CEO and CFO Certification of Securities Filings
Under SEC Order 4-460: An FAQ for the Perplexed
Many thanks to Harry Wallace of Mazonson for sending this to boardoptions:
by Boris Feldman*
In the next month, CEO's and CFO's
of the nation's thousand largest public companies will have to
certify the accuracy of their recent
SEC filings. They have been ordered to do so by the Securities &
Exchange Commission, in Order 4-460
(Order Requiring the Filing of Sworn Statements Pursuant to
Section 21(a)(1) of the Securities
Exchange Act of 1934) (June 27, 2002)
(
www.sec.gov/rules/other/4-460.htm).The purpose of this emergency SEC
Order is to restore investor
confidence in light of recent accounting
scandals. The Order enhances the personal exposure - civil
and criminal, private and governmental
- of senior executives. The SEC hopes that the Order will cause
executives to uncover and correct
accounting frauds or other disclosure violations that have not yet
come to light.
This FAQ addresses questions from
CEO's and CFO's about how they should comply with the Order.
Is
the certification requirement a one-time phenomenon?
What
statements will I be certifying? Am
I better off if I know nothing?
What
type of inquiry should I conduct with respect to financial statements?
What
type of inquiry should I conduct with respect to MD&A disclosures?
What
should I do if I come across any red flags?
What
should I discuss with my Audit Committee?
Should
I document the steps I've taken?
Is the certification requirement
a one-time phenomenon? Probably not. By its terms, Order 4-460
imposes a one-time certification
requirement, limited to public companies with 2001 revenue of $1.2
billion or more. This covers about
950 companies. See www.sec.gov/rules/other/4-460list.htm.
Nevertheless, the SEC has proposed
a permanent certification requirement that is likely to be adopted
in some form. See www.sec.gov/rules/proposed/34-46079.htm.
The specifics of that proposed
certification requirement are not
identical to the provisions in the emergency order. In addition, the
New York Stock Exchange and NASDAQ
have each proposed comparable certification requirements
for companies listed on those exchanges.
See
www.nyse.com/abouthome.html?query=/about/report.html;
www.nasdaqnews.com/about/corpgov/corp_gov_filings_061301.html.
In short, some form of
certification requirement will become
an ongoing-requirement for at least the CEO's and CFO's
of public companies.
What statements will I be certifying?
The SEC Order applies to the company's most recent annual
filing on Form 10-K and its quarterly
reports on Form 10-Q since the last 10-K (including the first filing
on or after August 14, 2002). In
addition, the certification covers filings on Form 8-K since the last 10-K,
as well as the company's proxy statement
since the last 10-K
.
The certification is not limited
to the financial statements in the filings. It applies to all disclosures
in those
documents, regardless of where they
are found. As a result, even if a certifying officer concludes that the
financial statements are accurate,
she must still review the other disclosures in the filings (particularly
the
Management's Discussion & Analysis
section) for accuracy and completeness.
Am I better off if I know nothing?
The certification is made "to the best of my knowledge." Some have
suggested that, so long as they
are not aware of any inaccuracies in the SEC filings, they should simply
sign the certification without undertaking
any additional inquiry. A cynic might call this the "Sergeant Schultz"
approach ("I know nothing"). In
my opinion, this is not a prudent approach to the Order, although it might
be
justified by the literal terms of
the certification. If subsequent events at the company lead to revelation
of a
significant accounting or disclosure
problem - especially one that would have been revealed by reasonable
inquiry - then a "see no evil" approach
will lead to a loss of public confidence in the executive. Such a
scenario might also trigger an SEC
enforcement action against the executive. Moreover, when the CEO
or CFO discusses the certification
with the Audit Committee (discussed below), many Audit Committees
will be disturbed if the executive
says that she did nothing to confirm the accuracy of the certification.
In my opinion, a responsible CEO
or CFO will undertake some degree of diligence before certifying the SEC
filings. The steps taken need not
amount to an audit or to a full-blown internal investigation. There is
no one-size-
fits-all checklist; the inquiry
must be tailored to the circumstances and controls in place at a particular
company.
Nevertheless, in the following questions,
I review some potential inquiries with respect to the financial statements
and the disclosure sections, respectively.
Note that, regardless of the scope of the inquiry, the certifying executive
must have reviewed the filings in
question in their entirety.
What type of inquiry should I conduct
with respect to financial statements? An important part of an inquiry into
the
accuracy of the company's financial
statements is process-oriented, focused on three sets of controls. The
first is
internal audit. How has the internal
audit function performed? Is it staffed in a meaningful manner or barebones?
Has the internal auditor had unrestricted
access to the company's operations? Has the internal auditor met regularly
with the Audit Committee? The executive
should meet with the head of the internal audit function to confirm that
the
process has worked as designed and
to determine whether the internal auditor believes that the SEC filings
are
accurate and complete.
The second focus is the outside auditors.
Have they manifested a probing, independent attitude? Have they
demonstrateda willingness to push
back on aggressive accounting treatments? Have they been candid and detailed
with the Audit Committee? The third
focus is the Audit Committee of the Board. Has it complied with its charter?
Has it conducted interactive discussions
with finance executives and the outside auditors, or has it been more passive?
Has it drilled down into non-standard
accounting treatments to be sure that they are appropriate? If the CEO
or CFO
reviews these processes and concludes
that they have worked well, she should have a substantial degree of protection
in signing the certification, even
if an accounting problem subsequently emerges. In addition to reviewing
those processes, the
the financial statements for the
periods in question are accurate and complete. This would include the groups
just discussed (internal auditor, external auditors, and Audit Committee).
The question should also be asked of key accounting personnel: the CFO;
the corporate Controller; the head of credit & collections; and controllers
and CFO's in particular divisions and
geographies. If they consistently
answer "yes," then the certification is far lower-risk. If they answer
"no," then further
steps must be taken, as discussed
below. What type of inquiry should I conduct with respect to MD&A disclosures?
The executive's review is not limited to the financial statements. Of the
other portions of the SEC filings, the key one is MD&A. Again, an important
part of the executive's inquiry should be process-oriented. Has the company
followed its internal
procedures in drafting the MD&A?
Have outside counsel been involved in that process? Were they overruled
with
respect to any recommended disclosures?
Did the drafters of MD&A consult with the key business unit heads in
analyzing the condition of the company?
In addition to process, the executive should also probe any disagreements.
Did any executives express concerns
that particular disclosures were inaccurate or complete? Did executives
propose
additional disclosures that were
rejected? Would any of the executives be unwilling to sign a certification
similar to that being required of the CEO and CFO? What should I do if
I come across any red flags? If the CEO or CFO uncovers any potential material
errors or omissions in the course of her inquiry, she must stop and pursue
them. Whether or not one agrees that some affirmative inquiry is required
by the Order, there is no question that, having undertaken an inquiry,
the executive cannot ignore any signs of a material accounting error or
disclosure defect. At the first indication of a problem, the executive
should involve the general counsel, as well as outside disclosure counsel.
Promptly thereafter, the executive should inform the Audit Committee. Depending
on what you find, you may need to launch an internal investigation. For
more details, see What to Do When You Find the Side Letter. In the event
that a potential problem emerges, determining whether it is real or illusory,
material or trivial, can take time. For that reason, a prudent executive
will not wait until the deadline for filing the certification before undertaking
the inquiry described in this article. If the investigation has not reached
conclusions about the appropriateness of the accounting treatment by the
date the certification is due, then the company will need to disclose why
the executive is not able to sign the certification at that time. What
should I discuss with my Audit Committee? The Order requires that CEO or
CFO state whether or not she has reviewed the contents of her certification
with the Audit Committee. Checking "not" is an unrealistic option, in my
opinion. The market will react very negatively to such a statement. As
a result, nearly all certifying executives will choose to discuss the certification
with their Audit Committees. In my opinion, the executive should review
with the Audit Committee the process she followed in inquiring into the
accuracy of the SEC filings. If she has come across any red flags, she
should identify them for the Audit Committee and discuss their investigation
and the outcome of that investigation. This is also a good opportunity
to review with the Audit Committee any concerns it has about the accuracy
of the filings. Should I document the steps I've taken? The Order does
not require the CEO or CFO to maintain a record of what she reviewed or
considered before signing the certification. Nevertheless, I think that
it is prudent to maintain a summary of the steps the executive took: whom
she spoke with, and topics they discussed. This does not need to be the
equivalent of a witness memorandum. It can be prepared in the form of a
memorandum to the general counsel. In the event of subsequent scrutiny
of the executive's certification, such a summary record could provide a
useful basis for justifying what the executive did before concluding that
the certification could be signed. * * * In my opinion, the operative watchword
for the new certifications will be "good faith." Although CEO's and CFO's
are understandably nervous about having to sign the certifications - particularly
in the current anti-corporate climate - I do not believe that a CEO or
CFO who has pursued the certification process responsibly, and in good
faith, will be subject to an enforcement action, even if facts subsequently
emerge that lead to amendment of the covered filings.
*Copyright 2002. Boris Feldman is a member of Wilson Sonsini Goodrich & Rosati, in Palo Alto. This article reflects his views, not his firm's. July 18, 2002.