Internal Control
Internal Control Certification
Boards should take a broad view of control to ensure that they provide oversight of all aspects of the control environment, and don’t focus just on internal control.
Starting with reporting periods ending on or after December 15, 2008, CEOs and CFOs of Canadian reporting issuers are now required to certify the operating effectiveness as well as the design of internal control over financial reporting. Since 2005 they have been required to certify the design and operating effectiveness of disclosure controls and procedures.
Although CSA National Instrument 52-109, "Certification of Disclosure in Issuers' Annual and Interim Filings," (NI 52-109) does not explicitly describe a role for the Board in the certification process, that does not mean that one does not exist nor that the board is without responsibilities in this area. For example, NI 52-109 requires CEOs and CFOs to disclose the conclusions of their reviews of disclosure controls and procedures and internal control over financial reporting in the MD&A, a document that must be reviewed and approved by the Board. Furthermore, the CSA's National Policy 58-201 "Corporate Governance Guidelines" states that "the board should adopt a written mandate in which it explicitly acknowledges responsibility for the stewardship of the issuer, including responsibility for the issuer's internal control and management information systems".
Dig Deeper
Authoritative Guidance
- COSO Expects to Issue the Updated Internal Control-Integrated Framework and Related Supporting Documents During the First Quarter of 2013 (COSO)
- Internal Control Framework (COSO)
- COSO Announces Project to Modernize Internal Control - Integrated Framework (COSO, PDF)
- Garrett/Adler amendment (House of representatives)
- Agreed-upon Procedures Regarding Internal Control over Financial Reporting (CICA)
- CSA National Instrument 52-109, Certification of Disclosure in Issuer's Annual and Interim Filings (PDF)
- CSA Staff Notice 52-316 - Certification of Design of Internal Control Over Financial Reporting - CVMO: Réglementation
- Internal Control Over Financial Reporting in Exchange Act Periodic Reports of Non-Accelerated Filers (SEC)
- Study of the Sarbanes-Oxley Act of 2002 Section 404 Internal Control over Financial Reporting Requirements (SEC)
- Definition of the Term Significant Deficiency (SEC)
- Guidance Regarding Management’s Report on Internal Control Over Financial Reporting (SEC)
- PCAOB Issues Report on First Year of Implementation of Auditing Standard No. 5 (PCAOB)
- Staff Guidance on Auditing Internal Control Over Financial Reporting in Smaller Public Companies (PCAOB, PDF)
- Guidance on Monitoring Internal Control Systems (COSO)
- Internal Control -- Integrated Framework (COSO)
- Turnbull Report (ICAEW)
Thought Leadership
- Understanding and Communicating Risk Appetite (COSO, 32-page PDF file)
- Study and Recommendations on Section 404(b) of the Sarbanes-Oxley Act of 2002 - For Issuers With Public Float Between $75 and $250 Million (SEC, 118-page PDF File)
- 404 Dashboard - Year 6 Update ( (Audit Analytics, PDF)
- 2010 Sarbanes-Oxley Compliance Survey (Protiviti, PDF)
- Do Control Effectiveness Disclosures Require Internal Control Audits? A Natural Experiment with Small U.S. Public Companies (49-page PDF file, University of Texas at Austin - Department of Accounting)
- Performing an Audit of Internal Control In an Integrated Audit (The AICPA Center for Audit Quality, PDF)
- Sarbanes-Oxley Section 404: A Guide for Management by Internal Controls Practitioners (IIA PDF)
- Sarbanes-Oxley Section 404 - A Guide for Small Business (SEC, PDF)
- The Effects of Internal Control Quality, CFO Characteristics, and Board of Director Strength on CFO Annual Compensation (PDF)
- Management Reporting on Internal Control over Financial Reporting, by Zoe-Vonna Palmrose, Deputy Chief Accountant for Professional Practice (SEC)
- Risk Based Evaluations of ICFR, 2006 AICPA National Conference on Current SEC and PCAOB Developments, by Michael Gaynor, Professional Accounting Fellow, Office of the Chief Accountant (SEC)