECURITIES AND EXCHANGE COMMISSION
17 CFR Parts 210, 228, 229, 240, 249, 270 and 274
[Release Nos. 33-8238; 34-47986; IC-26068; File Nos. S7-40-02; S7-06-
03]
RIN 3235-AI66 and 3235-AI79
Management's Report on Internal Control Over Financial Reporting
and Certification of Disclosure in Exchange Act Periodic Reports
AGENCY: Securities and Exchange Commission.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: As directed by Section 404 of the Sarbanes-Oxley Act of 2002,
we are adopting rules requiring companies subject to the reporting
requirements of the Securities Exchange Act of 1934, other than
registered investment companies, to include in their annual reports a
report of management on the company's internal control over financial
reporting. The internal control report must include: a statement of
management's responsibility for establishing and maintaining adequate
internal control over financial reporting for the company; management's
assessment of the effectiveness of the company's internal control over
financial reporting as of the end of the company's most recent fiscal
year; a statement identifying the framework used by management to
evaluate the effectiveness of the company's internal control over
financial reporting; and a statement that the registered public
accounting firm that audited the company's financial statements
included in the annual report has issued an attestation report on
management's assessment of the company's internal control over
financial reporting. Under the new rules, a company is required to file
the registered public accounting firm's attestation report as part of
the annual report. Furthermore, we are adding a requirement that
management evaluate any change in the company's internal control over
financial reporting that occurred during a fiscal quarter that has
materially affected, or is reasonably likely to materially affect, the
company's internal control over financial reporting. Finally, we are
adopting amendments to our rules and forms under the Securities
Exchange Act of 1934 and the Investment Company Act of 1940 to revise
the Section 302 certification requirements and to require issuers to
provide the certifications required by Sections 302 and 906 of the
Sarbanes-Oxley Act of 2002 as exhibits to certain periodic reports.
DATES: Effective Date: August 14, 2003.
Compliance Dates: The following compliance dates apply to companies
other than registered investment companies. A company that is an
``accelerated filer,'' as defined in Exchange Act Rule 12b-2, as of the
end of its first fiscal year ending on or after June 15, 2004, must
begin to comply with the management report on internal control over
financial reporting disclosure requirements in its annual report for
that fiscal year. A company that is not an accelerated filer as of the
end of its first fiscal year ending on or after June 15, 2004,
including a foreign private issuer, must begin to comply with the
annual internal control report for its first fiscal year ending on or
after April 15, 2005. A company must begin to comply with the
requirements regarding evaluation of any material change to its
internal control over financial reporting in its first periodic report
due after the first annual report required to include a management
report on internal control over financial reporting. Companies may
voluntarily comply with the new disclosure requirements before the
compliance dates. A company must comply with the new exhibit
requirements for the certifications required by Sections 302 and 906 of
the Sarbanes-Oxley Act of 2002 and changes to the Section 302
certification requirements in its quarterly, semi-annual or annual
report due on or after August 14, 2003. To account for the differences
between the compliance date of the rules relating to internal control
over financial reporting and the effective date of changes to the
language of the Section 302 certification, a company's certifying
officers may temporarily modify the content of their Section 302
certifications to eliminate certain references to internal control over
financial reporting until the compliance date, as further explained in
Section III.E. below.
Registered investment companies must comply with the rule and form
amendments applicable to them on and after August 14, 2003, except as
follows. Registered investment companies must comply with the
amendments to Exchange Act Rules 13a-15(a) and 15d-15(a) and Investment
Company Act Rule 30a-3(a) that require them to maintain internal
control over financial reporting with respect to fiscal years ending on
or after June 15, 2004. In addition, a registered investment company's
certifying officers may temporarily modify the content of their Section
302 certifications to eliminate certain references to internal control
over financial reporting, as further explained in Section II.I. below.
Registered investment companies may voluntarily comply with the rule
and form amendments before the compliance dates.
FOR FURTHER INFORMATION CONTACT: N. Sean Harrison, Special Counsel, or
Andrew D. Thorpe, Special Counsel, Division of Corporation Finance, at
(202) 942-2910, or with respect to registered investment companies,
Christian Broadbent, Senior Counsel, Division of Investment Management,
at (202) 942-0721, or with respect to attestation and auditing issues,
Edmund Bailey, Assistant Chief Accountant, Randolph P. Green,
Professional Accounting Fellow, or Paul Munter, Academic Accounting
Fellow, Office of the Chief Accountant, at (202) 942-4400, U.S.
Securities and Exchange Commission, 450 Fifth Street, NW., Washington,
DC 20549.
SUPPLEMENTARY INFORMATION: We are revising Items 307, 401 and 601 of
Regulations S-B \1\ and S-K; \2\ adding new Item 308 to Regulations S-B
and S-K; amending Form 10-K,\3\ Form 10-KSB,\4\ Form 10-Q,\5\ Form 10-
QSB,\6\ Form 20-F,\7\ Form 40-F,\8\ Rule 12b-15,\9\ Rule 13a-14,\10\
Rule 13a-15,\11\ Rule 15d-14 \12\ and Rule 15d-15 \13\ under the
Securities Exchange Act of 1934 (the ``Exchange Act''); \14\ amending
Rules 1-02 and 2-02 \15\ of Regulation S-X; \16\ amending Rules 8b-
15,\17\ 30a-2 \18\ and 30a-3 \19\ under the Investment Company Act of
1940 (``Investment Company Act''); \20\ and amending Forms N-CSR \21\
and N-SAR \22\ under the Exchange Act and the Investment Company Act.
---------------------------------------------------------------------------
\1\ 17 CFR 228.10 et seq.
\2\ 17 CFR 229.10 et seq.
\3\ 17 CFR 249.310.
\4\ 17 CFR 249.310b.
\5\ 17 CFR 249.308a.
\6\ 17 CFR 249.308b.
\7\ 17 CFR 249.220f.
\8\ 17 CFR 249.240f.
\9\ 17 CFR 240.12b-15.
\10\ 17 CFR 240.13a-14.
\11\ 17 CFR 240.13a-15.
\12\ 17 CFR 140.15d-14.
\13\ 17 CFR 240.15d-15.
\14\ 15 U.S.C. 78a et seq.
\15\ 17 CFR 210.1-02 and 2-02.
\16\ 17 CFR 210.1-01 et seq.
\17\ 17 CFR 270.8b-15.
\18\ 17 CFR 270.30a-2.
\19\ 17 CFR 270.30a-3.
\20\ 15 U.S.C. 80a-1 et seq.
\21\ 17 CFR 249.331; 17 CFR 274.128.
\22\ 17 CFR 249.330; 17 CFR 274.101.
---------------------------------------------------------------------------
Table of Contents
I. Background
[[Page 36637]]
A. Management's Report on Internal Control over Financial
Reporting
B. Certifications
II. Discussion of Amendments Implementing Section 404
A. Definition of Internal Control
1. Proposed Rule
2. Comments on the Proposal
3. Final Rules
B. Management's Annual Assessment of, and Report on, the
Company's Internal Control over Financial Reporting
1. Proposed Rule
2. Comments on the Proposal
3. Final Rules
a. Evaluation of Internal Control over Financial Reporting
b. Auditor Independence Issues
c. Material Weaknesses in Internal Control over Financial
Reporting
d. Method of Evaluating
e. Location of Management's Report
C. Quarterly Evaluations of Internal Control over Financial
Reporting
1. Proposed Rule
2. Comments on the Proposal
3. Final Rules
D. Differences between Internal Control over Financial Reporting
and Disclosure Controls and Procedures
E. Evaluation of Disclosure Controls and Procedures
F. Periodic Disclosure about the Certifying Officers' Evaluation
of the Company's Disclosure Controls and Procedures and Disclosure
about Changes to its Internal Control over Financial Reporting
1. Existing Disclosure Requirements
2. Proposed Amendments to the Disclosure Requirements
3. Final Disclosure Requirements
4. Conclusions Regarding Effectiveness of Disclosure Controls
and Procedures
G. Attestation to Management's Internal Control Report by the
Company's Registered Public Accounting Firm
H. Types of Companies Affected
1. Foreign Private Issuers
2. Asset-Backed Issuers
3. Small Business Issuers
4. Bank and Thrift Holding Companies
I. Registered Investment Companies
J. Transition Period
III. Discussion of Amendments Related to Certifications
A. Proposed Rules
B. Final Rules
C. Effect on Interim Guidance Regarding Filing Procedures
D. Form of Section 302 Certifications
E. Transition Period
IV. Paperwork Reduction Act
V. Cost-Benefit Analysis
VI. Effect on Efficiency, Competition and Capital Formation
VII. Final Regulatory Flexibility Analysis
VIII. Statutory Authority and Text of Rule Amendments
I. Background
A. Management's Report on Internal Control Over Financial Reporting
In this release, we implement Section 404 of the Sarbanes-Oxley Act
of 2002 (the ``Sarbanes-Oxley Act''),\23\ which requires us to
prescribe rules requiring each annual report that a company, other than
a registered investment company,\24\ files pursuant to Section 13(a) or
15(d) of the Exchange Act to contain an internal control report: (1)
Stating management's responsibility for establishing and maintaining an
adequate internal control structure and procedures for financial
reporting; and (2) containing an assessment, as of the end of the
company's most recent fiscal year, of the effectiveness of the
company's internal control structure and procedures for financial
reporting. Section 404 also requires every registered public accounting
firm that prepares or issues an audit report on a company's annual
financial statements to attest to, and report on, the assessment made
by management. The attestation must be made in accordance with
standards for attestation engagements issued or adopted by the Public
Company Accounting Oversight Board (``PCAOB'').\25\ Section 404 further
stipulates that the attestation cannot be the subject of a separate
engagement of the registered public accounting firm.
---------------------------------------------------------------------------
\23\ Pub. L. 107-204, 116 Stat. 745 (2002).
\24\ Section 404 of the Sarbanes-Oxley Act does not apply to any
registered investment company due to an exemption in Section 405 of
the Sarbanes-Oxley Act. See sec. 405 of Pub. L. 107-204, 116 Stat.
745 (2002).
\25\ On April 25, 2003, the Commission approved the PCAOB's
adoption of the auditing and attestation standards in existence as
of April 16, 2003 as interim auditing and attestation standards. See
Release No. 33-8222 (Apr. 25, 2003) [68 FR 23335].
---------------------------------------------------------------------------
We received over 200 comment letters in response to our release
proposing requirements to implement Sections 404, 406 and 407 of the
Sarbanes-Oxley Act.\26\ Of these, 61 respondents commented on the
Section 404 proposals.\27\ These comment letters came from
corporations, professional associations, accountants, law firms,
consultants, academics, investors and others. In general, the
commenters supported the objectives of the proposed new requirements.
Investors supported the manner in which we proposed to achieve these
objectives and, in some cases, urged us to require additional
disclosure from companies. Other commenters, however, thought that we
were requiring more disclosure than necessary to fulfill the mandates
of the Sarbanes-Oxley Act and suggested modifications to the proposals.
We have reviewed and considered all of the comments that we received on
the proposals. The adopted rules reflect many of these comments--we
discuss our conclusions with respect to each topic and related comments
in more detail throughout the release.
---------------------------------------------------------------------------
\26\ Release No. 33-8138 (Oct. 22, 2002) [67 FR 66208]
(``Proposing Release''). The public comments we received can be
viewed in our Public Reference Room at 450 Fifth Street, NW,
Washington, DC 20549, in File No. S7-40-02. Public comments
submitted by electronic mail are available on our Web site, http://www.sec.gov.
\27\ The commenters on File No. S7-40-02 are as follows:
Academics Paul Walker, Ph.D., CPA; Accounting Firms BDO Seidman,
LLP; Deloitte & Touche LLP; Ernst & Young LLP; KPMG LLP;
PricewaterhouseCoopers LLP; Associations America's Community
Bankers; American Bankers Association; American Bar Association;
American Corporate Counsel Association; American Institute of
Certified Public Accountants; Association for Financial
Professionals; the Association of the Bar of the City of New York;
Association for Investment Management and Research; the Business
Roundtable; Community Bankers Association of New York State; Edison
Electric Institute; Financial Executives International; Independent
Community Bankers of America; the Institute of Internal Auditors;
Maine Bankers Association; Manufacturers Alliance/MAPI Inc.;
Massachusetts Bankers Association; National Association of Real
Estate Investment Trusts; New York Bankers Association; New York
County Lawyers' Association; New York State Bar Association;
Software & Information Industry Association; Software Finance and
Tax Executives Council; Wisconsin Bankers Association; Corporations
Cardinal Health, Inc.; Compass Bancshares, Inc.; Computer Sciences
Corporation; Eastman Kodak Company; Eli Lilly and Company; Emerson
Electric Co.; Executive Responsibility Advisors, LLC; Greif Bros.;
Intel Corporation; International Paper Company; Protiviti;
Government Entities Federal Reserve Bank of Atlanta; Small Business
Administration; Law Firms Dykema Gossett PLLC; Karr Tuttle Campbell;
Fried, Frank, Harris, Shriver and Jacobson; Sutherland, Asbill &
Brennan LLP; Individuals Thomas Damman; D. Scott Huggins; Tim J.
Leech; Simon Lorne; Ralph Saul; Lee Squire; Robert J. Stuckey;
Foreign Companies Siemens Aktiengesellcraft; International Entities
British Bankers Association; British Embassy; Canadian Bankers
Association; Confederation of British Industry; European Commission;
Institute of Chartered Accountants of England and Wales.
---------------------------------------------------------------------------
B. Certifications
We also are adopting amendments to require companies to file the
certifications mandated by Sections 302 and 906 of the Sarbanes-Oxley
Act as exhibits to annual, semi-annual and quarterly reports. Section
302 required the Commission to adopt final rules that were to be
effective by August 29, 2002, under which the principal executive and
principal financial officers, or persons performing similar functions,
of a company filing periodic reports under Section 13(a) or 15(d) of
the Exchange Act \28\ must provide a certification in
[[Page 36638]]
each quarterly and annual report filed with the Commission. Section 906
of the Sarbanes-Oxley Act added new Section 1350 to Title 18 of the
United States Code,\29\ which contains a certification requirement
subject to specific federal criminal provisions and that is separate
and distinct from the certification requirement mandated by Section
302.\30\ On August 28, 2002, we adopted Exchange Act Rules 13a-14 and
15d-14 and Investment Company Act Rule 30a-2 and amended our periodic
report forms to implement the statutory directive in Section 302.\31\
These rules and amendments became effective on August 29, 2002. On
January 27, 2003, we adopted Form N-CSR to be used by registered
management investment companies to file certified shareholder reports
with the Commission.\32\ The provisions added to Title 18 by Section
906 were by their terms effective on enactment of the Sarbanes-Oxley
Act.
---------------------------------------------------------------------------
\28\ 15 U.S.C. 78m(a) or 78o(d). Section 13(a) of the Exchange
Act requires every issuer of a security registered pursuant to
Section 12 of the Exchange Act [15 U.S.C. 78l] to file with the
Commission such annual reports and such quarterly reports as the
Commission may prescribe. Section 15(d) of the Exchange Act requires
each issuer that has filed a registration statement that has become
effective pursuant to the Securities Act of 1933 [15 U.S.C. 77a et
seq.] (the ``Securities Act'') to file such supplementary and
periodic information, documents and reports as may be required
pursuant to Section 13 in respect of a security registered pursuant
to Section 12, unless the duty to file under Section 15(d) has been
suspended for any fiscal year. See Exchange Act Rule 12h-3 [17 CFR
240.12h-3].
\29\ 29 18 U.S.C. 1350.
\30\ See Release No. 34-46300 (Aug. 2, 2002) [67 FR 51508] at n.
11, containing supplemental information on the Commission's original
certification proposal in light of the enactment of the Sarbanes-
Oxley Act of 2002.
\31\ See Release No. 33-8124 (Aug. 28, 2002) [67 FR 57276].
\32\ See Release No. IC-25914 (Jan. 27, 2003) [68 FR 5348].
---------------------------------------------------------------------------
To enhance the ability of interested parties to effectively access
the certifications through our Electronic Data Gathering, Analysis and
Retrieval (``EDGAR'') system and thereby enhance compliance with the
certification requirements, we proposed to amend our rules and forms to
require a company to file the certifications as an exhibit to the
periodic reports to which they relate.\33\ The proposals addressed both
Section 302 and 906 certifications. After discussions with the
Department of Justice, we concluded that, in light of the inconsistent
methods that companies have been employing to fulfill their obligations
under Section 906,\34\ an exhibit requirement would consistently enable
investors and the Commission staff, as well as the Department of
Justice, to more effectively monitor compliance with this certification
requirement.
---------------------------------------------------------------------------
\33\ See Release No. 33-8212 (Mar. 21, 2003) [68 FR 15600].
\34\ These methods have included: (1) Submitting the statement
as non-public paper correspondence; (2) submitting the statement as
non-public electronic correspondence with the EDGAR filing of the
periodic report; (3) submitting the statement under (1) or (2) above
supplemented by an Item 9 Form 8-K report so that the statement is
publicly available; (4) submitting the statement as an exhibit to
the periodic report; and (5) submitting the statement in the text of
the periodic report (typically, below the signature block for the
report).
---------------------------------------------------------------------------
II. Discussion of Amendments Implementing Section 404
A. Definition of Internal Control
1. Proposed Rule
The proposed rules would have defined the term ``internal controls
and procedures for financial reporting'' \35\ to mean controls that
pertain to the preparation of financial statements for external
purposes that are fairly presented in conformity with generally
accepted accounting principles as addressed by the Codification of
Statements on Auditing Standards Sec. 319 or any superseding
definition or other literature that is issued or adopted by the Public
Company Accounting Oversight Board.
---------------------------------------------------------------------------
\35\ We proposed to use this term throughout the rules
implementing the annual internal control report requirements of
Section 404 of the Sarbanes-Oxley Act, as well as the revised
Sarbanes-Oxley Section 302 certification requirements, to complement
the defined term ``disclosure controls and procedures'' referred to
in the Section 302 requirements. Congress used the term ``internal
controls'' in Section 302 and ``internal control structure and
procedures for financial reporting'' in Section 404.
---------------------------------------------------------------------------
As noted in the Proposing Release, there has been some confusion
over the exact meaning and scope of the term ``internal control,''
because the definition of the term has evolved over time. Historically,
the term ``internal control'' was applied almost exclusively within the
accounting profession.\36\ As the auditing of financial statements
evolved from a process of detailed testing of transactions and account
balances towards a process of sampling and testing, greater
consideration of a company's internal controls became necessary in
planning an audit.\37\ If an internal control component had been
adequately designed, then the auditor could limit further consideration
of that control to procedures to determine whether the control had been
placed in operation. Accordingly, the auditor could rely on the control
to serve as a basis to reduce the amount, timing or extent of
substantive testing in the execution of an audit. Conversely, if an
auditor determined that an internal control component was inadequate in
its design or operation, then the auditor could not rely upon that
control. In this instance, the auditor would conduct tests of
transactions and perform additional analyses in order to accumulate
sufficient, competent audit evidence to support its opinion on the
financial statements.
---------------------------------------------------------------------------
\36\ For a history of the development of internal control
standards, see Steven J. Root, Beyond COSO--Internal Control to
Enhance Corporate Governance (1998).
\37\ In 1941, the Commission adopted amendments to Rules 2-02
and 3-07 of Regulation S-X that formally codified this practice. See
Accounting Series Release No. 21 (Feb. 5, 1941) [11 FR 10921].
---------------------------------------------------------------------------
From the outset, it was recognized that internal control is a broad
concept that extends beyond the accounting functions of a company.
Early attempts to define the term focused primarily on clarifying the
portion of a company's internal control that an auditor should consider
when planning and performing an audit of a company's financial
statements.\38\ However, this did not improve the level of
understanding of the term, nor satisfactorily provide the guidance
sought by auditors. Successive definitions and formal studies of the
concept of internal control followed.
---------------------------------------------------------------------------
\38\ An early definition for the term appeared in Internal
Control--Elements Of a Coordinated System and Its Importance to
Management and the Independent Public Accountant, a report published
in 1949 by the American Institute of Accountants, the predecessor to
the American Institute of Certified Public Accountants (``AICPA'').
The report defined internal control to mean ``the plan of
organization and all of the coordinate methods and measures adopted
within a business to safeguard its assets, check the accuracy and
reliability of its accounting data, promote operational efficiency,
and encourage adherence to prescribed managerial policies.''
Subsequent definitions of the term attempted to clarify the
distinction by labeling the controls relevant to an audit as
``internal accounting controls'' and the non-accounting controls as
``administrative controls.'' The AICPA officially dropped these
distinctions in 1988. See Root, at p. 76.
---------------------------------------------------------------------------
In 1977, based on recommendations of the Commission, Congress
enacted the Foreign Corrupt Practices Act (``FCPA'').\39\ The FCPA
codified the accounting control provisions contained in Statement of
Auditing Standards No. 1 (codified as AU Sec. 320 in the Codification
of Statements on Auditing Standards). Under the FCPA, companies that
have a class of securities registered under Section 12 of the Exchange
Act, or that are required to file reports under Section 15(d) of the
Exchange Act, are required to devise and maintain a
[[Page 36639]]
system of internal accounting controls sufficient to provide reasonable
assurances that:
---------------------------------------------------------------------------
\39\ Title I of Pub. L. 95-213 (1977). Beginning in 1973, as a
result of the work of the Office of the Watergate Special
Prosecutor, the Commission became aware of a pattern of conduct
involving the use of corporate funds for illegal domestic political
contributions. A subsequent Commission investigation revealed that
instances of undisclosed questionable or illegal corporate
payments--both domestic and foreign--were widespread. On May 12,
1976, the Commission submitted to the Senate Banking, Housing and
Urban Affairs Committee a report entitled Report on Questionable and
Illegal Corporate Payments and Practices. The report described and
analyzed the Commission's investigation concerning improper
corporate payments and outlined legislative and other responses that
the Commission recommended to remedy these problems. One of the
Commission's recommendations was that Congress enact legislation
aimed expressly at enhancing the accuracy of the corporate books and
records and the reliability of the audit process.
---------------------------------------------------------------------------
[sbull] transactions are executed in accordance with management's
general or specific authorization;
[sbull] transactions are recorded as necessary (1) to permit
preparation of financial statements in conformity with generally
accepted accounting principles or any other criteria applicable to such
statements, and (2) to maintain accountability for assets;
[sbull] access to assets is permitted only in accordance with
management's general or specific authorization; and
[sbull] the recorded accountability for assets is compared with the
existing assets at reasonable intervals and appropriate action is taken
with respect to any differences.\40\
---------------------------------------------------------------------------
\40\ See Exchange Act Section 13(b)(2) [15 U.S.C. 78m(b)(2)].
---------------------------------------------------------------------------
In 1985, a private-sector initiative known as the National
Commission on Fraudulent Financial Reporting, also known as the
Treadway Commission, was formed to study the financial reporting system
in the United States. In 1987, the Treadway Commission issued a report
recommending that its sponsoring organizations work together to
integrate the various internal control concepts and definitions and to
develop a common reference point.
In response, the Committee of Sponsoring Organizations of the
Treadway Commission (``COSO'') \41\ undertook an extensive study of
internal control to establish a common definition that would serve the
needs of companies, independent public accountants, legislators and
regulatory agencies, and to provide a broad framework of criteria
against which companies could evaluate the effectiveness of their
internal control systems. In 1992, COSO published its Internal
Control--Integrated Framework.\42\ The COSO Framework defined internal
control as ``a process, effected by an entity's board of directors,
management and other personnel, designed to provide reasonable
assurance regarding the achievement of objectives'' in three
categories--effectiveness and efficiency of operations; reliability of
financial reporting; and compliance with applicable laws and
regulations. COSO further stated that internal control consists of: the
control environment, risk assessment, control activities, information
and communication, and monitoring. The scope of internal control
therefore extends to policies, plans, procedures, processes, systems,
activities, functions, projects, initiatives, and endeavors of all
types at all levels of a company.
---------------------------------------------------------------------------
\41\ The Treadway Commission was sponsored by the AICPA, the
American Accounting Association, the Financial Executives
International (formerly Financial Executives Institute), the
Institute of Internal Auditors and the Institute of Management
Accountants (formerly the National Association of Accountants). The
Treadway Commission's report, the Report of the National Commission
on Fraudulent Financial Reporting (Oct. 1987), is available at
www.coso.org.
\42\ See COSO, Internal Control--Integrated Framework (1992)
(``COSO Report''). In 1994, COSO published an addendum to the
Reporting to External Parties volume of the COSO Report. The
addendum discusses the issue of, and provides a vehicle for,
expanding the scope of a public management report on internal
control to address additional controls pertaining to safeguarding of
assets. In 1996, COSO issued a supplement to its original framework
to address the application of internal control over financial
derivative activities.
---------------------------------------------------------------------------
In 1995, the AICPA incorporated the definition of internal control
set forth in the COSO Report in Statement on Auditing Standards No. 78
(codified as AU Sec. 319 in the Codification of Statements on Auditing
Standards).\43\ Although we recognized that the AU Sec. 319 definition
was derived from the COSO definition, our proposal referred to AU Sec.
319 because we thought that the former constituted a more formal and
widely-accessible version of the definition than the latter.
---------------------------------------------------------------------------
\43\ Auditing Standards Board, AICPA, Statement on Auditing
Standards No. 78, Consideration of Internal Control in a Financial
Statement Audit: An Amendment to Statement on Auditing Standards No.
55 (1995).
---------------------------------------------------------------------------
2. Comments on the Proposal
We received comments from 25 commenters on the proposed definition
of ``internal control and procedures for financial reporting.'' Eleven
commenters stated that the proposed definition of internal control was
appropriate or generally agreed with the proposal.\44\ Two of these
noted that the definition in AU Sec. 319 had been adopted by the bank
regulatory agencies for use by banking institutions.\45\ Fourteen of
the 25 commenters opposed the proposed definition. Two of these
asserted that the proposed definition was too complex and would not
resolve the confusion that existed over the meaning or scope of the
term.
---------------------------------------------------------------------------
\44\ See letters regarding File No. S7-40-02 of: America's
Community Bankers (``ACB''); American Corporate Counsel Association
(``ACCA''); American Institute of Certified Public Accountants
(``AICPA''); Compass Bancshares, Inc. (``Compass''); Computer
Sciences Corporation (``CSC''); the Edison Electric Institute
(``EEI''); the Independent Community Bankers of America (``ICBA'');
the Institute of Internal Auditors (``IIA''); the Association of the
Bar of the City of New York, Committee on Corporate Law (``NYCB-
CCL''); Protiviti; and Siemens AG.
\45\ See letters regarding File No. S7-40-02 of ACB and ICBA.
---------------------------------------------------------------------------
Several of the commenters that were opposed to the proposed
definition thought that we should refer to COSO for the definition of
internal control, rather than AU Sec. 319.46 Some of these
commenters noted that the objective of AU Sec. 319 is to provide
guidance to auditors regarding their consideration of internal control
in planning and performing an audit of financial statements. The common
concern of these commenters was that AU Sec. 319 does not provide any
measure or standard by which a company's management can determine that
internal control is effective, nor does it define what constitutes
effective internal control. One commenter believed that absent such
evaluative criteria or definition of effectiveness, the proposed rules
could not be implemented effectively.47 In addition, several
of the commenters opposed to the proposed definition suggested that we
use the term ``internal control over financial reporting'' rather than
the term ``internal controls and procedures for financial
reporting,''48 on the ground that the former is more
consistent with the terminology currently used within the auditing
literature.
---------------------------------------------------------------------------
\46\ See letters regarding File No. S7-40-02 of: the American
Bar Association, Committee on the Federal Regulation of Securities
and the Committee on Law and Accounting (``ABA''); the Federal
Reserve Bank of Atlanta (``FED''); IIA; Simon Lorne (``Lorne''); and
Pricewaterhouse Coopers LLP (``PwC'').
\47\ See ABA letter regarding File No. S7-40-02.
\48\ See letters regarding File No. S7-40-02 of: AICPA; Compass;
Deloitte & Touche LLP (``D&T''); IIA; KPMG LLP (``KPMG''); and PwC.
---------------------------------------------------------------------------
A few of the commenters urged us to adopt a considerably broader
definition of internal control that would focus not only on internal
control over financial reporting, but also on internal control
objectives associated with enterprise risk management and corporate
governance. While we agree that these are important objectives, the
definition that we are adopting retains a focus on financial reporting,
consistent with our position articulated in the Proposing Release. We
are not adopting a more expansive definition of internal control for a
variety of reasons. Most important, we believe that Section 404 focuses
on the element of internal control that relates to financial reporting.
In addition, many commenters indicated that even the more limited
definition related to financial reporting that we proposed will impose
substantial reporting and cost burdens on companies. Finally,
independent accountants traditionally have not been responsible for
reviewing and testing, or attesting to an assessment by management of,
internal controls that
[[Page 36640]]
are outside the boundary of financial reporting.
3. Final Rules
After consideration of the comments, we have decided to make
several modifications to the proposed amendments. We agree that we
should use the term ``internal control over financial reporting'' in
our amendments to implement Section 404, as well as our revisions to
the Section 302 certification requirements and forms of
certification.\49\ Rapidly changing terminology has been one obstacle
in the development of an accepted understanding of internal control.
The term ``internal control over financial reporting'' is the
predominant term used by companies and auditors and best encompasses
the objectives of the Sarbanes-Oxley Act. In addition, by using this
term, we avoid having to familiarize investors, companies and auditors
with new terminology, which should lessen any confusion that may exist
about the meaning and scope of internal control.
---------------------------------------------------------------------------
\49\ See new Item 308 of Regulations S-K and S-B, amended Items
1-02 and 2-02 of Regulation S-X; amended Items 307and 401 of
Regulations S-K and S-B; amended Exchange Act Rules 13a-14, 13a-15,
15d-14 and 15d-15; and amended Forms 20-F and 40-F.
---------------------------------------------------------------------------
The final rules define ``internal control over financial
reporting'' as:
A process designed by, or under the supervision of, the
registrant's principal executive and principal financial officers,
or persons performing similar functions, and effected by the
registrant's board of directors,\50\ management and other personnel,
to provide reasonable assurance regarding the reliability of
financial reporting and the preparation of financial statements for
external purposes in accordance with generally accepted accounting
principles and includes those policies and procedures that:
---------------------------------------------------------------------------
\50\ The COSO Report states that the composition of a company's
board and audit committee, and how the directors fulfill their
responsibilities related to the financial reporting process, are key
aspects of the company's control environment. An important element
of the company's internal control over financial reporting ``* * *
is the involvement of the board or audit committee in overseeing the
financial reporting process, including assessing the reasonableness
of management's accounting judgments and estimates and reviewing key
filings with regulatory agencies.'' See COSO Report at 130. The
Commission similarly has stated in the past that both a company's
management and board have important roles to play in establishing a
supportive control environment. In its 1981 Statement of Policy
regarding the FCPA, the Commission stated, ``In the last analysis,
the key to an adequate 'control environment' is an approach on the
part of the board and top management which makes clear what is
expected and that conformity to these expectations will be rewarded
while breaches will be punished.'' See Release No. 34-17500 (Jan.
29, 1981) [46 FR 11544].
---------------------------------------------------------------------------
(1) Pertain to the maintenance of records that in reasonable
detail accurately and fairly reflect the transactions and
dispositions of the assets of the registrant;
(2) Provide reasonable assurance that transactions are recorded
as necessary to permit preparation of financial statements in
accordance with generally accepted accounting principles, and that
receipts and expenditures of the registrant are being made only in
accordance with authorizations of management and directors of the
registrant; and
(3) Provide reasonable assurance regarding prevention or timely
detection of unauthorized acquisition, use or disposition of the
registrant's assets that could have a material effect on the
financial statements.\51\
---------------------------------------------------------------------------
\51\ See amended Exchange Act Rules 13a-14(d) and 15d-14(d). The
scope of the term ``preparation of financial statements in
accordance with generally accepted accounting principles'' in the
definition encompasses financial statements prepared for regulatory
reporting purposes.
We recognize that our definition of the term ``internal control
over financial reporting'' reflected in the final rules encompasses the
subset of internal controls addressed in the COSO Report that pertains
to financial reporting objectives. Our definition does not encompass
the elements of the COSO Report definition that relate to effectiveness
and efficiency of a company's operations and a company's compliance
with applicable laws and regulations, with the exception of compliance
with the applicable laws and regulations directly related to the
preparation of financial statements, such as the Commission's financial
reporting requirements.\52\ Our definition is consistent with the
description of internal accounting controls in Exchange Act Section
13(b)(2)(B).\53\
---------------------------------------------------------------------------
\52\ Codification of Statements on Auditing Standards Section
317 requires auditors to consider a company's compliance with laws
and regulations that have a direct and material effect on the
financial statements.
\53\ 15 U.S.C. 78m(b)(2)(B).
---------------------------------------------------------------------------
Following the general language defining internal control over
financial reporting, clauses (1) and (2) include the internal control
matters described in Section 103 of the Sarbanes-Oxley Act that the
company's registered public accounting firm is required to evaluate in
its audit or attestation report.\54\ This language is included to make
clear that the assessment of management in its internal control report
as to which the company's registered public accounting firm will be
required to attest and report specifically covers the matters
referenced in Section 103. A few commenters believed that it would
cause confusion if the definition of internal control did not
acknowledge the objectives set forth in Section 103 of the Sarbanes-
Oxley Act. As discussed in Section II.G below, the PCAOB is responsible
for establishing the Section 103 standards.
---------------------------------------------------------------------------
\54\ Section 103 of the Sarbanes-Oxley Act requires the PCAOB to
establish by rule standards to be used by registered public
accounting firms in the preparation and issuance of audit reports.
In carrying out this responsibility, the PCAOB must include in the
auditing standards that it adopts, among other things: a requirement
that each registered public accounting firm describe in each audit
report the scope of its testing of the company's internal control
structure and procedures performed in fulfilling its internal
control evaluation and reporting required by Section 404(b) of the
Sarbanes-Oxley Act; present in the audit report (or attestation
report) its findings from such testing; and an evaluation of whether
the company's internal control structure and procedures: (1) Include
maintenance of records that in reasonable detail accurately and
fairly reflect the transactions and dispositions of the company's
assets; and (2) provide reasonable assurance that transactions are
recorded as necessary to permit preparation of financial statements
in accordance with generally accepted accounting principles, and
that receipts and expenditures of the company are being made only in
accordance with the authorization of management and directors of the
company. In the audit report (or attestation report), the registered
public accounting firm also must describe, at a minimum, material
weaknesses in such internal controls and any material noncompliance
found on the basis of such testing. See Sections
103(a)(2)(A)(iii)(I), (II) and (III) of the Sarbanes-Oxley Act. See
also, Interim Professional Attestation Standards Rule 3300T, adopted
in PCAOB Release No. 2003-006 (Apr. 18, 2003), and approved by the
Commission on April 25, 2003.
---------------------------------------------------------------------------
Our definition also includes, in clause (3), explicit reference to
assurances regarding use or disposition of the company's assets. This
provision is specifically included to make clear that, for purposes of
our definition, the safeguarding of assets is one of the elements of
internal control over financial reporting and it addresses the
supplementation of the COSO Framework after it was originally
promulgated. In the absence of our change to the definition, the
determination of whether control regarding the safeguarding of assets
falls within a company's internal control over financial reporting
currently could be subject to varying interpretation.
Safeguarding of assets had been a primary objective of internal
accounting control in SAS No. 1. In 1988, the ASB issued Statement of
Auditing Standards No. 55 (codified as AU Sec. 319 in the Codification
of Statements on Auditing Standards), which replaced AU Sec. 320. SAS
No. 55 revised the definition of ``internal control'' and expanded
auditors' responsibilities for considering internal control in a
financial statement audit. The prior classification of internal control
into the two categories of ``internal accounting control'' and
``administrative control'' was replaced with the single term ``internal
control structure,'' which consisted of three interrelated components--
control environment, the accounting system and control procedures.
Under this new
[[Page 36641]]
definition, the safeguarding of assets was no longer a primary
objective, but a subset of the control procedures component.\55\ The
COSO Report followed this shift in the iteration of safeguarding of
assets. The COSO Report states that operations objectives ``pertain to
effectiveness and efficiency of the entity's operations, including
performance and profitability goals and safeguarding resources against
loss.'' \56\ However, the report also clarifies that safeguarding of
assets can fall within other categories of internal control.\57\
---------------------------------------------------------------------------
\55\ Control procedures were described as policies and
procedures in addition to the control environment and accounting
system that management established to provide reasonable assurance
that specific entity objectives will be achieved. SAS 55 also states
that control procedures may generally be categorized as procedures
that include, among other things, ``adequate safeguards over access
to and use of assets and records, such as secured facilities and
authorization for access to computer programs and data files.'' See
Statement on Auditing Standards No. 55, paragraph no. 11.
\56\ See COSO ``Addendum to Reporting to External Parties,''
Internal Control--Integrated Framework, (1994) (``1994 Addendum'')
at p. 154.
\57\ The COSO Report states: ``Although these [objectives
relating to safeguarding of resources] are primarily operations
objectives, certain aspects of safeguarding can fall under other
categories * * * [T]he goal of ensuring that any such asset losses
are properly reflected in the entity's financial statements
represents a financial reporting objective.'' The category in which
an objective falls can sometimes depend on the circumstances.
Continuing the discussion of safeguarding of assets, controls to
prevent theft of assets--such as maintaining a fence around
inventory and a gatekeeper verifying proper authorization of
requests for movement of goods--fall under the operations category.
These controls normally would not be relevant to the reliability of
financial statement preparation, because any inventory losses would
be detected pursuant to periodic physical inspection and recorded in
the financial statements. However, if for financial reporting
purposes management relies solely on perpetual inventory records, as
may be the case for interim reporting, the physical security
controls would then also fall within the financial reporting
category. This is because these physical security controls, along
with other controls over the perpetual inventory records, would be
needed to ensure reliable financial reporting. Id. at 37.
---------------------------------------------------------------------------
In 1994, COSO published an addendum to the Reporting to External
Parties volume of the COSO Report. The addendum was issued in response
to a concern expressed by some parties, including the U.S. General
Accounting Office, that the management reports contemplated by the COSO
Report did not adequately address controls relating to safeguarding of
assets and therefore would not fully respond to the requirements of the
FCPA.\58\ In the addendum, COSO concluded that while it believed its
definition of internal control in its 1992 report remained appropriate,
it recognized that the FCPA encompasses certain controls related to
safeguarding of assets and that there is a reasonable expectation on
the part of some readers of management's internal control reports that
the reports will cover such controls. The addendum therefore sets forth
the following definition of the term ``internal control over
safeguarding of assets against unauthorized acquisition, use or
disposition'':
---------------------------------------------------------------------------
\58\ As stated in n. 1 to the 1994 Addendum, the FCPA requires
companies, among other things, to ``devise and maintain a system of
internal accounting controls sufficient to provide reasonable
assurances that (i) transactions are executed in accordance with
management's general or specific authorization; (ii) transactions
are recorded as necessary * * * to maintain accountability for
assets; (iii) access to assets is permitted only in accordance with
management's general or specific authorization; and (iv) the
recorded accountability for assets is compared with the existing
assets at reasonable intervals and appropriate action is taken with
respect to any differences.''
Internal control over safeguarding of assets against
unauthorized acquisition, use or disposition is a process, effected
by an entity's board of directors, management and other personnel,
designed to provide reasonable assurance regarding prevention or
timely detection of unauthorized acquisition, use or disposition of
the entity's assets that could have a material effect on the
---------------------------------------------------------------------------
financial statements.
As indicated above, to achieve the desired result and to provide
consistency with COSO's 1994 addendum, we have incorporated this
definition into our definition of ``internal control over financial
reporting.'' We are persuaded that this is appropriate given the fact
that our definition will be used for purposes of public management
reporting, and that the companies that will be subject to the Section
404 requirements also are subject to the FCPA requirements. So, under
the final rules, safeguarding of assets as provided is specifically
included in our definition of ``internal control over financial
reporting.''
B. Management's Annual Assessment of, and Report on, the Company's
Internal Control Over Financial Reporting
1. Proposed Rule
We proposed to amend Item 307 of Regulations S-K and S-B, as well
as Forms 20-F and 40-F, to require a company's annual report to include
an internal control report of management containing:
[sbull] A statement of management's responsibility for establishing
and maintaining adequate internal controls and procedures for financial
reporting;
[sbull] The conclusions of management about the effectiveness of
the company's internal controls and procedures for financial reporting
based on management's evaluation of those controls and procedures; and
[sbull] A statement that the registered public accounting firm that
prepared or issued the company's audit report relating to the financial
statements included in the company's annual report has attested to, and
reported on, management's evaluation of the company's internal controls
and procedures for financial reporting.
The proposed amendments did not list any additional disclosure
requirements for the management report, but rather would have afforded
management the flexibility to tailor the report to fit its company's
particular circumstances.
2. Comments on the Proposal
We received comments from 17 commenters on our proposed annual
internal control report requirements. All of these commenters believed,
in varying degrees, that we should set forth additional disclosure
criteria or standards for the management report. Nine commenters stated
that we should provide guidance as to the topics to be addressed in the
management report, or specify standards or a common set of internal
control objectives to be considered by management when assessing the
effectiveness of its company's internal control over financial
reporting to ensure that control objectives are addressed in a
consistent fashion.\59\ These commenters believed that consistent
standards for management's report on internal control would help
investors to understand and compare the quality of various management
internal control reports.
---------------------------------------------------------------------------
\59\ See letters regarding File No. S7-40-02 of: ABA; CSC; EEI;
FED; Eastman Kodak Co. (``Kodak''); KPMG; Protiviti; and PwC.
---------------------------------------------------------------------------
Several commenters also thought that we should require management's
internal control report to include certain recitations that would
parallel recitations that the registered public accounting firm would
have to make in its report attesting to management's assessment.\60\
Additional commenters believed that the management report on internal
control should specifically reference the objectives contained in
Section 103 of the Sarbanes-Oxley Act.\61\ Furthermore, although
Section 404(b) of the Sarbanes-Oxley Act does not explicitly direct us
to require companies to file the registered public accounting firms'
attestation reports as part of the companies' annual report filings, we
proposed a filing
[[Page 36642]]
requirement that most of those commenting on this aspect of the
proposal supported.
---------------------------------------------------------------------------
\60\ See letters regarding File No. S7-40-02 of: ACCA and
Financial Executives Institute (``FEI'').
\61\ See letters regarding File No. S7-40-02 of: AICPA; BDO
Seidman, LLP (``BDO''); D&T; Ernst & Young LLP (``E&Y''); KPMG; and
PwC.
---------------------------------------------------------------------------
3. Final Rules
After evaluating the comments received, we are adopting the
proposals with several modifications. The final rules require a
company's annual report to include an internal control report of
management that contains:
[sbull] A statement of management's responsibility for establishing
and maintaining adequate internal control over financial reporting for
the company;
[sbull] A statement identifying the framework used by management to
conduct the required evaluation of the effectiveness of the company's
internal control over financial reporting;
[sbull] Management's assessment of the effectiveness of the
company's internal control over financial reporting as of the end of
the company's most recent fiscal year, including a statement as to
whether or not the company's internal control over financial reporting
is effective.\62\ The assessment must include disclosure of any
``material weaknesses'' \63\ in the company's internal control over
financial reporting identified by management. Management is not
permitted to conclude that the company's internal control over
financial reporting is effective if there are one or more material
weaknesses in the company's internal control over financial reporting;
and
---------------------------------------------------------------------------
\62\ Management must state whether or not the company's internal
control over financial reporting is effective. A negative assurance
statement indicating that nothing has come to management's attention
to suggest that the company's internal control over financial
reporting is not effective will not be acceptable.
\63\ A ``material weakness'' is defined in Statement on Auditing
Standards No. 60 (codified in Codification of Statements on Auditing
Standards AU Sec. 325) as a reportable condition in which the
design or operation of one or more of the internal control
components does not reduce to a relatively low level the risk that
misstatements caused by errors or fraud in amounts that would be
material in relation to the financial statements being audited may
occur and not be detected within a timely period by employees in the
normal course of performing their assigned functions. See discussion
in Section II.B.3.b. below.
---------------------------------------------------------------------------
[sbull] A statement that the registered public accounting firm that
audited the financial statements included in the annual report has
issued an attestation report on management's assessment of the
registrant's internal control over financial reporting.\64\
---------------------------------------------------------------------------
\64\ See new Item 308 of Regulations S-B and S-K, Item 15 of
Form 20-F and General Instruction B(6) of Form 40-F.
As proposed, our final rules also require a company to file, as part of
the company's annual report, the attestation report of the registered
public accounting firm that audited the company's financial statements.
a. Evaluation of Internal Control Over Financial Reporting
In the Proposing Release, we requested comment on whether we should
establish specific evaluative criteria for management's report on
internal control. All of the commenters responding to this request
supported the establishment of such evaluative criteria in order to
improve comparability among the standards used by companies to conduct
their annual internal control evaluations.\65\ Several commenters
believed that we either should adopt the COSO Framework as the means by
which management must evaluate its company's internal control over
financial reporting or, alternatively, simply acknowledge the COSO
Framework as being suitable for purposes of management's evaluation.
Other commenters suggested that we require management to evaluate the
effectiveness of a company's internal control over financial reporting
using suitable control criteria established by a group that follows due
process procedures.
---------------------------------------------------------------------------
\65\ Many commenters cited the absence of evaluative criteria in
AU Sec. 319 in their arguments against the reference to AU Sec.
319 in our proposed definition of ``internal controls and procedures
for financial reporting.''
---------------------------------------------------------------------------
After consideration of the comments, we have modified the final
requirements to specify that management must base its evaluation of the
effectiveness of the company's internal control over financial
reporting on a suitable, recognized control framework that is
established by a body or group that has followed due-process
procedures, including the broad distribution of the framework for
public comment.\66\
---------------------------------------------------------------------------
\66\ See amended Exchange Act Rule 13a-15(c) or 15d-15(c),
amended Item 15 of Form 20-F and amended General Instruction (B) to
Form 40-F.
---------------------------------------------------------------------------
The COSO Framework satisfies our criteria and may be used as an
evaluation framework for purposes of management's annual internal
control evaluation and disclosure requirements. However, the final
rules do not mandate use of a particular framework, such as the COSO
Framework, in recognition of the fact that other evaluation standards
exist outside of the United States,\67\ and that frameworks other than
COSO may be developed within the United States in the future, that
satisfy the intent of the statute without diminishing the benefits to
investors. The use of standard measures that are publicly available
will enhance the quality of the internal control report and will
promote comparability of the internal control reports of different
companies. The final rules require management's report to identify the
evaluation framework used by management to assess the effectiveness of
the company's internal control over financial reporting.\68\
---------------------------------------------------------------------------
\67\ The Guidance on Assessing Control published by the Canadian
Institute of Chartered Accountants and the Turnbull Report published
by the Institute of Chartered Accountants in England & Wales are
examples of other suitable frameworks.
\68\ We are aware that some of the evaluation frameworks used to
assess a foreign company's internal controls in its home country do
not require a statement regarding whether the company's system of
internal control has been effective. Under our final rules,
management of a foreign reporting company who relies on such an
evaluation framework used in its home country is nevertheless under
an obligation to state affirmatively whether its company's internal
controls are, or are not, effective.
---------------------------------------------------------------------------
Specifically, a suitable framework must: be free from bias; permit
reasonably consistent qualitative and quantitative measurements of a
company's internal control; be sufficiently complete so that those
relevant factors that would alter a conclusion about the effectiveness
of a company's internal controls are not omitted; and be relevant to an
evaluation of internal control over financial reporting.\69\
---------------------------------------------------------------------------
\69\ See AT Sec. 101, paragraph 24.
---------------------------------------------------------------------------
b. Auditor Independence Issues
Because the auditor is required to attest to management's
assessment of internal control over financial reporting, management and
the company's independent auditors will need to coordinate their
processes of documenting and testing the internal controls over
financial reporting. However, we remind companies and their auditors
that the Commission's rules on auditor independence prohibit an auditor
from providing certain nonaudit services to an audit client.\70\ As the
Commission stated in its auditor independence release, auditors may
assist management in documenting internal controls. When the auditor is
engaged to assist management in documenting internal controls,
management must be actively involved in the process. We understand the
need for coordination between management and the auditor, however, we
remind companies and auditors that management cannot delegate its
responsibility to assess its internal controls over financial reporting
to the auditor.\71\ The rules adopted today do
[[Page 36643]]
not amend the Commission's rules on auditor independence.
---------------------------------------------------------------------------
\70\ See Release No. 33-8183 (Jan. 28, 2003) [68 FR 6006].
\71\ Management's acceptance of responsibility for the
documentation and testing performed by the auditor does not satisfy
the auditor independence rules.
---------------------------------------------------------------------------
c. Material Weaknesses in Internal Control Over Financial Reporting
In the Proposing Release, we did not propose any specific standard
on which management would base its conclusion that the company's
internal control over financial reporting is effective. We requested
comment on whether we should prescribe specific standards upon which an
effectiveness determination would be based, and also what standards we
should consider. Several commenters agreed that the final rules should
specify standards, and all believed that the existence of a material
weakness in internal control over financial eporting should preclude a
conclusion by management that a registrant's internal control over
financial reporting is effective. We have considered these comments,
and agree that the rules should set forth this threshold for concluding
that a company's internal control over financial reporting is
effective.
The final rules therefore preclude management from determining that
a company's internal control over financial reporting is effective if
it identifies one or more material weaknesses in the company's internal
control over financial reporting.\72\ For purposes of the final rules,
the term ``material weakness'' has the same meaning as in the
definition under GAAS and attestation standards.\73\ The final rules
also specify that management's report must include disclosure of any
``material weakness'' in the company's internal control over financial
reporting identified by management in the course of its evaluation.\74\
---------------------------------------------------------------------------
\72\ This is consistent with interim attestation standards. See
AT Sec. 501.
\73\ The term ``significant deficiency'' has the same meaning as
the term ``reportable condition'' as used in AU Sec. 325 and AT
Sec. 501. The terms ``material weakness'' and ``significant
deficiency'' both represent deficiencies in the design or operation
of internal control that could adversely affect a company's ability
to record, process, summarize and report financial data consistent
with the assertions of management in the company's financial
statements, with a ``material weakness'' constituting a greater
deficiency than a ``significant deficiency.'' Because of this
relationship, it is our judgment that an aggregation of significant
deficiencies could constitute a material weakness in a company's
internal control over financial reporting.
\74\ See new Item 308(d) of Regulations S-B and S-K.
---------------------------------------------------------------------------
d. Method of Evaluating
Many commenters addressed the method of evaluating internal control
over financial reporting, and some sought additional precision or
guidance regarding the extent of evaluation, including the
documentation required.\75\ The methods of conducting evaluations of
internal control over financial reporting will, and should, vary from
company to company. Therefore, the final rules do not specify the
method or procedures to be performed in an evaluation. However, in
conducting such an evaluation and developing its assessment of the
effectiveness of internal control over financial reporting, a company
must maintain evidential matter, including documentation, to provide
reasonable support for management's assessment of the effectiveness of
the company's internal control over financial reporting. Developing and
maintaining such evidential matter is an inherent element of effective
internal controls.\76\ An instruction to new Item 308 of Regulations S-
K and S-B and Forms 20-F and 40-F reminds registrants to maintain such
evidential matter.\77\
---------------------------------------------------------------------------
\75\ See, for example, letters re: File No. S7-40-02 of: ABA;
AICPA; BDO; Intel; and Eli Lilly and Company.
\76\ Section 13(b)(2)(A) of the Exchange Act [15 U.S.C.
78m(b)(2)(A)] requires companies to ``make and keep books, records,
and accounts, which in reasonable detail, accurately and fairly
reflect the transactions and dispositions of the assets of the
issuer.'' See also Section 13(b)(2)(B) of the Exchange Act [15
U.S.C. 78m(b)(2)(B)] and In re Microsoft Corp., Administrative
Proceeding File No. 3-10789 (June 3, 2002). In the Microsoft order,
the Commission stated that such books and records include not only
general ledgers and accounting entries, but also memoranda and
internal corporate reports. We have previously stated, as a matter
of policy, that under Section 13(b)(2) ``every public company needs
to establish and maintain records of sufficient accuracy to meet
adequately four interrelated objectives: appropriate reflection of
corporate transactions and the disposition of assets; effective
administration of other facets of the issuer's internal control
system; preparation of its financial statements in accordance with
generally accepted accounting principles; and proper auditing.''
Statement of Policy Regarding the Foreign Corrupt Practices Act of
1977, Release No. 34-17500 (Jan. 29, 1981) [46 FR 11544].
\77\ See Instruction 1 to new Item 308 of Regulations S-K and S-
B, Instruction 1 to Item 15 of Form 20-F and Instruction 1 to
paragraphs (b), (c), (d) and (e) of General Instruction B.6 to Form
40-F.
---------------------------------------------------------------------------
The assessment of a company's internal control over financial
reporting must be based on procedures sufficient both to evaluate its
design and to test its operating effectiveness. Controls subject to
such assessment include, but are not limited to: controls over
initiating, recording, processing and reconciling account balances,
classes of transactions and disclosure and related assertions included
in the financial statements; controls related to the initiation and
processing of non-routine and non-systematic transactions; controls
related to the selection and application of appropriate accounting
policies; and controls related to the prevention, identification, and
detection of fraud. The nature of a company's testing activities will
largely depend on the circumstances of the company and the significance
of the control. However, inquiry alone generally will not provide an
adequate basis for management's assessment.\78\
---------------------------------------------------------------------------
\78\ This statement should not be interpreted to mean that
management personally must conduct the necessary activities to
evaluate the design and test the operating effectiveness of the
company's internal control over financial reporting. Activities,
including those necessary to provide management with the information
on which it bases its assessment, may be conducted by non-management
personnel acting under the supervision of management.
---------------------------------------------------------------------------
An assessment of the effectiveness of internal control over
financial reporting must be supported by evidential matter, including
documentation, regarding both the design of internal controls and the
testing processes. This evidential matter should provide reasonable
support: for the evaluation of whether the control is designed to
prevent or detect material misstatements or omissions; for the
conclusion that the tests were appropriately planned and performed; and
that the results of the tests were appropriately considered. The public
accounting firm that is required to attest to, and report on,
management's assessment of the effectiveness of the company's internal
control over financial reporting also will require that the company
develop and maintain such evidential matter to support management's
assessment.\79\
---------------------------------------------------------------------------
\79\ See Statements on Standards for Attestation Engagements No.
10.
---------------------------------------------------------------------------
e. Location of Management's Report
Although the final rules do not specify where management's internal
control report must appear in the company's annual report, we think it
is important for management's report to be in close proximity to the
corresponding attestation report issued by the company's registered
public accounting firm. We expect that many companies will choose to
place the internal control report and attestation report near the
companies' MD&A disclosure or in a portion of the document immediately
preceding the companies' financial statements.
C. Quarterly Evaluations of Internal Control Over Financial Reporting
1. Proposed Rule
We proposed to require a company's certifying officers to evaluate
the effectiveness of the company's internal controls and procedures for
financial reporting as of the end of the period covered by each annual
and quarterly
[[Page 36644]]
report that the company is required to file under the Exchange Act. The
company's certifying officers already are required to evaluate the
effectiveness of the company's disclosure controls and procedures on a
quarterly basis.\80\ We noted that a quarterly evaluation requirement
with respect to internal controls would create symmetry between our
requirements for periodic evaluations of both the company's disclosure
controls and procedures and its internal controls and procedures for
financial reporting, and give effect to the language in the Section 302
certification requirements regarding quarterly internal control
evaluations.
---------------------------------------------------------------------------
\80\ See Exchange Act Rules 13a-15(b) and 15d-15(b) [17 CFR
240.13a-15(b) and 240.15d-15(b)].
---------------------------------------------------------------------------
2. Comments on the Proposal
We received responses from 25 commenters on the proposed
amendments. Of the 25 commenters, four supported the proposal to
require quarterly evaluations of internal controls and procedures for
financial reporting.\81\ One commenter specifically concurred with our
objective of creating symmetry between the requirements to conduct
periodic evaluations of both the company's disclosure controls and
procedures and its internal controls and procedures for financial
reporting.\82\
---------------------------------------------------------------------------
\81\ See letters regarding File No. S7-40-02 of: AICPA;
Executive Responsibility; FED; and Protiviti.
\82\ See Protiviti letter regarding File No. S7-40-02.
---------------------------------------------------------------------------
Twenty-one commenters opposed quarterly evaluations of internal
controls.\83\ Many of these believed that quarterly evaluations would
impose substantial additional costs on companies without producing any
incremental benefit to investors. One individual stated that the proper
evaluation of a company's system of internal controls is a weighty and
time-consuming process.\84\ Twelve of the commenters opposed to
quarterly evaluations indicated that quarterly evaluations of all
aspects of internal controls and procedures would be extremely
burdensome, expensive and difficult to perform under the time
constraints of quarterly reporting, particularly as the accelerated
filing deadlines for quarterly reports take effect.\85\ Several other
commenters argued that we should not go beyond the requirements of
Section 404 of the Sarbanes-Oxley Act with respect to the frequency of
internal control reporting without an adequate basis for doing so.\86\
These commenters remarked that such a decision would be better made
after we have had sufficient experience with the Section 302
certification requirements adopted in August of 2002.
---------------------------------------------------------------------------
\83\ See letters regarding File No. S7-40-02 of: ABA; ACB; ACCA;
Association for Financial Professionals (``AFP''); Am. Bankers
Assoc.; BDO; Business Roundtable (``BRT''); Computer Sciences
Corporation (``CSC''); Compass; Thomas Damman (``Damman''); EEI;
Emerson Electric Co. (``Emerson''); FEI; Fried, Frank, Harris,
Shriver and Jacobson (``Fried Frank''); International Paper Company
(``IPC''); ICBA; NYCB-CCL; New York State Bar Association
(``NYSBA''); Siemens AG (``Siemens''); Software & Information
Industry Association (``SIIA''); and Software Finance and Tax
Executives Council (``SOFTEC'').
\84\ See Damman letter regarding File No. S7-40-02.
\85\ See letters regarding File No. S7-40-02 of: ABA; ACB; ACCA;
BRT; CSC; Emerson; Fried Frank; ICBA; IPC; NYCB-CCL; SIIA; and
SOFTEC.
\86\ See letters regarding File No. S7-40-02 of: Am. Bankers
Assoc.; CSC; Fried Frank.
---------------------------------------------------------------------------
Several commenters suggested alternatives to quarterly evaluations.
Five commenters stated that it would be more appropriate and desirable
if companies were required to make quarterly disclosure only of
material changes to their internal control that occurred subsequent to
management's most recent annual internal control evaluation.\87\ Two
other commenters similarly recommended that the quarterly evaluation be
less rigorous than the annual evaluation.\88\ One commenter stated that
we should instead adopt an approach that requires less effort and
assurance for purposes of quarterly reports, such as permitting
companies to test compliance with controls relating to major
applications on a rotating basis throughout the year.\89\ This
commenter further stated that the objective of the quarterly evaluation
should be to identify changes in controls during the quarter and
evaluate whether they would change the certifying officers' conclusions
about disclosure controls and internal controls as stated in the most
recent annual report. The other commenter, although opposed to any
quarterly evaluation requirement, believed that if we did require it,
the quarterly evaluation should be viewed as an update of the annual
evaluation, just as the quarterly report on Form 10-Q is an update of
the annual report on Form 10-K.\90\ One commenter stated that if we
require some form of quarterly certification, it should be limited to
negative assurance that nothing has come to the certifying officers'
attention since the prior year's evaluation to suggest that the
controls are no longer effective.\91\
---------------------------------------------------------------------------
\87\ See letters regarding File No. S7-40-02 of: Damman;
Compass; EEI; Executive Responsibility Advisors, LLC (``Executive
Responsibility''); and Siemens.
\88\ See letters regarding File No. S7-40-02 of: ABA and BDO.
\89\ 89 See BDO letter regarding File No. S7-40-02.
\90\ See ABA letter regarding File No. S7-40-02.
\91\ See Emerson letter regarding File No. S7-40-02.
---------------------------------------------------------------------------
3. Final Rules
After consideration of the comments received, we have decided not
to require quarterly evaluations of internal control over financial
reporting that are as extensive as the annual evaluation. We recognize
that some controls operate continuously while others operate only at
certain times, such as the end of the fiscal year. We believe that each
company should be afforded the flexibility to design its system of
internal control over financial reporting to fit its particular
circumstances. The management of each company should perform
evaluations of the design and operation of the company's entire system
of internal control over financial reporting over a period of time that
is adequate for it to determine whether, as of the end of the company's
fiscal year, the design and operation of the company's internal control
over financial reporting are effective.
Accordingly, we are adopting amendments that require a company's
management, with the participation of the principal executive and
financial officers, to evaluate any change in the company's internal
control over financial reporting that occurred during a fiscal quarter
that has materially affected, or is reasonably likely to materially
affect, the company's internal control over financial reporting. We
also have adopted a modification to the Section 302 certification
requirement and our disclosure requirements to adopt this approach, as
discussed below.
The management of a foreign private issuer that has Exchange Act
reporting obligations must also, like its domestic counterparts, report
any material changes to the issuer's internal control over financial
reporting. However, because foreign private issuers are not required to
file quarterly reports under Section 13(a) or 15(d) of the Exchange
Act, the final rules clarify that a foreign private issuer's management
need only disclose in the issuer's annual report the material changes
to its internal control over financial reporting that have occurred in
the period covered by the annual report.\92\
---------------------------------------------------------------------------
\92\ See Exchange Act Rules 13a-15(d) and 15d-15(d) [17 CFR
240.13a-15(d) and 240.15d-15(d)].
---------------------------------------------------------------------------
D. Differences Between Internal Control Over Financial Reporting and
Disclosure Controls and Procedures
Many of the commenters on the Proposing Release indicated that they
[[Page 36645]]
were confused as to the differences between a company's disclosure
controls and procedures and a company's internal control over financial
reporting. Exchange Act Rule 13a-15(d) defines ``disclosure controls
and procedures'' to mean controls and procedures of a company that are
designed to ensure that information required to be disclosed by the
company in the reports that it files or submits under the Exchange Act
is recorded, processed, summarized and reported, within the time
periods specified in the Commission's rules and forms. The definition
further states that disclosure controls and procedures include, without
limitation, controls and procedures designed to ensure that the
information required to be disclosed by a company in the reports that
it files or submits under the Exchange Act is accumulated and
communicated to the company's management, including its principal
executive and principal financial officers, or persons performing
similar functions, as appropriate to allow timely decisions regarding
required disclosure.
While there is substantial overlap between a company's disclosure
controls and procedures and its internal control over financial
reporting, there are both some elements of disclosure controls and
procedures that are not subsumed by internal control over financial
reporting and some elements of internal control that are not subsumed
by the definition of disclosure controls and procedures.
With respect to the latter point, clearly, the broad COSO
description of internal control, which includes the efficiency and
effectiveness of a company's operations and the company's compliance
with laws and regulations (not restricted to the federal securities
laws), would not be wholly subsumed within the definition of disclosure
controls and procedures. A number of commenters suggested that the
narrower concept of internal control, involving internal control over
financial reporting, is a subset of a company's disclosure controls and
procedures, given that the maintenance of reliable financial reporting
is a prerequisite to a company's ability to submit or file complete
disclosure in its Exchange Act reports on a timely basis. This
suggestion focuses on the fact that the elements of internal control
over financial reporting requiring a company to have a process designed
to provide reasonable assurance regarding the reliability of financial
reporting and the preparation of financial statements for external
purposes in accordance with generally accepted accounting principles
can be viewed as a subset of disclosure controls and procedures.
We agree that some components of internal control over financial
reporting will be included in disclosure controls and procedures for
all companies. In particular, disclosure controls and procedures will
include those components of internal control over financial reporting
that provide reasonable assurances that transactions are recorded as
necessary to permit preparation of financial statements in accordance
with generally accepted accounting principles. However, in designing
their disclosure controls and procedures, companies can be expected to
make judgments regarding the processes on which they will rely to meet
applicable requirements. In doing so, some companies might design their
disclosure controls and procedures so that certain components of
internal control over financial reporting pertaining to the accurate
recording of transactions and disposition of assets or to the
safeguarding of assets are not included. For example, a company might
have developed internal control over financial reporting that includes
as a component of safeguarding of assets dual signature requirements or
limitations on signature authority on checks. That company could
nonetheless determine that this component is not part of disclosure
controls and procedures. We therefore believe that while there is
substantial overlap between internal control over financial reporting
and disclosure controls and procedures, many companies will design
their disclosure controls and procedures so that they do not include
all components of internal control over financial reporting.
E. Evaluation of Disclosure Controls and Procedures
The rules in place starting in August 2002 requiring quarterly
evaluations of disclosure controls and procedures and disclosure of the
conclusions regarding effectiveness of disclosure controls and
procedures have not been substantively changed since their adoption,
including in the rules that we adopt today. These evaluation and
disclosure requirements will continue to apply to disclosure controls
and procedures, including the elements of internal control over
financial reporting that are subsumed within disclosure controls and
procedures.
With respect to evaluations of disclosure controls and procedures,
companies must, under our rules and consistent with the Sarbanes-Oxley
Act, evaluate the effectiveness of those controls and procedures on a
quarterly basis. While the evaluation is of effectiveness overall, a
company's management has the ability to make judgments (and it is
responsible for its judgments) that evaluations, particularly quarterly
evaluations, should focus on developments since the most recent
evaluation, areas of weakness or continuing concern or other aspects of
disclosure controls and procedures that merit attention. Finally, the
nature of the quarterly evaluations of those components of internal
control over financial reporting that are subsumed within disclosure
controls and procedures should be informed by the purposes of
disclosure controls and procedures.\93\
---------------------------------------------------------------------------
\93\ For example, where a component of internal control over
financial reporting is subsumed within disclosure controls and
procedures, even where systems testing of that component would
clearly be required as part of the annual evaluation of internal
control over financial reporting, management could make a different
determination of the appropriate nature of the evaluation of that
component for purposes of a quarterly evaluation of disclosure
controls and procedures.
---------------------------------------------------------------------------
The rules adopted in August 2002 required the management of an
Exchange Act reporting foreign private issuer to evaluate and disclose
conclusions regarding the effectiveness of the issuer's disclosure
controls and procedures only in its annual report and not on a
quarterly basis. The primary reason for this treatment is because
foreign private issuers are not subject to mandated quarterly reporting
requirements under the Exchange Act. The rules adopted today continue
this treatment.\94\
---------------------------------------------------------------------------
\94\ See Exchange Act Rules 13a-15(b) and 15d-15(b).
---------------------------------------------------------------------------
F. Periodic Disclosure About the Certifying Officers' Evaluation of the
Company's Disclosure Controls and Procedures and Disclosure About
Changes to its Internal Control Over Financial Reporting
1. Existing Disclosure Requirements
The rules that we adopted in August 2002 to implement the
certification requirements of Section 302 of the Sarbanes-Oxley Act
included new Item 307 of Regulations S-B and S-K. Paragraph (a) of Item
307 requires companies, in their quarterly and annual reports, to
disclose the conclusions of the company's principal executive and
financial officers (or persons performing similar functions) about the
effectiveness of the company's disclosure controls and procedures as of
a date within 90 days of the filing date of the quarterly or annual
report. This disclosure enables the certifying officers to satisfy the
representation made in
[[Page 36646]]
their certifications that they have ``presented in the quarterly or
annual report their conclusions about the effectiveness of the
disclosure controls and procedures based on their evaluation.''
Paragraph (b) of Item 307 requires the company to disclose in each
quarterly and annual report whether or not there were significant
changes in the company's internal controls or in other factors that
could significantly affect these controls subsequent to the date of
their evaluation, including any corrective actions with regard to
significant deficiencies and material weaknesses. This disclosure
enables the certifying officers to satisfy the representation made in
their certifications that they have ``indicated in the quarterly or
annual report whether or not there were significant changes in internal
controls or in other factors that could significantly affect internal
controls subsequent to the date of their most recent evaluation,
including any corrective actions with regard to significant
deficiencies and material weaknesses.''
2. Proposed Amendments to the Disclosure Requirements
In the Proposing Release, we proposed several revisions to the
existing disclosure requirements regarding: (1) The certifying
officers' evaluation of the company's disclosure controls and
procedures; and (2) changes to the company's internal control over
financial reporting. We also proposed to require quarterly disclosure
regarding the conclusions of the certifying officers about the
effectiveness of the company's internal control over financial
reporting.
Moreover, we proposed to require evaluations of both types of
controls as of the end of the period covered by the quarterly or annual
report, rather than ``as of a date within 90 days of the filing date''
of the quarterly or annual report, as currently required with respect
to disclosure controls. With respect to the disclosure about changes to
the company's internal control over financial reporting, we proposed to
require a company to disclose ``any significant changes made during the
period covered by the quarterly or annual report'' rather than
``whether or not there were significant changes in the company's
internal control over financial reporting that could significantly
affect these controls subsequent to the date of their evaluation.''
The commenters were mixed in their reaction to these proposed
changes. A couple of the commenters remarking on the point at which a
company must undertake an evaluation of its controls ``strongly
agreed'' with the proposed change to require evaluations as of the end
of the period. Several other commenters preferred the existing ``90
days within the filing date'' evaluation point, noting that it provides
more flexibility than the fixed point. Some of these commenters
expressed concern that it would be hard to conduct evaluations on the
last day of the period. One of the commenters suggested that the
proposed requirement that a company disclose changes to its internal
control over financial reporting that occurred at any time during a
fiscal quarter was inconsistent with the proposed requirement that
management evaluate such changes ``as of the end of each fiscal
quarter.''\95\ An additional commenter asserted that it was critical
that we offer companies some guidance as to the types of changes that
constitute ``significant changes.''\96\ Finally, a few commenters noted
that while we had proposed to delete the words ``or other factors''
from Exchange Act Rules 13a-14(b)(6) and 15d-14(b)(6) regarding
disclosure of ``significant changes in internal controls or in other
factors that could significantly affect internal controls, * * *'' we
had not likewise proposed to delete those words from the actual
certification language.
---------------------------------------------------------------------------
\95\ 95 See ABA letter regarding File No. S7-40-02.
\96\ See Intel letter regarding File No. S7-40-02.
---------------------------------------------------------------------------
3. Final Disclosure Requirements
After consideration of the comments, we are adopting the proposals
with several modifications. We are adopting as proposed the change of
the evaluation date for disclosure controls to ``as of the end of the
period'' covered by the quarterly or annual report. We are not
specifying the point at which management must evaluate changes to the
company's internal control over financial reporting. Given that the
final rules do not require a company to state the conclusions of the
certifying officers regarding the effectiveness of the company's
internal control over financial reporting as of a particular date on a
quarterly basis as proposed, as the company must with respect to
disclosure controls and procedures, it is unnecessary to specify a date
for the quarterly evaluation of changes in internal control over
financial reporting. We believe that this change is consistent with the
new accelerated reporting deadlines.\97\
---------------------------------------------------------------------------
\97\ See Release No. 33-8128 (Sept. 16, 2002) [67 FR 58480]. The
final rule amendments do not require that the evaluation take place
on the last day of the period, but that the statement of
effectiveness of the issuer's disclosure controls and internal
control over financial reporting be as of the end of the period.
---------------------------------------------------------------------------
We are amending the proposal that would have required companies to
disclose any significant changes in its internal controls. Under the
final rules, a company must disclose any change in its internal control
over financial reporting that occurred during the fiscal quarter
covered by the quarterly report, or the last fiscal quarter in the case
of an annual report, that has materially affected, or is reasonably
likely to materially affect, the company's internal control over
financial reporting.\98\ Furthermore, we have deleted the phrase ``or
in other factors'' from Exchange Act Rules 13a-14 and 15d-15 and the
form of certification. Although the final rules do not explicitly
require the company to disclose the reasons for any change that
occurred during a fiscal quarter, or to otherwise elaborate about the
change, a company will have to determine, on a facts and circumstances
basis, whether the reasons for the change, or other information about
the circumstances surrounding the change, constitute material
information necessary to make the disclosure about the change not
misleading.\99\
---------------------------------------------------------------------------
\98\ 98 We have also made conforming changes to Forms 20-F and
40-F to clarify that the management of a foreign private issuer must
disclose in the issuer's annual report filed on Form 20-F or 40-F
any change in the issuer's internal control over financial reporting
that occurred during the period covered by the annual report and
that materially affected, or is reasonably likely to affect, this
internal control. See Item 15(d) of Form 20-F and General
Instruction B(6)(e) of Form 40-F.
\99\ See Exchange Act Rules 10b-5 and 12b-20 [17 CFR 240.10b-5
and 17 CFR
---------------------------------------------------------------------------
While an evaluation of the effectiveness of disclosure controls and
procedures must be undertaken on a quarterly basis, we expect that for
purposes of disclosure by domestic companies, the traditional
relationship between disclosure in annual reports on Form 10-K and
intervening quarterly reports on Form 10-Q will continue. Disclosure in
an annual report that continues to be accurate need not be repeated.
Rather, disclosure in quarterly reports may make appropriate reference
to disclosures in the most recent annual report (and, where
appropriate, intervening quarterly reports) and disclose subsequent
developments required to be disclosed in the quarterly report.
We note that, as required by the Sarbanes-Oxley Act, the quarterly
certification regarding disclosure that the certifying officers must
make to the company's auditors and audit committee provides:\100\
---------------------------------------------------------------------------
\100\ This is the disclosure required by paragraph 5 of the
certification form.
[[Page 36647]]
---------------------------------------------------------------------------
The company's other certifying officer(s) and I have disclosed,
based on our most recent evaluation of internal control over
financial reporting, to the company's auditors and the audit
committee of the company's board of directors (or persons performing
the equivalent functions):
(a) All significant deficiencies and material weaknesses in the
design or operation of internal control over financial reporting
which are reasonably likely to adversely affect the company's
ability to record, process, summarize and report financial
information; and
(b) Any fraud, whether or not material, that involves management
or other employees who have a significant role in the company's
internal control over financial reporting.
We expect that if a certifying officer becomes aware of a significant
deficiency, material weakness or fraud requiring disclosure outside of
the formal evaluation process or after the management's most recent
evaluation of internal control over financial reporting, he or she will
disclose it to the company's auditors and audit committee.
4. Conclusions Regarding Effectiveness of Disclosure Controls and
Procedures
In disclosures required under current Item 307 of Regulations S-K
and S-B, Item 15 of Form 20-F and General Instruction B(6) to Form 40-
F, some companies have indicated that disclosure controls and
procedures are designed only to provide ``reasonable assurance'' that
the controls and procedures will meet their objectives. In reviewing
those disclosures, the Commission staff generally has not objected to
that type of disclosure. The staff has, however, requested companies
including that type of disclosure to set forth, if true, the
conclusions of the principal executive and principal financial officer
that the disclosure controls and procedures are, in fact, effective at
the ``reasonable assurance'' level. Other companies have included
disclosure that there is ``no assurance'' that the disclosure controls
and procedures will operate effectively under all circumstances. In
these instances, the staff has requested companies to clarify that the
disclosure controls and procedures are designed to provide reasonable
assurance of achieving their objectives and to set forth, if true, the
conclusions of the principal executive and principal financial officers
that the controls and procedures are, in fact, effective at the
``reasonable assurance'' level.
The concept of reasonable assurance is built into the definition of
internal control over financial reporting that we are adopting. This
conforms to the standard contained in the internal accounting control
provisions of Section 13(b)(2) of the Exchange Act \101\ and current
auditing literature.\102\ If management decides to include a discussion
of reasonable assurance in the internal control report, the discussion
must be presented in a manner that neither makes the disclosure in the
report confusing nor renders management's assessment concerning the
effectiveness of the company's internal control over financial
reporting unclear.
---------------------------------------------------------------------------
\101\ 101 15 U.S.C. 78m(b)(2).
\102\ See Codification of Statement on Auditing Standards AU
Sec. 319.18.
---------------------------------------------------------------------------
G. Attestation to Management's Internal Control Report by the Company's
Registered Public Accounting Firm
In the Proposing Release, we proposed to amend Rules 210.1-02 and
210.2-02 of Regulation S-X to make conforming revisions to Regulation
S-X to reflect the registered public accounting firm attestation
requirements mandated by Section 404(b) of the Sarbanes-Oxley Act.
Under the proposals, we set forth a definition for the new term
``attestation report on management's evaluation of internal control
over financial reporting'' and certain requirements for the
accountant's attestation report. We are adopting the proposals
substantially as proposed. However, the final rules define the expanded
term ``attestation report on management's evaluation of internal
control over financial reporting.'' Several commenters suggested that
we use this more specific term, noting that auditors currently perform
attestation engagements on a broad variety of subjects. Amended Rule 2-
02 requires every registered public accounting firm that issues an
audit report on the company's financial statements that are included in
its annual report required by Section 13(a) or 15(d) of the Exchange
Act containing an assessment by management of the effectiveness of the
registrant's internal control over financial reporting must attest to,
and report on, such assessment.
At the time of the enactment of the Sarbanes-Oxley Act, the
applicable standard for attestation by auditors of internal control
over financial reporting was set forth in Statements on Standards for
Attestation Engagements No. 10 (``SSAE No. 10''). That standard was
used by auditors providing attestations on a voluntary basis to
companies, as well as by auditors whose financial institution clients
are required to obtain attestations under Federal Deposit Insurance
Corporation Improvement Act of 1991,\103\ as discussed below. Under the
Sarbanes-Oxley Act, the PCAOB has become the body that sets auditing
and attestation standards generally for registered public accounting
firms to use in the preparation and issuance of audit reports on the
financial statements of issuers, and under Section 404(b) of the
Sarbanes-Oxley Act, the PCAOB is required to set standards for the
registered public accounting firms' attestations to, and reports on,
management's assessment regarding its internal control over financial
reporting.
---------------------------------------------------------------------------
\103\ Pub. L. 102-242, 105 Stat. 2242 (1991).
---------------------------------------------------------------------------
On April 16, 2003, the PCAOB designated Statements on Standards for
Attestation Engagements as existed on April 16 as the standard for
attestations of management's assessment of the effectiveness of
internal control over financial reporting pending further PCAOB
standard-setting in the area (and subject to our approval of the
PCAOB's actions), and on April 25, we approved the PCAOB's action. SSAE
No. 10 is thus the standard applicable on a transition basis for
attestations required under Section 404 of the Act and the rules we are
adopting today, again pending further PCAOB standard-setting (and our
approval). We expect that the PCAOB will assess the appropriateness of
those standards and modify them as needed, and any future standards
adopted by the PCAOB will apply to registered public accounting firms
in connection with the preparation and issuance of attestation reports
on management's assessment of the effectiveness of internal control
over financial reporting.
H. Types of Companies Affected
Section 404 of the Sarbanes-Oxley Act states that the Commission
must prescribe rules that require each annual report required by
Section 13(a) or 15(d) of the Exchange Act to contain an internal
control report. The Act exempts registered investment companies from
this requirement.\104\
---------------------------------------------------------------------------
\104\ See Section 405 of the Sarbanes-Oxley Act.
---------------------------------------------------------------------------
1. Foreign Private Issuers
Section 404 of the Sarbanes-Oxley Act makes no distinction between
domestic and foreign issuers and, by its terms, clearly applies to
foreign private issuers. These amendments, therefore, apply the
management report on internal control over financial reporting
requirement to foreign private issuers that file reports under Section
13(a) or 15(d) of the Exchange Act. We have, however, adopted a later
compliance date for
[[Page 36648]]
foreign private issuers than for accelerated filers.
2. Asset-Backed Issuers
In the Proposing Release, we proposed to exclude issuers of asset-
backed securities from the proposed rules implementing Section 404 of
the Act. We noted that because of the unique nature of asset-backed
issuers, such issuers are subject to substantially different reporting
requirements. Most significantly, asset-backed issuers are generally
not required to file the types of financial statements that other
companies must file. Also, such entities typically are passive pools of
assets, without a board of directors or persons acting in a similar
capacity. We did not receive any comments on the proposed exclusion of
asset-backed issuers from the internal control reporting requirements,
and we are excluding asset-backed issuers from the new disclosure
requirements as proposed.
3. Small Business Issuers
Our proposed rules implementing Section 404 of the Act did not
distinguish between large and small issuers. Similarly, Section 404 of
the Act directs that the management report on internal control over
financial reporting apply to any company filing periodic reports under
Section 13(a) or 15(d) of the Exchange Act. Accordingly, these
amendments apply to all issuers that file Exchange Act periodic
reports, except registered investment companies, regardless of their
size. However, we are sensitive that many small business issuers may
experience difficulty in evaluating their internal control over
financial reporting because these issuers may not have as formal or
well-structured a system of internal control over financial reporting
as larger companies. Accordingly, we are providing an extended
compliance period for small business issuers and other companies that
are not accelerated filers.\105\ In addition, our approach of not
mandating specific criteria to be used by management to evaluate a
company's internal control over financial reporting should provide
small issuers some flexibility in meeting these disclosure
requirements.
---------------------------------------------------------------------------
\105\ See Section II. J. below.
---------------------------------------------------------------------------
4. Bank and Thrift Holding Companies
In the Proposing Release, we stated that we were coordinating with
the Federal Deposit Insurance Corporation (the ``FDIC'') and the other
federal banking regulators to eliminate, to the extent possible, any
unnecessary duplication between our proposed internal control report
and the FDIC's internal control report requirements. Under regulations
adopted by the FDIC implementing Section 36 of the Federal Deposit
Insurance Act,\106\ a federally insured depository institution with
total assets of $500 million or more (``institution''), is required,
among other things, to prepare an annual management report that
contains:
---------------------------------------------------------------------------
\106\ 12 U.S.C. 1831m.
---------------------------------------------------------------------------
[sbull] A statement of management's responsibility for preparing
the institution's annual financial statements, for establishing and
maintaining an adequate internal control structure and procedures for
financial reporting, and for complying with designated laws and
regulations relating to safety and soundness;\107\ and
---------------------------------------------------------------------------
\107\ The designated laws and regulations are federal laws and
regulations concerning loans to insiders and federal and state laws
and regulations concerning dividend restrictions. See 12 CFR part
363, Appendix A, Guideline 12.
---------------------------------------------------------------------------
[sbull] Management's assessment of the effectiveness of the
institution's internal control structure and procedures for financial
reporting as of the end of the fiscal year and the institution's
compliance with the designated safety and soundness laws and
regulations during the fiscal year.\108\
---------------------------------------------------------------------------
\108\ See 12 CFR 363.2, adopted in 58 FR 31332. These
requirements only apply to an insured depository institution with
total assets of $500 million or more. We recognize that the FDIC's
regulations use the term ``internal control structure and procedures
for financial reporting'' rather than the term ``internal control
over financial reporting'' used in our rules. We think the
differences in the meaning of the two terms are insignificant
because both Section 36(b)(2) of the Federal Deposit Insurance Act
and Section 404(a) of the Sarbanes-Oxley Act refer to ``internal
control structure and procedures for financial reporting.''
Nevertheless, the FDIC has defined the term ``financial reporting''
to include financial statements prepared in accordance with
generally accepted accounting principles (``GAAP'') and those
prepared for regulatory reporting purposes (see FDIC Financial
Institution Letter FIL-86-94, dated December 23, 1994).
The FDIC's regulations additionally require the institution's
independent accountant to examine, and attest to, management's
assertions concerning the effectiveness of the institution's internal
control structure and procedures for financial reporting.\109\ The
institution's management report and the accountant's attestation report
must be filed with the FDIC, the institution's primary federal
regulator (if other than the FDIC), and any appropriate state
depository institution supervisor and must be available for public
inspection.\110\
---------------------------------------------------------------------------
\109\ 12 CFR 363.3.
\110\ 12 CFR 363.4(a) and (b).
---------------------------------------------------------------------------
Although bank and thrift holding companies are not required under
the FDIC's regulations to prepare these internal control reports, many
of these holding companies do so under a provision of Part 363 of the
FDIC's regulations\111\ that permits an insured depository institution
that is the subsidiary of a holding company to satisfy its internal
control report requirements with an internal control report of the
consolidated holding company's management if:
---------------------------------------------------------------------------
\111\ 12 CFR Part 363.
---------------------------------------------------------------------------
[sbull] Services and functions comparable to those required of the
subsidiary by Part 363 are provided at the holding company level;\112\
and
---------------------------------------------------------------------------
\112\ Services and functions are considered ``comparable'' if
the holding company prepares and submits the management assessment
of the effectiveness of the internal control structure and
procedures for financial reporting and compliance with the
designated safety and soundness laws and regulations based on
information concerning the relevant activities and operations of
those subsidiary institutions subject to Part 363. See 12 CFR Part
363, Appendix A, Guideline 4.
---------------------------------------------------------------------------
[sbull] The subsidiary has, as of the beginning of its fiscal year,
(i) total assets of less than $5 billion or (ii) total assets of $5
billion or more and a composite rating of 1 or 2 under the Uniform
Financial Institutions Rating System.\113\
---------------------------------------------------------------------------
\113\ This rating is more commonly known as the CAMELS rating,
which addresses Capital adequacy, Asset quality, Management,
Earnings, Liquidity and Sensitivity to market risk. See 12 CFR
363.1(b)(2). The appropriate federal banking agency may determine
that an insured depository institution with total assets in excess
of $9 billion that is a subsidiary of a holding company may not
satisfy its FDIC internal control report requirement with an
internal control report of the consolidated holding company's
management if the agency determines that there could be a
significant risk to the affected deposit insurance fund if the
institution were allowed to satisfy its requirements in this manner.
See 12 CFR 363.1(b)(3).
---------------------------------------------------------------------------
Section 404 of the Sarbanes-Oxley Act does not contain an exemption
for insured depository institutions that are both subject to the FDIC's
internal control report requirements and required to file Exchange Act
reports. In fact, it makes no distinction whatsoever between
institutions subject to the FDIC's requirements and other types of
Exchange Act filers. Accordingly, regardless of whether an insured
depository institution is subject to the FDIC's requirements, insured
depository institutions or holding companies that are required to file
periodic reports under Section 13(a) or 15(d) of the Exchange Act are
subject to the internal control reporting requirements that we are
adopting today.
Although our final rules are similar to the FDIC's internal control
report requirements, the rules differ in a few significant respects.
Most notably, our final rules do not require a statement of compliance
with designated laws and regulations relating to safety and soundness.
Conversely, the following
[[Page 36649]]
provisions in our rules are not included in the FDIC's regulations:
[sbull] The requirement that the report include a statement
identifying the framework used by management to evaluate the
effectiveness of the company's internal control over financial
reporting;\114\
---------------------------------------------------------------------------
\114\ The FDIC's regulations do not specifically require that
management identify the control framework used to evaluate the
effectiveness of the institution's internal control over financial
reporting. However, given the requirements of Sections 101 and 501
of the American Institute of Certified Public Accountants'
attestation standards, the FDIC believes that the framework used
must be disclosed or otherwise publicly available to all users of
reports that institutions file with the FDIC pursuant to Part 363 of
the FDIC's regulations.
---------------------------------------------------------------------------
[sbull] The requirement that management disclose any material
weakness that it has identified in the company's internal control over
financial reporting (and related stipulation that management is not
permitted to conclude that the company's internal control over
financial reporting is effective if there are one or more material
weaknesses);
[sbull] The requirement that the company state that the registered
public accounting firm that audited the financial statements included
in the annual report has issued an attestation report on management's
assessment of the company's internal control over financial reporting;
and
[sbull] The requirement that the company must provide the
registered public accounting firm's attestation report on management's
assessment of internal control over financial reporting in the
company's annual report filed under the Exchange Act.\115\
---------------------------------------------------------------------------
\115\ The FDIC's regulations do require an independent public
accountant to examine, attest to, and report separately on, the
assertion of management concerning the institution's internal
control structure and procedures for financial reporting, but these
regulations do not require the accountant to be a registered public
accounting firm. See 12 CFR 363.3(b).
---------------------------------------------------------------------------
Several commenters generally supported our goal to eliminate or
reduce duplicative reporting requirements. Some of these commenters
asserted that we should recognize the substantial protections to
depositors and investors provided by the federal laws that govern
depository institutions and their holding companies. They suggested
that our final rules should state that compliance with the FDIC's
internal control report requirements satisfies the internal control
report requirements that we are adopting under Section 404. A number of
these commenters also thought that if we did not exempt insured
depository institutions already filing internal control reports under
the FDIC's requirements, we should provide an exemption in our rules
mirroring the FDIC's exemption that excludes insured depository
institutions or their holding companies with less than $500 million in
assets from the internal control report requirements.
After consultation with the staffs of the FDIC, the Federal Reserve
Board, the Office of Thrift Supervision and the Office of the
Comptroller of Currency, we have determined that insured depository
institutions that are subject to Part 363 of the FDIC's regulations (as
well as holding companies permitted to file an internal control report
on behalf of their insured depository institution subsidiaries in
satisfaction of these regulations) and also subject to our new rules
implementing Section 404 of the Sarbanes-Oxley Act \116\ should be
afforded considerable flexibility in determining how best to satisfy
both sets of requirements. Therefore, they can choose either of the
following two options:
---------------------------------------------------------------------------
\116\ Our rules do not provide an exemption that parallels the
FDIC's exemption for insured depository institutions with less than
$500 million in assets. It would be incongruous to provide an
exemption in our rules for small depository institutions and not
other small, non-depository Exchange Act reporting companies.
---------------------------------------------------------------------------
[sbull] They can prepare two separate management reports to satisfy
the FDIC's and our new requirements; or
[sbull] They can prepare a single management report that satisfies
both the FDIC's requirements and our new requirements.
If an insured depository institution or its holding company chooses
to prepare a single report to satisfy both sets of requirements, the
report of management on the institution's or holding company's internal
control over financial reporting (as defined in Exchange Act Rule 13a-
15(f) or 15d-15(f)) will have to contain the following: \117\
---------------------------------------------------------------------------
\117\ An insured depository institution subject to both the
FDIC's requirements and our new requirements choosing to file a
single report to satisfy both sets of requirements will file the
report with its primary federal regulator under the Exchange Act and
the FDIC, its primary federal regulator (if other than the FDIC),
and any appropriate state depository institution supervisor under
Part 363 of the FDIC's regulations. A holding company choosing to
prepare a single report to satisfy both sets of requirements will
file the report with the Commission under the Exchange Act and the
FDIC, the primary federal regulator of the insured depository
institution subsidiary subject to the FDIC's requirements, and any
appropriate state depository institution supervisor under Part 363.
---------------------------------------------------------------------------
[sbull] A statement of management's responsibility for preparing
the registrant's annual financial statements, for establishing and
maintaining adequate internal control over financial reporting for the
registrant, and for the institution's compliance with laws and
regulations relating to safety and soundness designated by the FDIC and
the appropriate federal banking agencies;
[sbull] A statement identifying the framework used by management to
evaluate the effectiveness of the registrant's internal control over
financial reporting as required by Exchange Act Rule 13a-15 or 15d-15;
[sbull] Management's assessment of the effectiveness of the
registrant's internal control over financial reporting as of the end of
the registrant's most recent fiscal year, including a statement as to
whether or not management has concluded that the registrant's internal
control over financial reporting is effective, and of the institution's
compliance with the designated safety and soundness laws and
regulations during the fiscal year. This discussion must include
disclosure of any material weakness in the registrant's internal
control over financial reporting identified by management; \118\ and
---------------------------------------------------------------------------
\118\ Management will not be permitted to conclude that the
registrant's internal control over financial reporting is effective
if there are one or more material weaknesses in the registrant's
internal control over financial reporting.
---------------------------------------------------------------------------
[sbull] A statement that the registered public accounting firm that
audited the financial statements included in the registrant's annual
report has issued an attestation report on management's assessment of
the registrant's internal control over financial reporting.
Additionally, the institution or holding company will have to provide
the registered public accounting firm's attestation report on
management's assessment in its annual report filed under the Exchange
Act.\119\ For purposes of the report of management and the attestation
report, financial reporting must encompass both financial statements
prepared in accordance with GAAP and those prepared for regulatory
reporting purposes.
---------------------------------------------------------------------------
\119\ An insured depository institution subject to both the
FDIC's requirements and our new requirements choosing to file a
single management report to satisfy both sets of requirements will
file the attestation report with its primary federal regulator under
the Exchange Act and the FDIC, its primary federal regulator (if
other than the FDIC), and any appropriate state depository
institution supervisor under Part 363 of the FDIC's regulations. A
holding company choosing to prepare a single management report to
satisfy both sets of requirements will file the attestation report
with the Commission under the Exchange Act and the FDIC, the primary
federal regulator of the insured depository institution subsidiary
subject to the FDIC's requirements, and any appropriate state
depository institution supervisor under Part 363.
---------------------------------------------------------------------------
I. Registered Investment Companies
Section 404 of the Sarbanes-Oxley Act does not apply to registered
investment
[[Page 36650]]
companies, and we are not extending any of the requirements that would
implement section 404 to registered investment companies.\120\ Several
commenters objected to the proposed requirement that the Section 302
certification include a statement of the officers' responsibility for
internal controls.\121\ These commenters argued that this requirement
would contradict Section 405 of the Sarbanes-Oxley Act and represent a
``back-door'' application of Section 404, from which registered
investment companies are exempt.\122\ We disagree. The certification
requirements implement Section 302 of the Sarbanes-Oxley Act, from
which registered investment companies are not exempt.\123\ We are not
subjecting registered investment companies to the requirements
implementing Section 404 of the Sarbanes-Oxley Act, including the
annual and quarterly evaluation requirements with respect to internal
control over financial reporting and the requirements for an annual
report by management on internal control over financial reporting and
an attestation report on management's assessment.
---------------------------------------------------------------------------
\120\ See Section 405 of the Sarbanes-Oxley Act (``Nothing in
section 401, 402, or 404, the amendments made by those sections, or
the rules of the Commission under those sections shall apply to any
investment company registered under section 8 of the Investment
Company Act of 1940 (15 U.S.C. 80a-8).''). The provisions that would
not extend to registered investment companies include amendments to
Exchange Act rules 13a-15(c) and 15d-15(c) (requiring annual
evaluation of the effectiveness of internal control over financial
reporting); Exchange Act rules 13a-15(d) and 15d-15(d) (requiring
quarterly evaluation of any change in internal control over
financial reporting that has materially affected, or is reasonably
likely to materially affect, internal control over financial
reporting); and Items 308(a) and (b) of Regulations S-K and S-B
(requiring annual report by management on internal control over
financial reporting and attestation report on management's
evaluation of internal control over financial reporting).
\121\ Proposed paragraph 4 of the certification section of
proposed Form N-CSR. Proposing Release, note 26 above, 67 FR at
66250. We received 7 comment letters on the proposed changes to the
certification rules with respect to investment companies in the
Proposing Release. See letters regarding File No. S7-40-02 of: the
Investment Company Institute (``ICI''); Protiviti; OppenheimerFunds,
Inc. (``Oppenheimer''); The Association of the Bar of the City of
New York; Leslie Ogg of Board Services Corporation (``Ogg'');
Federated Funds; and D&T.
\122\ See letters regarding File No. S7-40-02 of: Association of
the Bar of the City of New York; ICI; and Oppenheimer.
\123\ See Section 302(a)(4)(A) and (B) of the Sarbanes-Oxley Act
(requiring signing officers to certify that they are responsible for
establishing and maintaining internal controls and have designed the
internal controls to ensure that material information relating to
the issuer is made known to the signing officers).
---------------------------------------------------------------------------
We are adopting the following technical changes to our rules and
forms implementing Section 302 of the Sarbanes-Oxley Act for registered
investment companies in order to conform to the changes that we are
adopting for operating companies.\124\
---------------------------------------------------------------------------
\124\ For a discussion of changes to the form of the Section 302
certification for operating companies, see Section III.D. below.
---------------------------------------------------------------------------
[sbull] Paragraph (d) of Investment Company Act Rule 30a-3. The
amendments use the same term ``internal control over financial
reporting'' that we are using in the rules for operating companies and
include the same definition of ``internal control over financial
reporting'' that we are adopting in Exchange Act Rules 13a-15(f) and
15d-15(f).
[sbull] Paragraph (a) of Investment Company Act Rule 30a-3. The
amendments require every registered management investment company,
other than a small business investment company, to maintain internal
control over financial reporting. These amendments parallel those that
we are adopting for operating companies in Exchange Act Rules 13a-15(a)
and 15d-15(a).
[sbull] Introductory text and sub-paragraph (b) of paragraph 4 of
the certification in Item 10(a)(2) of Form N-CSR. The amendments
require the signing officers to state that they are responsible for
establishing and maintaining internal control over financial reporting,
and that they have designed such internal control over financial
reporting, or caused such internal control over financial reporting to
be designed under their supervision, to provide reasonable assurance
regarding the reliability of financial reporting and the preparation of
financial statements for external purposes in accordance with generally
accepted accounting principles.
[sbull] Paragraph (4)(d) of the certification of Item 10(a)(2), and
Item 9(b) of Form N-CSR. The amendments require disclosure of any
change in the investment company's internal control over financial
reporting that occurred during the most recent fiscal half-year that
has materially affected, or is reasonably likely to materially affect,
the company's internal control over financial reporting.
[sbull] Paragraph (5) of the certification of Item 10(a)(2) of Form
N-CSR. The amendments require the signing officers to state that they
have disclosed to the investment company's auditors and the audit
committee all significant deficiencies and material weaknesses in the
design or operation of internal control over financial reporting which
are reasonably likely to adversely affect the investment company's
ability to record, process, summarize, and report financial
information.
We are not, however, adopting proposed amendments that would have
required the evaluation by an investment company's management of the
effectiveness of its disclosure controls and procedures to be as of the
end of the period covered by each report on Form N-CSR, rather than
within 90 days prior to the filing date of the report, as our
certification rules currently require.\125\ Commenters noted that this
would require investment company complexes that have funds with
staggered fiscal year ends to perform evaluations of their disclosure
controls and procedures as many as twelve times per year. They argued
that requiring such frequent evaluations would be extremely costly,
inefficient, and operationally disruptive, and would not provide any
benefits to shareholders.\126\ We agree that the costs of requiring
investment company complexes to perform evaluations of their disclosure
controls and procedures twelve times per year would outweigh the
benefits to investors. The certification rules we are adopting will
require an investment company complex to perform at most four such
evaluations per year.\127\
---------------------------------------------------------------------------
\125\ Proposed Exchange Act Rules 13a-15(c) and 15d-15(c),
proposed Investment Company Act Rule 30a-2(b)(4)(iii), and proposed
Investment Company Act Rule 30a-3(b).
\126\ See letters regarding File No. S7-40-02 of: D&T; ICI; Ogg;
and Oppenheimer.
\127\ See Release No. IC-25914 (Jan. 27, 2003) [68 FR 5348, 5352
n. 43] (noting that in the case of a series fund or family of
investment companies in which the disclosure controls and procedures
for each fund in the series or family are the same, a single
evaluation of the effectiveness of the disclosure controls and
procedures for the series or family could be used in multiple
certifications for the funds in the series or family, as long as the
evaluation has been performed within 90 days of the report on Form
N-CSR).
---------------------------------------------------------------------------
Transition Period for Registered Investment Companies
Registered investment companies must comply with the rule and form
amendments applicable to them on and after August 14, 2003, except as
follows. Registered investment companies must comply with the
amendments to Exchange Act Rules 13a-15(a) and 15d-15(a) and Investment
Company Act Rule 30a-3(a) that require them to maintain internal
control over financial reporting with respect to fiscal years ending on
or after June 15, 2004. In addition, registered investment companies
must comply with the portion of the introductory language in paragraph
4 of the certification in Item 10(a)(2) of Form N-CSR that refers to
the certifying officers' responsibility for establishing
[[Page 36651]]
and maintaining internal control over financial reporting, as well as
paragraph 4(b) of the certification, beginning with the first annual
report filed on Form N-CSR for a fiscal year ending on or after June
15, 2004.
J. Transition Period
We received a number of comments urging us to adopt an extended
transition period for compliance with the new disclosure
requirements.\128\ We have decided to delay the compliance date of the
requirement to provide a management report assessing the effectiveness
of internal control over financial reporting and an auditor's
attestation to, and report on, that assessment beyond that in the
Proposing Release so that companies and their auditors will have time
to prepare and satisfy the new requirements. These compliance dates do
not apply to registered investment companies, which are not required to
provide the management report assessing the effectiveness of internal
control over financial reporting and the related auditor's
attestation.\129\ A company that is an ``accelerated filer,'' as
defined in Exchange Act Rule 12b-2, as of the end of its first fiscal
year ending on or after June 15, 2004, must begin to comply with the
management report on internal control over financial reporting
disclosure requirements promulgated under Section 404 of the Sarbanes-
Oxley Act in its annual report for that fiscal year. We recognize that
non-accelerated filers, including smaller companies and foreign private
issuers, may have greater difficulty in preparing the management report
on internal control over financial reporting. Therefore, these types of
companies must begin to comply with the disclosure requirements in
annual reports for their first fiscal year ending on or after April 15,
2005. A company must begin to comply with the quarterly evaluation of
changes to internal control over financial reporting requirements for
its first periodic report due after the first annual report that must
include management's report on internal control over financial
reporting. We believe that the transition period is appropriate in
light of both the substantial time and resources needed to properly
implement the rules\130\ and the corresponding benefit to investors
that will result. In addition, the transition period will provide
additional time for the PCAOB to consider relevant factors in
determining and implementing any new attestation standard as it finds
appropriate, subject to our approval.
---------------------------------------------------------------------------
\128\ See, for example, the letters regarding File No. S7-40-02
of: AICPA; D&T; CSC; E&Y; and Association of the Bar of the City of
New York, Committee on Securities Regulation (``NYCB-CSR'').
\129\ See Section II. I., above, for compliance dates applicable
to registered investment companies.
\130\ See Section V. below.
---------------------------------------------------------------------------
Consistent with this extended compliance period for management's
internal control report and the related attestation, and for the
subsequent evaluation of changes in internal control over financial
reporting, the following provisions of the rules adopted today are
subject to the extended compliance period:
[sbull] The provisions of Items 308(a) and (b) of Regulations S-K
and S-B and the comparable provisions of Forms 20-F and 40-F requiring
management's internal control report and the related attestation;
[sbull] The amendments to Rules 13a-15(a) and 15d-15(a) under the
Exchange Act relating to maintenance of internal control over financial
reporting; and
[sbull] The provisions of Rules 13a-15(c) and (d) and 15d-15(c) and
(d) under the Exchange Act requiring evaluations of internal control
over financial reporting and changes thereto.
The extended compliance period does not in any way affect the
provisions of our other rules and regulations regarding internal
controls that are in effect, including, without limitation, Rule 13b-2
under the Exchange Act.
Other rules relating to evaluation and disclosure adopted today are
effective on August 14, 2003. These other rules include amendments to
Items 308(c) of Regulations S-K and S-B and the comparable provisions
of Forms 20-F and 40-F requiring disclosure regarding certain changes
in internal control over financial reporting. These amendments modify
existing requirements regarding disclosure of changes in internal
control over financial reporting, are related to statements made in the
Section 302 certifications of principal executive and financial
officers, and provide clarifications that are beneficial and whose
implementation need not be delayed. These other rules that are
effective on August 14, 2003 also include amendments relating to
disclosure controls and procedures.
III. Discussion of Amendments Related to Certifications
A. Proposed Rules
We proposed to amend our rules and forms to require companies to
file the certifications required by Section 302 of the Sarbanes-Oxley
Act as an exhibit to the periodic reports to which they relate.
Specifically, we proposed to amend the exhibit requirements of Forms
20-F and 40-F and Item 601 of Regulations S-B and S-K to add the
Section 302 certifications to the list of required exhibits. In
addition, we proposed to amend Exchange Act Rules 13a-14 and 15d-14 to
require that Section 906 certifications accompany the periodic reports
to which they relate, and to amend Forms 20-F and 40-F and Item 601 of
Regulations S-B and S-K to add Section 906 certifications to the list
of required exhibits. We also proposed to amend Investment Company Act
Rule 30a-2 to require that Section 906 certifications accompany the
periodic reports on Form N-CSR to which they relate and Item 10 of Form
N-CSR to add the Section 906 certifications as a required exhibit.
We received eight comment letters in response to the
proposals.\131\ The primary topic addressed by the commenters was
whether Section 906 of the Sarbanes-Oxley Act applied to annual reports
filed on Form 11-K. Most of the commenters believed that issuers
required to file annual reports on Form 11-K should be exempt from the
requirement to furnish a Section 906 certification as an exhibit.\132\
Two commenters noted that the language of Section 906 that requires
certification of the chief executive officer and chief financial
officer (or equivalent thereof) is inconsistent with the actual
administration of employee benefit plans because such plans do not have
individuals acting as chief executive officer and chief financial
officer.\133\ Those commenters noted that employee benefit plans are
typically administered through one or more committees that are
appointed as the plan's named fiduciaries to administer the plan and
oversee investments.\134\ In addition, some commenters believed that we
should provide an exemption for Form 11-K because employee benefit
plans are already subject to extensive regulation under the Employee
Retirement Income Security Act of 1974 (``ERISA''),\135\ which includes
a requirement for the plan administrator to certify, under penalties of
perjury and other criminal and administrative
[[Page 36652]]
penalties, the accuracy of the plan's disclosures under ERISA.\136\
---------------------------------------------------------------------------
\131\ See letters regarding File No. S7-06-03 of: ABA; Cleary,
Gottlieb, Steen & Hamilton (``Cleary''); Prof. Paul A. Griffin
(``Griffin''); Intel Corporation (``Intel''); ICI; PwC; John
Stalnaker and Patrick Derksen (``Stalnaker''); and Rooks Pitts
(``Rooks'').
\132\ See letters regarding File No. S7-06-03 of: ABA; Cleary;
Intel; and PwC.
\133\ See letters File No. S7-06-03 of ABA and Cleary.
\134\ Id.
\135\ Pub. L. No. 83-406, 88 Stat. 129 (1974).
\136\ See letters regarding File No. S7-06-03 of: ABA; Cleary;
and PwC.
---------------------------------------------------------------------------
Commenters also addressed other topics related to Section 906. One
commenter requested that the Commission allow Section 906
certifications to remain confidential.\137\ That commenter expressed
concern that a plaintiff could use a Section 906 certification to
create a basis for liability that did not otherwise exist.\138\ One
commenter objected to the proposal to deem Section 906 certifications
as ``furnished,'' rather than as ``filed.''\139\ After considering all
of the comments, we are adopting the proposals substantially as
proposed.
---------------------------------------------------------------------------
\137\ See ABA letter regarding File No. S7-06-03.
\138\ Id.
\139\ See Stalnaker letter regarding File No. S7-06-03.
---------------------------------------------------------------------------
On April 11, 2003, U.S. Senator Joseph Biden introduced a statement
into the Congressional Record that discusses Section 906.\140\ The
statement asserts that Section 906 ``is intended to apply to any
financial statement filed by a publicly-traded company, upon which the
investing public will rely to gauge the financial health of the
company,'' which includes financial statements included in current
reports on Forms 6-K and 8-K and annual reports on Form 11-K.\141\ The
language added to Title 18 by Section 906 refers to ``periodic reports
containing financial statements,'' and our proposals to require
companies to furnish Section 906 certifications as exhibits applied to
periodic (annual, semi-annual and quarterly) reports but did not
address current reports on Forms 6-K and 8-K.\142\ One commenter
addressed the statement in the Congressional Record, indicating that
the suggested requirements would create substantial practical burdens
for companies to provide Section 906 certifications in current reports
filed on Forms 6-K or 8-K.\143\ We are also concerned that extending
Section 906 certifications to Forms 6-K or 8-K could potentially chill
the disclosure of information by companies. As noted above, four
commenters argued that Section 906 should not apply to Form 11-K.\144\
In light of these developments, we are considering, in consultation
with the Department of Justice, the application of Section 906 to
current reports on Forms 6-K and 8-K and annual reports on Form 11-K
and the possibility of taking additional action.
---------------------------------------------------------------------------
\140\ See 149 Cong. Rec. S5325 (daily ed. Apr. 11, 2003).
\141\ Id. at S5331.
\142\ See Release No. 33-8212 (Mar. 21, 2003) [68 FR 15600] at
fn. 37.
\143\ See ABA letter regarding File No. S7-06-03.
\144\ See letters regarding File No. S7-06-03 of: ABA; Cleary;
Intel; and PwC.
---------------------------------------------------------------------------
B. Final Rules
We are amending the exhibit requirements of Forms 20-F and 40-F and
Item 601 of Regulations S-B and S-K to add the Section 302
certifications to the list of required exhibits.\145\ In the final
rules, the specific form and content of the required certifications is
set forth in the applicable exhibit filing requirement.\146\ To
coordinate the rules requiring an evaluation of ``disclosure controls
and procedures'' and ``internal control over financial reporting,'' we
are moving the definition of the term ``disclosure controls and
procedures'' from Exchange Act Rules 13a-14(c) and 15d-14(c) and
Investment Company Act Rule 30a-2(c) to new Exchange Act Rules 13a-
15(c) and 15d-15(c) and Investment Company Act Rule 30a-3(c),
respectively.
---------------------------------------------------------------------------
\145\ We recently adopted Form N-CSR, to be used by registered
management investment companies to file certified shareholder
reports with the Commission. See Release No. IC-25914 (Jan. 27,
2003) [68 FR 5348]. As adopted, Form N-CSR requires the Section 302
certifications to be filed as an exhibit to a report on Form N-CSR.
Item 10(b) of Form N-CSR.
\146\ Accordingly, we are revising Exchange Act Rules 13a-14 and
15d-14 to delete from those rules the detailed description of the
contents of the required certifications and to revise the
instructions to Forms 10-Q, 10-QSB, 10-K, and 10-KSB to delete the
references to the Section 302 certification requirements. We are
also adopting similar changes to Investment Company Act Rule 30a-2
and Form N-CSR.
---------------------------------------------------------------------------
We are amending Exchange Act Rules 13a-14 and 15d-14 and Investment
Company Act Rule 30a-2 to require the Section 906 certifications to
accompany periodic reports containing financial statements as exhibits.
We also are amending the exhibit requirements in Forms 20-F, 40-F and
Item 601 of Regulations S-B and S-K to add the Section 906
certifications to the list of required exhibits to be included in
reports filed with the Commission. In addition, we are amending Item 10
of Form N-CSR to add the Section 906 certifications as a required
exhibit. Because the Section 906 certification requirement applies to
periodic reports containing financial statements that are filed by an
issuer pursuant to Section 13(a) or 15(d) of the Exchange Act, the
exhibit requirement will only apply to reports on Form N-CSR filed
under these sections and not to reports on Form N-CSR that are filed
under the Investment Company Act only.\147\ A failure to furnish the
Section 906 certifications would cause the periodic report to which
they relate to be incomplete, thereby violating Section 13(a) of the
Exchange Act.\148\ In addition, referencing the Section 906
certifications in Exchange Act Rules 13a-14 and 15d-14 and Investment
Company Act Rule 30a-2 subjects these certifications to the signature
requirements of Rule 302 of Regulation S-T.\149\
---------------------------------------------------------------------------
\147\ See General Instruction A of Form N-CSR (Form N-CSR is a
combined reporting form to be used for reports of registered
management investment companies under Section 30(b)(2) of the
Investment Company Act and Sections 13(a) or 15(d) of the Exchange
Act); n. 28 above (discussing issuers covered by Sections 13(a) and
15(d) of the Exchange Act). Registered management investment
companies that are required to file reports on Form N-CSR pursuant
to Section 13(a) or 15(d) of the Exchange Act will be required to
provide the Section 906 certifications under Exchange Act Rules 13a-
14(b) and 15d-14(b) as well as Investment Company Act Rule 30a-2(b).
By contrast, registered management investment companies that are
required to file reports on Form N-CSR are required to provide the
Section 302 certifications solely under Investment Company Act Rule
30a-2(a), which was adopted under Sections 13(a) and 15(d) of the
Exchange Act as well as the Investment Company Act. Release No. 33-
8124 (Aug. 28, 2002) [67 FR 57276, 57295]; Release No. IC-25914
(Jan. 27, 2003) [68 FR 5348, 5365].
\148\ See also Section 3(b)(1) of the Sarbanes-Oxley Act, which
provides that ``[a] violation by any person of this Act * * * shall
be treated for all purposes in the same manner as a violation of the
Securities Exchange Act of 1934 * * * and any such person shall be
subject to the same penalties, and to the same extent, as for a
violation of that Act* * *.''
\149\ See Rule 302(b) of Regulation S-T [17 CFR 232.302(b)].
Among other things, this rule requires that an issuer maintain
manually signed certifications or other authenticating documents.
---------------------------------------------------------------------------
Section 906 requires that the certifications ``accompany'' the
periodic report to which they relate. This is in contrast to Section
302, which requires the certifications to be included ``in'' the
periodic report. In recognition of this difference, we are permitting
companies to ``furnish,'' rather than ``file,'' the Section 906
certifications with the Commission.\150\ Thus, the certifications would
not be subject to liability under Section 18 of the Exchange Act.\151\
Moreover, the certifications would not be subject to automatic
incorporation by reference into a company's Securities Act registration
statements, which are subject to liability under Section 11 of the
Securities Act,\152\ unless the issuer takes steps to include the
certifications in a registration statement.
---------------------------------------------------------------------------
\150\ See, for example, Item 601(b)(32)(ii) of Regulation S-K.
\151\ 15 U.S.C. 78r.
\152\ 15 U.S.C. 77k.
---------------------------------------------------------------------------
Although Section 906 does not explicitly require the certifications
to be made public, we believe that it is appropriate to require
certifications that ``accompany'' a publicly filed periodic report to
be provided publicly in this manner. We believe that Congress intended
for Section 906 certifications
[[Page 36653]]
to be publicly provided. Civil liability already exists under our
signature requirements and the Section 302 certifications. In addition,
any Section 906 certification submitted to the Commission as
correspondence is subject to the Freedom of Information Act.\153\
Finally, the requirement to furnish Section 906 certifications as
exhibits serves a number of important functions. First, the exhibit
requirement enhances compliance by allowing the Commission, the
Department of Justice and the public to monitor the certifications
effectively. Second, by subjecting the Section 906 certifications to
the signature requirements of Regulation S-T, companies are required to
retain a manually signed signature page or other authenticating
document for a five-year period. This requirement helps to preserve
evidential matter in the event of prosecution.
---------------------------------------------------------------------------
\153\ 5 U.S.C. 552 et seq.
---------------------------------------------------------------------------
There are important distinctions to be made between Sections 302
and 906 of the Sarbanes-Oxley Act. Unlike the Section 302
certifications, the Section 906 certifications are required only in
periodic reports that contain financial statements. Therefore,
amendments to periodic reports that do not contain financial statements
would not require a new Section 906 certification, but would require a
new Section 302 certification to be filed with the amendment.\154\ In
addition, unlike the Section 302 certifications, the Section 906
certifications may take the form of a single statement signed by a
company's chief executive and financial officers.\155\
---------------------------------------------------------------------------
\154\ See Exchange Act Rule 12b-15 [17 CFR 240.12b-15] and
Investment Company Act Rule 8b-15 [17 CFR 270.8b-15]. Depending on
the contents of the amendment, the form of certification required to
be included may be subject to modification.
\155\ See Exchange Act Rules 13a-14(b) and 15d-14(b) [17 CFR
240.13a-14(b) and 240.15d-14(b)] and Investment Company Act Rule
30a-2(b) [17 CFR 270.30a-2(b)].
---------------------------------------------------------------------------
C. Effect on Interim Guidance Regarding Filing Procedures
We provided interim guidance regarding voluntary filing procedures
for Section 906 certifications.\156\ That guidance encouraged issuers
to submit their Section 906 certifications as exhibits to the periodic
reports to which they relate.\157\ For issuers that are not investment
companies, that interim voluntary guidance shall remain in effect until
the rules become effective. In the event that the EDGAR system is not
updated by the effective date, companies should submit the required
certifications as Exhibit 99.\158\ For registered investment companies,
the interim guidance shall remain in effect until the rules become
effective.\159\
---------------------------------------------------------------------------
\156\ See Release No. 33-8212 (Mar. 21, 2003) [68 FR 15600] at
Section III.
\157\ We are modifying that interim guidance, however, to more
closely parallel the provisions of Section 302 of Regulation S-T
that require retention of manual signatures for electronically filed
signed statements. Issuers furnishing Section 906 certifications to
the Commission as an exhibit to the periodic reports to which they
relate during the period covered by the interim guidance should
insert the following legend after the text of each certification:
``A signed original of this written statement required by Section
906, or other document authenticating, acknowledging, or otherwise
adopting the signature that appears in typed form within the
electronic version of this written statement required by Section
906, has been provided to [name of issuer] and will be retained by
[name of issuer] and furnished to the Securities and Exchange
Commission or its staff upon request.''
\158\ Use of Exhibit 99 for this purpose will remain in effect
until we announce that our EDGAR system permits registrants to file
or furnish exhibits 31 and 32 for Section 302 and 906
certifications. We will issue a statement and post it on the
Commission's website to announce this date as soon as it becomes
known.
\159\ For a registered management investment company filing
reports on Form N-CSR, the EDGAR document type should be EX-
99.906CERT for the Section 906 certifications.
---------------------------------------------------------------------------
D. Form of Section 302 Certifications
We proposed several amendments to the form of certifications to be
provided pursuant to Section 302 of the Sarbanes-Oxley Act. In
particular, we proposed the following:
[sbull] The addition of a statement that principal executive and
financial officers are responsible for designing internal controls and
procedures for financial reporting or having such controls and
procedures designed under their supervision;
[sbull] The clarification that disclosure controls and procedures
may be designed under the supervision of principal executive and
financial officers; and
[sbull] The revision of the statement as to the effectiveness of
disclosure controls and procedures and internal controls and procedures
for financial reporting would be as of the end of the period.
We have adopted the proposals referred to above substantially as
proposed. In addition, we have made the following changes:
[sbull] We have incorporated the term ``internal control over
financial reporting'' into the certification;
[sbull] We have amended the provision of the certification relating
to changes in internal control over financial reporting, consistent
with the final rules discussed above regarding evaluation and
disclosure, so that it refers to changes that have materially affected
or are reasonably likely to materially affect internal control over
financial reporting;
[sbull] We have clarified that the statement as effectiveness of
disclosure controls and procedures be as of the end of the period, but
that the date of the evaluation is not specified; and
[sbull] We have made minor changes in the organization of the
certification.
E. Transition Period
The final rules regarding filing of certifications under Sections
302 and 906, for companies other than registered investment companies,
will be effective on August 14, 2003. The compliance dates applicable
to registered investment companies are described in Section II. I.,
above.
We believe that changes in the form of Section 302 certification
described above are beneficial to both registrants and investors
because they clarify the provisions of the certification. With one
exception, discussed below, the changes are also not related to our new
requirements regarding management's internal control report. With that
one exception, appropriateness of the modified certification is thus
not affected by the extended compliance period we are providing in
connection with management's internal control report and the related
attestation. Our rules adopted today also therefore provide that the
form of Section 302 certification will be modified, with that one
exception, in accordance with these rules effective on August 14, 2003.
We are applying the extended compliance period to the portion of
the introductory language in paragraph 4 of the Section 302
certification that refers to the certifying officers' responsibility
for establishing and maintaining internal control over financial
reporting for the company, as well as paragraph 4(b), which must be
provided in the first annual report required to contain management's
internal control report and thereafter. As noted above, this extended
compliance period does not in any way affect the provisions of our
other rules and regulations regarding internal controls that are in
effect.
IV. Paperwork Reduction Act
A. Background
Certain provisions of our final amendments contain ``collection of
information'' requirements within the meaning of the Paperwork
Reduction Act of 1995 (``PRA'').\160\ We published a notice requesting
comment on the collection of information requirements in the proposing
release for the rule amendments, and we submitted these requirements to
the Office of
[[Page 36654]]
Management and Budget (``OMB'') for review in accordance with the
PRA.\161\ The titles for the collection of information are:
---------------------------------------------------------------------------
\160\ 44 U.S.C. 3501 et seq.
\161\ 44 U.S.C. 3507(d) and 5 CFR 1320.11.
---------------------------------------------------------------------------
(1) ``Form 10-Q'' (OMB Control No. 3235-0070);
(2) ``Form 10-QSB'' (OMB Control No. 3235-0416);
(3) ``Form 10-K'' (OMB Control No. 3235-0063);
(4) ``Form 10-KSB'' (OMB Control No. 3235-0420);
(5) ``Form 20-F'' (OMB Control No. 3235-0288);
(6) ``Form 40-F'' (OMB Control No. 3235-0381);
(7) ``Regulation S-X'' (OMB Control No. 3235-0009);
(8) ``Regulation S-K'' (OMB Control No. 3235-0071);
(9) ``Regulation S-B'' (OMB Control No. 3235-0417); and
(10) ``Form N-CSR'' (OMB Control No. 3235-0570).
The forms are periodic reports adopted under the Exchange Act and
the Investment Company Act. The regulations set forth the disclosure
requirements for periodic reports, registration statements and proxy
and information statements filed by companies to ensure that investors
are informed. The hours and costs associated with preparing, filing and
sending these forms constitute reporting and cost burdens imposed by
each collection of information. An agency may not conduct or sponsor,
and a person is not required to respond to, a collection of information
unless it displays a currently valid OMB control number. Compliance
with the requirements is mandatory. Under our rules for the retention
of manual signatures,\162\ companies must retain, for a period of five
years, an original signature page or other document authenticating,
acknowledging or otherwise adopting the certifying officers' signatures
that appear in their electronically filed periodic reports. Responses
to the information collections are not kept confidential.
---------------------------------------------------------------------------
\162\ See Rule 302 of Regulation S-T [17 CFR 232.302].
---------------------------------------------------------------------------
B. Summary of the Final Rules
The final rules require the annual report of every company that
files periodic reports under Section 13(a) or 15(d) of the Exchange
Act, other than reports by registered investment companies, to contain
a report of management that includes:
[sbull] A statement of management's responsibility for establishing
and maintaining adequate internal control over financial reporting for
the company;
[sbull] A statement identifying the framework used by management to
evaluate the effectiveness of the company's internal control over
financial reporting;
[sbull] Management's assessment of the effectiveness of the
company's internal control over financial reporting, as of the end of
the most recent fiscal year; and
[sbull] A statement that the registered public accounting firm that
audited the financial statements included in the annual report has
issued an attestation report on management's evaluation of the
company's internal control over financial reporting.
We are adding these requirements pursuant to the legislative
mandate in Section 404 of the Sarbanes-Oxley Act. Under our final
rules, a company also will be required to evaluate and disclose any
change in its internal control over financial reporting that occurred
during the fiscal quarter that has materially affected, or is
reasonably likely to materially affect, the company's internal control
over financial reporting.
We are also adopting amendments to require companies to file the
certifications mandated by Sections 302 and 906 of the Sarbanes-Oxley
Act as exhibits to their annual, semi-annual and quarterly reports.
These amendments will enhance the ability of investors, the Commission
staff, the Department of Justice and other interested parties to easily
and efficiently access the certifications through our Electronic Data
Gathering, Analysis and Retrieval (``EDGAR'') system and facilitate
better monitoring of a company's compliance with the certification
requirements.
C. Summary of Comment Letters and Revisions to Proposals
We requested comment on the PRA analysis contained in the proposing
releases addressing Section 404 and Sections 302 and 906 of the
Sarbanes-Oxley Act.\163\ We received no comments on our PRA estimates
for the certification requirements. With respect to our PRA estimates
for the rules implementing Section 404 of the Sarbanes-Oxley Act, eight
commenters thought that our PRA estimates significantly understated the
actual time and costs that companies would have to expend evaluating
and reporting on their internal control over financial reporting.\164\
However, few of these commenters provided actual alternative cost
estimates, and none provided estimates that could be applied generally
to all types and sizes of companies. One commenter believed that, based
on its experience, we understated the burden estimate by at least a
factor of 100.\165\ In response to these commenters, and based on
follow-up conversations with several of the commenters who expressed a
view on our burden and cost estimates, we have revised our estimates as
discussed more fully in Section IV.D below.
---------------------------------------------------------------------------
\163\ See Release No. 33-8138 (Oct. 22, 2002) [67 FR 66208] and
Release No. 33-8212 (Mar. 21, 2003) [68 FR 15600].
\164\ 164 See letters regarding File No. S7-40-02 of: AICPA;
BDO; D&T; Emerson; E&Y; IPC; Intel; and NYCB-CCL.
\165\ See Intel letter regarding File No. S7-40-02.
---------------------------------------------------------------------------
We have made a substantive modification to the proposed rules in
response to the cost concerns expressed by commenters. Specifically,
the final rules require companies to undertake a quarterly evaluation
only of any change occurring during the fiscal quarter that has
materially affected, or is reasonably likely to materially affect, the
company's internal control over financial reporting. This change should
substantially mitigate some of the costs and burdens associated with
the proposed requirements.
We have made additional substantive changes to the proposed rule as
well. First, the final rules require management to evaluate the
company's internal control over financial reporting using a suitable
framework, such as the COSO Framework. Second, the final rules expand
the list of information that must be included in the management report
and specify that management cannot conclude that a company's internal
control over financial reporting is effective if there are one or more
material weaknesses in such control. Under the final rules, management
must identify the framework used to evaluate the company's internal
control over financial reporting and disclose any material weaknesses
in the company's internal control over financial reporting discovered
through the evaluation. We do not believe that these changes
significantly alter the burdens imposed on companies resulting from the
required assessment of internal control over financial reporting.
D. Revisions to PRA Reporting and Cost Burden Estimates
As discussed above, in consideration of commenters' remarks, we are
revising our PRA burden and cost estimates for the rules pertaining to
Section 404 that we originally submitted to the OMB in connection with
the proposed rules.
[[Page 36655]]
We derived our new burden hour estimates for the annual report
forms by estimating the total amount of time that it will take a
company's management to conduct the annual evaluation of its internal
control over financial reporting and to prepare the required management
report.\166\ Our annual burden estimate is based on several
assumptions. First, we assumed that the annual number of responses for
each form would be consistent with the number of filings that we
received in fiscal year 2002.\167\ Second, we assumed that there is a
direct correlation between the extent of the burden and the size of the
reporting company, with the burden increasing commensurate with the
size of the company. We believe that there will be a marked disparity
of burdens and costs resulting from the new internal control
requirements between the largest and smallest reporting companies. Our
estimates reflect an average burden for all sizes of companies. Third,
we assumed that the first-year burden would be greater than that for
subsequent years, as a portion of the costs will reflect one-time
expenditures associated with complying with the rule, such as compiling
documentation, implementing new processes, and training staff. We also
adjusted the second and third year estimates to account for the fact
that management should become more efficient at conducting its internal
control assessment and preparing the disclosure after the first year as
the process becomes more routine.\168\ Under these assumptions, we
estimate that the average incremental burden for an annual filing will
be 383 hours per company and the portion of that burden that is
reflected as the cost associated with outside professionals is
approximately $34,300 per company. For large corporations, we expect
that this burden will be substantially higher. Indeed, we received
estimates in the thousands of hours for some large and complex
companies. Conversely, we expect small companies to find their burden
to be less than this average. We also believe that many companies will
experience costs well in excess of this average in the first year of
compliance with the final rules. We believe that costs will decrease in
subsequent years. This burden will also vary among companies based on
the complexity of their organization and the nature of their current
internal control procedures. We therefore calculated our estimates by
averaging the estimated burdens over a three-year period.
---------------------------------------------------------------------------
\166\ Our estimates are based on information from with several
large and small firms, accounting firms and trade and professional
associations.
\167\ The estimates used in the releases proposing these rules
were based on the number of filings that we received in fiscal year
2001.
\168\ We assumed the estimated burdens in the second and third
years would decline by 75% from the first year estimate.
---------------------------------------------------------------------------
We derived our burden estimates for the quarterly report forms by
estimating the total amount of time that it will take a company's
management to conduct the quarterly evaluation of material changes to
the company's internal control over financial reporting and for the
company to prepare the required disclosure about such changes. We
believe that these quarterly evaluations will impose little additional
burden, as much of the structure to conduct these evaluations will be
established in connection with the annual evaluations. We estimate that
the quarterly reporting will impose an additional burden of five hours
per company in connection with each quarterly report. Accordingly, we
did not revise our original burden hour estimates for the quarterly
report forms.
We estimate the total annual incremental burden (for annual and
quarterly reports) associated with the new internal control evaluation
and disclosure requirements for all companies to be approximately
3,792,888 hours of company personnel time and a cost of $481,013,550
for the services of outside professionals.\169\
---------------------------------------------------------------------------
\169\ Our PRA estimates do not include any additional burdens or
costs that a company will incur as a result of having to obtain an
auditor's attestation report on management's internal control report
because the PCAOB, rather than the Commission, is responsible for
establishing the attestation standards and the Sarbanes-Oxley Act
itself requires companies to obtain such an attestation. We have,
however, included an estimated 0.5 hour burden in our revised annual
burden estimates to account for the filing by the company of the
attestation report.
---------------------------------------------------------------------------
Table 1 below presents these burdens and costs for each form
affected by the final rules implementing Section 404 of Sarbanes-Oxley.
We calculated the burden by multiplying the estimated number of
affected responses by the estimated average number of hours that
management will spend conducting its assessment of the company's
internal control over financial reporting and preparing the related
disclosure. For Exchange Act annual reports, we estimate that 75% of
the burden of preparation is carried by the company internally and that
25% of the burden of preparation is carried by outside professionals
retained by the company at an average cost of $300 per hour.\170\ The
portion of the burden carried by outside professionals is reflected as
a cost, while the portion of the burden carried by the company
internally is reflected in hours. There is no change to the estimated
burden of the collections of information entitled ``Regulation S-K,''
``Regulation S-B'' and ``Regulation S-X'' because the burdens that
these regulations impose are reflected in our revised estimates for the
forms.
---------------------------------------------------------------------------
\170\ The burden allocation for Forms 20-F and 40-F, however,
use a 25% internal to 75% outside professional allocation to reflect
the fact that foreign private issuers rely more heavily on outside
professionals for the preparation of these forms.
Table 1.--Incremental Paperwork Burden for the Rules Implementing Section 404
--------------------------------------------------------------------------------------------------------------------------------------------------------
Annual 25% Professional
responses Incremental Total burden 75% Company Professional costs
(A) hours/form (B) (C)=(A)*(B) (D)=(C)*0.75 (E)=(C)*0.25 (F)=(E)*$300
--------------------------------------------------------------------------------------------------------------------------------------------------------
10-K....................................................... 8,484 383 3,249,372 2,437,029 812,343 243,702,900
10-KSB..................................................... 3,820 383 1,463,606 1,097,295 365,765 109,729,500
20-F....................................................... 1,194 383 457,302 114,326 342,977 102,892,950
40-F....................................................... 134 383 51,322 12,831 37,989 11,547,450
10-Q....................................................... 23,743 5 118,715 89,036 29,679 8,903,625
10-QSB..................................................... 11,299 5 56,495 42,371 14,124 4,237,125
Reg. S-K................................................... N/A 1 1 N/A N/A N/A
Reg. S-B................................................... N/A 1 1 N/A N/A N/A
Reg. S-X................................................... N/A 1 1 N/A N/A N/A
--------------
Total...................................................... ........... .............. .............. 3,792,888 .............. $481,013,550
--------------------------------------------------------------------------------------------------------------------------------------------------------
[[Page 36656]]
We do not believe that the amendments with respect to the Section
302 certifications result in a need to alter the burden estimates that
we previously submitted to OMB because they merely relocate the
certifications from the text of quarterly and annual reports filed or
submitted under Section 13(a) or 15(d) of the Exchange Act to the
``Exhibits'' section of the reports. We are, however, revising the
burden estimates for quarterly and annual reports and for Form N-CSR
based on the amendment with respect to the Section 906
certification.\171\ The PRA estimates for these amendments do not
reflect a cost because we believe that the entire burden will be borne
by company personnel. With respect to semi-annual reports on Form N-
CSR, because the financial statements of registered management
investment companies are not as complex as those of operating
companies, we estimate that the amendments relating to the Section 906
certifications would result in an increase of one burden hour per
portfolio.\172\ We estimate that there are approximately 3,700
registered management investment companies that are required to file
reports on Form N-CSR, containing 9,850 portfolios. The following table
illustrates the incremental PRA estimates for the new Section 906
certification \173\ requirements:
---------------------------------------------------------------------------
\171\ While Section 906 of the Sarbanes-Oxley Act requires that
certifications must accompany a periodic report, we are increasing
our PRA burdens in view of the fact that the amendments explicitly
require companies to furnish Section 906 certifications as exhibits
to these reports. To date, companies have used various methods to
fulfill their obligations under Section 906, and have not
consistently submitted the certifications as part of the report.
\172\ Many registered management investment companies have
multiple portfolios. However, they prepare separate financial
statements for each portfolio. Thus, the burden of the Section 906
certifications is estimated on a portfolio basis rather than a
registered management investment company basis.
\173\ This number represents the burden associated with the
average number of portfolios per form. This number will vary for
each registered management investment company depending on the
number of portfolios. We estimate that the paperwork burden for each
portfolio is one hour.
Table 2.--Incremental Paperwork Burden for Certification Requirements
----------------------------------------------------------------------------------------------------------------
Annual Total hours
Form responses Hours/form added
----------------------------------------------------------------------------------------------------------------
20-F.................................................... 1,194 2 2,388
40-F.................................................... 134 2 268
10-K.................................................... 8,484 2 16,968
10-KSB.................................................. 3,820 2 7,640
10-Q.................................................... 23,743 2 47,486
10-QSB.................................................. 11,299 2 22,598
N-CSR................................................... 7,400 \173\ 2.66 19,700
-----------------
Total............................................... .............. ...................... 117,048
----------------------------------------------------------------------------------------------------------------
V. Cost-Benefit Analysis
The amendments implementing Section 404 of the Sarbanes-Oxley Act
are congressionally mandated. We recognize that implementation of the
Sarbanes-Oxley Act will likely result in costs and benefits to the
economy. We are sensitive to the costs and benefits imposed by our
rules, and we have considered costs and benefits of our amendments.
A. Benefits
One of the main goals of the Sarbanes-Oxley Act is to enhance the
quality of reporting and increase investor confidence in the financial
markets. Recent market events have evidenced a need to provide
investors with a clearer understanding of the processes that surround
the preparation and presentation of financial information. These
amendments are intended to accomplish the Act's goals by improving
public company disclosure to investors about the extent of management's
responsibility for the company's financial statements and internal
control over financial reporting and the means by which management
discharges its responsibility. The establishment and maintenance of
internal control over financial reporting has always been an important
responsibility of management. An effective system of internal control
over financial reporting is necessary to produce reliable financial
statements and other financial information used by investors. By
requiring a report of management stating management's responsibility
for the company's financial statements and internal control over
financial reporting and management's assessment regarding the
effectiveness of such control, investors will be able to better
evaluate management's performance of its stewardship responsibilities
and the reliability of a company's financial statements and other
unaudited financial information.
The required annual evaluation of internal control over financial
reporting will encourage companies to devote adequate resources and
attention to the maintenance of such control. Additionally, the
required evaluation should help to identify potential weaknesses and
deficiencies in advance of a system breakdown, thereby facilitating the
continuous, orderly and timely flow of information within the company
and, ultimately, to investors and the marketplace. Improved disclosure
may help companies detect fraudulent financial reporting earlier and
perhaps thereby deter financial fraud or minimize its adverse effects.
All of these benefits will increase market efficiency by improving
investor confidence in the reliability of a company's financial
disclosure and system of internal control over financial reporting.
These benefits are not readily quantifiable. Commenters overwhelmingly
supported the benefits of the amendments.
The amendments related to Section 302 of the Sarbanes-Oxley Act
relocate the certifications required by Exchange Act Rules 13a-14 and
15d-14 from the text of quarterly and annual reports filed or submitted
under Section 13(a) or 15(d) of the Exchange Act to the ``Exhibits''
section of these reports. The amendments related to Section 906 of the
Sarbanes-Oxley Act require that the certifications required by Section
1350 of Title 18 of the United States Code, added by Section 906 of the
Act, accompany the periodic reports to which they relate as exhibits.
These changes will enhance the ability of investors and the Commission
staff to verify that the certifications have, in fact, been submitted
with the Exchange Act reports to which they relate and to review the
contents of the certifications to ensure compliance with the
[[Page 36657]]
applicable requirements. In addition, the changes will enable the
Department of Justice, which has responsibility for enforcing Section
906, to review effectively the form and content of the certifications
required by that section.
B. Costs
The final rules related to Section 404 of the Sarbanes-Oxley Act
require companies, other than registered investment companies, to
include in their annual reports a report of management on the company's
internal control over financial reporting. The management report on
internal control over financial reporting must include: a statement of
management's responsibility for establishing and maintaining adequate
internal control over financial reporting; a statement identifying the
framework used to evaluate the effectiveness of the company's internal
control over financial reporting; management's assessment of the
effectiveness of the company's internal control over financial
reporting as of the end of the company's most recent fiscal year; and a
statement that the registered public accounting firm that audited the
company's financial statements included in the annual report has issued
an attestation report on management's evaluation of the company's
internal control over financial reporting. The final rules will
increase costs for all reporting companies. These costs are mitigated
somewhat because companies have an existing obligation to maintain an
adequate system of internal accounting control under the FCPA.
Moreover, one commenter noted that some companies already voluntarily
include management reports on their internal controls in their annual
reports. The preparation of the management report on internal control
over financial reporting will likely involve multiple parties,
including senior management, internal auditors, in-house counsel,
outside counsel and audit committee members.
Many commenters believed that our proposal to require quarterly
evaluations of a company's internal control over financial reporting
would significantly increase the costs of preparing periodic reports.
Several commenters also were concerned that the proposals would result
in increased audit fees. We have limited data on which to base cost
estimates of the final rules.
Using our PRA burden estimates, we estimate the aggregate annual
costs of implementing Section 404(a) of the Sarbanes-Oxley Act to be
around $1.24 billion (or $91,000 per company).\174\ We recognize the
magnitude of the cost burdens and we are making several accommodations
to address commenters' concerns and to ease compliance, including:
---------------------------------------------------------------------------
\174\ This estimate is based on the estimated total burden hours
of 5,396,266, an assumed 75%/25% split of the burden hours between
internal staff and external professionals, and an hourly rate of
$200 for internal staff time and $300 for external professionals.
The hourly cost estimate is based on consultations with several
registrants and law firms and other persons who regularly assist
registrants in preparing and filing periodic reports with the
Commission. Our PRA estimate does not reflect any additional cost
burdens that a company will incur as a result of having to obtain an
auditor's attestation on management's internal control report.
---------------------------------------------------------------------------
[sbull] Requiring quarterly disclosure only of any change that has
materially affected, or is reasonably likely to materially affect, a
company's internal control over financial reporting; and
[sbull] An extended transition period for the new internal control
reporting requirements.
We originally proposed to require a company to include an internal
control report in its annual report for fiscal years ending on or after
September 15, 2003. Under the final rules, a company that is an
``accelerated filer'' under the definition in Exchange Act Rule 12b-2
must begin to comply with the internal control report requirement in
its annual report for its first fiscal year ending on or after June 15,
2004. All other companies must begin to comply with the requirement in
their annual reports for their first fiscal year ending on or after
April 15, 2005.
A longer transition period will help to alleviate the immediate
impact of any costs and burdens imposed on companies. A longer
transition period may even help to reduce costs as companies will have
additional time to develop best practices, long-term processes and
efficiencies in preparing management reports. Also, a longer transition
period will expand the period of availability of outside professionals
that some companies may wish to retain as they prepare to comply with
the new requirements.
The PRA burden estimate, however, excludes several costs
attributable to Section 404. The estimate does not include the costs
associated with the auditor's attestation report, which many commenters
have suggested might be substantial. It also excludes estimates of
likely ``indirect'' costs of the final rules. For instance, the final
rules increase the cost of being a public company; therefore the final
rules may discourage some companies from seeking capital from the
public markets. Moreover, the final rules may also discourage non-U.S.
firms from seeking capital in the United States.
The incremental costs of the amendments related to Section 302 of
the Sarbanes-Oxley Act are minimal. Since companies must already
include the certifications required by Exchange Act Rules 13a-14 and
15d-14 in their quarterly and annual reports, there should be no
incremental cost to relocating the certifications from the text of the
reports to the ``Exhibits'' section of these reports. Requiring the
Section 906 certifications to be included as an exhibit to the periodic
reports to which they relate will lead to some additional costs for
companies that currently are submitting the certifications to the
Commission in some other manner. While these costs are difficult to
quantify, we estimate that the annual paperwork burden of the
amendments will be approximately $23.4 million.\175\
---------------------------------------------------------------------------
\175\ This calculation is based on an estimate of burden hours
multiplied by a cost of $200.00 per hour. (117,048 hours multiplied
by $200.00 per hour). The hourly cost estimate is based on
consultations with several registrants and law firms and other
persons who regularly assist registrants in preparing and filing
periodic reports with the Commission.
---------------------------------------------------------------------------
One commenter has expressed concern that companies may assume
greater legal risk by making their Section 906 certifications publicly
available.\176\ To the extent that companies may assume greater legal
risk by including the Section 906 certifications as part of their
periodic reports filed pursuant to the Exchange Act where these reports
are incorporated by reference into Securities Act registration
statements, we address this risk by requiring companies to ``furnish,''
rather than ``file,'' the certifications with the Commission for
purposes of Section 18 of the Exchange Act or incorporation by
reference into other filings. Thus, the amendments should mitigate this
potential indirect cost of compliance. We believe that it is
appropriate to require the certifications that accompany a periodic
report to be publicly available. We believe that Congress intended for
Section 906 certifications to be publicly available. Civil liability
already exists by virtue of the pre-existing signature requirements and
Section 302 certifications. In addition, any Section 906 certification
submitted to the Commission as correspondence is subject to the Freedom
of Information Act.\177\
---------------------------------------------------------------------------
\176\ 176 See ABA letter regarding File No. S7-06-03.
\177\ 5 U.S.C. 552 et seq.
---------------------------------------------------------------------------
[[Page 36658]]
VI. Effect on Efficiency, Competition and Capital Formation
Section 23(a)(2) of the Exchange Act \178\ requires us to consider
the anti-competitive effects of any rules that we adopt under the
Exchange Act. In addition, Section 23(a)(2) prohibits us from adopting
any rule that would impose a burden on competition not necessary or
appropriate in furtherance of the purposes of the Exchange Act. The
amendments related to Section 404 of the Sarbanes-Oxley Act represent
the implementation of a congressional mandate. The final rules require
management reports that improve investors' understanding of
management's responsibility for the preparation of reliable financial
information and maintaining adequate internal control over financial
reporting. We anticipate that these requirements will enhance the
proper functioning of the capital markets by increasing the quality and
accountability of financial reporting and restoring investor
confidence.
---------------------------------------------------------------------------
\178\ 15 U.S.C. 78w(a)(2).
---------------------------------------------------------------------------
Section 2(b) of the Securities Act,\179\ Section 3(f) of the
Exchange Act \180\ and Section 2(c) of the Investment Company Act \181\
require us, when engaging in rulemaking to consider or determine
whether an action is necessary or appropriate in the public interest,
and consider whether the action will promote efficiency, competition,
and capital formation. The amendments related to Section 404 are
designed to enhance the quality and accountability of the financial
reporting process and may help increase investor confidence, which
implies increased efficiency and competitiveness of the U.S. capital
markets. Increased market efficiency and investor confidence also may
encourage more efficient capital formation. We requested comments on
the effect of these amendments on efficiency, competition and capital
formation analyses in the proposing release addressing Section 404. We
received no comments in response to these requests.
---------------------------------------------------------------------------
\179\ 15 U.S.C 77b(b).
\180\ 15 U.S.C. 78c(f).
\181\ 15 U.S.C. 80a-2(c).
---------------------------------------------------------------------------
The amendments related to Section 302 of the Sarbanes-Oxley Act
would relocate the certifications required by Exchange Act Rules 13a-14
and 15d-14 from the text of quarterly and annual reports filed or
submitted under Section 13(a) or 15(d) of the Exchange Act to the
``Exhibits'' section of these reports. This relocation will enhance the
ability of investors and the Commission staff to verify that the
certifications have, in fact, been submitted with the Exchange Act
reports to which they relate and to review the contents of the
certifications to ensure compliance with the applicable requirements.
The amendments related to Section 906 of the Sarbanes-Oxley Act also
will streamline compliance with Section 1350 of Title 18 of the United
States Code, added by Section 906 of the Act, and will enable
investors, the Commission staff and the Department of Justice, which
has responsibility for enforcing Section 1350, to verify submission and
efficiently review the form and content of the certifications required
by that provision.
We do not believe that the amendments related to certifications
will impose any burden on competition, nor are we aware of any impact
on capital formation that would result from the amendments. Depending
on how an issuer's principal executive and principal financial officers
presently satisfy the Section 906 certification requirements, issuers
may incur some additional costs in submitting these certifications as
an exhibit to their periodic reports. While these costs are difficult
to quantify, we believe that they would be nominal. We requested
comment on whether the amendments would affect competition, efficiency
and capital formation. We received no comments in response to this
request.
VII. Final Regulatory Flexibility Analysis
This Final Regulatory Flexibility Analysis (``FRFA'') has been
prepared in accordance with the Regulatory Flexibility Act.\182\ This
FRFA relates to new rules and amendments that require Exchange Act
companies, other than registered investment companies, to include in
their annual reports a report of management on the company's internal
control over financial reporting. The management report on internal
control over financial reporting must include: a statement of
management's responsibility for establishing and maintaining adequate
internal control over financial reporting; a statement identifying the
framework used to evaluate the effectiveness of the company's internal
control over financial reporting; management's assessment of the
effectiveness of the company's internal control over financial
reporting as of the end of the company's most recent fiscal year; and a
statement that the registered public accounting firm that audited the
company's financial statements included in the annual report has issued
an attestation report on management's evaluation of the company's
internal control over financial reporting. This FRFA also addresses new
rules and amendments that require companies to file the certifications
mandated by Sections 302 and 906 of the Sarbanes-Oxley Act as exhibits
to their periodic reports. An Initial Regulatory Flexibility Analysis
(``IRFA'') was prepared in accordance with the Regulatory Flexibility
Act in conjunction with each of the releases proposing these
rules.\183\ The proposing releases solicited comments on these
analyses.
---------------------------------------------------------------------------
\182\ 5 U.S.C. 601.
\183\ 5 U.S.C. 603.
---------------------------------------------------------------------------
A. Need for the Amendments
We are adopting these disclosure requirements to comply with the
mandate of, and to fulfill the purposes underlying the provisions of,
the Sarbanes-Oxley Act of 2002. The new evaluation and disclosure
requirements regarding a company's internal control over financial
reporting are intended to enhance the quality of reporting and increase
investor confidence in the fairness and integrity of the securities
markets by making it clear that a company's management is responsible
for maintaining and annually assessing such controls. The amendments
related to Sections 302 and 906 of the Sarbanes-Oxley Act will enhance
the ability of investors and the Commission staff to verify that the
certifications have, in fact, been submitted with the Exchange Act
reports to which they relate and to review the contents of the
certifications to ensure compliance with the applicable requirements.
The amendments also will streamline compliance with Section 1350 of
Title 18 of the United States Code and will enable investors, the
Commission staff and the Department of Justice, which has
responsibility for enforcing Section 1350, to verify a company's
submission of the Section 906 certification and efficiently review the
form and content of the certifications.
B. Significant Issues Raised by Public Comment
In the Proposing Releases, we requested comment on any aspect of
the IRFA, including the number of small entities that would be affected
by the proposals, and both quantitative and qualitative nature of the
impact. Several commenters expressed concern that small business
issuers, including small entities, would be particularly disadvantaged
by our proposal to require quarterly evaluations of internal control
over financial reporting. We received no commentary on the impact
[[Page 36659]]
on small entities of the new certification requirements.
C. Small Entities Subject to the Amendments
The new disclosure items affect issuers that are small entities.
Exchange Act Rule 0-10(a) \184\ defines an issuer, other than an
investment company, to be a ``small business'' or ``small
organization'' if it had total assets of $5 million or less on the last
day of its most recent fiscal year. We estimate that there are
approximately 2,500 issuers, other than investment companies, that may
be considered small entities. For purposes of the Regulatory
Flexibility Act, an investment company is a ``small entity'' if it,
together with other investment companies in the same group of related
investment companies, has net assets of $50 million or less as of the
end of its most recent fiscal year.\185\ We estimate that there are
approximately 190 registered management investment companies that,
together with other investment companies in the same group of related
investment companies, have net assets of $50 million or less as of the
end of the most recent fiscal year.\186\
---------------------------------------------------------------------------
\184\ 17 CFR 240.0-10(a).
\185\ 17 CFR 270.0-10.
\186\ This estimate is based on figures compiled by the
Commission staff regarding investment companies registered on Forms
N-1A, N-2 and N-3, which are required to file reports on Form N-CSR.
---------------------------------------------------------------------------
The new disclosure items with respect to management's report on
internal control over financial reporting and the registered public
accounting firm's attestation report apply to any small entity, other
than a registered investment company, that is subject to Exchange Act
reporting requirements. The new certification requirements apply to any
small entity that is subject to Exchange Act reporting requirements.
D. Reporting, Recordkeeping and Other Compliance Requirements
The amendments require a company's management to disclose
information regarding the company's internal control over financial
reporting, including management's assessment of the effectiveness of
the company's internal control over financial reporting. All small
entities that are subject to the reporting requirements of Section
13(a) or 15(d) of the Exchange Act, other than registered investment
companies, are subject to these evaluation and disclosure requirements.
Because reporting companies already file the forms being amended, no
additional professional skills beyond those currently possessed by
these filers necessarily are required to prepare the new disclosure,
although some companies may choose to engage outside professionals to
assist them in complying with the new requirements. We expect that
these new disclosure items will increase compliance costs incurred by
small entities. We have calculated for purposes of the Paperwork
Reduction Act that each company would be subject to an added annual
reporting burden of approximately 398 hours and the portion of that
burden that is reflected as the cost associated with outside
professionals is approximately $35,286.\187\ We believe, however, that
the annual average burden and costs for small issuers are much
lower.\188\ For the new certification requirements, we estimate that a
company, including a small entity, will be subject to an additional
reporting burden of eight hours per year.\189\ These burden estimates
reflect only the burden and cost of the required collection of
information.
---------------------------------------------------------------------------
\187\ This estimate includes the burden for one annual report
and three quarterly reports.
\188\ Under the method we used to estimate the PRA burdens
associated with the Section 404 rules, we estimated that companies
with less than $100 million in revenues would be subject to an added
annual reporting burden of approximately 100 hours.
\189\ The estimated burden for one annual report and three
quarterly reports.
---------------------------------------------------------------------------
E. Agency Action to Minimize Effect on Small Entities
The Regulatory Flexibility Act directs us to consider alternatives
that would accomplish our stated objectives, while minimizing any
significant adverse impact on small entities. In connection with the
amendments, we considered the following alternatives:
[sbull] Establishing different compliance or reporting requirements
or timetables that take into account the resources available to small
entities;
[sbull] Clarifying, consolidating or simplifying compliance and
reporting requirements under the rules for small entities;
[sbull] Using performance rather than design standards; and
[sbull] Exempting small entities from all or part of the
requirements.
Several of these alternatives were considered but rejected, while
other alternatives were taken into account in the final rules. We
believe the final rules fulfill the intent of the Sarbanes-Oxley Act of
enhancing the quality of reporting and increasing investor confidence
in the fairness and integrity of the securities markets.
Sections 302, 404 and 906 of the Sarbanes-Oxley Act make no
distinction based on a company's size. We think that improvements in
the financial reporting process for all companies are important for
promoting investor confidence in our markets. For example, a 1999
report commissioned by the organizations that sponsored the Treadway
Commission found that the incidence of financial fraud was greater in
small companies.\190\ However, we are sensitive to the costs and
burdens that small entities will face. The final rules require only a
quarterly evaluation of material changes to a company's internal
control over financial reporting, unlike the proposed rules that would
have required management to evaluate the effectiveness of a company's
internal control over financial reporting on a quarterly basis. In
response to comments, including comments submitted by the Small
Business Administration, we have decided not to adopt this proposal.
---------------------------------------------------------------------------
\190\ See Beasley, Carcello and Hermanson, Fraudulent Financial
Reporting: 1987-1997, An Analysis of U.S. Public Companies (Mar.
1999) (study commissioned by the Committee of Sponsoring
Organizations of the Treadway Commission).
---------------------------------------------------------------------------
We believe that a blanket exemption for small entities from
coverage of the requirements is not appropriate and would be
inconsistent with the policies underlying the Sarbanes-Oxley Act.
However, we have provided an extended transition period for companies
that do not meet the definition in Exchange Act Rule 12b-2 \191\ of an
``accelerated filer'' for the rules implementing Section 404 of the
Sarbanes-Oxley Act. Under the adopted rules, non-accelerated filers,
including small business issuers, need not prepare the management
report on internal control over financial reporting until they file
their annual reports for fiscal years ending on or after April 15,
2005. This deferral provides non-accelerated filers more time to
develop structured and formal systems of internal control over
financial reporting.
---------------------------------------------------------------------------
\191\ 17 CFR 240.12b-2.
---------------------------------------------------------------------------
We believe that the new disclosure and certification requirements
are clear and straightforward. The amendments require only brief
disclosure. An effective system of internal control over financial
reporting has always been necessary to produce reliable financial
statements and other financial information. Our amendments do not
specify any particular controls that a company's internal control over
financial reporting should include. Each company is afforded the
flexibility to design its internal control over financial reporting
according to its own set of circumstances. This flexibility should
[[Page 36660]]
enable companies to keep costs of compliance as low as possible.
Therefore, it does not seem necessary to develop separate requirements
for small entities.
The final rules impose both design and performance standards
regarding disclosure of management's responsibility for establishing
and maintaining adequate internal control over financial reporting for
the company and management's assessment of the effectiveness of such
controls. The rules do, however, afford a company the flexibility to
design its internal control over financial reporting to fit its
particular circumstances. We believe that it would be inconsistent with
the purposes of the Sarbanes-Oxley Act to specify different
requirements for small entities.
VIII. Statutory Authority and Text of Rule Amendments
The amendments described in this release are being adopted under
the authority set forth in Sections 5, 6, 7, 10, 17 and 19 of the
Securities Act, as amended, Sections 12, 13, 15, 23 and 36 of the
Exchange Act, Sections 8, 30, 31 and 38 of the Investment Company Act,
as amended and Sections 3(a), 302, 404, 405 and 906 of the Sarbanes-
Oxley Act.
List of Subjects
17 CFR Part 210
Accountants, Accounting, Reporting and recordkeeping requirements,
Securities.
17 CFR Part 228
Reporting and recordkeeping requirements, Securities, Small
businesses.
17 CFR Parts 229, 240 and 249
Reporting and recordkeeping requirements, Securities.
17 CFR Parts 270 and 274
Investment companies, Reporting and recordkeeping requirements,
Securities.
Text of Amendments
0
For the reasons set out in the preamble, the Commission amends title
17, chapter II, of the Code of Federal Regulations as follows:
PART 210--FORM AND CONTENT OF AND REQUIREMENTS FOR FINANCIAL
STATEMENTS, SECURITIES ACT OF 1933, SECURITIES EXCHANGE ACT OF
1934, PUBLIC UTILITY HOLDING COMPANY ACT OF 1935, INVESTMENT
COMPANY ACT OF 1940, INVESTMENT ADVISERS ACT OF 1940, AND ENERGY
POLICY AND CONSERVATION ACT OF 1975
0
1. The authority citation for Part 210 is revised to read as follows:
Authority: 15 U.S.C. 77f, 77g, 77h, 77j, 77s, 77z-2, 77z-3,
77aa(25), 77aa(26), 78c, 78j-1, 78l, 78m, 78n, 78o(d), 78q, 78u-5,
78w(a), 78ll, 78mm, 79e(b), 79j(a), 79n, 79t(a), 80a-8, 80a-20, 80a-
29, 80a-30, 80a-31, 80a-37(a), 80b-3, 80b-11, 7202 and 7262, unless
otherwise noted.
0
2. Section 210.1-02 is amended by:
0
a. Removing the authority citation following Sec. 210.1-02;
0
b. Redesignating paragraph (a) as paragraph (a)(1); and
0
c. Adding paragraph (a)(2).
The revisions read as follows:
Sec. 210.1-02 Definitions of terms used in Regulation S-X (17 CFR
part 210).
* * * * *
(a)(1) * * *
(2) Attestation report on management's assessment of internal
control over financial reporting. The term attestation report on
management's assessment of internal control over financial reporting
means a report in which a registered public accounting firm expresses
an opinion, or states that an opinion cannot be expressed, concerning
management's assessment of the effectiveness of the registrant's
internal control over financial reporting (as defined in Sec. 240.13a-
15(f) or 240.15d-15(f) of this chapter) in accordance with standards on
attestation engagements. When an overall opinion cannot be expressed,
the registered public accounting firm must state why it is unable to
express such an opinion.
* * * * *
0
3. Amend Sec. 210.2-02 by:
0
a. Revising the section heading;
0
b. Revising the headings of paragraphs (a), (b), (c) and (d); and
0
c. Adding paragraph (f).
The addition and revisions read as follows.
Sec. 210.2-02 Accountants' reports and attestation reports on
management's assessment of internal control over financial reporting.
(a) Technical requirements for accountants' reports. * * *
(b) Representations as to the audit included in accountants'
reports. * * *
(c) Opinions to be expressed in accountants' reports. * * *
(d) Exceptions identified in accountants' reports. * * *
* * * * *
(f) Attestation report on management's assessment of internal
control over financial reporting. Every registered public accounting
firm that issues or prepares an accountant's report for a registrant,
other than an investment company registered under section 8 of the
Investment Company Act of 1940 (15 U.S.C. 80a-8), that is included in
an annual report required by section 13(a) or 15(d) of the Securities
Exchange Act of 1934 (15 U.S.C. 78a et seq.) containing an assessment
by management of the effectiveness of the registrant's internal control
over financial reporting must attest to, and report on, such
assessment. The attestation report on management's assessment of
internal control over financial reporting shall be dated, signed
manually, identify the period covered by the report and clearly state
the opinion of the accountant as to whether management's assessment of
the effectiveness of the registrant's internal control over financial
reporting is fairly stated in all material respects, or must include an
opinion to the effect that an overall opinion cannot be expressed. If
an overall opinion cannot be expressed, explain why. The attestation
report on management's assessment of internal control over financial
reporting may be separate from the accountant's report.
PART 228--INTEGRATED DISCLOSURE SYSTEM FOR SMALL BUSINESS ISSUERS
0
4. The general authority citation for Part 228 is revised to read as
follows:
Authority: 15 U.S.C. 77e, 77f, 77g, 77h, 77j, 77k, 77s, 77z-2,
77z-3, 77aa(25), 77aa(26), 77ddd, 77eee, 77ggg, 77hhh, 77jjj, 77nnn,
77sss, 78l, 78m, 78n, 78o, 78u-5, 78w, 78ll, 78mm, 80a-8, 80a-29,
80a-30, 80a-37, 80b-11, 7202, 7241, and 7262; and 18 U.S.C. 1350,
unless otherwise noted.
* * * * *
0
5. Revise Sec. 228.307 to read as follows:
Sec. 228.307 (Item 307) Disclosure controls and procedures.
Disclose the conclusions of the small business issuer's principal
executive and principal financial officers, or persons performing
similar functions, regarding the effectiveness of the small business
issuer's disclosure controls and procedures (as defined in Sec.
240.13a-15(e) or 240.15d-15(e) of this chapter) as of the end of the
period covered by the report, based on the evaluation of these
[[Page 36661]]
controls and procedures required by paragraph (b) of Sec. 240.13a-15
or 240.15d-15 of this chapter.
0
6. Add Sec. 228.308 to read as follows:
Sec. 228.308 (Item 308) Internal control over financial reporting.
(a) Management's annual report on internal control over financial
reporting. Provide a report of management on the small business
issuer's internal control over financial reporting (as defined in Sec.
240.13a-15(f) or 240.15d-15(f) of this chapter) that contains:
(1) A statement of management's responsibility for establishing and
maintaining adequate internal control over financial reporting for the
small business issuer;
(2) A statement identifying the framework used by management to
evaluate the effectiveness of the small business issuer's internal
control over financial reporting as required by paragraph (c) of Sec.
240.13a-15 or 240.15d-15 of this chapter;
(3) Management's assessment of the effectiveness of the small
business issuer's internal control over financial reporting as of the
end of the small business issuer's most recent fiscal year, including a
statement as to whether or not internal control over financial
reporting is effective. This discussion must include disclosure of any
material weakness in the small business issuer's internal control over
financial reporting identified by management. Management is not
permitted to conclude that the small business issuer's internal control
over financial reporting is effective if there are one or more material
weaknesses in the small business issuer's internal control over
financial reporting; and
(4) A statement that the registered public accounting firm that
audited the financial statements included in the annual report
containing the disclosure required by this Item has issued an
attestation report on management's assessment of the small business
issuer's internal control over financial reporting.
(b) Attestation report of the registered public accounting firm.
Provide the registered public accounting firm's attestation report on
management's assessment of the small business issuer's internal control
over financial reporting in the small business issuer's annual report
containing the disclosure required by this Item.
(c) Changes in internal control over financial reporting. Disclose
any change in the small business issuer's internal control over
financial reporting identified in connection with the evaluation
required by paragraph (d) of Sec. 240.13a-15 or 240.15d-15 of this
chapter that occurred during the small business issuer's last fiscal
quarter (the small business issuer's fourth fiscal quarter in the case
of an annual report) that has materially affected, or is reasonably
likely to materially affect, the small business issuer's internal
control over financial reporting.
Instructions to Item 308
1. The small business issuer must maintain evidential matter,
including documentation, to provide reasonable support for
management's assessment of the effectiveness of the small business
issuer's internal control over financial reporting.
2. A small business issuer that is an Asset-Backed Issuer (as
defined in Sec. 240.13a-14(g) and Sec. 240.15d-14(g) of this
chapter) is not required to disclose the information required by
this Item.
Sec. 228.401 [Amended]
0
7. Amend Sec. 228.401 by removing the phrase ``internal controls and
procedures for financial reporting'' in paragraph (e)(2)(iv) of Item
401 and adding, in its place, the phrase ``internal control over
financial reporting''.
0
8. Amend Sec. 228.601 by:
0
a. Removing the last sentence of paragraph (a)(1);
0
b. Revising the Exhibit Table;
0
c. Revising paragraph (b)(7) to read ``No exhibit required.'';
0
d. Revising the heading in paragraph (b)(11) to read ``Statement re:
computation of per share earnings''; and
0
e. Revising paragraphs (b)(27) through (b)(98).
0
The revisions read as follows.
Sec. 228.601 (Item 601) Exhibits.
* * * * *
Exhibit Table
--------------------------------------------------------------------------------------------------------------------------------------------------------
Securities act forms Exchange act forms
--------------------------------------------------------------------------------------------------------------------
SB-2 S-2 S-3 S-4 \3\ S-8 10-SB 8-K 10-QSB 10-KSB 10-KSB
-------------------------------------------------------------------------------------------------------------------------------------------------- --------
(1) Underwriting agreement............ X X X X .......... .......... X .......... ..........
(2) Plan of purchase, sale, X X X X .......... X X X X
reorganization, arrangement,
liquidation or succession............
(3) (i) Articles of Incorporation..... X .......... .......... X .......... X .......... X X
(ii) By-laws.......................... X .......... .......... X .......... X .......... X X
(4) Instruments defining the rights of X X X X X X X X X
security holders, including
indentures...........................
(5) Opinion on legality............... X X X X X .......... .......... .......... ..........
(6) No exhibit required............... N/A N/A N/A N/A N/A N/A N/A N/A N/A
(7) No exhibit required............... N/A N/A N/A N/A N/A N/A N/A N/A N/A
(8) Opinion on tax matters............ X X X X .......... .......... .......... .......... ..........
(9) Voting trust agreement and X .......... .......... X .......... X .......... .......... X
amendments...........................
(10) Material contracts............... X X .......... X .......... X .......... X X
(11) Statement re: computation of per X X .......... X .......... X .......... X X
share earnings.......................
(12) No exhibit required.............. N/A N/A N/A N/A N/A N/A N/A N/A N/A
(13) Annual report to security holders X X .......... X .......... .......... .......... .......... X
for the last fiscal year, Form 10-Q
or 10-QSB or quarterly report to
security holders \1\.................
(14) Code of ethics................... .......... .......... .......... .......... .......... .......... .......... .......... X
(15) Letter on unaudited interim X X X X X .......... .......... X ..........
financial information................
[[Page 36662]]
(16) Letter on change in certifying X X .......... X .......... X X .......... X
accountant \4\.......................
(17) Letter on director resignation... .......... .......... .......... .......... .......... .......... X .......... ..........
(18) Letter on change in accounting .......... .......... .......... .......... .......... .......... .......... X X
principles...........................
(19) Reports furnished to security .......... .......... .......... .......... .......... .......... .......... X ..........
holders..............................
(20) Other documents or statements to .......... .......... .......... .......... .......... .......... .......... X X
security holders or any document
incorporated by reference............
(21) Subsidiaries of the small X .......... .......... X .......... X .......... .......... X
business issuer......................
(22) Published report regarding .......... .......... .......... .......... .......... .......... .......... X X
matters submitted to vote of security
holders..............................
(23) Consents of experts and counsel.. X X X X X .......... X \2\ X \2\ X \2\
(24) Power of attorney................ X X X X X X X X X
(25) Statement of eligibility of X X X X .......... .......... .......... .......... ..........
trustee..............................
(26) Invitations for competitive bids. .......... X X X X .......... .......... .......... ..........
(27) through (30) [Reserved].......... .......... .......... .......... .......... .......... .......... .......... .......... ..........
(31) Rule 13a-14(a)/15d-14(a) .......... .......... .......... .......... .......... .......... .......... X X
Certifications.......................
(32) Section 1350 Certifications...... .......... .......... .......... .......... .......... .......... .......... X X
(33) through (98)[Reserved]........... .......... .......... .......... .......... .......... .......... .......... .......... ..........
(99) Additional exhibits.............. X X X X X X X X X
--------------------------------------------------------------------------------------------------------------------------------------------------------
\1\ Only if incorporated by reference into a prospectus and delivered to holders along with the prospectus as permitted by the registration statement;
or in the case of a Form 10-KSB, where the annual report is incorporated by reference into the text of the Form 10-KSB.
\2\ Where the opinion of the expert or counsel has been incorporated by reference into a previously filed Securities Act registration statement.
\3\ An issuer need not provide an exhibit if: (1) an election was made under Form S-4 to provide S-2 or S-3 disclosure; and (2) the form selected (S-2
or S-3) would not require the company to provide the exhibit.
\4\ If required under Item 304 of Regulation S-B.
(b) Description of exhibits. * * *
(27) through (30) [Reserved]
(31) Rule 13a-14(a)/15d-14(a) Certifications. The certifications
required by Rule 13a-14(a) (17 CFR 240.13a-14(a)) or Rule 15d-14(a) (17
CFR 240.15d-14(a)) exactly as set forth below:
Certifications *
I, [identify the certifying individual], certify that:
1. I have reviewed this [specify report] of [identify small
business issuer];
2. Based on my knowledge, this report does not contain any untrue
statement of a material fact or omit to state a material fact necessary
to make the statements made, in light of the circumstances under which
such statements were made, not misleading with respect to the period
covered by this report;
3. Based on my knowledge, the financial statements, and other
financial information included in this report, fairly present in all
material respects the financial condition, results of operations and
cash flows of the small business issuer as of, and for, the periods
presented in this report;
4. The small business issuer's other certifying officer(s) and I
are responsible for establishing and maintaining disclosure controls
and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-
15(e)) and internal control over financial reporting (as defined in
Exchange Act Rules 13a-15(f) and 15d-15(f)) for the small business
issuer and have:
(a) Designed such disclosure controls and procedures, or caused
such disclosure controls and procedures to be designed under our
supervision, to ensure that material information relating to the small
business issuer, including its consolidated subsidiaries, is made known
to us by others within those entities, particularly during the period
in which this report is being prepared;
(b) Designed such internal control over financial reporting, or
caused such internal control over financial reporting to be designed
under our supervision, to provide reasonable assurance regarding the
reliability of financial reporting and the preparation of financial
statements for external purposes in accordance with generally accepted
accounting principles;
(c) Evaluated the effectiveness of the small business issuer's
disclosure controls and procedures and presented in this report our
conclusions about the effectiveness of the disclosure controls and
procedures, as of the end of the period covered by this report based on
such evaluation; and
(d) Disclosed in this report any change in the small business
issuer's internal control over financial reporting that occurred during
the small business issuer's most recent fiscal quarter (the small
business issuer's fourth fiscal quarter in the case of an annual
report) that has materially affected, or is reasonably likely to
materially affect, the small business issuer's internal control over
financial reporting; and
5. The small business issuer's other certifying officer(s) and I
have disclosed, based on our most recent evaluation of internal control
over financial reporting, to the small business issuer's auditors and
the audit committee of the small business issuer's board of directors
(or
[[Page 36663]]
persons performing the equivalent functions):
(a) All significant deficiencies and material weaknesses in the
design or operation of internal control over financial reporting which
are reasonably likely to adversely affect the small business issuer's
ability to record, process, summarize and report financial information;
and
(b) Any fraud, whether or not material, that involves management or
other employees who have a significant role in the small business
issuer's internal control over financial reporting.
Date:
-----------------------------------------------------------------------
-----------------------------------------------------------------------
[Signature]
[Title]
* Provide a separate certification for each principal executive
officer and principal financial officer of the small business
issuer. See Rules 13a-14(a) and 15d-14(a)
(32) Section 1350 Certifications.
(i) The certifications required by Rule 13a-14(b) (17 CFR 240.13a-
14(b)) or Rule 15d-14(b) (17 CFR 240.15d-14(b)) and Section 1350 of
Chapter 63 of Title 18 of the United States Code (18 U.S.C. 1350).
(ii) A certification furnished pursuant to this Item will not be
deemed ``filed'' for purposes of section 18 of the Exchange Act (15
U.S.C. 78r), or otherwise subject to the liability of that section.
Such certification will not be deemed to be incorporated by reference
into any filing under the Securities Act or the Exchange Act, except to
the extent that the small business issuer specifically incorporates it
by reference.
(33) through (98) [Reserved]
* * * * *
PART 229--STANDARD INSTRUCTIONS FOR FILING FORMS UNDER SECURITIES
ACT OF 1933, SECURITIES EXCHANGE ACT OF 1934 AND ENERGY POLICY AND
CONSERVATION ACT OF 1975--REGULATION S-K
0
9. The general authority citation for Part 229 is revised to read as
follows:
Authority: 15 U.S.C. 77e, 77f, 77g, 77h, 77j, 77k, 77s, 77z-2,
77z-3, 77aa(25), 77aa(26), 77ddd, 77eee, 77ggg, 77hhh, 77iii, 77jjj,
77nnn, 77sss, 78c, 78i, 78j, 78l, 78m, 78n, 78o, 78u-5, 78w, 78ll,
78mm, 79e, 79j, 79n, 79t, 80a-8, 80a-9, 80a-20, 80a-29, 80a-30, 80a-
31(c), 80a-37, 80a-38(a), 80a-39, 80b-11, 7202, 7241, and 7262; and
18 U.S.C. 1350, unless otherwise noted.
* * * * *
0
10. By revising Sec. 229.307 to read as follows:
Sec. 229.307 (Item 307) Disclosure controls and procedures.
Disclose the conclusions of the registrant's principal executive
and principal financial officers, or persons performing similar
functions, regarding the effectiveness of the registrant's disclosure
controls and procedures (as defined in Sec. 240.13a-15(e) or 240.15d-
15(e) of this chapter) as of the end of the period covered by the
report, based on the evaluation of these controls and procedures
required by paragraph (b) of Sec. 240.13a-15 or 240.15d-15 of this
chapter.
0
11. By adding Sec. 229.308 to read as follows:
Sec. 229.308 (Item 308) Internal control over financial reporting.
(a) Management's annual report on internal control over financial
reporting. Provide a report of management on the registrant's internal
control over financial reporting (as defined in Sec. 240.13a-15(f) or
240.15d-15(f) of this chapter) that contains:
(1) A statement of management's responsibility for establishing and
maintaining adequate internal control over financial reporting for the
registrant;
(2) A statement identifying the framework used by management to
evaluate the effectiveness of the registrant's internal control over
financial reporting as required by paragraph (c) of Sec. 240.13a-15 or
240.15d-15 of this chapter;
(3) Management's assessment of the effectiveness of the
registrant's internal control over financial reporting as of the end of
the registrant's most recent fiscal year, including a statement as to
whether or not internal control over financial reporting is effective.
This discussion must include disclosure of any material weakness in the
registrant's internal control over financial reporting identified by
management. Management is not permitted to conclude that the
registrant's internal control over financial reporting is effective if
there are one or more material weaknesses in the registrant's internal
control over financial reporting; and
(4) A statement that the registered public accounting firm that
audited the financial statements included in the annual report
containing the disclosure required by this Item has issued an
attestation report on management's assessment of the registrant's
internal control over financial reporting.
(b) Attestation report of the registered public accounting firm.
Provide the registered public accounting firm's attestation report on
management's assessment of the registrant's internal control over
financial reporting in the registrant's annual report containing the
disclosure required by this Item.
(c) Changes in internal control over financial reporting. Disclose
any change in the registrant's internal control over financial
reporting identified in connection with the evaluation required by
paragraph (d) of Sec. 240.13a-15 or 240.15d-15 of this chapter that
occurred during the registrant's last fiscal quarter (the registrant's
fourth fiscal quarter in the case of an annual report) that has
materially affected, or is reasonably likely to materially affect, the
registrant's internal control over financial reporting.
Instructions to Item 308
1. The registrant must maintain evidential matter, including
documentation, to provide reasonable support for management's
assessment of the effectiveness of the registrant's internal control
over financial reporting.
2. A registrant that is an Asset-Backed Issuer (as defined in Sec.
240.13a-14(g) and Sec. 240.15d-14(g) of this chapter) is not required
to disclose the information required by this Item.
Sec. 229.401 [Amended]
0
12. By amending Sec. 229.401 by removing the phrase ``internal
controls and procedures for financial reporting'' in paragraph
(h)(2)(iv) of Item 401 and adding, in its place, the phrase ``internal
control over financial reporting''.
0
13. By amending Sec. 229.601 by:
0
a. Removing the second and third sentences of paragraph (a)(1);
0
b. Revising the Exhibit Table which follows the Instructions to the
Exhibit Table; and
0
c. Revising paragraphs (b)(27) through (b)(98).
0
The revisions read as follows:
Sec. 229.601 (Item 601) Exhibits.
(a) Exhibits and index required. * * *
Instructions to the Exhibit Table
* * * * *
[[Page 36664]]
Exhibit Table
--------------------------------------------------------------------------------------------------------------------------------------------------------
Securities act forms Exchange act forms
---------------------------------------------------------------------------------------------------------------
S-1 S-2 S-3 S-4\3\ S-8 S-11 F-1 F-2 F-3 F-4\3\ 10 8-K 10-Q 10-K
--------------------------------------------------------------------------------------------------------------------------------------------------------
(1) Underwriting agreement.............. X X X X ...... X X X X X ...... X ...... ......
(2) Plan of acquisition, reorganization, X X X X ...... X X X X X X X X X
arrangement, liquidation or succession.
(3) (i) Articles of incorporation....... X ...... ...... X ...... X X ...... ...... X X ...... X X
(ii) By-laws............................ X ...... ...... X ...... X X ...... ...... X X ...... X X
(4) Instruments defining the rights of X X X X X X X X X X X X X X
security holders, including indentures.
(5) Opinion re legality................. X X X X X X X X X X ...... ...... ...... ......
(6) [Reserved].......................... N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
(7) [Reserved].......................... N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
(8) Opinion re tax matters.............. X X X X ...... X X X X X ...... ...... ...... ......
(9) Voting trust agreement.............. X X X X X X X X X X X X X X
(10) Material contracts................. X X ...... X ...... X X X ...... X X ...... X X
(11) Statement re computation of per X X ...... X ...... X X X ...... X X ...... X X
share earnings.........................
(12) Statements re computation of ratios X X X X ...... X X X ...... X X ...... ...... X
(13) Annual report to security holders, ...... X ...... X ...... ...... ...... ...... ...... ...... ...... ...... ...... X
Form 10-Q and 10-QSB, or quarterly
report to security holders \1\.........
(14) Code of Ethics..................... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... X
(15) Letter re unaudited interim X X X X X X X X X X ...... ...... X ......
financial information..................
(16) Letter re change in certifying X X ...... X ...... X ...... ...... ...... ...... X X ...... X
accountant \4\.........................
(17) Letter re director resignation..... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... X ...... ......
(18) Letter re change in accounting ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... X X
principles.............................
(19) Report furnished to security ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... X ......
holders................................
(20) Other documents or statements to ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... X ...... ......
security holders.......................
(21) Subsidiaries of the registrant..... X ...... ...... X ...... X X ...... ...... X X ...... ...... X
(22) Published report regarding matters ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... X X
submitted to vote of security holders..
(23) Consents of experts and counsel.... X X X X X X X X X X ...... X \2\ X \2\ X \2\
(24) Power of attorney.................. X X X X X X X X X X X X X X
(25) Statement of eligibility of trustee X X X X ...... X X X X X ...... ...... ...... ......
(26) Invitations for competitive bids... X X X X ...... ...... X X X X ...... ...... ...... ......
(27) through (30) [Reserved]............ ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ......
(31) Rule 13a-14(a)/15d-14(a) ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... X X
Certifications.........................
(32) Section 1350 Certifications........ ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... X X
(33) through (98) [Reserved]............ N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
(99) Additional exhibits................ X X X X X X X X X X X X X X
--------------------------------------------------------------------------------------------------------------------------------------------------------
\1\ Where incorporated by reference into the text of the prospectus and delivered to security holders along with the prospectus as permitted by the
registration statement; or, in the case of the Form 10-K, where the annual report to security holders is incorporated by reference into the text of
the Form 10-K.
\2\ Where the opinion of the expert or counsel has been incorporated by reference into a previously filed Securities Act registration statement.
\3\ An exhibit need not be provided about a company if: (1) With respect to such company an election has been made under Form S-4 or F-4 to provide
information about such company at a level prescribed by Forms S-2, S-3, F-2 or F-3 and (2) the form, the level of which has been elected under Forms S-
4 or F-4, would not require such company to provide such exhibit if it were registering a primary offering.
\4\ If required pursuant to Item 304 of Regulation S-K.
(b) Description of exhibits. * * *
(27) through (30) [Reserved]
(31) Rule 13a-14(a)/15d-14(a) Certifications. The certifications
required by Rule 13a-14(a) (17 CFR 240.13a-14(a)) or Rule 15d-14(a) (17
CFR 240.15d-14(a)) exactly as set forth below:
Certifications*
I, [identify the certifying individual], certify that:
1. I have reviewed this [specify report] of [identify registrant];
2. Based on my knowledge, this report does not contain any untrue
statement of a material fact or omit to state a material fact necessary
to make the statements made, in light of the circumstances under which
such statements were made, not misleading with respect to the period
covered by this report;
3. Based on my knowledge, the financial statements, and other
financial information included in this report, fairly present in all
material respects the financial condition, results of operations and
cash flows of the registrant as of, and for, the periods presented in
this report;
4. The registrant's other certifying officer(s) and I are
responsible for establishing and maintaining disclosure controls and
procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e))
and internal control over financial reporting (as defined in Exchange
Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have:
(a) Designed such disclosure controls and procedures, or caused
such
[[Page 36665]]
disclosure controls and procedures to be designed under our
supervision, to ensure that material information relating to the
registrant, including its consolidated subsidiaries, is made known to
us by others within those entities, particularly during the period in
which this report is being prepared;
(b) Designed such internal control over financial reporting, or
caused such internal control over financial reporting to be designed
under our supervision, to provide reasonable assurance regarding the
reliability of financial reporting and the preparation of financial
statements for external purposes in accordance with generally accepted
accounting principles;
(c) Evaluated the effectiveness of the registrant's disclosure
controls and procedures and presented in this report our conclusions
about the effectiveness of the disclosure controls and procedures, as
of the end of the period covered by this report based on such
evaluation; and
(d) Disclosed in this report any change in the registrant's
internal control over financial reporting that occurred during the
registrant's most recent fiscal quarter (the registrant's fourth fiscal
quarter in the case of an annual report) that has materially affected,
or is reasonably likely to materially affect, the registrant's internal
control over financial reporting; and
5. The registrant's other certifying officer(s) and I have
disclosed, based on our most recent evaluation of internal control over
financial reporting, to the registrant's auditors and the audit
committee of the registrant's board of directors (or persons performing
the equivalent functions):
(a) All significant deficiencies and material weaknesses in the
design or operation of internal control over financial reporting which
are reasonably likely to adversely affect the registrant's ability to
record, process, summarize and report financial information; and
(b) Any fraud, whether or not material, that involves management or
other employees who have a significant role in the registrant's
internal control over financial reporting.
Date:
-----------------------------------------------------------------------
-----------------------------------------------------------------------
-----------------------------------------------------------------------
[Signature]
-----------------------------------------------------------------------
[Title]
*Provide a separate certification for each principal executive
officer and principal financial officer of the registrant. See Rules
13a-14(a) and 15d-14(a).
(32) Section 1350 Certifications.
(i) The certifications required by Rule 13a-14(b) (17 CFR 240.13a-
14(b)) or Rule 15d-14(b) (17 CFR 240.15d-14(b)) and Section 1350 of
Chapter 63 of Title 18 of the United States Code (18 U.S.C. 1350).
(ii) A certification furnished pursuant to this item will not be
deemed ``filed'' for purposes of Section 18 of the Exchange Act (15
U.S.C. 78r), or otherwise subject to the liability of that section.
Such certification will not be deemed to be incorporated by reference
into any filing under the Securities Act or the Exchange Act, except to
the extent that the registrant specifically incorporates it by
reference.
(33) through (98) [Reserved]
PART 240--GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF
1934
0
14. The general authority citation for Part 240 is revised to read as
follows:
Authority: 15 U.S.C. 77c, 77d, 77g, 77j, 77s, 77z-2, 77z-3,
77eee, 77ggg, 77nnn, 77sss, 77ttt, 78c, 78d, 78e, 78f, 78g, 78i,
78j, 78j-1, 78k, 78k-1, 78l, 78m, 78n, 78o, 78p, 78q, 78s, 78u-5,
78w, 78x, 78ll, 78mm, 79q, 79t, 80a-20, 80a-23, 80a-29, 80a-37, 80b-
3, 80b-4, 80b-11, 7202, 7241, 7262, and 7263; and 18 U.S.C. 1350,
unless otherwise noted.
* * * * *
0
15. By revising Sec. 240.12b-15 to read as follows:
Sec. 240.12b-15 Amendments.
All amendments must be filed under cover of the form amended,
marked with the letter ``A'' to designate the document as an amendment,
e.g., ``10-K/A,'' and in compliance with pertinent requirements
applicable to statements and reports. Amendments filed pursuant to this
section must set forth the complete text of each item as amended.
Amendments must be numbered sequentially and be filed separately for
each statement or report amended. Amendments to a statement may be
filed either before or after registration becomes effective. Amendments
must be signed on behalf of the registrant by a duly authorized
representative of the registrant. An amendment to any report required
to include the certifications as specified in Sec. 240.13a-14(a) or
Sec. 240.15d-14(a) must include new certifications by each principal
executive and principal financial officer of the registrant, and an
amendment to any report required to be accompanied by the
certifications as specified in Sec. 240.13a-14(b) or Sec. 240.15d-
14(b) must be accompanied by new certifications by each principal
executive and principal financial officer of the registrant. The
requirements of the form being amended will govern the number of copies
to be filed in connection with a paper format amendment. Electronic
filers satisfy the provisions dictating the number of copies by filing
one copy of the amendment in electronic format. See Sec. 232.309 of
this chapter (Rule 309 of Regulation S-T).
0
16. By amending Sec. 240.13a-14 by:
0
a. Revising paragraphs (a) and (b);
0
b. Removing paragraph (c);
0
c. Redesignating paragraphs (d), (e) and (f) as paragraphs (c), (d) and
(e);
0
d. Revising newly redesignated paragraph (c), the introductory text of
newly redesignated paragraph (d) and newly redesignated paragraph (e);
and
0
e. Adding and reserving new paragraph (f).
The revisions read as follows:
Sec. 240.13a-14 Certification of disclosure in annual and quarterly
reports.
(a) Each report, including transition reports, filed on Form 10-Q,
Form 10-QSB, Form 10-K, Form 10-KSB, Form 20-F or Form 40-F (Sec. Sec.
249.308a, 249.308b, 249.310, 249.310b, 249.220f or 249.240f of this
chapter) under section 13(a) of the Act (15 U.S.C. 78m(a)), other than
a report filed by an Asset-Backed Issuer (as defined in paragraph (g)
of this section), must include certifications in the form specified in
the applicable exhibit filing requirements of such report and such
certifications must be filed as an exhibit to such report. Each
principal executive and principal financial officer of the issuer, or
persons performing similar functions, at the time of filing of the
report must sign a certification.
(b) Each periodic report containing financial statements filed by
an issuer pursuant to section 13(a) of the Act (15 U.S.C. 78m(a)) must
be accompanied by the certifications required by Section 1350 of
Chapter 63 of Title 18 of the United States Code (18 U.S.C. 1350) and
such certifications must be furnished as an exhibit to such report as
specified in the applicable exhibit requirements for such report. Each
principal executive and principal financial officer of the issuer (or
equivalent thereof) must sign a certification. This requirement may be
satisfied by a single certification signed by an issuer's principal
executive and principal financial officers.
(c) A person required to provide a certification specified in
paragraph (a) or (b) of this section may not have the certification
signed on his or her behalf pursuant to a power of attorney or other
form of confirming authority.
(d) Each annual report filed by an Asset-Backed Issuer (as defined
in paragraph (g) of this section) under
[[Page 36666]]
section 13(a) of the Act (15 U.S.C. 78m(a)) must include a
certification addressing the following items: * * *
(e) With respect to Asset-Backed Issuers, the certification
required by paragraph (d) of this section must be signed by the trustee
of the trust (if the trustee signs the annual report) or the senior
officer in charge of securitization of the depositor (if the depositor
signs the annual report). Alternatively, the senior officer in charge
of the servicing function of the master servicer (or entity performing
the equivalent functions) may sign the certification.
(f) [Reserved]
* * * * *
0
17. Section 240.13a-15 is revised to read as follows:
Sec. 240.13a-15 Controls and procedures.
(a) Every issuer that has a class of securities registered pursuant
to section 12 of the Act (15 U.S.C. 78l), other than an Asset-Backed
Issuer (as defined in Sec. 240.13a-14(g)), a small business investment
company registered on Form N-5 (Sec. Sec. 239.24 and 274.5 of this
chapter), or a unit investment trust as defined by section 4(2) of the
Investment Company Act of 1940 (15 U.S.C. 80a-4(2)), must maintain
disclosure controls and procedures (as defined in paragraph (e) of this
section) and internal control over financial reporting (as defined in
paragraph (f) of this section).
(b) Each such issuer's management must evaluate, with the
participation of the issuer's principal executive and principal
financial officers, or persons performing similar functions, the
effectiveness of the issuer's disclosure controls and procedures, as of
the end of each fiscal quarter, except that management must perform
this evaluation:
(1) In the case of a foreign private issuer (as defined in Sec.
240.3b-4) as of the end of each fiscal year; and
(2) In the case of an investment company registered under section 8
of the Investment Company Act of 1940 (15 U.S.C. 80a-8), within the 90-
day period prior to the filing date of each report requiring
certification under Sec. 270.30a-2 of this chapter.
(c) The management of each such issuer, other than an investment
company registered under section 8 of the Investment Company Act of
1940, must evaluate, with the participation of the issuer's principal
executive and principal financial officers, or persons performing
similar functions, the effectiveness, as of the end of each fiscal
year, of the issuer's internal control over financial reporting. The
framework on which management's evaluation of the issuer's internal
control over financial reporting is based must be a suitable,
recognized control framework that is established by a body or group
that has followed due-process procedures, including the broad
distribution of the framework for public comment.
(d) The management of each such issuer, other than an investment
company registered under section 8 of the Investment Company Act of
1940, must evaluate, with the participation of the issuer's principal
executive and principal financial officers, or persons performing
similar functions, any change in the issuer's internal control over
financial reporting, that occurred during each of the issuer's fiscal
quarters, or fiscal year in the case of a foreign private issuer, that
has materially affected, or is reasonably likely to materially affect,
the issuer's internal control over financial reporting.
(e) For purposes of this section, the term disclosure controls and
procedures means controls and other procedures of an issuer that are
designed to ensure that information required to be disclosed by the
issuer in the reports that it files or submits under the Act (15 U.S.C.
78a et seq.) is recorded, processed, summarized and reported, within
the time periods specified in the Commission's rules and forms.
Disclosure controls and procedures include, without limitation,
controls and procedures designed to ensure that information required to
be disclosed by an issuer in the reports that it files or submits under
the Act is accumulated and communicated to the issuer's management,
including its principal executive and principal financial officers, or
persons performing similar functions, as appropriate to allow timely
decisions regarding required disclosure.
(f) The term internal control over financial reporting is defined
as a process designed by, or under the supervision of, the issuer's
principal executive and principal financial officers, or persons
performing similar functions, and effected by the issuer's board of
directors, management and other personnel, to provide reasonable
assurance regarding the reliability of financial reporting and the
preparation of financial statements for external purposes in accordance
with generally accepted accounting principles and includes those
policies and procedures that:
(1) Pertain to the maintenance of records that in reasonable detail
accurately and fairly reflect the transactions and dispositions of the
assets of the issuer;
(2) Provide reasonable assurance that transactions are recorded as
necessary to permit preparation of financial statements in accordance
with generally accepted accounting principles, and that receipts and
expenditures of the issuer are being made only in accordance with
authorizations of management and directors of the issuer; and
(3) Provide reasonable assurance regarding prevention or timely
detection of unauthorized acquisition, use or disposition of the
issuer's assets that could have a material effect on the financial
statements.
0
18. Amending Sec. 240.15d-14 by:
0
a. Revising paragraphs (a) and (b);
0
b. Removing paragraph (c);
0
c. Redesignating paragraphs (d), (e) and (f) as paragraphs (c), (d) and
(e);
0
d. Revising newly redesignated paragraph (c), the introductory text of
newly redesignated paragraph (d) and newly redesignated paragraph (e);
and
0
e. Adding and reserving new paragraph (f).
The revisions read as follows:
Sec. 240.15d-14 Certification of disclosure in annual and quarterly
reports.
(a) Each report, including transition reports, filed on Form 10-Q,
Form 10-QSB, Form 10-K, Form 10-KSB, Form 20-F or Form 40-F (Sec. Sec.
249.308a, 249.308b, 249.310, 249.310b, 249.220f or 249.240f of this
chapter) under section 15(d) of the Act (15 U.S.C. 78o(d)), other than
a report filed by an Asset-Backed Issuer (as defined in paragraph (g)
of this section), must include certifications in the form specified in
the applicable exhibit filing requirements of such report and such
certifications must be filed as an exhibit to such report. Each
principal executive and principal financial officer of the issuer, or
persons performing similar functions, at the time of filing of the
report must sign a certification.
(b) Each periodic report containing financial statements filed by
an issuer pursuant to section 15(d) of the Act (15 U.S.C. 78o(d)) must
be accompanied by the certifications required by Section 1350 of
Chapter 63 of Title 18 of the United States Code (18 U.S.C. 1350) and
such certifications must be furnished as an exhibit to such report as
specified in the applicable exhibit requirements for such report. Each
principal executive and principal financial officer of the issuer (or
equivalent thereof) must sign a certification. This requirement may be
satisfied by a single certification signed by an issuer's principal
executive and principal financial officers.
(c) A person required to provide a certification specified in
paragraph (a) or (b) of this section may not have the
[[Page 36667]]
certification signed on his or her behalf pursuant to a power of
attorney or other form of confirming authority.
(d) Each annual report filed by an Asset-Backed Issuer (as defined
in paragraph (g) of this section) under section 15(d) of the Act (15
U.S.C. 78o(d)), must include a certification addressing the following
items: * * *
(e) With respect to Asset-Backed Issuers, the certification
required by paragraph (d) of this section must be signed by the trustee
of the trust (if the trustee signs the annual report) or the senior
officer in charge of securitization of the depositor (if the depositor
signs the annual report). Alternatively, the senior officer in charge
of the servicing function of the master servicer (or entity performing
the equivalent functions) may sign the certification.
(f) [Reserved]
* * * * *
0
19. Section 240.15d-15 is revised to read as follows:
Sec. 240.15d-15 Controls and procedures.
(a) Every issuer that files reports under section 15(d) of the Act
(15 U.S.C. 78o(d)), other than an Asset-Backed Issuer (as defined in
Sec. 240.15d-14(g) of this chapter), a small business investment
company registered on Form N-5 (Sec. Sec. 239.24 and 274.5 of this
chapter), or a unit investment trust as defined in section 4(2) of the
Investment Company Act of 1940 (15 U.S.C. 80a-4(2)), must maintain
disclosure controls and procedures (as defined in paragraph (e) of this
section) and internal control over financial reporting (as defined in
paragraph (f) of this section).
(b) Each such issuer's management must evaluate, with the
participation of the issuer's principal executive and principal
financial officers, or persons performing similar functions, the
effectiveness of the issuer's disclosure controls and procedures, as of
the end of each fiscal quarter, except that management must perform
this evaluation:
(1) In the case of a foreign private issuer (as defined in Sec.
240.3b-4) as of the end of each fiscal year; and
(2) In the case of an investment company registered under section 8
of the Investment Company Act of 1940 (15 U.S.C. 80a-8), within the 90-
day period prior to the filing date of each report requiring
certification under Sec. 270.30a-2 of this chapter.
(c) The management of each such issuer, other than an investment
company registered under section 8 of the Investment Company Act of
1940, must evaluate, with the participation of the issuer's principal
executive and principal financial officers, or persons performing
similar functions, the effectiveness, as of the end of each fiscal
year, of the issuer's internal control over financial reporting. The
framework on which management's evaluation of the issuer's internal
control over financial reporting is based must be a suitable,
recognized control framework that is established by a body or group
that has followed due-process procedures, including the broad
distribution of the framework for public comment.
(d) The management of each such issuer, other than an investment
company registered under section 8 of the Investment Company Act of
1940, must evaluate, with the participation of the issuer's principal
executive and principal financial officers, or persons performing
similar functions, any change in the issuer's internal control over
financial reporting, that occurred during each of the issuer's fiscal
quarters, or fiscal year in the case of a foreign private issuer, that
has materially affected, or is reasonably likely to materially affect,
the issuer's internal control over financial reporting.
(e) For purposes of this section, the term disclosure controls and
procedures means controls and other procedures of an issuer that are
designed to ensure that information required to be disclosed by the
issuer in the reports that it files or submits under the Act (15 U.S.C.
78a et seq.) is recorded, processed, summarized and reported, within
the time periods specified in the Commission's rules and forms.
Disclosure controls and procedures include, without limitation,
controls and procedures designed to ensure that information required to
be disclosed by an issuer in the reports that it files or submits under
the Act is accumulated and communicated to the issuer's management,
including its principal executive and principal financial officers, or
persons performing similar functions, as appropriate to allow timely
decisions regarding required disclosure.
(f) The term internal control over financial reporting is defined
as a process designed by, or under the supervision of, the issuer's
principal executive and principal financial officers, or persons
performing similar functions, and effected by the issuer's board of
directors, management and other personnel, to provide reasonable
assurance regarding the reliability of financial reporting and the
preparation of financial statements for external purposes in accordance
with generally accepted accounting principles and includes those
policies and procedures that:
(1) Pertain to the maintenance of records that in reasonable detail
accurately and fairly reflect the transactions and dispositions of the
assets of the issuer;
(2) Provide reasonable assurance that transactions are recorded as
necessary to permit preparation of financial statements in accordance
with generally accepted accounting principles, and that receipts and
expenditures of the issuer are being made only in accordance with
authorizations of management and directors of the issuer; and
(3) Provide reasonable assurance regarding prevention or timely
detection of unauthorized acquisition, use or disposition of the
issuer's assets that could have a material effect on the financial
statements.
PART 249--FORMS, SECURITIES EXCHANGE ACT OF 1934
0
20. The general authority citation for Part 249 and the subauthority
citation for ``Section 249.331'' are revised to read as follows:
Authority: 15 U.S.C. 78a et seq., 7202, 7233, 7241, 7262, 7264,
and 7265; and 18 U.S.C. 1350, unless otherwise noted.
* * * * *
Section 249.331 is also issued under 15 U.S.C. 78j-1, 7202, 7233,
7241, 7264, 7265; and 18 U.S.C. 1350.
* * * * *
0
21. By amending Form 10-Q (referenced in Sec. 249.308a) by:
0
a. Removing the last sentence of General Instruction G;
0
b. Revising Item 4 to ``Part I--Financial Information;'' and
0
c. Removing the ``Certifications'' section after the ``Signatures''
section.
0
The revision reads as follows.
Note: The text of Form 10-Q does not, and this amendment will
not, appear in the Code of Federal Regulations.
Form 10-Q
* * * * *
Part I--Financial Information
* * * * *
Item 4. Controls and Procedures.
Furnish the information required by Items 307 of Regulation S-K (17
CFR 229.307) and 308(c) of Regulation S-K (17 CFR 229.308(c)).
* * * * *
0
22. By amending Form 10-QSB (referenced in Sec. 249.308b) by:
0
a. Removing the last sentence of paragraph 2 of General Instruction F;
0
b. Revising Item 3 to ``Part I--Financial Information;'' and
0
c. Removing the ``Certifications'' section after the ``Signatures''
section.
[[Page 36668]]
0
The revision reads as follows.
Note: The text of Form 10-QSB does not, and this amendment will
not, appear in the Code of Federal Regulations.
Form 10-QSB
* * * * *
Part I--Financial Information
* * * * *
Item 3. Controls and Procedures.
Furnish the information required by Items 307 of Regulation S-B (17
CFR 228.307) and 308(c) of Regulation S-B (17 CFR 228.308(c)).
* * * * *
0
23. By amending Form 10-K (referenced in Sec. 249.310) by:
0
a. Removing the phrase ``(who also must provide the certification
required by Rule 13a-14 (17 CFR 240.13a-14) or Rule 15d-14 (17 CFR
240.15d-14) exactly as specified in this form)'' each time it appears
in the first sentence of paragraph (2)(a) of General Instruction D.;
0
b. Removing the phrase ``(Items 1 through 9 or any portion thereof)''
and adding, in its place, the phrase ``(Items 1 through 9A or any
portion thereof)'' in the first sentence of paragraph (2) of General
Instruction G.;
0
c. Removing the phrase ``(Items 10, 11, 12 and 13)'' and adding, in its
place, the phrase ``(Items 10, 11, 12, 13 and 14)'' in the first
sentence of paragraph (3) of General Instruction G.;
0
d. Removing the phrase ``(Items 1 through 9)'' in the third sentence of
paragraph (4) of General Instruction G and adding, in its place, the
phrase ``(Items 1 through 9A)'';
0
e. Removing the phrase ``(Items 10 through 13)'' in the third sentence
of paragraph (4) of General Instruction G and adding, in its place, the
phrase ``(Items 10 through 14)'';
0
f. Redesignating Item 14 of Part III as Item 9A of Part II and revising
newly redesignated Item 9A;
0
g. Redesignating Item 15 in Part III as Item 14;
0
h. ``Instruction to Item 15'' is corrected to read ``Instruction to
Item 14'';
0
i. Redesignating Item 16 in Part IV as Item 15;
0
j. Removing the ``Certifications'' section after the ``Signatures''
section and before the reference to ``Supplemental Information to be
Furnished With Reports Filed Pursuant to Section 15(d) of the Act by
Issuers Which Have Not Registered Securities Pursuant to Section 12 of
the Act.''
0
The revision reads as follows.
Note: The text of Form 10-K does not, and this amendment will
not, appear in the Code of Federal Regulations.
Form 10-K
* * * * *
Part II
* * * * *
Item 9A. Controls and procedures.
Furnish the information required by Items 307 and 308 of Regulation
S-K (17 CFR 229.307 and 229.308).
0
24. By amending Form 10-KSB (referenced in Sec. 249.310b) by:
0
a. Removing the phrase ``(who also must provide the certification
required by Rule 13a-14 (17 CFR 240.13a-14) or Rule 15d-14 (17 CFR
240.15d-14) exactly as specified in this form)'' each time it appears
in the first sentence of paragraph 2 of General Instruction C.;
0
b. Redesignating Item 14 of Part III as Item 8A of Part II and revising
newly redesignated Item 8A;
0
c. Redesignating Item 15 of Part III as Item 14;
0
d. ``Instruction to Item 15'' is corrected to read ``Instruction to
Item 14'';
0
e. Revising Item 2 of Part III of ``INFORMATION REQUIRED IN ANNUAL
REPORT OF TRANSITIONAL SMALL BUSINESS ISSER''; and
0
f. Removing the ``Certifications'' section after the ``Signatures''
section and before the reference to ``Supplemental Information to be
Furnished With Reports Filed Pursuant to Section 15(d) of the Exchange
Act By Non-reporting Issuers.''
Note: The text of Form 10-KSB does not, and this amendment will
not, appear in the Code of Federal Regulations.
Form 10-KSB
* * * * *
PART II
* * * * *
Item 8A. Controls and Procedures
Furnish the information required by Items 307 of Regulation S-B (17
CFR 228.307) and 308 of Regulation S-B (17 CFR 228.308).
* * * * *
Information Required in Annual Report of Transitional Small Business
isser
* * * * *
PART III
* * * * *
Item 2. Description of Exhibits.
As appropriate, the issuer should file those documents required to
be filed as Exhibit Number 2, 3, 5, 6, and 7 in Part III of Form 1-A.
The registrant also shall file:
(12) Additional exhibits--Any additional exhibits which the issuer
may wish to file, which shall be so marked as to indicate clearly the
subject matters to which they refer.
(13) Form F-X--Canadian issuers shall file a written irrevocable
consent and power of attorney on Form F-X.
(31) The exhibit described in paragraph (b)(31) of Item 601 of
Regulation S-B.
(32) The exhibit described in paragraph (b)(32) of Item 601 of
Regulation S-B.
0
25. By amending Form 20-F (referenced in Sec. 249.220f) by:
0
a. Revising paragraph (e) to General Instruction B;
0
b. Revising Item 15 of Part II;
0
c. Removing the phrase ``internal controls and procedures for financial
reporting'' in paragraph (b)(4) of Item 16A of Part II and adding, in
its place, the phrase ``internal control over financial reporting'';
0
d. Removing the ``Certifications'' section after the ``Signatures''
section and before the section referencing ``Instructions as to
Exhibits''; and
0
e. In the ``Instruction as to Exhibits'' section, redesignate paragraph
12 as paragraph 14 and add new paragraph 12 and paragraph 13.
0
The revisions and addition read as follows.
Note: The text of Form 20-F does not, and this amendment will
not, appear in the Code of Federal Regulations.
Form 20-F
* * * * *
General Instructions
* * * * *
B. General Rules and Regulations That Apply to this Form.
* * * * *
(e) Where the Form is being used as an annual report filed under
Section 13(a) or 15(d) of the Exchange Act, provide the certifications
required by Rule 13a-14 (17 CFR 240.13a-14) or Rule 15d-14 (17 CFR
240.15d-14).
* * * * *
Part II
* * * * *
Item 15. Controls and Procedures.
(a) Disclosure Controls and Procedures. Where the Form is being
used as an annual report filed under Section 13(a) or 15(d) of the
Exchange Act, disclose the conclusions of the issuer's principal
executive and principal financial officers, or persons performing
similar functions, regarding the effectiveness of the issuer's
disclosure controls and procedures (as
[[Page 36669]]
defined in 17 CFR 240.13a-15(e) or 240.15d-15(e)) as of the end of the
period covered by the report, based on the evaluation of these controls
and procedures required by paragraph (b) of 17 CFR 240.13a-15 or
240.15d-15.
(b) Management's annual report on internal control over financial
reporting. Where the Form is being used as an annual report filed under
Section 13(a) or 15(d) of the Exchange Act, provide a report of
management on the issuer's internal control over financial reporting
(as defined in 17 CFR 240.13a-15(f) or 240.15d-15(f)) that contains:
(1) A statement of management's responsibility for establishing and
maintaining adequate internal control over financial reporting for the
issuer;
(2) A statement identifying the framework used by management to
evaluate the effectiveness of the issuer's internal control over
financial reporting as required by paragraph (c) of 17 CFR 240.13a-15
or 240.15d-15;
(3) Management's assessment of the effectiveness of the issuer's
internal control over financial reporting as of the end of the issuer's
most recent fiscal year, including a statement as to whether or not
internal control over financial reporting is effective. This discussion
must include disclosure of any material weakness in the issuer's
internal control over financial reporting identified by management.
Management is not permitted to conclude that the issuer's internal
control over financial reporting is effective if there are one or more
material weaknesses in the issuer's internal control over financial
reporting; and
(4) A statement that the registered public accounting firm that
audited the financial statements included in the annual report
containing the disclosure required by this Item has issued an
attestation report on management's assessment of the issuer's internal
control over financial reporting.
(c) Attestation report of the registered public accounting firm.
Where the Form is being used as an annual report filed under Section
13(a) or 15(d) of the Exchange Act, provide the registered public
accounting firm's attestation report on management's assessment of the
issuer's internal control over financial reporting in the issuer's
annual report containing the disclosure required by this Item.
(d) Changes in internal control over financial reporting. Disclose
any change in the issuer's internal control over financial reporting
identified in connection with the evaluation required by paragraph (d)
of 17 CFR 240.13a-15 or 240.15d-15 that occurred during the period
covered by the annual report that has materially affected, or is
reasonably likely to materially affect, the issuer's internal control
over financial reporting.
Instructions to Item 15.
1. The issuer must maintain evidential matter, including
documentation, to provide reasonable support for management's
assessment of the effectiveness of the issuer's internal control over
financial reporting.
2. An issuer that is an Asset-Backed Issuer (as defined in 17 CFR
240.13a-14(g) and 17 CFR 240.15d-14(g)) is not required to disclose the
information required by this Item.
* * * * *
Instructions as to Exhibits
* * * * *
12. The certifications required by Rule 13a-14(a) (17 CFR 240.13a-
14(a)) or Rule 15d-14(a) (17 CFR 240.15d-14(a)) exactly as set forth
below:
Certifications*
I, [identify the certifying individual], certify that:
1. I have reviewed this annual report on Form 20-F of [identify
company];
2. Based on my knowledge, this report does not contain any untrue
statement of a material fact or omit to state a material fact necessary
to make the statements made, in light of the circumstances under which
such statements were made, not misleading with respect to the period
covered by this report;
3. Based on my knowledge, the financial statements, and other
financial information included in this report, fairly present in all
material respects the financial condition, results of operations and
cash flows of the company as of, and for, the periods presented in this
report;
4. The company's other certifying officer(s) and I are responsible
for establishing and maintaining disclosure controls and procedures (as
defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal
control over financial reporting (as defined in Exchange Act Rules 13a-
15(f) and 15d-15(f)) for the company and have:
(a) Designed such disclosure controls and procedures, or caused
such disclosure controls and procedures to be designed under our
supervision, to ensure that material information relating to the
company, including its consolidated subsidiaries, is made known to us
by others within those entities, particularly during the period in
which this report is being prepared;
(b) Designed such internal control over financial reporting, or
caused such internal control over financial reporting to be designed
under our supervision, to provide reasonable assurance regarding the
reliability of financial reporting and the preparation of financial
statements for external purposes in accordance with generally accepted
accounting principles;
(c) Evaluated the effectiveness of the company's disclosure
controls and procedures and presented in this report our conclusions
about the effectiveness of the disclosure controls and procedures, as
of the end of the period covered by this report based on such
evaluation; and
(d) Disclosed in this report any change in the company's internal
control over financial reporting that occurred during the period
covered by the annual report that has materially affected, or is
reasonably likely to materially affect, the company's internal control
over financial reporting; and
5. The company's other certifying officer(s) and I have disclosed,
based on our most recent evaluation of internal control over financial
reporting, to the company's auditors and the audit committee of the
company's board of directors (or persons performing the equivalent
functions):
(a) All significant deficiencies and material weaknesses in the
design or operation of internal control over financial reporting which
are reasonably likely to adversely affect the company's ability to
record, process, summarize and report financial information; and
(b) Any fraud, whether or not material, that involves management or
other employees who have a significant role in the company's internal
control over financial reporting.
Date:
-----------------------------------------------------------------------
-----------------------------------------------------------------------
-----------------------------------------------------------------------
[Signature]
-----------------------------------------------------------------------
[Title]
*Provide a separate certification for each principal executive
officer and principal financial officer of the company. See Rules
13a-14(a) and 15d-14(a).
13. (a) The certifications required by Rule 13a-14(b) (17 CFR
240.13a-14(b)) or Rule 15d-14(b) (17 CFR 240.15d-14(b)) and Section
1350 of Chapter 63 of Title 18 of the United States Code (18 U.S.C.
1350).
(b) A certification furnished pursuant to Rule 13a-14(b) (17 CFR
240.13a-14(b)) or Rule 15d-14(b) (17 CFR 240.15d-14(b)) and Section
1350 of Chapter 63 of Title 18 of the United States Code (18 U.S.C.
1350) will not be deemed ``filed'' for purposes of Section 18 of the
Exchange Act [15 U.S.C. 78r], or otherwise subject to the liability of
[[Page 36670]]
that section. Such certification will not be deemed to be incorporated
by reference into any filing under the Securities Act or the Exchange
Act, except to the extent that the company specifically incorporates it
by reference.
0
26. By amending Form 40-F (referenced in Sec. 249.240f) by:
0
a. Revising paragraph (6) to General Instruction B; and
0
b. Removing the phrase ``internal controls and procedures for financial
reporting'' and adding, in its place, the phrase ``internal control
over financial reporting'' in paragraph (8)(b)(4) of General
Instruction B; and
0
c. Removing the ``Certifications'' section after the ``Signatures''
section.
0
The revision reads as follows.
Note: The text of Form 40-F does not, and this amendment will
not, appear in the Code of Federal Regulations.
FORM 40-F
* * * * *
General Instructions
* * * * *
B. Information To Be Filed on this Form
* * * * *
(6) Where the Form is being used as an annual report filed under
Section 13(a) or 15(d) of the Exchange Act:
(a) (1) Provide the certifications required by Rule 13a-14(a) (17
CFR 240.13a-14(a)) or Rule 15d-14(a) (17 CFR 240.15d-14(a)) as an
exhibit to this report exactly as set forth below.
Certifications*
I, [identify the certifying individual], certify that:
1. I have reviewed this annual report on Form 40-F of [identify
issuer];
2. Based on my knowledge, this report does not contain any untrue
statement of a material fact or omit to state a material fact necessary
to make the statements made, in light of the circumstances under which
such statements were made, not misleading with respect to the period
covered by this report;
3. Based on my knowledge, the financial statements, and other
financial information included in this report, fairly present in all
material respects the financial condition, results of operations and
cash flows of the issuer as of, and for, the periods presented in this
report;
4. The issuer's other certifying officer(s) and I are responsible
for establishing and maintaining disclosure controls and procedures (as
defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal
control over financial reporting (as defined in Exchange Act Rules 13a-
15(f) and 15d-15(f)) for the issuer and have:
(a) Designed such disclosure controls and procedures, or caused
such disclosure controls and procedures to be designed under our
supervision, to ensure that material information relating to the
issuer, including its consolidated subsidiaries, is made known to us by
others within those entities, particularly during the period in which
this report is being prepared;
(b) Designed such internal control over financial reporting, or
caused such internal control over financial reporting to be designed
under our supervision, to provide reasonable assurance regarding the
reliability of financial reporting and the preparation of financial
statements for external purposes in accordance with generally accepted
accounting principles;
(c) Evaluated the effectiveness of the issuer's disclosure controls
and procedures and presented in this report our conclusions about the
effectiveness of the disclosure controls and procedures, as of the end
of the period covered by this report based on such evaluation; and
(d) Disclosed in this report any change in the issuer's internal
control over financial reporting that occurred during the period
covered by the annual report that has materially affected, or is
reasonably likely to materially affect, the issuer's internal control
over financial reporting; and
5. The issuer's other certifying officer(s) and I have disclosed,
based on our most recent evaluation of internal control over financial
reporting, to the issuer's auditors and the audit committee of the
issuer's board of directors (or persons performing the equivalent
functions):
(a) All significant deficiencies and material weaknesses in the
design or operation of internal control over financial reporting which
are reasonably likely to adversely affect the issuer's ability to
record, process, summarize and report financial information; and
(b) Any fraud, whether or not material, that involves management or
other employees who have a significant role in the issuer's internal
control over financial reporting.
Date:
-----------------------------------------------------------------------
-----------------------------------------------------------------------
-----------------------------------------------------------------------
[Signature]
-----------------------------------------------------------------------
[Title]
*Provide a separate certification for each principal executive
officer and principal financial officer of the issuer. See Rules
13a-14(a) and 15d-14(a).
(2) (i) Provide the certifications required by Rule 13a-14(b) (17
CFR 240.13a-14(b)) or Rule 15d-14(b) (17 CFR 240.15d-14(b)) and Section
1350 of Chapter 63 of Title 18 of the United States Code (18 U.S.C.
1350) as an exhibit to this report.
(ii) A certification furnished pursuant to Rule 13a-14(b) (17 CFR
240.13a-14(b)) or Rule 15d-14(b) (17 CFR 240.15d-14(b)) and Section
1350 of Chapter 63 of Title 18 of the United States Code (18 U.S.C.
1350) will not be deemed ``filed'' for purposes of Section 18 of the
Exchange Act [15 U.S.C. 78r], or otherwise subject to the liability of
that section. Such certification will not be deemed to be incorporated
by reference into any filing under the Securities Act or the Exchange
Act, except to the extent that the issuer specifically incorporates it
by reference.
(b) Disclosure Controls and Procedures. Where the Form is being
used as an annual report filed under Section 13(a) or 15(d) of the
Exchange Act, disclose the conclusions of the issuer's principal
executive and principal financial officers, or persons performing
similar functions, regarding the effectiveness of the issuer's
disclosure controls and procedures (as defined in 17 CFR 240.13a-15(e)
or 240.15d-15(e)) as of the end of the period covered by the report,
based on the evaluation of these controls and procedures required by
paragraph (b) of 17 CFR 240.13a-15 or 240.15d-15.
(c) Management's annual report on internal control over financial
reporting. Where the Form is being used as an annual report filed under
Section 13(a) or 15(d) of the Exchange Act, provide a report of
management on the issuer's internal control over financial reporting
(as defined in 17 CFR 240.13a-15(f) or 240.15d-15(f)) that contains:
(1) A statement of management's responsibility for establishing and
maintaining adequate internal control over financial reporting for the
issuer;
(2) A statement identifying the framework used by management to
evaluate the effectiveness of the issuer's internal control over
financial reporting as required by paragraph (c) of 17 CFR 240.13a-15
or 240.15d-15;
(3) Management's assessment of the effectiveness of the issuer's
internal control over financial reporting as of the end of the issuer's
most recent fiscal year, including a statement as to whether or not
internal control over financial reporting is effective. This discussion
must include disclosure of any material weakness in the issuer's
internal control over financial reporting identified by management.
Management is not permitted to conclude that the
[[Page 36671]]
issuer's internal control over financial reporting is effective if
there are one or more material weaknesses in the issuer's internal
control over financial reporting; and
(4) A statement that the registered public accounting firm that
audited the financial statements included in the annual report
containing the disclosure required by this Item has issued an
attestation report on management's assessment of the issuer's internal
control over financial reporting.
(d) Attestation report of the registered public accounting firm.
Where the Form is being used as an annual report filed under Section
13(a) or 15(d) of the Exchange Act, provide the registered public
accounting firm's attestation report on management's assessment of
internal control over financial reporting in the annual report
containing the disclosure required by this Item.
(e) Changes in internal control over financial reporting. Disclose
any change in the issuer's internal control over financial reporting
identified in connection with the evaluation required by paragraph (d)
of 17 CFR 240.13a-15 or 240.15d-15 that occurred during the period
covered by the annual report that has materially affected, or is
reasonably likely to materially affect, the issuer's internal control
over financial reporting.
Instructions to paragraphs (b), (c), (d) and (e) of General
Instruction B. 6.
1. The issuer must maintain evidential matter, including
documentation, to provide reasonable support for management's
assessment of the effectiveness of the issuer's internal control over
financial reporting.
2. An issuer that is an Asset-Backed Issuer (as defined in 17 CFR
240.13a-14(g) and 240.15d-14(g)) is not required to disclose the
information required by this Item.
* * * * *
PART 270--RULES AND REGULATIONS, INVESTMENT COMPANY ACT OF 1940
0
27. The authority citation for Part 270 is amended by revising the
subauthority citation for ``Section 270.30a-2'' to read as follows:
Authority: 15 U.S.C. 80a-1 et seq., 80a-34(d), 80a-37, and 80a-
39, unless otherwise noted.
* * * * *
Section 270.30a-2 is also issued under 15 U.S.C. 78m, 78o(d), 80a-
8, 80a-29, 7202, and 7241; and 18 U.S.C. 1350, unless otherwise noted.
* * * * *
0
28. By revising the last sentence of Sec. 270.8b-15 to read as
follows:
Sec. 270.8b-15 Amendments.
* * * An amendment to any report required to include the
certifications as specified in Sec. 270.30a-2(a) must include new
certifications by each principal executive and principal financial
officer of the registrant, and an amendment to any report required to
be accompanied by the certifications as specified in Sec. 240.13a-
14(b) or Sec. 240.15d-14(b) and Sec. 270.30a-2(b) must be accompanied
by new certifications by each principal executive and principal
financial officer of the registrant.
0
29. Section 270.30a-2 is revised to read as follows:
Sec. 270.30a-2 Certification of Form N-CSR.
(a) Each report filed on Form N-CSR (Sec. Sec. 249.331 and 274.128
of this chapter) by a registered management investment company must
include certifications in the form specified in Item 10(a)(2) of Form
N-CSR and such certifications must be filed as an exhibit to such
report. Each principal executive and principal financial officer of the
investment company, or persons performing similar functions, at the
time of filing of the report must sign a certification.
(b) Each report on Form N-CSR filed by a registered management
investment company under Section 13(a) or 15(d) of the Securities
Exchange Act of 1934 (15 U.S.C. 78m(a) or 78o(d)) and that contains
financial statements must be accompanied by the certifications required
by Section 1350 of Chapter 63 of Title 18 of the United States Code (18
U.S.C. 1350) and such certifications must be furnished as an exhibit to
such report as specified in Item 10(b) of Form N-CSR. Each principal
executive and principal financial officer of the investment company (or
equivalent thereof) must sign a certification. This requirement may be
satisfied by a single certification signed by an investment company's
principal executive and principal financial officers.
(c) A person required to provide a certification specified in
paragraph (a) or (b) of this section may not have the certification
signed on his or her behalf pursuant to a power of attorney or other
form of confirming authority.
0
30. By revising Sec. 270.30a-3 to read as follows:
Sec. 270.30a-3 Controls and procedures.
(a) Every registered management investment company, other than a
small business investment company registered on Form N-5 (Sec. Sec.
239.24 and 274.5 of this chapter), must maintain disclosure controls
and procedures (as defined in paragraph (c) of this section) and
internal control over financial reporting (as defined in paragraph (d)
of this section).
(b) Each such registered management investment company's management
must evaluate, with the participation of the company's principal
executive and principal financial officers, or persons performing
similar functions, the effectiveness of the company's disclosure
controls and procedures, within the 90-day period prior to the filing
date of each report on Form N-CSR (Sec. Sec. 249.331 and 274.128 of
this chapter).
(c) For purposes of this section, the term disclosure controls and
procedures means controls and other procedures of a registered
management investment company that are designed to ensure that
information required to be disclosed by the investment company on Form
N-CSR (Sec. Sec. 249.331 and 274.128 of this chapter) is recorded,
processed, summarized, and reported within the time periods specified
in the Commission's rules and forms. Disclosure controls and procedures
include, without limitation, controls and procedures designed to ensure
that information required to be disclosed by an investment company in
the reports that it files or submits on Form N-CSR is accumulated and
communicated to the investment company's management, including its
principal executive and principal financial officers, or persons
performing similar functions, as appropriate to allow timely decisions
regarding required disclosure.
(d) The term internal control over financial reporting is defined
as a process designed by, or under the supervision of, the registered
management investment company's principal executive and principal
financial officers, or persons performing similar functions, and
effected by the company's board of directors, management, and other
personnel, to provide reasonable assurance regarding the reliability of
financial reporting and the preparation of financial statements for
external purposes in accordance with generally accepted accounting
principles and includes those policies and procedures that:
(1) Pertain to the maintenance of records that in reasonable detail
accurately and fairly reflect the transactions and dispositions of the
assets of the investment company;
(2) Provide reasonable assurance that transactions are recorded as
necessary to permit preparation of financial statements in accordance
with generally accepted accounting principles, and that receipts and
expenditures of the investment company are being made only in
accordance with authorizations
[[Page 36672]]
of management and directors of the investment company; and
(3) Provide reasonable assurance regarding prevention or timely
detection of unauthorized acquisition, use, or disposition of the
investment company's assets that could have a material effect on the
financial statements.
PART 274--FORMS PRESCRIBED UNDER THE INVESTMENT COMPANY ACT OF 1940
0
31. The authority citation for Part 274 is amended by revising the
authority citation for ``Section 274.128'' to read as follows:
Authority: 15 U.S.C. 77f, 77g, 77h, 77j, 77s, 78c(b), 78l, 78m,
78n, 78o(d), 80a-8, 80a-24, 80a-26, and 80a-29, unless otherwise
noted.
* * * * *
Section 274.128 is also issued under 15 U.S.C. 78j-1, 7202, 7233,
7241, 7264, and 7265; and 18 U.S.C. 1350.
0
32. Form N-SAR (referenced in Sec. Sec. 249.330 and 274.101) is
amended by revising the reference ``internal controls and procedures
for financial reporting'' in paragraph (b)(6)(iv) of the Instruction to
Sub-Item 102P3 to read ``internal control over financial reporting''.
0
33. Form N-CSR (referenced in Sec. Sec. 249.331 and 274.128) is
amended by:
0
a. In General Instruction D, revising the reference ``Items 4, 5, and
10(a)'' to read ``Items 4, 5, and 10(a)(1)'';
0
b. Revising paragraph 2.(a) of General Instruction F;
0
c. In paragraph (c) of Item 2, revising the reference ``Item 10(a)'' to
read ``Item 10(a)(1)'';
0
d. In paragraph (f)(1) of Item 2, revising the reference ``Item 10(a)''
to read ``Item 10(a)(1)'';
0
e. In paragraph (b)(4) of Item 3, revising the reference ``internal
controls and procedures for financial reporting'' to read ``internal
control over financial reporting'';
0
f. Revising Item 9; and
0
g. In Item 10:
0
(i) The introductory text and paragraphs (a) and (b) are redesignated
as paragraphs (a), (a)(1) and (a)(2), respectively;
0
(ii) Revising newly redesignated paragraph (a) and newly redesignated
paragraph (a)(2); and
0
(iii) Adding new paragraph (b) and an Instruction to Item 10.
The revisions and additions read as follows.
Note: The text of Form N-CSR does not, and these amendments will
not, appear in the Code of Federal Regulations.
FORM N-CSR
* * * * *
General Instructions
* * * * *
F. Signature and Filing of Report.
* * * * *
2. (a) The report must be signed by the registrant, and on behalf
of the registrant by its principal executive and principal financial
officers.
* * * * *
Item 9. Controls and Procedures.
(a) Disclose the conclusions of the registrant's principal
executive and principal financial officers, or persons performing
similar functions, regarding the effectiveness of the registrant's
disclosure controls and procedures (as defined in Rule 30a-3(c) under
the Act (17 CFR 270.30a-3(c))) as of a date within 90 days of the
filing date of the report that includes the disclosure required by this
paragraph, based on the evaluation of these controls and procedures
required by Rule 30a-3(b) under the Act (17 CFR 270.30a-3(b)) and Rules
13a-15(b) or 15d-15(b) under the Exchange Act (17 CFR 240.13a-15(b) or
240.15d-15(b)).
(b) Disclose any change in the registrant's internal control over
financial reporting (as defined in Rule 30a-3(d) under the Act (17 CFR
270.30a-3(d)) that occurred during the registrant's last fiscal half-
year (the registrant's second fiscal half-year in the case of an annual
report) that has materially affected, or is reasonably likely to
materially affect, the registrant's internal control over financial
reporting.
Item 10. Exhibits.
(a) File the exhibits listed below as part of this Form.
* * * * *
(a)(2) A separate certification for each principal executive and
principal financial officer of the registrant as required by Rule 30a-
2(a) under the Act (17 CFR 270.30a-2(a)), exactly as set forth below:
Certifications
I, [identify the certifying individual], certify that:
1. I have reviewed this report on Form N-CSR of [identify
registrant];
2. Based on my knowledge, this report does not contain any untrue
statement of a material fact or omit to state a material fact necessary
to make the statements made, in light of the circumstances under which
such statements were made, not misleading with respect to the period
covered by this report;
3. Based on my knowledge, the financial statements, and other
financial information included in this report, fairly present in all
material respects the financial condition, results of operations,
changes in net assets, and cash flows (if the financial statements are
required to include a statement of cash flows) of the registrant as of,
and for, the periods presented in this report;
4. The registrant's other certifying officer(s) and I are
responsible for establishing and maintaining disclosure controls and
procedures (as defined in Rule 30a-3(c) under the Investment Company
Act of 1940) and internal control over financial reporting (as defined
in Rule 30a-3(d) under the Investment Company Act of 1940) for the
registrant and have:
(a) Designed such disclosure controls and procedures, or caused
such disclosure controls and procedures to be designed under our
supervision, to ensure that material information relating to the
registrant, including its consolidated subsidiaries, is made known to
us by others within those entities, particularly during the period in
which this report is being prepared;
(b) Designed such internal control over financial reporting, or
caused such internal control over financial reporting to be designed
under our supervision, to provide reasonable assurance regarding the
reliability of financial reporting and the preparation of financial
statements for external purposes in accordance with generally accepted
accounting principles;
(c) Evaluated the effectiveness of the registrant's disclosure
controls and procedures and presented in this report our conclusions
about the effectiveness of the disclosure controls and procedures, as
of a date within 90 days prior to the filing date of this report based
on such evaluation; and
(d) Disclosed in this report any change in the registrant's
internal control over financial reporting that occurred during the
registrant's most recent fiscal half-year (the registrant's second
fiscal half-year in the case of an annual report) that has materially
affected, or is reasonably likely to materially affect, the
registrant's internal control over financial reporting; and
5. The registrant's other certifying officer(s) and I have
disclosed to the registrant's auditors and the audit committee of the
registrant's board of directors (or persons performing the equivalent
functions):
(a) All significant deficiencies and material weaknesses in the
design or operation of internal control over financial reporting which
are reasonably likely to adversely affect the registrant's ability to
record, process, summarize, and report financial information; and
[[Page 36673]]
(b) Any fraud, whether or not material, that involves management or
other employees who have a significant role in the registrant's
internal control over financial reporting.
Date:
-----------------------------------------------------------------------
-----------------------------------------------------------------------
[Signature]
-----------------------------------------------------------------------
[Title]
(b) If the report is filed under Section 13(a) or 15(d) of the
Exchange Act, provide the certifications required by Rule 30a-2(b)
under the Act (17 CFR 270.30a-2(b)), Rule 13a-14(b) or Rule 15d-14(b)
under the Exchange Act (17 CFR 240.13a-14(b) or 240.15d-14(b)), and
Section 1350 of Chapter 63 of Title 18 of the United States Code (18
U.S.C. 1350) as an exhibit. A certification furnished pursuant to this
paragraph will not be deemed ``filed'' for purposes of Section 18 of
the Exchange Act (15 U.S.C. 78r), or otherwise subject to the liability
of that section. Such certification will not be deemed to be
incorporated by reference into any filing under the Securities Act of
1933 or the Exchange Act, except to the extent that the registrant
specifically incorporates it by reference.
Instruction to Item 10.
Letter or number the exhibits in the sequence that they appear in
this item.
* * * * *
By the Commission.
Dated: June 5, 2003.
J. Lynn Taylor,
Assistant Secretary.
[FR Doc. 03-14640 Filed 6-13-03; 8:45 am]
BILLING CODE 8010-01-P