Corporate Governance –
The New Investor Confidence Rules
SOX
In July, 2002 the United States Congress enacted the Sarbanes Oxley Act of 2002 (SOX) responding to the failure of several large corporations, primarily involving accounting irregularities. These enormous corporate failures threw people out of work, deprived retirees of their pensions and eroded the savings and investment accounts of many individual, corporate and institutional investors. This resulted in a massive outcry for reform.
In an effort to restore public confidence in the United States capital markets, SOX made wide and reaching amendments to corporate and securities law, criminal law, employment law and other statutes. Since the principal regulation of securities markets in the United States is at the federal level, this was relatively easy to effect. This is not the case in Canada where corporate law exists at federal and provincial levels and securities law is primarily a matter of provincial jurisdiction. Self regulatory organizations and stock exchanges are primarily affected by provincial law. Consequently, there are 13 separate sets of rules and sets of regulators.
Developments in Canada
While Canada did not experience any of the same "corporate scandals" as did the United States, it was certainly subject to a similar erosion of market confidence. There was also concern that similar types of issues might arise in Canada if appropriate steps were not taken. Canadian regulators were also concerned to take actions to promote access of Canadian issuers to increasingly borderless capital markets requiring some level of parity and regulatory standards. SOX type rules have since been introduced in the United Kingdom, France, Japan and India, and elsewhere.
As is the case with a number of other initiatives of the Canadian Securities Administrators ("CSA"), including the recent Continuous Disclosure obligations and Corporate Governance initiatives, its objective with the Investor Confidence Rules was to achieve some level of consistency so that the rules applicable to reporting issuers would be effectively the same from one Canadian jurisdiction to another. This would allow reporting issuers to treat Canada, more or less, as a single jurisdiction for compliance purposes. Of the 103 members of the International Organization of Securities Commission ("IOSCO"), only Canada and one other country do not have a national securities regulator. The other country is Bosnia-Herzegovina.
The Investor Confidence Rules
Not quite a year after SOX was enacted, the Canadian securities administrators (other than in British Columbia) had not yet determined whether to follow suit. On June 27, 2003, they published for comment a set of rules entitled "Auditor Oversight", "Certification of Disclosure in Issuers, Annual and Interim Filings", and "Audit Committees" (these are collectively referred to as the "Investor Confidence Rules").
The deadline for submissions was September 25, 2003. It was intended that they would become effective as early as January 1, 2004. This has not yet occurred. Instead, on January 16, 2004, final versions of the rules were introduced, which take into account comments received during the comment period. These are not open for further comment. Assuming all requisite approvals are received as anticipated, they become effective March 30, 2004.
AUDITOR OVERSIGHT
Background
Prior to the enactment of SOX, the Canadian Institute of Chartered Accountants ("CICA"), CSA and the regulators of Canadian financial institutions took the initiative to establish the Canadian Public Accountability Board ("CPAB") to promote high quality external audits of reporting issuers and to be responsible for developing and implementing an oversight program that includes regular and rigorous inspection of auditors of Canada's public companies. As the Canadian securities administrators noted in the Notice and Request for Comments concerning the Auditor Oversight Rule, their proposals were similar to developments under SOX in the United States:
The U.S. capital market recently suffered an erosion of investors' confidence as a result of several large corporate failures involving accounting irregularities. Following these corporate failures, the U.S. government enacted the Sarbanes Oxley Act of 2002 ("the SOX Act") in July 2002. The SOX Act introduced numerous accounting, disclosure and corporate governance reforms aimed at restoring public confidence in the U.S. capital markets. One of these reforms was the creation of the Public Company Accounting Oversight Board (PCAOB) to oversee the auditing of public companies that are subject to U.S. securities laws. The PCAOB is mandated, among other things, to establish a registration system for public accounting firms that prepare audit reports for issuers and to conduct inspections of registered public accounting firms. Under the SOX Act, it will be unlawful for any public accounting firm that is not registered with the PCAOB to prepare or issue, or to participate in the preparation or issuance of, any audit report with respect to an issuer subject to U.S. securities laws.
Although the corporate scandals that triggered the threat to market confidence took place in the United States, they have revealed the vulnerability of our markets and the need to strengthen existing requirements in our jurisdictions. In response, several initiatives have been introduced to address the issue of investor confidence and to maintain the reputation of our capital markets internationally, including the creation of the CPAB that will oversee the work done by auditors of public companies in Canada.
Requirements
In effect, under the Auditor Oversight Rule, an accounting firm that issues an auditor's report with respect to financial statements of a reporting issuer must be, at the time that it issues such report, a participating audit firm and must be in compliance with any instructions or sanctions imposed by the CPAB. Similarly, a reporting issuer that files financial statements accompanied by an auditor's report must have the auditor's report prepared by a participating audit firm. Because of differences in their statutes governing the practice of accountancy, these requirements do not apply in Alberta and Manitoba.
The CPAB can impose restrictions and sanctions on public accounting firms. If the CPAB identifies defects in the quality control systems of a participating audit firm, it may impose restrictions on the participating audit firm intended to address defects in its quality controls systems. In that case, such a firm has to provide written notice to the regulators in each participating jurisdiction (other than Alberta or Manitoba), in which a client is a reporting issuer, but does not have to provide notice to audit clients except where it fails to address these defects to the satisfaction of the CPAB within the agreed upon time period. In such event, it has to give notice within 10 business days of being so advised by the CPAB. Public accounting firms, subject to sanctions imposed by the CPAB, must give written notice to their reporting issuer audit clients and to the regulators in jurisdictions in which the client is a reporting issuer. Notice has to be provided to the audit committee or Board if it has no audit committee (or equivalent) reporting issuers for which the public accounting firm has been appointed to prepare an auditor's report of their financial statements. They must provide details of the sanctions and deliver them within 10 business days.
Prior to accepting an appointment to prepare an auditor's report with respect to the financial statements of a reporting issuer, a participating audit firm must give notice to the reporting issuer and the relevant regulators of any restrictions not satisfied of which notice was given, in such period, within the 12 months prior to the expected date of such appointment.
Issuers
Management, the Audit Committee and the Board of a reporting issuer should take appropriate measures to satisfy themselves that its auditors or proposed auditors are in compliance with these requirements.
CERTIFICATION OF DISCLOSURE IN ISSUERS' ANNUAL
AND INTERIM FILINGS
Substance and Purpose
The rule entitled "Certification of Disclosure in Issuers' Annual and Interim Filings" (the "Certification Rule") and the accompanying policy (the "Certification Policy") requires certain annual and interim filings made by a reporting issuer to be certified by Chief Executive Officers ("CEOs") and Chief Financial Officers ("CFOs") or persons performing similar functions. The documents required to be certified include the annual information forms ("AIFs") annual financial statements, annual management discussion and analysis ("MD&A"), interim financial statements and interim MD&A.
In introducing the rule, the regulators commented as follows:
The purpose of the [Certification Rule and Certification Policy] is to improve the quality and reliability of reporting issuers' annual and interim disclosure. We believe that this, in turn, will help to maintain and enhance investor confidence in the integrity of our capital markets. The [certification rule and certification policy] require [CEOs] and [CFOs] (or persons performing functions similar to CEOs or CFOs) of reporting issuers to personally certify that, among other things:
1. Their issuers' annual filings and interim filings do not contain any misrepresentations or omit to state any material facts;
2. The financial statements and other financial information in the annual filings and interim filings fairly present the financial condition, results of operations and cash flows of their issuers for the relevant time period;
3. They have designed disclosure controls and procedures and internal control over financial reporting (or caused them to be designed under their supervision);
4. They have evaluated the effectiveness of such disclosure controls and procedures and caused their issuers to disclose their conclusions regarding their evaluation; and
5. They have caused their issuers to disclose certain charges in internal control over financial reporting.
Form and Filing of Certificates
The content described above is reflected in a series of forms prescribed under the rule. The annual certificates and interim certificates must be filed in the exact language prescribed in the applicable forms. Where an issuer does not have a CEO or CFO, each person who performs similar functions to a CEO or CFO must certify the annual filings and interim filings. It is up to the issuer's discretion to determine who those persons are. Some guidance is given in the policy accompanying the rule.
"New" CEOs and CFOs
Commentators on the proposed rule and policy identified a problem in asking CEOs and CFOs to personally certify, among other things, that they had designed disclosure controls and procedures and internal control over financial reporting (or caused them to be designed under their supervision), where such design and implementation took place prior to the certifying officers assuming their respective offices.
The Certification Policy attempts to provide some guidance in this area by indicating that in the view of the regulators, where this was the case, provided that the certifying officers have reviewed the existing controls and procedures upon assuming their respective offices and have designed (or caused to be designed under their supervision) any modifications or enhancements to the existing controls or procedures determined to be necessary following their review, then the regulators consider that the certifying officers will have designed (or caused to be designed under their supervision) these controls and procedures for the purposes of the certificates. While such guidance may assist the certifying officers "getting over" the fact that their certificates (to which certain liabilities may attach) are not, strictly speaking, accurate on their face. As it is not possible to amend the certificates concerned, it is expected that most reporting issuers will simply rely on such guidance.
Internal Control Over Financial Reporting and Disclosure Controls and Procedures
The regulators believe that certification of "internal control over financial reporting" and "disclosure controls and procedures" on a regular basis is an important factor in maintaining integrity of the capital markets and thereby enhancing investor confidence in the capital markets. Both these terms are defined in the rule.
The policy notes the following:
The [rule] does not, however, prescribe the degree of complexity or any specific policy or procedures that must make up those controls and procedures. This is intentional. In our view, these considerations are best left to management's judgement based on various factors that may be particular to an issue or, including its size, the nature of its business and the complexity of its operations.
In effect, "disclosure controls and procedures" means controls and other procedures designed to provide reasonable assurance that information required to be disclosed by the issuer in its annual filings, interim filings or other reports filed or submitted by it under provincial and territorial securities legislation is recorded, processed, summarized and reported within the time period specified in such legislation, including controls and procedures designed to ensure that information required to be disclosed in such documents is accumulated and communicated to management, including the CEO and CFO, as appropriate to allow timely decisions regarding required disclosure.
Internal Control Over Financial Reporting
In effect "internal control over financial reporting" means a process designed by the CEO and CFO and implemented by the board, management and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with the issuers' generally accepted accounting principles ("GAAP") and it includes these policies and procedures that:
(a) pertain to maintaining records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the issuer;
(b) provide reasonable assurance that actions are recorded as necessary to permit preparation of financial statements in accordance with the issuers' GAAP and that receipts and expenditures of the issuer are made in accordance with authorization from management and the board; and
(c) provide reasonable assurance regarding prevention or timely detection of authorized acquisition, use or disposition of the issuers' assets that could have a material effect on the annual or interim financial statements, as the case may be.
While neither the rule nor the prescribed form specifies the contents of the certifying officers' report on their evaluations of disclosure controls and procedures, the accompanying policy indicates that since the disclosure controls and procedures should be designed to provide, at a minimum, reasonable assurance of achieving their objectives, the report should set forth, at a minimum, the conclusions of the certifying officers as to whether the controls and procedures are, in fact, effective at the "reasonable assurance" level.
Fair Presentation
The representations made in the certificate that the relevant documents "fairly present" the financial condition and results of operations in cashflows of the issuers for the relevant time period are not qualified by the phrase "in accordance with generally accepted accounting principles ("GAAP")" which Canadian auditors typically include in their reports on financial statements. The policy notes that this qualification has been specifically excluded "to prevent management from replying upon compliance with the issuers' GAAP in this representation, particularly where the issuers' GAAP financial statements may not reflect the financial condition of an issuer (since the issuers' GAAP does not always define all the components of an overall fair presentation).
A number of commentators objected to this on the grounds that the concept of fair presentation "in accordance with generally accepted accounting principles" is well known and understood and is the subject of continuous review by the accounting standard setters, including the various provincial Institutes of Chartered Accountants and CICA. Many commentators argued that if the CICA standard was not adopted, there should be a formal definition of the term "fair presentation."
The regulators declined to do this believing that the term "fair presentation" encompasses a number of qualitative and quantitative factors that may not be applicable to all issuers. In their view, fair presentation includes but is not necessarily limited to selection of appropriate accounting policies; proper application of appropriate accounting policies; disclosure of financial information that is informative and reasonably reflects the underlying transactions; and inclusion of additional disclosure necessary to provide investors with a materially accurate and complete picture of financial condition, results of operations and cash flows. The last item is one which might not have been encompassed if the "fair presentation" phrase had been qualified by the phrase "in accordance with GAAP". The policy also notes that in not limiting the certificates to compliance with the issuers' GAAP, this is in no way intended to permit an issuer to depart from the issuers' GAAP in its financial statements.
In effect, the regulators believe that where an issuer thinks there are limitations to its own GAAP based financial statements as an indicator of the issuers' financial condition, the issuer should provide additional disclosure in its MD&A necessary to provide a materially accurate and complete picture of the issuer's financial condition, results of operations and cash flows. Regulators also refer readers to case law on the term "fair presentation".
Financial Condition
The Certification Rule indicates that the "financial condition" in the certificates is intended to be used in the same manner as the term is used by the CICA in its MD&A guidelines and in the regulators' national policy and companion rule concerning continuous disclosure. There is, however, no formal definition of the term. The regulators indicate that, in their view, the term encompasses a number of qualitative and quantitative factors that would be difficult to enumerate in a comprehensive list applicable to all issuers. These factors include liquidity, solvency, capital resources, overall financial health of the issuer's business and current and future considerations, risks, or uncertainties that might impact the financial health of the issuer's business.
Consolidation
The Certification Policy notes that issuers are required to prepare their financial statements on a consolidated basis under the issuers GAAP and that, as a result, the representations in the CEO and CFO certifications will extend to consolidated financial statements. The regulators indicate that in making these representations, the issuer's disclosure controls and procedures should provide reasonable assurance that material information relating to the issuer and its consolidated subsidiaries is made known to the certifying officers.
A number of commentators drew attention to difficulties that might be presented where an issuer lacks effective control over a consolidated subsidiary. In the view of the regulators, this does not affect the obligation of the issuer to present consolidated disclosure that includes a fair presentation of financial condition of the subsidiary. They note that an issuer has to maintain adequate internal control over financial reporting and disclosure controls and procedures in order to do this. If a certifying officer is not satisfied with these as they relate to consolidated subsidiaries, he or she should cause the issuer to disclose in its MD&A his or her concerns regarding such controls and procedures.
The regulators also note that an issuer may sometimes consolidate its financial results and MD&A with those of a subsidiary which is also a reporting issuer. Once again, the regulators note that in those circumstances, certifying officers should determine the level of due diligence required in respect of the consolidated subsidiary in order to provide such certification.
Internal Controls
The regulators originally proposed that the certificates extend to disclosure to the issuer's auditors and the audit committee of the Board of Directors of all significant deficiencies and material weaknesses in the design or operation of internal controls that could seriously affect the issuers ability to disclose information required under applicable legislation within the time period specified and that they also disclose any fraud, whether or not material, that involved management or other employees who have a significant role in the issuer's internal controls. The deletion of this item was made to harmonize the certification required under the rule with that required pursuant to the rules of the Securities Exchange Commission ("SEC") under SOX. The policy also notes that the CSA is developing, as a separate initiative, a proposed rule which would require a report on managements' assessment of an issuer's internal control over financial reporting. They are also evaluating the extent to which auditors might be required to attest to such report.
Exemptions
The rule applies to all issuers other than investment funds and includes all non corporate issuers, such as income trusts. A number of exemptions from the certification requirements are provided. These exemptions relate to issuers that comply with U.S. laws, foreign issuers, certain exchangeable security issuers, certain credit support issuers, as such terms are used in the rule and policy, and issuers who are granted exemptions by the regulators.
Transition Period
Annual certifications are required for financial years beginning on or after January 1, 2004. With respect to years ending on or before March 30, 2005, an issuer may file a "bare certificate", which is a certificate dealing only with misrepresentations and fair presentation. The full certificate must be filed for financial years ending on or after March 31, 2005.
Full certification is required for interim periods beginning on or after January 1, 2004, however, a "bare certificate" may be filed for an interim period being part of the annual year for which the first full annual certificate must be filed. To assist issuers in complying with these rules, an appendix to the policy sets forth highly detailed illustrations of the application of these requirements.
Accordingly, issuers with December 31st year ends will file "bare" interim certificates for each quarter of the 2004 calendar year, starting with the quarter ending March 31st, 2004. Such issuers will file their first bare annual certificate for the year ending March 31st 2004. Their first full certificate would be required for the annual filings for the year ended December 31st 2005. Such issuers would have to file their first full interim certificate with respect to the period ended March 31, 2006.
Liability for False Certification
The regulators comment that "[an officer providing a false certification potentially could be subject to quasi-criminal, administrative or civil proceedings under securities law". There are good reasons for expressing this conclusion in such a tentative manner. They also note that currently officers providing a false certification could potentially be subject to private actions for damages at common law, or, in Quebec, at civil law but that more onerous consequences may ensue in Ontario under the Securities Act (Ontario) when amendments which create statutory civil liability for misrepresentations in continuous disclosure are proclaimed in force. The policy notes that the liability standard applicable to a document required to be filed with the OSC, including an annual or interim certificate, will depend on whether the document is a "core document" as defined in those amendments. In the latest version of the proposed amendments, annual certificates and interim certificates are caught by the definition of "document" but are not included in the definition of "core document".
The regulators also note the following:
In any action commenced under [the proposed amendments] a court has the discretion to treat multiple misrepresentations having common subject matter or content as a single misrepresentation. This provision could permit a court in appropriate cases to treat a misrepresentation in an issuer's financial statements and a misrepresentation made by an officer in an annual certificate or an interim certificate that relate to the underlying financial statements as a single misrepresentation.
Thus, issuers and their certifying CEOs and CFOs and, quite likely, the issuers' directors, would be defendants in one and the same action.
AUDIT COMMITTEES
Background
The rule entitled "Audit Committees" (the "Audit Committee Rule") and the accompanying policy (the "Audit Committee Policy") are derived from the audit committee requirements of SOX, certain requirements of the SEC in the United States, and the listing requirements of the New York Stock Exchange and NASDAQ.
In introducing this rule and policy, which respond to the corporate failures addressed by SOX, the regulators commented as follows:
Recent U.S. financial scandals have demonstrated that a conflict of interest may arise when management assumes the role of overseeing the relationship between an issuer and external auditor. In particular, a conflict arises when the external auditor begins to consider management, and not the issuer and its shareholders, as its client. As a result [of SOX, the SEC rules and applicable listing requirements], U.S. listed issuers will now be required to have an independent audit committee which is directly responsible for the appointment, compensation, retention and oversight of the work of the external auditor and to whom the external auditor must report directly. By barring management from any oversight role with respect to the external auditor, the U.S. audit committee requirements facilitate the independent review and oversight of a company's financial reporting processes and the work of the external auditors. The [Audit Committee Rule] requires certain reporting issuers to comply with provisions similar to those in the United States. The [Audit Committee Rule] differs from the U.S. audit committee requirements to the extent required by Canadian corporate law and certain realities of the Canadian markets (i.e., the high number of public junior issuers and controlled companies).
Substance and Purpose
The stated purpose of the Audit Committee Rule is to encourage reporting issuers to establish and maintain strong, effective and independent audit committees in order to enhance the quality of financial disclosure and ultimately foster investor confidence in Canada's capital markets.
The rule requires that every reporting issuer have an audit committee to which the issuer's external auditor must directly report. The rule deals with oversight of the work of the external auditor, pre-approval of non-audit services, release of financially based information prior to public disclosure, the composition of the audit committee (including independence) and the powers of the audit committee.
Application
The Audit Committee Rule applies to all reporting issuers other than (a) investment funds; (b) issuers of asset-backed securities; (c) designated foreign issuers; (d) SEC foreign issuers (basically foreign issuers that file reports with the SEC); (e) subsidiary entities that have no equity securities (other than non-convertible non-participating preferred securities) listed if the parent is subject to audit committee rule or is listed on a U.S. national exchange or quotation system and is in compliance with its audit committee rules; (f) exchangeable security issuers; and (g) credit support issuers. These terms are defined in recent CSA rules entitled "Continuous Disclosure Obligations" and "Continuous Disclosure and Other Exemptions Relating to Foreign Issuers."
Accordingly, the rule applies to non-corporate issuers. The accompanying policy indicates that where the rule or policy refers to a particular corporate characteristic, such as a board of directors, the reference should be read to also include any equivalent characteristic of a non-corporate entity. It also indicates that in the case of income trusts, the audit committee will be comprised of trustees and, in the case of limited partnerships, it will be comprised of directors of the general partner.
Issuers which are "venture issuers," including issuers listed only on the TSX venture exchange, are subject to requirements which are less onerous than those applicable to other issuers.
AUDIT COMMITTEE RESPONSIBILITIES
Role
The Audit Committee Policy notes that:
Traditionally, the audit committee has performed a number of roles, including helping directors meet their responsibilities, providing better communication between directors and the external auditors, enhancing the independence of the external auditor, increasing the credibility and objectivity of financial reports and strengthening the role of directors by facilitating in-depth discussions among directors, management and the external auditor.
General
The rule requires that every issuer have an audit committee that complies with the requirements of the rule. Every issuer must require its external auditor to report directly to the audit committee.
Relationship with Auditors
In effect, the rule expands the role of the audit committee to include managing, on behalf of the shareholders, the relationship between the issuer and the external auditors. In the accompanying policy, the regulators draw attention to this as follows:
Although under corporate law an issuer's external auditors are responsible to the shareholders, in practice, shareholders have often been too dispersed to effectively exercise meaningful oversight of the external auditors. As a result, management has typically assumed this oversight role. However, the auditing process may be compromised if the external auditors view their main responsibility as serving management rather than the shareholders. By assigning these responsibilities to an independent audit committee, the [Audit Committee Rule] insures that the external audit will be conducted independently of the issuer's management.
The regulators also note that withstanding the oversight role of the audit committee, under Canadian corporate law, the external auditors are retained by, and are ultimately accountable to, the shareholders. They also note that nothing in their enumeration of the rights and responsibilities of the audit committee detracts from the right and responsibility of the external auditors to also provide their views directly to shareholders if they disagree with an approach taken by the audit committee.
Accordingly, the audit committee is required only to recommend to the board of directors the nomination and compensation of the external auditor. Under Canadian corporate law, it is the responsibility of the shareholders to fix the remuneration of the external auditors and the directors may only fix their remuneration if the shareholders fail to do this. In practice, of course, it is the board, and under the new rule, the audit committee, which takes the leading role on this, although technically it is only a recommendation to the shareholders. The regulators also note that an issuer should not release information derived from its financial statements without prior review by the audit committee.
Charter
An audit committee must have a written charter that sets out its mandate and responsibilities. While this charter may deal with other items as well, it must at least require the audit committee to: (a) recommend to the board of directors the appointment of external auditors to be nominated for the purpose of preparing or issuing an auditor's report or performing other audit review or attest services for the issuer and the compensation of such external auditors; (b) be directly responsible for overseeing the audit and any non-audit work of the external auditors, including the resolution of disagreements between management and the external auditor; (c) pre-approve all non-audit services to be provided by the issuer's external auditor to the issuer or its subsidiary entities; (d) review the issuer's financial statements, MD&A and annual and interim earnings press releases before their disclosure by the issuer; (e) satisfy itself that adequate procedures are in place for the review of the issuer's public disclosure of financial information extracted or derived from its financial statements and periodically assess the accuracy of those procedures; (f) establish procedures for the receipt, retention and treatment of complaints received by the issuer of concerns regarding accounting, internal accounting controls, or auditing matters and for the confidential, anonymous submission from employees of the issuer regarding questionable accounting or auditing matters (commonly referred to as "whistle-blowing"); and (g) review and approve the issuer's hiring policies regarding partners, employees and former partners and employees of the present and former external auditor of the issuer.
The Audit Committee Policy notes that, while it establishes requirements for the responsibilities, compensation and authority of audit committees, the rule is not intended to restrict the ability of the directors or the audit committee to establish the audit committee's quorum or procedures or to restrict its ability to invite additional parties to attend audit committee meetings.
Pre-approval of Non-Audit Services
The rule provides that the requirement for pre-approval of non-audit services is satisfied if: (a) the aggregate amount of all the fees not pre-approved is reasonably expected to constitute no more than 5% of the total fees paid by the issuer and its subsidiary entities to the external auditor during the fiscal year; (b) the issuer or its subsidiary, as the case may be, did not recognize the services as non-audit services at the time of the engagement; and (c) the services are promptly brought to the attention of the audit committee and approved, prior to completion of the audit, by the audit committee or such members to whom authority to grant such approvals has been delegated.
While the audit committee may delegate authority to pre-approve non-audit services to one or more independent members of the committee, the member or members to whom such authority has been delegated must present such pre-approval to the audit committee at its next scheduled meeting. The audit committee may satisfy the pre-approval requirement if it adopts specific policies and procedures for the engagement of non-audit services, provided that: (a) the pre-approval procedures are detailed as the particular service; (b) the audit committee is informed of each non-audit service; and (c) the procedures do not include delegation of the audit committee's responsibilities to management.
The Audit Committee Policy provides guidance as to the development and application of such policy. In particular, (a) the establishment of monetary limits will not, alone, constitute sufficient detail as the particular services to be provided and will not, alone, ensure that the audit committee will be informed about the service; (b) the use of broad, categorical approvals (e.g. tax compliance services) will not meet the requirement for detail as to the particular services; (c) the appropriate level of detail will differ depending on the facts and circumstances of the issuer. In this regard, it goes on to note the following:
The appropriate level of detail for the pre-approval policies will differ depending upon the facts and circumstances of the issuer. The pre-approval policies must be designed to ensure that the audit committee knows precisely what services it is being asked to pre-approve so that it can make a well-reasoned assessment of the impact of the service on the auditor's independence. Furthermore, because the [Audit Committee Rule] requires that the policies cannot result in a delegation of the audit committee's responsibility to management, the pre-approval policies must be sufficiently detailed as to particular services so that a member of management will not be called upon to determine whether the proposed service fits within the policy.
COMPOSITION OF THE AUDIT COMMITTEE
Composition
Each Audit Committee must be composed of a minimum of three members, each of whom must be a director, independent and financially literate.
Meaning of Independence
As a result of comments made on the proposals, this definition has been revised to more closely parallel similar provisions applicable in the United States. Generally, an Audit Committee member is independent if the member has no direct or indirect material relationship with the issuer. For this purpose, the term "material relationship" means a relationship which could, in the view of the issuer's board of directors, reasonably interfere with the exercise of a member's independent judgment. The Audit Committee Policy indicates that the term "material relationship" may include commercial, charitable, industrial, banking, consulting, legal, accounting or familial relationships. In the policy, the regulators suggest that directors and their counsel should refer to the relationships which are deemed to make the director not independent (described below) for guidance in applying the general independence test in other circumstances.
In the first instance then, it is up to the board to consider this prior to making appointments to the audit committee.
Certain relationships, however, are deemed to be material relationships with the issuer. These include individuals who satisfy the following descriptions: (a) a director who is, or has been an employee or executive officer of the issuer unless the prescribed period has elapsed since termination; (b) a director whose immediate family member (as defined) is, or has been, an affiliated entity (as defined) a partner of or employed in a professional capacity by a current or former internal or external auditor (except, in effect, a retired partner) unless the prescribed period has elapsed since the person's relationship or the auditing relationship ended; (c) an individual who is, or has been, or whose immediate family member is or has been, an executive officer of an entity on whose compensation committee any of the issuers current executive officers serve, unless the prescribed period has elapsed since such person ceased to be such executive officer; (d) an individual whose immediate family member accepts directly or indirectly, any consulting, advisory or other compensatory fee from the issuer or any of its subsidiaries, other than the fee for acting as a member of the board, any board committee, part time chair or vice chair of the board or any board committee, or receives, or whose immediate family member receives, more than $75,000.00 per year in direct compensation from the issuer except for remuneration for acting as a member of the board, board committee or as a part time chair or vice chair of the board or any board committee until the prescribed period has elapsed since such person ceased to receive more than $75,000.00 per year in compensation (except, in effect for fixed retirement benefits); and (e) an individual who is an affiliated entity of the issuer or any of its subsidiary entities.
For the purpose of these rules, the term "executive officer" means someone who is a chair, vice chair, president, vice president in charge of a principal business unit, division or function (including sales, finance or production) or an officer of the entity or any subsidiary entity or any other individual who, in either case, performs a policy making function in respect to the entity.
The term "immediate family member" means an individual's spouse, parent, child, sibling, mother or father-in-law, son or daughter-in-law, brother or sister-in-law, and anyone (other than employee of either the individual or the individual's immediate family member) who shares the individual's home.
For these purposes, the "prescribed period' is the shorter of: (a) the period commencing on March 30, 2004 and ending immediately prior to the determination required; and (b) the three year period ending immediately prior to the determination required.
For the purpose of the rule concerning direct or indirect acceptance of consulting, advisory or other compensatory fees, there is a provision which deems receipt by persons whose relationship to the person is within the following categories to be acceptance by the person. This relates to acceptance of the fee by the person's spouse, minor child or step child, or child or step child who shares the person's home or an entity in which such person is a partner, member, officer (such as managing director occupying a comparable position) or executive officer, or occupies a similar position (unless they have no active role in providing services) and which provides accounting, consulting, legal, investment banking, or financial advisory services to the issuer or any subsidiary entity of the issuer.
Affiliated Entity, Subsidiary Entity and Control
The term "affiliated entity", in effect, means a person or company that controls, or is controlled by, or is under common control with, the issuer. It also includes a person or a company who is both a director and employee of the affiliated entity or an executive officer, general partner or managing member of an affiliated entity.
A "subsidiary entity" is one which is controlled by that other person or company, that other and one or more persons or companies each of which is controlled by that other, is controlled by two or more persons or companies each of which is controlled by that other, or is a subsidiary entity of a person or a company that is that other's subsidiary entity (i.e. an indirect subsidiary).
For purposes of the rule, "control" means the direct or indirect power to cause the direction of the management and policies of a person or company, whether through ownership of voting securities or otherwise. A person is not considered to be an affiliated entity of an issuer if the person owns, directly or indirectly, 10% or less of any class of its voting securities and is not an executive officer of the issuer.
Financial Literacy
Under the rule, an individual is considered to be financially literate if he or she has the ability to read and understand a set of financial statements that present a breadth and level of complexity of accounting issues that are generally comparable to the breadth and complexity of the issues that can reasonably be expected to be raised by the issuer's financial statements.
The audit committee policy notes that it is not necessary for a director to have a comprehensive knowledge of Generally Accepted Accounting Principles ("GAAP") and the Generally Accepted Accounting Standards ("GAAS") to be considered financially literate.
The original proposals would have required each audit committee to have an "audit committee financial expert". This requirement was deleted as a result of a number of comments received. Among other things, commentators expressed concern about actual or perceived incremental liability for an individual who was so identified, whether there were a limited number of individuals so qualified and the possible negative impact that the actual or perceived incremental liability would have on the willingness of such individuals to serve in this capacity.
Instead, there is a requirement in the applicable form to disclose each member's education and experience that is relevant to the performance of his or her responsibilities as an audit committee member and, in particular, any education and experience that would provide the member with certain specified attributes. In introducing the final versions of the rule and policy, the regulators noted that these attributes are nearly identical to those of an audit committee financial expert as defined by the SEC requirements.
Initial Public Offerings
An issuer which has filed a prospectus to qualify the distribution of securities that constitutes its initial public offering, need not have an audit committee composed only of independent directors until a date which is 90 days after the date of receipt of the prospectus, provided that at least one member of the audit committee is independent and the issuer's board of directors has determined that the reliance on the exemption will not materially adversely affect the ability of the audit committee to act independently and to satisfy the other requirements of the rule. For the balance of the first year, after receipt for the IPO prospectus, all the members of the audit committee do not have to be independent, provided that a majority are independent and the board of directors has made the determination previously mentioned. In effect, this permits the gradual "phase-in" of the independence requirement during the first year after an initial public offering.
Controlled Companies
A director otherwise independent of the issuer except that such director is a director of an affiliated entity is considered to be independent. An individual who could not serve on the issuer's audit committee because he or she is considered not to be independent by reason of being an affiliated entity of the issuer or any of its subsidiaries may serve on the issuer's audit committee provided that: such person is not an executive officer, general partner or managing member of a publicly traded affiliated entity or an immediate family member of such person; does not chair the audit committee; the board determines in its reasonable judgment that the member is able to exercise the impartial judgment necessary for such person to fulfill his or her responsibilities as an audit committee member; and the appointment of the member is required by the best interest of the issuer and its shareholders. In addition, a majority of the members of the audit committee must be independent. This permits controlling shareholders, executive officers and private holding companies and non executive officers of publicly traded holding companies to serve on the audit committee if they would be independent otherwise.
Events Outside Control
Where an audit committee member ceases to be independent for reasons outside the member's reasonable control, or where a member dies, becomes disabled or resigns, the member or member filling the vacancy, as the case may be, will not have to comply with the independence requirements until the later of the next annual meeting and 6 months from the event that gave rise to the loss of independence or vacancy, as the case may be, provided that: the issuer's board has determined that the reliance on the exemption will not materially address in affect the ability of the audit committee to act independently and to satisfy the other requirements of the Rule (which proviso is referred to here as the "Non-Impairment Condition").
Limited and Exceptional Circumstances
As long as a majority of the audit committee members are independent, a director who is not independent may serve on the audit committee for a period of not more than two years provided that; (a) the member is not an employee or officer of the issuer or immediate family member of another employee or officer; (b) the board under exceptional and limited circumstances, determines in its reasonable judgment that the member is able to exercise the impartial judgment necessary to fulfill the member's responsibilities as an audit committee member and that such appointment is required by the best interest of the issuer and its shareholders; and (c) the member does not act as chair. In addition, the person cannot be an affiliated entity of the issuer or any of its subsidiary entities and cannot accept, directly, or indirectly, any consulting, advisory or compensatory fee from the issuer or any subsidiary entity, except for remuneration as a director, member of the board committee, as a part time chair or vice chair of the board or a board committee herein.
Acquisition of Financial Literacy
Subject to satisfaction of the non-impairment condition, an audit committee member who is not financially literate may be appointed to the audit committee provided that member becomes financially literate within a reasonable period of time and the Non-Impairment Condition is satisfied. As is the case with most of these exemptions, reliance on the exemption must be disclosed in the issuer's AIF.
AUTHORITY OF THE AUDIT COMMITTEE
The rule requires the audit committee to have the authority to engage independent counsel and other advisors as it determines necessary to carry out its duties; to set and pay the compensation for any advisors employed by the audit committee; and to communicate directly with the internal and external auditors.
Among other things, while the board will be responsible for ensuring that the members of the audit committee are "independent" and will often have to obtain legal advice in that regard, there are many issues which may affect whether or not a member of the audit committee continues to be independent which may require legal advice. The provision of non-audit services by the external auditor and the pre-approval of such engagements may also require legal advice. There are undoubtedly many other items which may require independent legal or other advice.
REPORTING OBLIGATIONS
The Audit Committee Rule requires every issuer to include in its AIF the disclosure required by the form prescribed under the rule. In addition, any management information circular prepared by management in connection with solicitation of proxies for the election of directors must contain a cross reference to the sections of the AIF that contain such information.
The AIF is required to contain the following disclosure:
1. The text of the Audit Committee Charter.
2. The name of each audit committee member and whether or not they are independent and financially literate.
3. The education and experience of each member that is relevant to the performance of his or her responsibilities as an audit committee member and, in particular, any education or experience that would provide the member with:
(a) An understanding of the accounting principles used by the issuer to prepare its financial statements;
(b) The ability to assess the general application of such accounting principles in connection with the accounting for estimates, accruals and reserves;
(c) Experience preparing, auditing, analyzing or evaluating financial statements that present a breadth and level of complexity of accounting issuers that are generally comparable to the breadth and complexity of issues that can reasonably be expected to be raised by the issuer's financial statement, or experience actively supervising one or more persons engaged in such activity; and
(d) An understanding of internal controls and procedures for financial reporting.
4. A statement concerning whether, since the commencement of the issuer's most recently completed financial year, the issuer has relied upon any of the stipulated exemptions, and to provide any additional explanations that may be required.
5. The name of any member appointed to the board since the commencement of the last completed financial year who is not financially literate and the date by which such person expects to become financially literate.
6. A statement and explanation of any situation in which, since the commencement of the most recently completed financial year, a recommendation of the audit committee to nominate or compensate an external auditor was not adopted by the board of directors.
7. A description of any specific policy and procedures adopted by the audit committee for the engagement of non audit services.
8. A statement of the aggregate fees billed by the issuer's external auditor in each of the last two fiscal years of audit fees, audit-related fees, tax fees and all other fees, including a description of the nature of the services provided.
VENTURE ISSUERS
Venture Issuers are exempt from the requirements of the rule dealing with Composition of the Audit Committee and from the otherwise applicable reporting requirements. Instead, a management information circular prepared in connection with the solicitation of proxies by management for the purpose of electing directors must contain an abbreviated form of disclosure. If the venture issuer is not required to send a management information circular to its security holders, it must provide the required disclosure in its AIF or annual MD&A. A venture issuer is not required to disclose the education and experience of audit committee members relevant to performance of the member's duties on the audit committee. The relevant disclosure document must state that the issuer has relied upon the venture issuer exemption.
U.S. LISTED ISSUERS
Issuers listed or quoted on a U.S. marketplace are, in effect, exempt from the rule provided that such issuers are in compliance with the requirements of that U.S. market applicable to issuers other than foreign private issuers regarding the rule on composition of audit committees. If it is incorporated, continued or otherwise organized in Canada, it must disclose in its AIF any situations in which the audit committee recommendation concerning nomination or compensation of external auditors was not accepted by the board.
EFFECTIVE DATE
While the Audit Committee Rule comes into force on March 30, 2004, the rule does not apply to an issuer until the earlier of: its first annual meeting after July 1, 2004; and July 1, 2005.
WHAT ISSUERS SHOULD DO
The carefully designed interaction of the Investor Confidence Rules with other recent initiatives of the Canadian securities regulators relating to various matters, including corporate governance and continuous disclosure, creates a kind of "ripple effect" requiring in effect, careful consideration of policies and procedures considered by which issuers might comply with these various regulatory initiatives. Each of the compliance initiatives considered by reporting issuers must take into account those taken by such issuer with respect to these other related matters.
Management, the Audit Committee and the Board of Directors of reporting issuers should take appropriate measures to satisfy themselves that its auditors or proposed auditors are in compliance with auditor oversight rule and the CPAB requirements.
Issuers which have not already done so will have to devise appropriate practices and procedures to insure that their CEOs and CFOs can provide the required certifications. Because the language used in the Certification Rule is effectively the same as that used under SOX, Canadian issuers already complying with SOX will, in effect, substantially comply with the requirements of the rule. Issuers otherwise subject to the Certification Rule will have to put in place means by which the CEO and CFO can provide the required certifications. This means that issuers will have to adopt appropriate disclosure controls and procedures and internal control over financial reporting to enable the certifying officers to provide their certificates. While some issuers may not be in a position to satisfy these requirements, others will have a great deal of work to do.
To comply with the Audit Committee Rule, an issuer must also devise appropriate charters, practices and procedures for its audit committee in order that it can fulfill its required functions independently of management. Reporting issuers (other than venture issuers), will also have to consider how to ensure that all members of the audit committee are independent and financially literate. This may require making some changes to the membership of the audit committee. Such changes should be considered at an early time. Certainly, reporting issuers will want to be able to make the required changes in time to comply with the Audit Committee Rule. These and other issues may require consulting with and taking advice from legal counsel and others.
Phillip G. Bevans
CAN WE HELP?
If you would like copies of any of the rules and policies, or any further information, would like to provide comments to the OSC or otherwise, or would like assistance concerning how you should respond to these initiatives, please contact:
Print
