Certification Under Sarbanes-Oxley (S-O)
Paul Brountas, Senior Counsel at Hale and Dorr LLP, spoke about the new responsibilities of Board Committees, on the Board and Committee Governance panel. Mr.Brountas first discussed important recent developments. He noted that most in-house counsels have already been responsible for filing two certifications under S-O, but a number of unanswered questions regarding those filings remain outstanding. First,why has the law required the CEO and CFO to sign every 10K and 10Q twice? The answer lies in the cases of Enron,Worldcom, Adelphia, and Global Crossing,where officers and directors ignored and/or perpetrated fraud.Many implicated executives professed their ignorance of any wrongdoing. The new certification and control rules have eliminated this ignorance defense. All executive officers must now be mindful of the following warning issued by the SEC:
"Any senior corporate official who considers his/her personal involvement in determining the disclosure to be presented in quarterly or annual reports to be an administrative burden rather than an important and paramount duty seriously misapprehends his/her responsibility to security holders."Faced with this threat and fear of jail time, senior management now has to take a proactive role in the disclosure process. Officers who certify but do not verify run the risk of serious liability.
Mr.Brountas next turned to the impact of the proposed Section 404, which directs the SEC to prescribe rules that would require each annual report a company files pursuant to Section 13(a) and 13(d) of the Exchange Act to contain an internal control report, 1) stating management's responsibilities for establishing and maintaining adequate internal control structure and procedures for financial reporting; and 2) containing an assessment of the effectiveness of the company's internal control structure and procedures for financial reporting.
The SEC's new certification requirements under Section 302, according to Mr. Brountas, have been unclear as to what management needs to swear to in the Section 302 certification regarding internal controls and also what management needs to do on a quarterly basis. The current rules reference an evaluation, but none is required. In October 2002, the SEC proposed rules under Section 404 that mention the concept of "internal controls and procedures for financial reporting."According to the proposed definition, the term means controls that pertain to the preparation of financial statements for external purposes that are fairly presented in conformity with Generally Accepted Accounting Principles (GAAP) or other literature adopted by the public accounting oversight board.After these proposals become effective, Section 302 certification will finally make sense. Currently,Mr. Brountas explained, disclosure about internal controls only addresses changes made after the evaluation date and prior to the filing of a report.Changes made after the filing of a report and before the next evaluation do not have to be disclosed. The proposed rule, however, would require disclosure of significant changes made at any time during the reporting period, and evaluations are required to be made as of the last day of the fiscal period. Thus, it will no longer be possible to quietly fix internal controls.
Mr. Brountas advised attendees who are interested in reading more about the SEC's recommendations on how to comply with certification control requirements to view Hale & Dorr's Corporate Advisor bulletin online to see the SEC's latest FAQ, which answers a number of questions about S-O.