Skip to main content
Find a Lawyer

Please Sign Here: Preparing For Those CEO/CFO Certifications

This article was edited and reviewed by FindLaw Attorney Writers | Last reviewed August 09, 2016

This article has been written and reviewed for legal accuracy, clarity, and style by FindLaw’s team of legal writers and attorneys and in accordance with our editorial standards.

The last updated date refers to the last time this article was reviewed by FindLaw or one of our contributing authors. We make every effort to keep our articles updated. For information regarding a specific legal issue affecting you, please contact an attorney in your area.

Corporate America is still coming to grips with policies and procedures surrounding the certifications of SEC filings required by chief executive officers and chief financial officers under the Sarbanes-Oxley Act. Section 302 of the Act requires that CEOs and CFOs must certify in each annual and quarterly report that the officer has reviewed the report, that based on the officer's knowledge the report does not contain any untrue statement of a material fact or omit to state a necessary material fact, and that based on the officer's knowledge, the financial statements and other financial information included in the report fairly present in all material respect the financial condition and results of operations of the issuer.

The assigning officers must also attest that they are responsible for establishing and maintaining internal controls, that they have designed such controls to ensure that material information is made known to the officers, that they have presented their conclusions about the effectiveness of those controls in the report, and they that have disclosed both to the outside auditors and to the company's audit committee:

  • all significant deficiencies in the design or operation of internal controls which could adversely effect the issuer's ability to record, process, summarize and report financial data; and
  • any fraud, whether or not material, involving any employee who has a significant role in the issuer's internal controls.

Certifications

Certifications under Section 302 of the Sarbanes-Oxley Act are serious business. The signature by the CEO and CFO on the certification should represent the end of a process that is:

  • rigorous;
  • informed;
  • careful;
  • demonstrable; and
  • dependable.

Careful attention to the process and procedures supporting your CEO/CFO certifications can pay off. When all goes well, a good process will help your company develop more accurate and informative financial reports, SEC filings and other disclosures. When things go wrong, a good process may help save your company, your reputation, your job, and even your house.

The required certifications are interrelated. At a most basic level, they require three basic representations:

  1. accurateness and completion of the report;
  2. effective disclosure controls and procedures (which is how you develop accurate and complete reports); and
  3. disclosure of deficiencies (which refine and discipline the controls and procedures).

The beginning of the required certification may be overlooked but it is essential. It states "I certify that I have reviewed this" report. What does this mean? It means that CEOs and CFOs signing certifications under Section 302 need to make sure that they have read and understood the entire SEC filing with respect to which they are making the certification. The certifying officer should be able to articulate a basis for his or her belief as to the accuracy of each statement in the report and be able to articulate a basis for his or her belief as to the completeness of each statement in the report. Remember, a company's SECs filings can be viewed as false and misleading not only if they contain false statements, but also if they omit information necessary to make a report not false and misleading. The certifying officer must also consider the materiality of statements either included in or omitted from the report in reaching his or her conclusion. It is a good idea to consider each statement in the report separately to make sure that it is accurate and complete on a stand-alone basis. In addition, the company's statements should also be considered in context to make sure that in combination they are not misleading.

The officer reviewing the statement prior to signing his or her certification is well advised to ask:

  • what is the support for each statement in the report?
  • who has verified its accuracy?
  • what are the risks of error? and
  • has anything been left out?

In considering materiality issues, it is important to remember, under SEC Staff Accounting Bulletin 99, that relatively small quantitative issues can, under certain circumstances, be considered qualitatively material.

In reviewing the completeness of disclosures, a good rule of thumb is to remember that the company's disclosures should reflect the company "seen through management's eyes" and therefore reflect the activities and concerns of management and the board of directors. In general, if there is a task force working on it, if you are in the process of reorganizing it, if the board has heard a report on it, if it is a gating factor to success, or if it is keeping you up at night, then whatever "it" is should be considered as a candidate for possible disclosure in your company's public filings.

Subcertifications

What about "subcertifications"? Remember that the goal of Sarbanes-Oxley is that "the buck stops here." In other words, that the certifying CEO and CFO should not be able to say, after the fact, "I didn't know what was going on at the company." Many issuers are utilizing a process of subcertification – having junior employees sign certifications upon which the certifying CEO and CFO rely in signing their Section 302 certifications – as part of their process.

There are both risks and benefits from subcertifications. The risk is that instead of "the buck stops here," that the buck either stops somewhere else, or that no one knows where it stops. Subcertifications from other managers are not required under Sarbanes-Oxley but they may be useful. The size and complexity of the issuer's business may be a factor in whether subcertifications are necessary as a matter of practical reality. But remember that the signing of sub-certifications by junior officers and managers is not a substitute for diligence and knowledge on the part of the CEO and CFO. Nor are they a substitute for making sure that the company has effective disclosure controls and procedures. On the plus side, subcertifications, if used properly as part of a disciplined disclosure process, may positively reinforce a corporate culture of good disclosure controls and procedures and positively reinforce a corporate culture which places high value on good and accurate public disclosures.

When using subcertifications, a number of tips may be helpful.

  • First, the subcertification should be tailored to the individual's area of personal knowledge and organizational responsibility so that it is truly meaningful and reliable.
  • Second, personnel signing the subcertifications should understand the company's disclosure policies and objectives and, if relevant, the applicable accounting and disclosure requirements.
  • Third, remember that one size does not fit all – the subcertifications may need to be specifically tailored to the company's particular business, organizational structure, and regulatory environment. For example, a company whose business is regulated by the Food and Drug Administration may well want a different set of subcertifications than a company whose business is regulated primarily under regulations from the Department of Defense.
  • Fourth, in some cases, subcertifications may be more useful if they affirm specific facts or business practices relevant to the contents of the company's SEC report rather than more general conclusions.
Was this helpful?

Copied to clipboard