WIXLIB

amendments to an original reportfiled prior to August 29, 2002.However, the SEC’s transitional rulesprovide that the certification needonly address the first three itemswhen it is included in a report, oramendment thereto, covering a periodending before August 29, 2002. Thecertification would cover informationincorporated by reference into areport, such as a Form 10-K whichincorporates later filed informationfrom the annual shareholder meetingproxy statement.The SEC did not further define orelaborate on the term “evaluate” as itrelates to the requirement that theCEO and CFO evaluate within 90days of the filing date of each Form10-Q and Form 10-K report andpresent in each such report their conclusions regarding (as discussedbelow) the effectiveness of disclosurecontrols and procedures. Section 404of the S-O Act requires the SEC toadopt rules that will require publiccompanies to include in their annualreports an internal accounting controlreport by management that addressesits responsibility for establishing andmaintaining adequate internalaccounting controls and its “assessment” as of the end of the fiscal yearof the effectiveness of such controls.The distinction between the terms“evaluate” and “assessment” remainsto be clarified in connection with therules adopted pursuant to Section 404of the S-O Act. We understand thatthe International Auditing andAssurance Standards Board(“IAASB”) is considering the distinction between the meaning of theterms “evaluation” and “assessment.”It has been suggested an assessmentfollows an evaluation. The publiccompany’s management evaluates(obtains and considers information tomake an assessment) and then provides their assessment (conclusion) ofthe effectiveness of the controls.The SEC did elaborate on the certification requirement relating to the fairpresentation of the financial state-ments and other financial informationcontained in the report. The SECnoted that such certification requirement is not limited to a representation that the financial statements andother financial information have beenpresented in accordance with generally accepted accounting principles(“GAAP”) and is not otherwise limited by reference to GAAP. The SECbelieves that the certification isintended “to provide assurances thatthe financial information disclosed ina report, viewed in its entirety, meetsa standard of overall material accuracy and completeness that is broaderthan financial reporting requirementsunder [GAAP].” According to theSEC, a fair presentation encompasses“the selection of appropriate accounting policies, proper application ofappropriate accounting policies, disclosure of financial information thatis informative and reasonably reflectsthe underlying transactions and eventsand the inclusion of any additionaldisclosure necessary to provideinvestors with a materially accurateand complete picture of an issuer’sfinancial condition, results of operations and cash flows.”The certification required underSection 302 of the S-O Act isrequired to be made separate andapart from the certification requiredunder Section 906 of the S-O Act.3While one SEC commissioner hasquestioned the SEC staff as towhether one integrated certificationrequirement can be adopted to satisfyboth Sections 302 and 906 of the S-OAct, to date the SEC’s general counselhas not concluded whether it has therulemaking authority to integrate thetwo certification requirements. Webelieve that there is clear rulemakingauthority contained in Section 3(a) ofthe S-O Act to adopt a single integrated certification requirement.New Disclosure RequirementsThe SEC amended Form 10-Q toinclude a new Item 4 and Form 10-Kto include a new Item 14. These newdisclosure items require the companyto include the disclosure required bynew Item 307 of Regulation S-K.Item 307(a) which requires each company to disclose in its Form 10-Q andForm 10-K reports the CEO’s andCFO’s conclusions regarding effectiveness of the company’s disclosurecontrols and procedures based on thecertifying officers’ evaluation madewithin 90 days of the filing dates asrequired by the new certificationrequirement. The Item 307(a) disclosure requirement applies with respectto Form 10-Q or Form 10-K reportscovering periods ending after August29, 2002. Item 307(b) requires thecompany to disclose whether therewere significant changes in internalaccounting controls or in other factors that could significantly affectsuch internal controls subsequent tothe date of the certifying officers’evaluation, including any correctiveactions with regard to significant deficiencies and material weaknesses.This requirement is effective forForm 10-Q and Form 10-K reportsand amendments thereto filed afterAugust 29, 2002, although where theunderlying evaluation of disclosurecontrols and procedures was notrequired, the disclosure requirementwould not be applicable.Part II: RecommendedCompliance Procedures toEstablish and MaintainDisclosure Controls andProcedures and Undertake anInquiry in Support of theRelated CEO and CFOCertificationEstablishing and MaintainingDisclosure Controls andProceduresExcluding financial statements andrelated data that are subject to andproduced under established internalaccounting controls, many publiccompanies have relied on an informalsystem for preparing SEC filings thatis not documented in comprehensivewritten compliance procedures. Apublic company that continues with

this approach to comply with its disclosure obligations, if subject to SECscrutiny, will risk a finding of noncompliance with the new disclosurecontrols and procedures requirements. We believe public companieswill be better positioned to demonstrate that they have adequate disclosure controls and procedures withinthe meaning of Rule 13a-14(c) if theyare formally embodied in comprehensive written compliance procedures.While the form and content will varyfrom company to company, such controls and procedures should incorporate the following principles:zOrganization and Responsibility.Disclosure controls and proceduresshould be formally organized and thepersons responsible for developingand verifying required disclosureshould be identified and their responsibilities should be clearly delineated.Education. Persons who participate in the preparation of the company’s disclosure documents shouldhave sufficient knowledge of theSEC’s reporting requirements(through continuing education, training or otherwise) so that they cancompetently fulfill their responsibilities.zVerification and Analysis.Disclosure controls and proceduresshould ensure that informationincluded in disclosure documents isappropriately verified and substantiated (recognizing that the financialstatements are already subject to suchverification and substantiationthrough existing internal accountingcontrols) and that opinions and conclusions included in disclosure documents represent a reasonable interpretation or analysis of the facts.zCommunication. Disclosure controls and procedures should containclear lines of communication pursuant to which information necessaryproduce compliant disclosure documents is identified to the appropriatepersons with knowledge of or director indirect access to suchzinformation and once obtained isreported to the persons responsiblefor the preparation of the company’sdisclosure documents.To that end, while recognizing that nosingle solution is appropriate for allpublic companies, we recommendeach public company review and buildupon its current procedures relatingto the preparation of SEC filings witha view towards implementing the following or similar procedures:Create a Disclosure Committee.The company should create a disclosure committee (a recommendation ofthe SEC) with the mandate of designing and implementing the company’sdisclosure controls and proceduresand overseeing the company’s compliance with its disclosure obligations ona timely basis.z– The disclosure committeeshould report to (if it does nototherwise include) the CEO andCFO and include other seniorofficers selected by them whocollectively have an overallknowledge and understanding ofthe company’s business andstrategic plan, financial resultsand condition, and operational,competitive and financial riskprofile. Such officers wouldinclude the senior legal officer,controller or principal accountingofficer, principal riskmanagement officer, heads ofkey operating units, divisions orsegments or heads of geographicregions, the investor relationsofficer or other officers with thestature and professionalbackground that will enable thecommittee to meet its mandate.– A subcommittee comprised ofthe senior legal officer, investorsrelations officer and otherfinancial or accounting officersshould be created to addressdisclosure issues that requireimmediate attention or that relateto sensitive developments nototherwise known throughout thecompany.– The disclosure committeeshould operate under a charterwhich delineates its purpose andresponsibility. The committeeshould designate anadministrative secretary tocoordinate and document thework of the committee.zWritten Compliance Procedures.The disclosure committee shoulddevelop comprehensive written compliance policies and procedures thatunderscore that the company’s disclosure controls and procedures are acentral component of the company’scompliance program and that participants in the disclosure process whofail to comply with their obligationswill be subject to discipline in accordance with the company’s code ofconduct. The compliance proceduresshould be reasonably designed toensure that information required tobe disclosed is recorded, processed,summarized and reported on a timelybasis.– Specific drafting responsibilitiesshould be assigned with respecteach Form 10-Q and Form 10-Kreport and the annual proxystatement. A checklist whichidentifies each section of thefiling and the person(s)responsible for drafting therequired information should becreated.– The committee should meetprior to the commencement ofthe preparation of each filing andestablish a timetable for thepreparation of each filing. Thecommittee should also reviewnew developments, key risks andbusiness challenges or areas ofconcern for special attentionduring the drafting process.– Draftsman should be providedcopies of Form 8-K, Form 10-Q,Form 10-K and Schedule 14Aand Regulation S-K andRegulation S-X.– The draftsmen (to the extentthey are not committee members)

should be provided standardinstructions which underscorethe importance of compliant andaccurate disclosure and addressstandards of materiality (on aoperating division, segment,business unit basis). Theinstructions should require eachdraftsman to assemble orproduce the information or data(other than the financialstatements which would besubject to internal accountingcontrols) that serves to verify orsubstantiate the informationcontained in the section of thefiling to be drafted by suchdraftsman.regulatory developments relatingto the SEC’s disclosure rules.– The reports should be referredto in-house or outside counselfor a compliance check againstthe requirements of the SECform and applicable ExchangeAct rules and regulations,including Regulation S-K andRegulation S-X.zReview of Information. The disclosure committee should periodicallyreview all other information publiclydisseminated by the company that isintended to inform or influence thetrading market in the company’s securities, including without limitation:– All press releases reportingearnings or earnings guidance orannouncing significantdevelopments such asacquisitions or dispositions orother material developments orevents;– Requests for information bydraftsmen should be made underthe cover of memoranda thatemphasizes the importance ofcompliant and accuratedisclosure.– Each section of the filingshould be subject to separatereview by one or morecommittee members.– All presentations delivered atanalyst or industry conferences,individual analysts and ratingagencies; and– Each member of the disclosurecommittee should read thecompleted draft of each report inits entirety.– The committee should meet todiscuss the completed draft andreview and address commentsand concerns by members within-house and outside counsel andthe independent auditors.– Committee members shouldobtain copies of current researchanalyst reports on the companyand the industries in which itoperates.– Committee members shouldhave access to and obtainongoing continuing educationwith respect the to the SEC’sreporting and disclosure rulesand policies. Committeemembers should be designated toreview and report to thecommittee with regard to new– All information publiclydisseminated to investors andshareholders, includinginformation contained on thecompany’s website.Internal certifications. To theextent that it serves as an additionalrecord of the procedures employedand sensitizes others as to the importance of accurate and reliable information in the company’s SEC filings,the company’s compliance proceduresmay require that backup certificatesbe obtained from other members ofmanagement and employees.However, such backup certificatesshould be related to the individual’sdivision, department or unit in thecompany and obtaining and suchbackup certificates should not beviewed as a substitute for appropriateinquiry by the two certifying officers.zRecordkeeping. A written recordof the procedures followed in thezpreparation of the reports should bemaintained under the direction of thedisclosure committee. The recordshould reflect the drafting checklistand timetable, the assignment ofdrafting responsibilities, reviews ofdrafts, disclosure committee meetingsand other meetings with the CEOand CFO and the audit committee.CEO/CFO Certification andRelated InquiryInsofar as new Rules 13a-14 and 15d14 require the CEO and CFO tomake a certification that addresses,among other things, the accuracy ofthe Form 10-Q and Form 10-Kreports and the fairness of the financial information contained thereinand their evaluation of the company’sdisclosure controls and procedures,the two certifying officers mustundertake an inquiry sufficient toposition them to make the requiredcertification. With regard to the foregoing, the CEO and CFO shouldmeet with senior management incharge of key divisions and businessunits, internal financial staff and inhouse counsel, the independent auditors and as appropriate outside counsel to discuss the content and theprocedures employed in the preparation of the Form 10-K or Form 10-Qreport. Once a disclosure committeehas been formed, the certifying officers should meet with the committeeto discuss such matters. The officersshould inquire, among other things, asto:Who was involved in the draftingof the report;zHow information was recorded,processed, and summarized for inclusion in the report;zWhether the participants arecomfortable that the proceduresemployed are sufficient to ensureaccurate disclosures;zWhether there are other employees who should be consulted to discuss the preparation of the report orthe content thereof;z

What material or significant disclosure or financial reporting issuesarose during the preparation of thereport;zHow key risks, trends and uncertainties were identified and addressedin the report;zWhether there are complex disclosure issues that merit a secondlook;zWhether the financial statementsare consistent with GAAP;zWhether there any weaknesses ininternal controls identified in the pastthree years, and if so, how were theyaddressed;zWhether there have been anymaterial year-end adjustments in thepast three years, and if so, whetherthere is a potential for a similaradjustment in the current fiscal year;zWhether the company has takenany aggressive accounting positions;zWhether there are any “hot-button” accounting issues (such as critical accounting estimates, revenuerecognition, off balance sheet liabilities, related party transactions, etc.)relevant to the disclosure contained inthe report;zWhether there have been anyquestions or criticisms about thecompany’s accounting practices raisedby research analysts or other thirdparties;zWhether there are any disagreements with outside auditors;zWhether the participants areuncomfortable with any disclosures inthe report;zWhether the participants areaware of any material misstatement oromission in the disclosure containedin the reports; andzWhether the participants believethe financial statements fairly present,in all material respects, the financialcondition, results of operations andcash flows of the company.zThe subjects for inquiry relating tofinancial and accounting mattersshould be addressed to the financialstaff and independent auditors, andcan be made in conjunction with theaudit committee’s review of the financial statements with the independentauditors. The foregoing subjects forinquiry are general suggestions andshould not be viewed as exhaustivelist of the subjects for which inquiryby the certifying officers should bemade. Each public company shouldconsider its unique circumstances insupplementing or modifying our suggested subjects for inquiry. Withrespect to the evaluation of internalaccounting controls (a subcategory ofdisclosure controls and procedures),the CEO and CFO should obtainguidance from the independent auditors as to the kind of inquiry necessary for an effective evaluation ofsuch controls.As discussed above, the SEC mustadopt regulations pursuant to Section404 of the S-O Act which will requirea report of management’s assessmentof internal accounting controls beincluded in the Form 10-K annualreport. In connection with the rulemaking, the SEC should shed additional light on the nature of therequired “evaluation” of disclosurecontrols and procedures and how itrelates to the “assessment” of internal accounting controls. We continueto monitor and report to our clientsregarding these developments.Michael L. Zuppone is the chair of theFirm’s Securities Practice Group. For further information about the issues discussedin this client alert, please contact any members of this Practice Group listed below:Michael L. Zuppone (212) 318-6906michaelzuppone@paulhastings.comStephen D. Cooke(714) 668-6264stephencooke@paulhastings.comJohn F. Della Grotta (714) 668-6210johndellagrotta@paulhastings.comLuke P. Iovine(212) 318-6448lukeiovine@paulhastings.comWalter E. Jospin(404) 815-2203walterjospin@paulhastings.comElizabeth H. Noe(404) 815-2287elizabethnoe@paulhastings.comWilliam F. Schwitter (212) 318-6400williamschwitter@paulhastings.comKaoru Umino (011-81-3) 3586-5643kaoruumino@paulhastings.comJohn Turitzin*(203) 961-7436johnturitzin@paulhastings.com* Licensed to practice only in New York1See SEC Release No. 34-46427 (August 28, 2002).2 See AICPA Professional Standards, Section AU 319, (.06 - .07) (Internal control is a process – effected by an entity’s board ofdirectors, management, and other personnel – designed to provide reasonable assurance regarding the achievement of objectives inthe following categories: (a) reliability of financial reporting, (b) effectiveness and efficiency of operations, and (c) compliance withapplicable laws and regulations).3 Section 906 requires each periodic report containing financial statements be accompanied by a written statement by the CEO andCFO that the report fully complies with the requirements of Section 13(a) or 15(d) of the Exchange Act and that the financialstatements fairly present, in all material respects, the financial condition and results of operation of the issuer.Client Alert is published solely for the interest of friends and clients of Paul, Hastings, Janofsky & Walker LLP and should in no way berelied upon or construed as legal advice. For specific information on recent developments or particular factual situations, the opinion oflegal counsel should be sought. Paul, Hastings, Janofsky & Walker LLP is a limited liability partnership.

Section 302 of the Sarbanes-Oxley Act of 2002: Disclosure Controls and Procedures and the Related CEO and CFO Certification - Analysis and Recommendations By Michael L. Zuppone Introduction On August 29, 2002, the Securities and Exchange Commission ("SEC") adopted rules implementing Section 302 of the Sarbanes-Oxley Act of 2002 (the 1"S .