- Wednesday, 12 August 2009 18:45
- Author: codergeek82
Few weeks back, I came across a question on Linkedin regarding the ways and methods for handling SOX compliance in Non-US companies. Fortunately, I was exploring deep into the subject at that time and posted an answer instantly. This turned out to be the best answer on Linkedin, So decided to share the same with the blogosphere.
The question was posted by Paul C
(Architect, problem solver, geek) under Regulation and Compliance
, Risk Management
Question: "How do US companies handle Sarbanes-Oxley compliance requirements in non-US (esp. Canadian) companies with whom they do business?"
US laws are unenforcable outside the United States, so this is perhaps partly a "best practices" question. What are US companies doing to insure safe business practices with their international partners and suppliers, Canada in particular?
In Canada Bill 198 or C-SOX is equivalent to SOX, So Canadian publicly traded companies have to first ensure compliance with respect to Bill 198 requirements. As you said SOX is unenforceable outside of the united states, This may be true in a certain scenario but what about those Canadian publicly traded companies which are also listed on NYSE or NASDAQ or cross listed, The answer is these companies have to comply with SOX and BILL 198 both.
There are many similarities between SOX and BILL 198 however not entirely similar. Ontario enacted Bill 198 as Chapter 22 of the Statutes of Ontario, introduced measures almost similar to the Sarbox in the United States. As per Canadian Securities Administrators (CSA) external auditors are not required for their opinion on the company’s assessment of internal controls. Canada’s MI 52-109 (Multilateral Instrument 52-109) is actually a similar version of SOX 302, but for Canadian companies implementation of SOX 404 ( Canada's MI 52-111) is not required as I mentioned earlier, whereas in US. SOX 404 is required. So there are many similarities and differences between both.
If your company has been suggested to comply with SOX being a Canadian company then it is just a matter of maintaining documentation, ongoing testing, and that operating departments take on more responsibility for internal controls. I think that would be suffice for investor confidence as well as for business peers in the US, however I strongly suggest you to consult with a lawyer or a certified subject matter expert.
It is believed that Canadian companies compliant with BILL 198 do maintain an acceptable level of care and diligence in reviewing and documenting their internal controls so that the controls provide a “reasonable assurance” that the risk of material misstatement will be prevented. In the US, the internal controls must reduce the risk to a “remote chance” which is a much more stringent standard, although during 2007 the SEC issued guidance to parallel Canada’s “reasonable assurance” requirement.
Linkedin direct Link