CEO and CFO Certification of Securities Filings
Under SEC Order 4-460: An FAQ for the Perplexed
Many thanks to Harry Wallace of Mazonson for sending this to boardoptions:
by Boris Feldman*
In the next month, CEO's and CFO's
of the nation's thousand largest public companies will have to
certify the accuracy of their recent SEC filings. They have been ordered to do so by the Securities &
Exchange Commission, in Order 4-460 (Order Requiring the Filing of Sworn Statements Pursuant to
Section 21(a)(1) of the Securities Exchange Act of 1934) (June 27, 2002)
( www.sec.gov/rules/other/4-460.htm).The purpose of this emergency SEC Order is to restore investor
confidence in light of recent accounting scandals. The Order enhances the personal exposure - civil
and criminal, private and governmental - of senior executives. The SEC hopes that the Order will cause
executives to uncover and correct accounting frauds or other disclosure violations that have not yet
come to light.
This FAQ addresses questions from
CEO's and CFO's about how they should comply with the Order.
the certification requirement a one-time phenomenon?
What statements will I be certifying? Am I better off if I know nothing?
What type of inquiry should I conduct with respect to financial statements?
What type of inquiry should I conduct with respect to MD&A disclosures?
What should I do if I come across any red flags?
What should I discuss with my Audit Committee?
Should I document the steps I've taken?
Is the certification requirement
a one-time phenomenon? Probably not. By its terms, Order 4-460
imposes a one-time certification requirement, limited to public companies with 2001 revenue of $1.2
billion or more. This covers about 950 companies. See www.sec.gov/rules/other/4-460list.htm.
Nevertheless, the SEC has proposed a permanent certification requirement that is likely to be adopted
in some form. See www.sec.gov/rules/proposed/34-46079.htm. The specifics of that proposed
certification requirement are not identical to the provisions in the emergency order. In addition, the
New York Stock Exchange and NASDAQ have each proposed comparable certification requirements
for companies listed on those exchanges. See
www.nasdaqnews.com/about/corpgov/corp_gov_filings_061301.html. In short, some form of
certification requirement will become an ongoing-requirement for at least the CEO's and CFO's
of public companies.
What statements will I be certifying?
The SEC Order applies to the company's most recent annual
filing on Form 10-K and its quarterly reports on Form 10-Q since the last 10-K (including the first filing
on or after August 14, 2002). In addition, the certification covers filings on Form 8-K since the last 10-K,
as well as the company's proxy statement since the last 10-K
The certification is not limited to the financial statements in the filings. It applies to all disclosures in those
documents, regardless of where they are found. As a result, even if a certifying officer concludes that the
financial statements are accurate, she must still review the other disclosures in the filings (particularly the
Management's Discussion & Analysis section) for accuracy and completeness.
Am I better off if I know nothing?
The certification is made "to the best of my knowledge." Some have
suggested that, so long as they are not aware of any inaccuracies in the SEC filings, they should simply
sign the certification without undertaking any additional inquiry. A cynic might call this the "Sergeant Schultz"
approach ("I know nothing"). In my opinion, this is not a prudent approach to the Order, although it might be
justified by the literal terms of the certification. If subsequent events at the company lead to revelation of a
significant accounting or disclosure problem - especially one that would have been revealed by reasonable
inquiry - then a "see no evil" approach will lead to a loss of public confidence in the executive. Such a
scenario might also trigger an SEC enforcement action against the executive. Moreover, when the CEO
or CFO discusses the certification with the Audit Committee (discussed below), many Audit Committees
will be disturbed if the executive says that she did nothing to confirm the accuracy of the certification.
In my opinion, a responsible CEO
or CFO will undertake some degree of diligence before certifying the SEC
filings. The steps taken need not amount to an audit or to a full-blown internal investigation. There is no one-size-
fits-all checklist; the inquiry must be tailored to the circumstances and controls in place at a particular company.
Nevertheless, in the following questions, I review some potential inquiries with respect to the financial statements
and the disclosure sections, respectively. Note that, regardless of the scope of the inquiry, the certifying executive
must have reviewed the filings in question in their entirety.
What type of inquiry should I conduct
with respect to financial statements? An important part of an inquiry into
accuracy of the company's financial statements is process-oriented, focused on three sets of controls. The first is
internal audit. How has the internal audit function performed? Is it staffed in a meaningful manner or barebones?
Has the internal auditor had unrestricted access to the company's operations? Has the internal auditor met regularly
with the Audit Committee? The executive should meet with the head of the internal audit function to confirm that the
process has worked as designed and to determine whether the internal auditor believes that the SEC filings are
accurate and complete.
The second focus is the outside auditors.
Have they manifested a probing, independent attitude? Have they
demonstrateda willingness to push back on aggressive accounting treatments? Have they been candid and detailed
with the Audit Committee? The third focus is the Audit Committee of the Board. Has it complied with its charter?
Has it conducted interactive discussions with finance executives and the outside auditors, or has it been more passive?
Has it drilled down into non-standard accounting treatments to be sure that they are appropriate? If the CEO or CFO
reviews these processes and concludes that they have worked well, she should have a substantial degree of protection
in signing the certification, even if an accounting problem subsequently emerges. In addition to reviewing those processes, the
the financial statements for the periods in question are accurate and complete. This would include the groups just discussed (internal auditor, external auditors, and Audit Committee). The question should also be asked of key accounting personnel: the CFO; the corporate Controller; the head of credit & collections; and controllers and CFO's in particular divisions and
geographies. If they consistently answer "yes," then the certification is far lower-risk. If they answer "no," then further
steps must be taken, as discussed below. What type of inquiry should I conduct with respect to MD&A disclosures? The executive's review is not limited to the financial statements. Of the other portions of the SEC filings, the key one is MD&A. Again, an important part of the executive's inquiry should be process-oriented. Has the company followed its internal
procedures in drafting the MD&A? Have outside counsel been involved in that process? Were they overruled with
respect to any recommended disclosures? Did the drafters of MD&A consult with the key business unit heads in
analyzing the condition of the company? In addition to process, the executive should also probe any disagreements.
Did any executives express concerns that particular disclosures were inaccurate or complete? Did executives propose
additional disclosures that were rejected? Would any of the executives be unwilling to sign a certification similar to that being required of the CEO and CFO? What should I do if I come across any red flags? If the CEO or CFO uncovers any potential material errors or omissions in the course of her inquiry, she must stop and pursue them. Whether or not one agrees that some affirmative inquiry is required by the Order, there is no question that, having undertaken an inquiry, the executive cannot ignore any signs of a material accounting error or disclosure defect. At the first indication of a problem, the executive should involve the general counsel, as well as outside disclosure counsel. Promptly thereafter, the executive should inform the Audit Committee. Depending on what you find, you may need to launch an internal investigation. For more details, see What to Do When You Find the Side Letter. In the event that a potential problem emerges, determining whether it is real or illusory, material or trivial, can take time. For that reason, a prudent executive will not wait until the deadline for filing the certification before undertaking the inquiry described in this article. If the investigation has not reached conclusions about the appropriateness of the accounting treatment by the date the certification is due, then the company will need to disclose why the executive is not able to sign the certification at that time. What should I discuss with my Audit Committee? The Order requires that CEO or CFO state whether or not she has reviewed the contents of her certification with the Audit Committee. Checking "not" is an unrealistic option, in my opinion. The market will react very negatively to such a statement. As a result, nearly all certifying executives will choose to discuss the certification with their Audit Committees. In my opinion, the executive should review with the Audit Committee the process she followed in inquiring into the accuracy of the SEC filings. If she has come across any red flags, she should identify them for the Audit Committee and discuss their investigation and the outcome of that investigation. This is also a good opportunity to review with the Audit Committee any concerns it has about the accuracy of the filings. Should I document the steps I've taken? The Order does not require the CEO or CFO to maintain a record of what she reviewed or considered before signing the certification. Nevertheless, I think that it is prudent to maintain a summary of the steps the executive took: whom she spoke with, and topics they discussed. This does not need to be the equivalent of a witness memorandum. It can be prepared in the form of a memorandum to the general counsel. In the event of subsequent scrutiny of the executive's certification, such a summary record could provide a useful basis for justifying what the executive did before concluding that the certification could be signed. * * * In my opinion, the operative watchword for the new certifications will be "good faith." Although CEO's and CFO's are understandably nervous about having to sign the certifications - particularly in the current anti-corporate climate - I do not believe that a CEO or CFO who has pursued the certification process responsibly, and in good faith, will be subject to an enforcement action, even if facts subsequently emerge that lead to amendment of the covered filings.
*Copyright 2002. Boris Feldman is a member of Wilson Sonsini Goodrich & Rosati, in Palo Alto. This article reflects his views, not his firm's. July 18, 2002.