Issuer Internal Control Requirements - A Survey

1 ISSUER INTERNAL CONTROL REQUIREMENTS -A SURVEY- TECHNICAL COMMITTEE AND EMERGING MARKETS COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS DECEMBER 2006 2 INTRODUCTION In February 2005 the IOSCO Technical Committee (TC) issued a report entitled Strengthening the Capital Markets Against Financial Fraud (Financial Fraud Report). This report explored the issues and factors relating to fraudulent activity in the global capital markets and identified numerous actions that IOSCO would carry out to address issues and concerns, including a study on issuer internal control requirements. Following issuance of the Financial Fraud Report, the IOSCO Technical Committee, in cooperation with the IOSCO Emerging Markets Committee (EMC), decided to carry out a fact-finding study. The Technical Committee Standing Committee on Multinational Disclosure and Accounting (TCSC-1) was mandated by TC to develop a survey questionnaire on internal control requirements that was designed to gather information on current internal control requirements and approaches in IOSCO members and also on proposals for changes in internal control requirements that are under consideration. The questionnaire was circulated to the IOSCO membership in January 2006. A total of 43 questionnaire responses were received through July 2006. Thirteen questionnaire responses were obtained from Technical Committee members, 29 from Emerging Markets Committee members, and another member represented on TCSC-1. While the Survey was principally a “point-in-time” survey, a number of additions and amendments to the first survey responses were made by some members later in 2006 and have been incorporated into this report to provide the most current information available. The present Survey Report summarizes the results of the survey questionnaire responses and presents related observations for consideration. The Survey Report was approved and authorized for public release by the IOSCO Technical Committee and by the EMC during their respective November 2006 and September 2006 meetings. 3 Table of Contents I. Executive Summary a. Presence or Absence of Issuer Internal Control Requirements b. Internal Control Definitions c. Current Models and Approaches to Requirements d. Issuer Reporting on Internal Controls e. Auditor Involvement with Internal Controls II. Changes Underway III. Cost Benefit Issues IV. Looking to the Future V. Appendix A – Survey Respondent Demographics VI. Appendix B – Survey Questionnaire – Total Responses VII. Appendix C – Survey Questionnaire – Internal Control Definition Responses 4I. Executive Summary The following sections contain observations regarding the survey results, which are presented in detail in the Report’s Appendices. a. Presence or Absence of Issuer Internal Control Requirements The Survey results reveal a picture of considerable variation in practices and a pattern of continuing reexamination and enhancement of regimes. Thirty-eight IOSCO members in both developed and emerging markets have some form of specific requirements regarding issuer internal controls that are embodied in laws, regulations, listing requirements and/or corporate governance codes that are referred to in laws or regulations. The jurisdictions of five IOSCO members do not have any such requirements. In a number of jurisdictions, requirements have been established for certain financial institutions but do not exist for securities issuers. The tables below present the sources of internal control requirements in members’ jurisdictions (members were asked to check all that would apply), and the general matters addressed in such sources. Does your jurisdiction have laws, regulations, listing requirements and/or corporate governance codes that are referred to in laws, regulations, or listing requirements that explicitly require issuers (i.e. management and/or those charged with governance of publicly listed companies) to have systems of internal control? 25 Laws 19 Regulations 17 Listing requirements 24 Corporate governance codes that are referred to in laws, regulations or listing requirements Which of the following are addressed explicitly by laws, regulations, listing requirements, and/or corporate governance codes that are referred to in laws, regulation, or listing requirements in your jurisdiction? 34 Issuer management’s responsibilities for financ