Haynes and Boone's Newsroom

SEC Proposes Rules on Internal Controls, Ethics Codes and Financial Experts on Audit Committees
11/01/2002
Brian D. Barnard, William R. Hays III, David H. Oden, Janice V. Sharry, W. Scott Wallace, George G. Young III

On October 22, 2002, the SEC proposed rules implementing Sections 404, 406 and 407 of the Sarbanes-Oxley Act of 2002 (the “Act”).  The proposed rules would require public companies to (i) include an internal control report in their annual reports (Section 404); (ii) disclose in their annual reports whether they have adopted a code of ethics for their principal executive officer and senior financial officers, and, if not, the reasons why not, and promptly disclose changes to, and waivers of, their code of ethics (Section 406); and (iii) disclose in their annual report the identities of their audit committee members who are financial experts, or explain why their audit committee has no financial experts (Section 407).

MANAGEMENT’S ASSESSMENT OF INTERNAL CONTROLS AND PROCEDURES FOR FINANCIAL REPORTING – SECTION 404 OF THE ACT

Annual Disclosure

The proposed rules implementing Section 404 of the Act would require public companies to include in their annual reports on Form 10-K (U.S. companies), Form 40-F (Canadian companies) or Form 20-F (non-U.S. companies) an internal control report of management containing:

  • A statement of management’s responsibilities for establishing and maintaining adequate internal controls and procedures for financial reporting;

  • Conclusions about the effectiveness, as of the end of the company’s most recent fiscal year, of the company’s internal controls and procedures for financial reporting;

  • A statement that the company’s external auditors have attested to, and reported on, management’s evaluation of the internal controls and procedures for financial reporting; and

  • The external auditor’s attestation report.

The SEC has not proposed a form of the internal control report, as it believes that the report should be tailored to each company’s particular circumstances.

Quarterly Disclosure

The SEC has previously adopted rules implementing Section 302 of the Act that require the principal executive officers and principal financial officers of public companies to file certifications with each quarterly report and annual report.  The certifications required under Section 302 of the Act contain statements regarding “disclosure controls and procedures” that are similar to the statements in the proposed Section 404 rules regarding “internal controls and procedures for financial reporting.”  The certifications required under Section 302 of the Act also contain statements regarding “internal controls” that are not as detailed as the statements in the proposed Section 404 rules regarding “internal controls and procedures for financial reporting.”

In order to resolve the differences between the manner in which the existing rules under Section 302 of the Act and the proposed rules under Section 404 of the Act address their similar subject matters, the SEC has proposed changes to the rules under Section 302 of the Act.  The proposed changes to the Section 302 rules would:

  • Replace references to the phrase “internal controls” in the Section 302 rules with the phrase “internal controls and procedures for financial reporting” that appears in the proposed Section 404 rules to confirm that both sets of rules require disclosure regarding the same subject matter;

  • Require that the proposed disclosure for annual reports regarding conclusions about the effectiveness of internal controls and procedures for financial reporting also appear in each quarterly report;

  • Require that the evaluation of disclosure controls and procedures that appears in each annual and quarterly report be undertaken as of the end of the period covered by the report, instead of a date within 90 days of filing of the report; and

  • Generally, conform the form of certificate required to be filed under Section 302 of the Act to the proposed changes listed in the above bullet points

Definitions of “Disclosure Controls and Procedures” and “Internal Controls and Procedures for Financial Reporting”

When the SEC adopted rules implementing Section 302 of the Act, it coined the new term “disclosure controls and procedures.”  The SEC has defined “disclosure controls and procedures” as controls and other procedures of a public company that are designed to ensure that information required to be disclosed by the company in its public reports is recorded, processed, summarized and reported, within the time periods specified in the SEC’s rules and forms.  “Disclosure controls and procedures” include, without limitation, controls and procedures designed to ensure that information required to be disclosed in public reports is accumulated and reported to management to allow timely decisions regarding required disclosure.

The SEC intends for the term “disclosure controls and procedures” to cover a broader range of information than the term “internal controls and procedures for financial reporting” that appears in Section 404 of the Act.

In the proposed rules, the SEC has stated that the purpose of “internal controls and procedures for financial reporting” is to ensure that companies have processes designed to provide reasonable assurance that:

  • The company’s transactions are properly authorized;

  • The company’s assets are safeguarded against unauthorized or improper use; and

  • The company’s transactions are properly recorded and reported to permit the preparation of the company’s financial statements in accordance with generally accepted accounting principles.

To achieve these goals, the SEC proposes to define “internal controls and procedures for financial reporting” by reference to the existing definition of “internal controls” found in the American Institute of Certified Public Accountants Codification of Statements on Auditing Standards Section 319.  The proposed rules would define “internal controls and procedures for financial reporting” as controls that pertain to the preparation of financial statements for external purposes that are fairly presented in conformity with generally accepted accounting principles as addressed by the Codification of Auditing Standards Section 319 or any superseding definition or other literature that is issued or adopted by the Public Company Accounting Oversight Board.  The Public Company Accounting Oversight Board is the new regulatory board to be established under the Act.

Phase in Period

Because the SEC anticipates that companies and auditors will require substantial time to develop processes and train personnel to ensure compliance with Section 404 of the Act and because the new Public Company Accounting Oversight Board will need time to set standards for auditor attestations, the SEC has proposed that the new rules, if adopted, apply to public companies whose fiscal years end on or after September 15, 2003.  Until the new rules are adopted and become effective, companies should continue to use the current form of certification under Section 302 when filing their quarterly and annual reports.

CODE OF ETHICS FOR SENIOR EXECUTIVE AND FINANCIAL OFFICERS – SECTION 406 OF THE ACT

The proposed rules implementing Section 406 of the Act would require public companies to disclose in each annual report on Form 10-K (U.S. companies), Form 40-F (Canadian companies) or Form 20-F (non-U.S. companies) whether they have adopted a code of ethics for their principal executive officer, principal financial officer, principal accounting officer or controller, or persons performing similar functions.  Notably, the proposed rules require the code of ethics to apply to a public company’s principal executive officer, although Section 404 of the Act only requires that the code of ethics apply to senior financial officers.

A public company would have to file its code of ethics as an exhibit to its annual report.  If the company does not have a code of ethics that meets the rule’s requirement, it would have to disclose in its annual report the reasons why it has not adopted a code of ethics that meets the rule’s requirements.

Definition of “Code of Ethics”

Under the proposed rules, a “code of ethics” is defined as a codification of standards that is reasonably designed to deter wrongdoing and to promote:

  • Honest and ethical conduct, including the ethical handling of actual or apparent conflicts of interest between personal and professional relationships;

  • The avoidance of conflicts of interest, including disclosure to appropriate company personnel of any material transaction or relationship that reasonably could be expected to give rise to such a conflict;

  • Full, fair, accurate, timely and understandable disclosure in SEC reports and in other public communications;

  • Compliance with law;

  • Prompt internal reporting of violations of the code; and

  • Accountability for adherence to the code.

The SEC believes that codes of ethics should vary from company to company and that the exact contents of the code, compliance procedures and disciplinary measures are best left to each individual company.  Therefore, the proposed rules do not specify every detail that must be addressed in a code of ethics or prescribe any specific language that must be included in a code of ethics.

Disclosure of Changes to, and Waivers of, the Code of Ethics

The proposed rules would require that a public company disclose any change to its code of ethics that applies to the officers required to be covered by the code, or any grant of a waiver of the code of ethics to any such officer.

The disclosure would be required to be made on Form 8-K within two business days, unless the company qualifies for website disclosure.  If a company has disclosed in its most recently filed annual report that it intends to disclose any such changes to, and waivers of, its code of ethics on its website and has also included its website address in such annual report, then the company would be permitted to make the required disclosure either on its website or via Form 8-K.  In either case, the disclosure would be to be made within two business days.

DISCLOSURE ABOUT FINANCIAL EXPERTS SERVING ON AUDIT COMMITTEES – SECTION 407 OF THE ACT

The proposed rules implementing Section 407 of the Act would require public companies to disclose in each annual report on Form 10-K (U.S. companies), Form 40-F (Canadian companies) or Form 20-F (non-U.S. companies) the number and names of the audit committee members whom their Board of Directors has determined to be “financial experts,” or explain why their audit committee has no financial experts.  In addition, public companies would be required to disclose whether the financial expert members of their audit committee are “independent,” or explain why their financial experts are not independent.

Definition of “Financial Expert”

For a director to be considered a “financial expert” under the proposed rules, the Board of Directors must determine that the director possesses the following five attributes:

  • An understanding of generally accepted accounting principles and financial statements;

  • Experience applying such generally accepted accounting principles in connection with the accounting for estimates, accruals and reserves that are generally comparable to the estimates, accruals and reserves, if any, used in the company’s financial statements;

  • Experience preparing or auditing financial statements that present accounting issues that are generally comparable to those raised by the company’s financial statements;

  • Experience with internal controls and procedures for financial reporting; and

  • An understanding of audit committee functions.

In addition, the proposed rules require that the above attributes have been obtained through the applicable director’s:

  • Education and experience as a public accountant or auditor or a principal financial officer, controller or principal accounting officer of a company that was subject to the SEC’s public reporting requirements at the time the director held such position;

  • Experience in one or more positions that involve the performance of similar functions; or

  • Experience in one or more positions that results, in the judgment of the Board of Directors, in the director having similar expertise and experience.

The proposed rules provide that if the Board of Directors has determined under the third option above that a director is a financial expert because of the director’s experience in one or more positions that results, in the judgment of the Board of Directors, in the director having similar expertise and experience to the listed positions, the company must disclose the basis for such determination.

The proposed rules state that, in making its determination, the Board of Directors must evaluate the totality of a director’s education and experience[, and states that the Board of Directors should consider the following factors in the aggregate:

  • The level of the director’s accounting or financial education;

  • Whether the director is a certified public accountant, or the equivalent, in good standing, and the length of time that the director actively has practiced as a certified public accountant, or the equivalent;

  • Whether the director is certified or otherwise identified as having accounting or financial experience by a recognized private body that establishes and administers standards in respect of such expertise, whether the director is in good standing with the recognized private body, and the length of time that the director has been actively certified or identified as having this expertise;

  • Whether the director has served as a principal financial officer, controller or principal accounting officer of a company that was subject to the SEC’s public reporting requirements at the time the director held such position, and if so, for how long;

  • The director’s specific duties while serving as a public accountant, auditor, principal financial officer, controller, principal accounting officer or other position involving the performance of similar functions;

  • The director’s level of familiarity and experience with all applicable laws and regulations regarding the preparation of financial statements that must be included in public reports filed with the SEC;

  • The level and amount of the director’s direct experience reviewing, preparing, auditing or analyzing financial statements that must be included in public reports filed with the SEC;

  • The director’s past or current membership on one or more audit committees of companies that were subject to the SEC’s public reporting requirements at the time the director held such membership;

  • The director’s level of familiarity and experience with the use and analysis of financial statements of public companies; and

  • Whether the director has any other relevant qualifications or experience that would assist the director in understanding and evaluating the company’s financial statements and other financial information and to make knowledgeable and thorough inquiries whether:

    • the financial statements fairly present the financial condition, results of operations and cash flows of the company in accordance with generally accepted accounting principles; and

    • the financial statements and other financial information, taken together, fairly present the financial condition, results of operations and cash flows of the company.

The SEC has indicated that the above list of factors is not exhaustive and that there is no specific number or combination of factors that are necessary or sufficient for a director to be considered a financial expert.

Definition of “Independent”

For a director to be considered “independent” under the proposed rules, the director may not, other than in such director’s capacity as a member of the company’s audit committee, Board of Directors or any other committee of the Board of Directors, accept any consulting, advisory or other compensatory fee from the company, or be an affiliated person of the company or any subsidiary of the company.

Notably, Section 301 of the Act already requires that each member of a public company’s audit committee be “independent” under the above definition.

No Increased Liability for Financial Experts

The SEC has stated that the designation of a director as a financial expert should not impose a higher degree of individual responsibility or obligation on a member of the audit committee or decrease the duties and obligations of other members of the audit committee or Board of Directors.

Deadline for Effectiveness

The SEC has invited comments on the proposed rules under Sections 406 and 407 by November 29, 2002.  Although the proposed rules do not provide a proposed effective date, the Act requires the SEC to issue final rules by January 26, 2003 under Sections 406 and 407.  The final rules will specify the date the rules become effective, which may be earlier or later than January 26, 2003.

Further Information

This Alert is a publication of Haynes and Boone, LLP and should not be construed as legal advice on any particular facts or circumstances.  This Alert is for general informational purposes only, and may not be quoted or referred to in any other documents or legal proceeding without our prior written consent.  The publication of this Alert is not intended to create an attorney-client relationship.

If you would like to learn more about the Act and the rules and regulations relating to the Act, please feel free to contact your regular Haynes and Boone attorney or any member of our Corporate Governance Practice Group.