Although XBRL has been around for 10 years now ( the history of XBRL ), the adoption and acceptance has only begun to significantly accelerate during 2007 with the support of Christopher Cox and the SEC. As part of the recent SEC draft advisory document “ SEC Advisory on Financial Reporting” there are details on the mandating of XBRL filing (see pages 74 to 87 in the PDF). The full report can be downloaded here (3MB) Read the complete Post.

With the over arching trend of corporate disclosure being transparency, the pressures and risk of creating and distributing disclosure continue to increase. In addition to the financial disclosures, the majority of corporate disclosure occurs in non-financial form. These include commmunications such as press releases, corporate reports, presentations and web site content. The information disclosed through these channels is critical to providing the context and insight into the operations and results of your company. Not surprisingly, all of this information represents significant strategic value to your company while also representing significant risk should information be disclosed inaccurately or in a selective (non-RegFD) manner. Read the complete Post.

If your company is like many others, it may not be maximizing the full potential of its disclosure to generate value. With the right disclosure controls and processes in place, your company could move beyond compliance to a more strategic use of disclosure – an approach that builds value by imparting a greater understanding of your organization.

MI 52-109 and SOX 302 (CEO/CFO Certification) have caused most companies to think more systematically about the processes surrounding their key disclosure documents. However, some officers may be genuinely unsure whether the controls and procedures they have in place are enough to achieve compliance with all disclosure requirements.

For example, the instructions to the Canadian MD&A Form say that a discussion of financial condition should include important trends and risks that have affected the financial statements, and trends and risks that are reasonably likely to affect them in the future.” But there is no clear definition of when a trend or risk becomes “important,” or of what is “reasonably likely.” Many issuers may not have a defined process for identifying and evaluating all their enterprise risks. It may simply be easier to put compliance first, ending up with highly legalistic paragraphs on all risks (“important” or not) that are difficult to make practical use of (and that barely change from one year to the next). Similar challenges and calculations arise with many other disclosure requirements, both in Canada and the U.S.

It’s no wonder that some companies treat the business of disclosure as having little upside, and attempt mainly to do enough to keep out of trouble. But just as the best offense is a good defense, the risk of major non-compliance diminishes quickly for a company that sees disclosure as communication, as a way of creating presence and confidence, and designs its disclosure approach around a clear guiding concept of its stakeholders and their information needs.

Although good disclosure can’t compensate for bad performance, it can surely help steer the market through rough patches: intuitively, investors will be less likely to immediately sell on bad news if they’re better able to place that news in perspective. Of course, many investors seldom access a company’s disclosure, relying instead on the media, or on analysts’ recommendations, or other intermediaries. But research confirms that MD&A and other disclosures assist and provide value to these key groups too. This value may be even greater when the information is clearly provided voluntarily rather than for compliance purposes, because it’s more convincing as a commitment to transparency.

It’s not surprising that companies would look to external advisors for input in navigating the disclosure obstacle course. Obviously, advisors like legal or accounting firms have access to much more information than a company can generate on its own . But again, companies often use these resources primarily to help them determine whether they comply with the rules, rather than whether they’re maximizing the potential of their disclosure for generating value.

It’s appealing to think however that an external advisor could help companies both in assessing the downside of their disclosure practices - areas in which they appear particularly at risk of being asked by regulators to re-file information for example - and in working toward the upside. The right advisor could certainly help check against the requirements, but could also think more constructively about the enterprise’s key performance indicators and business risks and how those are reflected in the information. They could assess the overall coherence and focus of the disclosure record - for example whether key strategic priorities are consistently expressed across the MD&A and the compensation disclosure and elsewhere. And they could think about controls and governance at the same time as they identify issues in the disclosure, thus providing a much more comprehensive feedback and commentary.

Using an external service provider is just one way to come at this issue. Whether or not your company obtains that kind of independent input, we think that it will benefit from standing back regularly and assessing the overall value and effectiveness of what it’s created. It’s about compliance, sure, but it’s more about communication. The picture that a company paints of itself for the world is too important to be an afterthought.

Improving Disclosure Controls and Procedures
In our discussions with North American issuers over the past 12 months, we have noticed a consistent and increasing trend in their desire to improve their disclosure controls and procedures. In addition to streamlining processes, a key objective is improving the results of CEO/CFO certification under SOX 302 or in Canada, MI 52-109.

Disclosure controls and procedures (DC&P) include, but are not limited to the information processes designed by companies to ensure that material information is accumulated and communicated to management, including certifying officers, as appropriate to allow timely decisions regarding disclosure.

Documentation Important in Certification
In our experience, some companies have certified based primarily on interviews, checklists and questionnaires. Although this approach provides some degree of visibility into how controls and procedures are being executed, it relies heavily on individuals answering questions regarding their own performance in the process. This leaves cause for concern regarding the accuracy of the submission.

Consistent and accurate documentation of disclosure processes (created in a timely fashion, as processes are being followed) is the only way that companies can know if their DC&P are actually adhered to and are working effectively.

Design Vs. Execution
A challenge that has been expressed to us many times, is that although companies are currently certifying, they have a limited view into how their controls and procedures are actually executed vs. how they were designed. This is largely because of inconsistencies in disclosure process documentation and partly because of the difficulty in organizing and reporting on this information.

In an attempt to improve this, many companies are trying to capture and maintain more detailed records of their disclosure process.

In many cases, Investor Relations is at the center of this requirement and are being asked to provide detailed records on how the process is being conducted. The challenge of course, is that in order for these records to be accurate, they really should be created in real time - as processes are being followed.

In the heat of a time-sensitive situation, such as the preparation of an earnings release, documenting processes can seem in conflict to the greater objective of getting the information out on time. Reconstructing processes after the fact often falls to relying on memory, if deadlines have taken priority over tracking.

Often the task of filing this information falls to the coordinator of the disclosure process (again, usually within the IR department). Filing, archiving, search and retrieval are all challenges associated to this task.

Areas of Interest in DC&P Improvement
Many of the companies we’re spoken with, who are looking to improve their DC&P, feel that processes and systems surrounding their internal controls over financial reporting are firmly in place and working. Consequently, attention has returned to refining their existing DC&P. Interests include:

1. Expanding the disclosure universe to include other forms of communication
2. Streamlining disclosure processes through automation and by eliminating redundancies
3. Identifying and filling gaps in process
4. Optimizing risk reduction (this is the halo covering all initiatives)

How Companies are Documenting Information
Based on our experience in the market, we’ve found that most companies use a patch-work approach to documenting disclosure processes, which includes:

1. Check lists - documenting exposures to specific information throughout disclosure process
2. Meeting minutes - documenting discussions regarding disclosure with review/disclosure committee, board, management
3. Email and Word documents - print-outs or digital files of emails with corresponding Word/Excel documents

Although workable for some, most of the organizations that we have spoken with expressed problems in this scenario, either in terms of the effort required to maintain the data, the reliance on specific people in the company or the cost and time needed to provide this information during an audit or regulatory enquiry.

Streamlining DC&P Through Technology
During our numerous interviews with issuers we learned that a number of key concerns are driving the need for improved software solutions:

1. Tracking internal exposures to information - who, what, when
2. Organizing versions, comments, edits and approvals
3. Ensuring that key people provide input in a timely manner
4. Ensuring transparency throughout the process to facilitate informed decision making
5. Information archival, search, reporting

We also learned that the ideal solution should allow a company to follow their unique processes while providing a disclosure control framework. The right system should:

1. govern and monitor how information is shared internally
2. facilitate the drafting and approval of the actual disclosure content
3. capture records of content along with records of the actual disclosure process
4. enable easy archiving, instant retrieval and simple search
5. permit flexible reporting to view information in a multitude of ways

These considerations have formed the basis for the design of our products. To find out more about the research and development that has gone into our software, please contact us. We’ll be happy to discuss this in more detail, as well as walk you through real world examples of how software can increase efficiency and reduce risk.

Technorati Tags: Bill 198, Sarbanes Oxley, MI 52-109, CEO and CFO Certification, SOX 302, SOX 404, Risk Management, Compliance, Disclosure controls, Disclosure, SEC, OSC

The accessibility and popularity of the Internet has seen the corporate/ investor web site move to the front line of disclosure. To protect the interests of both the broader investment public and the issuer, companies must ensure the same stringent approach toward web site disclosure as they do to ensure accuracy in core documents.

One very compelling reason to do so is the fact that material information extends beyond regulatory filings and core documents to potentially any communication. Information is material if its `omission or misstatement could influence a reasonable investor’s decision to buy, hold or sell securities in the company’. (In addition, information not considered to be material may become so when viewed in the context of other disclosures or as elements in a larger picture.)

Considering the threshold for materiality it’s surprising that most companies could not conclusively verify the content of their web site at a given time in order to address a regulatory or investor inquiry. Nor could they demonstrate that the proper approval process was followed in disclosing non-core information on the web site. (See full article for information on additional risks.)

To reduce risk associated to web site disclosure issuers should:

1. Develop comprehensive and practical disclosure controls and procedures to govern both core and non-core communications - including the corporate web site
2. Ensure that accurate, easily searchable records are captured to verify all web site content and associated approvals
3. Make certain that records are stored in a highly secure environment to prevent tampering
4. Ensure that records can be accessed quickly by a number of authorized people within your company

What should your record consist of?

1. Text and images
2. Presentations (PowerPoint, Flash, video, audio)
3. PDF documents
4. Information provided through data-feeds such as press releases, stock quotes, regulatory filings

In addition, it’s important to know not only what was on your site, but also, the context in which the user viewed your information (e.g. links to and from content, information positioned alongside other matter) in order to understand how impressions were formed.

Ways of Maintaining Accurate Web Site Records

There are several ways that one can achieve a web site record. Some methods are more accurate and/or time consuming than others. The various methods include:

1. Manual record keeping of all components
2. Page level versioning (a feature of some content management systems)
3. Site scraping (software that `scrapes’ your site at predetermined intervals in order to capture a record)
4. Integrated, real-time records capture system

The following chart highlights some of the strengths and weaknesses of each method. Details on these methods and how to make some of them work better are included within the full article.

Technorati Tags: Bill 198, Sarbanes Oxley, MI 52-109, CEO and CFO Certification, SOX 302, SOX 404, Risk Management, Compliance, Disclosure controls, Disclosure, SEC, OSC

A study recently released by the Queen’s School of Business says that Canada’s 10 provincial and three territorial regulators seemingly fail to consistently enforce even the few guidelines they agree upon, such as disclosure controls and procedures effectiveness opinions, compared to the United States model, where a single, well-funded and rigorous national securities regulator successfully enforces laws that require transparent control safeguards.

Key findings:

• Among the study’s sample of companies that are solely listed on the TSX, almost one in 10 (nine per cent) do not disclose anything about internal control design responsibility in their Management Discussion and Analysis, including large firms like Loblaw Companies, Power Corp, Power Financial and The Score Media.
• Among the 91 per cent that do, just over half (54 per cent) actually provide an opinion on the effectiveness of their own controls design, and fewer than half of the TSX-listed companies in the sample (46 per cent) evaluated their safeguards as being effective.
• Queen’s School of Business researchers discovered that less than one third (29 per cent) of the sample’s Venture Exchange-listed companies provide an opinion on their own financial controls, and of those, just 45 per cent (or 13 per cent overall) evaluate their controls as being effective.

The study also concluded that baseline compliance (doing just enough) has become an example of good corporate citizenship. We have seen this from some companies over the last couple of years. However, the trend seems to be changing with more and more of the companies that we work viewing internal controls, compliance and disclosure in general as a key mandate of the organization.

The solution, says Prof. Salterio and his colleagues at Queen’s School of Business, is a National Securities Regulator with proper powers to investigate and penalize errant companies, auditors (and audit firms), lawyers and other participants involved in disclosure.

We agree with the concept of a single regulator and the benefits that this has for the market and for investors. This is certainly not a new idea, but hopefully this study will help move us closer to a single agency.  

Technorati Tags: Bill 198, Sarbanes Oxley, MI 52-109, CEO and CFO Certification, SOX 302, SOX 404, Risk Management, Compliance, Disclosure controls, Disclosure, SEC, OSC

On October 19th the SEC announced that checks totaling more than $356 million were sent in the mail to investors harmed by the financial fraud at Fannie Mae (Federal National Mortgage Association) between 1998 and 2004. With today’s payments, the SEC has distributed more than $3 billion overall since the agency was given authority to send financial penalties from SEC enforcement actions to the victims of financial fraud.

“The SEC is continuing to make highly effective use of the authority provided by Congress in the Sarbanes-Oxley Act to return more money to injured investors as quickly as possible,” said SEC Chairman Christopher Cox. “The $350 million penalty paid by Fannie Mae was one of the largest in Commission history, and now all of it is going to its rightful owners - the victims of this fraud.”

This resulted from an enforcement action in May 2006 in which Fannie Mae was forced to pay $350 million to settle SEC charges that it disclosed materially false and misleading financial statements in SEC filings and in various reports disseminated to investors.

For more info visit the settlement Web site: www.SECFannieMaeSettlement.com 

Technorati Tags: Sarbanes-Oxley, SOX, SOX 404, SOX 302, Sarbanes-Oxley 302, Disclosure, Disclosure Controls, Compliance, Risk

Since Bill 198 became law back in the early part of 2006 there have been many different perspectives regarding what this means to directors and officers and how companies manage their secondary market disclosure.

Since our inception in 2005 we have had numerous regulators, consultants and customers support our position that companies should maintain records of what is being disclosed through the corporate web site.

Here is a quote from a recent customer: “The web site is now accepted as the main communication vehicle with the public and has the potential to be at the center of liability regarding disclosure or misrepresentation.  With the new regulation surrounding secondary market disclosure (Bill 198) we felt it was important to secure and track our corporate web site”

Recently I have heard that some IR web site consultants have been recommending to their clients that “the web site record doesn’t matter”. This has been concerning for us to hear because this advice is not coming from a risk or compliance standpoint and has the potential to inadvertently put these clients at risk.

Here is another quote from one of our customers: “In today’s regulatory environment, it is very advantageous and reassuring that the system automatically tracks and logs all changes and approvals, ensuring greater protection and compliance”

In addition to these customer quotes, David Brown the former Chair of the Ontario Securities Commission said “With civil liability legislation, publicly traded companies should be doing everything they can to ensure comprehensive records of all capital markets disclosure - and this includes the full content of the corporate/investor web site.”

Mr. Brown was tasked with adopting US Sarbanes-Oxley for TSX listed issuers and is responsible for much of Bill 198 and other related legislation such as MI 52-109 (certification of disclosure controls and procedures). Mr. Brown is a member of our advisory board and has been instrumental in guiding the evolution of our products as they relate to Bill 198 and MI 52-109.

As corporate/investor relations web sites continue to increase in importance and in some cases are becoming the prime source of disclosure (Sun’s latest quarterly earnings - which were released through their web site first ) the fact that companies must maintain accurate records in order to reduce risk also continues to increase.  Claiming that the “web site record doesn’t matter” is completely counter to the true environment of corporate reporting, investor relations and capital markets disclosure.

Technorati Tags: Q4 Web Systems, Q4, Investor Relations, IR Web Sites, Disclosure, Bill 198, Civil Liability, Sarbanes Oxley, David Brown, RegFD 

I just came across a great article on computer world titled Sarbanes-Oxley compliance costs drop, better processes credited . Here’s a slightly paraphrased version:

Couple of studies have come out stating Sarbanes-Oxley costs are going down. The latest, according to a survey by Financial Executives International. The Florham Park, N.J.-based organization found the average company spent $2.9 million on SOX compliance in 2006, versus $3.8 million in 2005 and $4.5 million in 2004. - 23% reduction. The prime driver for this reduction is based on companies automating their controls

“Technology has a lot to do with the cost reduction,” said Sanjay Anand, chairperson of the Sarbanes-Oxley Institute. Public companies “are actually automating their controls. A good 20 to 30%, even as much 40%, of the cost reduction is actually coming from automated controls rather than manual controls.”

But this isn’t the only benefit…

Anand also said: “SOX compliance forced many companies to really understand and document their business processes. As you gain more visibility into processes you can actually streamline them, compress them, make them more efficient,” Anand said. “Once you start to make business processes more efficient from a controls standpoint, you eliminate errors and fraud. You’re automatically making businesses run better.”

Automating disclosure of controls a big part of how Q4’s software helps improve Sarbanes-Oxley compliance. We’re big believers in using software to help increase internal efficiency and reduce risk and it’s great to see the additional benefits being created – namely reduced cost and improved performance.

Technorati Tags: Sarbanes-Oxley, SOX, SOX 404, SOX 302, Sarbanes-Oxley 302, Disclosure, Disclosure Controls, Compliance, Risk

According to the Financial Times, Christopher Cox announced yesterday that the SEC is going to formalize a new rule to require all companies to report financial information in XBRL.

This is not surprising, especially considering the consistent messages we’ve been hearing from Cox regarding the benefits of interactive data (aka XBRL) it seemed just a matter of time until it was to be mandated. As of today there’s been no mentioned about when this rule will be put in place and it’s not formally listed on the SEC web site.

Cox said the formalizing of the rule was part of the SEC’s ‘war on complexity and said the new format would ‘enable investors to find what they need quickly and reliable, without having to pore through pages and pages of documents.’

XBRL and structured data will bring many benefits to the market and the only way this will happen is if it’s mandated by the SEC. We look forward to seeing this finalized as soon as possible.

Technorati Tags: SEC, XBRL, Disclosure, Corporate reporting, EDGAR, Q4 Web Systems, Q4, Christopher Cox, Investor Relations