Find White Papers
Home About Contact Help
Free Membership Member Login
Oct 7, 2008
View Popular Research Browse Topics Find Business Solutions RSS Feeds List Your Research
Search the Library                  Advanced Search

Bill 198 and Internal Controls for Technology

Tripwire
By : Tripwire
INFORMATION
Published : Jul 05, 2007
Length : 8
Type : White Paper
 
Download Now
Save for Later
  Email This Page
Overview :
Much has been written about the internal control and disclosure requirements of the Sarbanes-Oxley Act ("SOX") in the United States following many high-profile cases of corporate malfeasance and deceptive practices. Not surprisingly, Canada has enacted its own solution to today’s governance and financial reporting requirements, factoring in the US experience and their requirements, officially known as Bill 198.

Although Bill 198 (like SOX) does not directly address IT controls, the law has significant IT and information security implications because most companies’ financial reporting and operations depend heavily on information technology.
View All Items By This Company
Browse Related Categories :

Compliance

,

IT Management

,

Sarbanes Oxley Compliance
 

Bill 198

Although Bill 198 (like SOX) does not directly address IT controls, the law has significant IT and information security implications because most companies' financial reporting and operations depend heavily on information technology. This paper will focus on the three elements of Bill 198 that have the most impact on IT, namely:

- Control (internal controls over financial reporting, and disclosure controls and procedures)
- Evaluation (governance, measurement and recordkeeping), and
- Disclosure (reporting and certification)

Overview of Bill 198, MI-52-109 and MI-52-111

To understand these controls, evaluation and disclosure requirements, companies first need to understand Bill 198 in more detail. In a nutshell, Bill 198 requires publicly held companies to implement internal controls over financial reporting and disclosure controls and procedures, evaluate the strengths and weaknesses of these controls and certify to their effectiveness in official documents filed with Canada's securities regulators. If this sounds a lot like SOX, that is how it was intended. Canadian authorities designed parts of Bill 198 to be very similar to SOX so that Canadian investors would not be tempted to send their capital to more regulated markets in the US.

The three core provisions that affect IT are Bill 198 and two instruments created to implement it, namely MI 52-109 (titled "Certification of Disclosure in Issuers' Annual and Interim Filings") and MI 52-111 (titled "Reporting on Internal Controls Over Financial Reporting"). Bill 198 amends Canadian securities laws to:

requir[e] reporting issuers to devise and maintain a system of internal controls related to the effectiveness and efficiency of their operations, including financial reporting and asset control.

Bill 198 also requires adoption of internal controls over disclosure procedures (i.e., controls to ensure that disclosures required by law are accurate and that material financial information is reported up the management chain to the CEO and CFO). Bill 198 further requires CEOs and CFOs to provide regular certifications that address the establishment and maintenance of internal controls, the design of the internal controls, and their evaluation of the controls' effectiveness.

More Bill 198 details concerning these requirements are contained in MI 52-111 and MI 52-109. These two regulations are very similar to SOX 302 and 404, which are two core provisions of SOX that affect IT internal controls. MI 52-109 (like SOX 302) requires that companies file annual and interim certifications demonstrating that they have designed internal controls over financial reporting and disclosure controls and procedures, that they evaluate their effectiveness and disclose any changes that have affected or may affect them. MI 52-111 (like SOX 404) requires companies to adopt a "suitable control framework" (see below), annually evaluate the effectiveness of their internal control structure over financial reporting, maintain trustworthy and reliable evidence to support this annual evaluation and file a detailed annual internal controls report.

As noted above, these provisions can be broken down into the three basic elements of control, evaluation and disclosure. These elements are examined in detail below.

Control Elements: Internal Controls and Information Technology & Bill 198

Like SOX, the most fundamental element of Bill 198 is the requirement that companies adopt internal controls over financial reporting (and for Bill 198, disclosure controls and procedures). MI 52-109, like SOX 302, requires companies to file annual and interim certifications with securities regulators demonstrating:

- that they have designed internal controls over financial reporting sufficient to ensure (i) the reliability of their financial reporting, and (ii) that financial statements are prepared in accordance with GAAP, and; - that they have designed disclosure controls and procedures sufficient to ensure that required disclosures are made, and that all material information is made known to management.

The goals of these requirements within Bill 198 are: (a) to make sure that financial results reported to shareholders are accurate, and; (b) to prevent top management from placing the blame on subordinates or breakdowns in procedures not directly under their control.
Search the Library                  Advanced Search
Today's Popular Reports This Weeks Most Popular Reports Most Popular Topics Vendor Directory Home
About Us Contact Us List Your Papers Partner With Us Site Map