Docstoc

Outsourcing and Service Provider Issues for CEO CFO Certification

Document Sample
Outsourcing and Service Provider Issues for CEO CFO Certification Powered By Docstoc
					Outsourcing and Service Provider Issues for

         CEO/CFO Certification




             George A. Wowk

    Burnet, Duckworth & Palmer LLP

               403-260-0130
                                                 -1-


Introduction

There are a number of changes that are coming in relation to securities regulation. These
changes roughly parallel the changes in the United States under the Sarbanes-Oxley Act of 2002
which are being instituted in response to recent financial reporting scandals such as those at
Enron and WorldCom. Under these changes, senior executives of a reporting issuer will be
required to certify certain matters in relation to financial disclosure, disclosure controls and their
internal control over financial reporting.

The purpose of these changes as stated by the Canadian Securities Administrators is as follows:
“The purpose of the Certification Instrument is to improve the quality and reliability of financial
and other continuous disclosure reporting by reporting issuers. We believe that this in turn will
help to maintain and enhance investor confidence.”

This paper looks at the certification requirements under Canadian securities regulation as it
relates to those business and information technology functions that have been outsourced to a
third-party service provider.

Legislative Initiatives

Two multilateral instruments are being put forward to address these issues. The first one is
Multilateral Instrument 52-109 entitled Certification of Disclosure in Issuers’ Annual and
Interim Filings. This instrument came into force in Alberta on March 30, 2004. The other
instrument is Multilateral Instrument 52-111 entitled Reporting on Internal Control Over
Financial Reporting. This instrument is not yet in force and comments on it are being accepted
until June 6, 2005.

Under these new instruments, the CEO and CFO of a reporting issuer have primary
responsibility for establishing and controlling the processes that generate the financial reports as
well as those processes and controls that generate material information needed by management
so that they can make informed and timely decisions and to permit the issuer to make timely
disclosure as required under securities legislation.

       Significant Definitions
                                                -2-


The instruments require that certain certifications be made and reports filed by the executive of
an issuer. These certifications and reports must be made in relation to “disclosure controls and
procedures” and “internal control over financial reporting”.    These two terms are defined in the
instruments as follows:

       “disclosure controls and procedures” means controls and other procedures of an issuer
       that are designed to provide reasonable assurance that information required to be
       disclosed by the issuer in its annual filings, interim filings or other reports filed or
       submitted by it under provincial and territorial securities legislation is recorded,
       processed, summarized and reported within the time periods specified in the provincial
       and territorial securities legislation and include, without limitation, controls and
       procedures designed to ensure that information required to be disclosed by an issuer in its
       annual filings, interim filings or other reports filed or submitted under provincial and
       territorial securities legislation is accumulated and communicated to the issuer’s
       management, including its chief executive officers and chief financial officers (or persons
       who perform similar functions to a chief executive officer or a chief financial officer), as
       appropriate to allow timely decisions regarding required disclosure;
       “internal control over financial reporting” means a process designed by, or under the
       supervision of, the issuer’s chief executive officers and chief financial officers, or persons
       performing similar functions, and effected by the issuer’s board of directors, management
       and other personnel, to provide reasonable assurance regarding the reliability of financial
       reporting and the preparation of financial statements for external purposes in accordance
       with the issuer’s GAAP and includes those policies and procedures that:
               (a) pertain to the maintenance of records that in reasonable detail accurately and
               fairly reflect the transactions and dispositions of the assets of the issuer,
               (b) provide reasonable assurance that transactions are recorded as necessary to
               permit preparation of financial statements in accordance with the issuer’s GAAP,
               and that receipts and expenditures of the issuer are being made only in accordance
               with authorizations of management and directors of the issuer, and
               (c) provide reasonable assurance regarding prevention or timely detection of
               unauthorized acquisition, use or disposition of the issuer’s assets that could have a
               material effect on the annual financial statements or interim financial statements;

Essentially, "disclosure controls and procedures" relate to the controls and procedures put in
place to ensure that material information relating to the issuer is made known to management in
a timely manner. That information may then be disclosed to the public as required under
securities law. Disclosure controls and procedures may refer to the generation of non-financial
information of the organisation such as business developments, legal proceedings and the like or
it may refer to the generation of financial information.         "Internal controls over financial
reporting" are controls needed to ensure that the issuer's financial statements incorporate all
                                                 -3-


required financial data and that the financial statements are accurate and drafted in accordance
with generally accepted accounting principles.

       Multilateral Instrument 52-109

Multilateral Instrument 52-109 entitled Certification of Disclosure in Issuers’ Annual and
Interim Filings came into force in Alberta on March 30, 2004. This instrument requires the
Chief Executive Officer and Chief Financial Officer of a reporting issuer (or if they do not exist,
the other officers that perform similar functions) to certify certain matters relating to disclosure
controls and procedures as well as internal controls over financial reporting. The CEO and CFO
certifications under this instrument are summarized as follows:

   a) the officer reviewed the issuer’s annual and interim filings;
   b) to the knowledge of the officer, the issuer's annual filings and interim filings do not
      contain any misrepresentations or omit to state any material facts;
   c) to the knowledge of the officer, the financial statements and other financial information
      in the annual filings and interim filings fairly present the financial condition, results of
      operations and cash flows of the issuer;
   d) the officer is responsible for establishing and maintaining disclosure controls and
      procedures and internal control over financial reporting of the issuer;
   e) the officer designed or supervised the design of the disclosure controls and procedures to
      provide reasonable assurances that they are informed of material information relating to
      the issuer;
   f) the officer designed or supervised the design of the internal control over financial
      reporting to provide reasonable assurances regarding the reliability of financial reporting;
   g) the officer has evaluated the effectiveness of such disclosure controls and procedures and
      caused the issuer to disclose their conclusions regarding their evaluation (This
      certification is not required in relation to interim financials); and
   h) The officer has caused the issuer to disclose certain changes in internal control over
      financial reporting.

During a transition period, covering financial years ending on or before March 30, 2005, no
certification was required in relation to disclosure controls and procedures or internal controls
over financial reporting, being items d through h above.          In addition, on April 1, 2005,
amendments to Multilateral Instrument 52-109 and Companion Policy 52-109CP were
published. Under these amendments the annual certification requirements in relation to financial
years ending on or before June 29, 2006 and interim certifications for the interim periods
                                                 -4-


occurring prior to the issuer’s financial year ending after June 29, 2006 do not require the
officers to certify any matter in relation to the internal controls over financial reporting of the
issuer. These amendments will come into force on June 6, 2005 in Alberta. Please refer to
another paper for further details on the implementation of this instrument.

There are certain exemptions that are available from the requirements of this instrument. These
exemptions are not covered in this paper. Please refer to another paper for more details on these
exemptions.

The Canadian Securities Administrators stated in relation to the certification required under MI
52-109:

       The level of effort and nature of work required to evaluate disclosure controls and
       procedures is left to the judgment of the certifying officers, acting reasonably, taking into
       consideration the issuer’s circumstances, including its size, nature of its business and
       complexity of its operations. The nature and extent of evidence to support the evaluation
       of the effectiveness of disclosure controls and procedures is also a matter of judgment for
       the certifying officers. A control framework may provide certifying officers with a useful
       tool for organizing the evaluation of disclosure controls and procedures and maintaining
       evidence; however, the Certification Instrument does not prescribe the use of a control
       framework for that purpose. An audit of the effectiveness of disclosure controls and
       procedures is not required under the Certification Instrument.

In relation to disclosure controls and procedures, the certifying officers will generally be required
to have designed the disclosure controls and procedures in a manner to provide, at a minimum,
reasonable assurance that the disclosure controls and procedures are achieving their objective.
That is, that the disclosure controls and procedures are sufficient to ensure that material
information relating to the issuer is made known to management in a timely manner and that the
information is complete and accurate. This is intended to provide reasonable assurances to
investors that an issuer's senior management is aware of all material information and that it is
being filed with securities regulators and released to investors as required.

As well, the certifying officers will need to review and document the internal controls in
sufficient detail to enable them to certify that they have designed the internal controls and attest
to their effectiveness. They will also need to disclose all changes that materially affect or are
reasonably likely to materially affect the internal controls.
                                                  -5-


          Multilateral Instrument 52-111

Multilateral Instrument 52-111, entitled, Reporting on Internal Control Over Financial
Reporting, was published for comment on February 4, 2005. This instrument is not currently in
force. The provisions of this instrument will be discussed in this paper as if they are in force as it
is expected that they will eventually come into force in one form or another. As well, there is a
fair bit of overlap between “disclosure controls and procedures” and “internal control over
financial reporting” and, in particular, problems with internal control over financial reporting
may affect disclosure controls and procedures and therefore in order to meet some of the
requirements in relation to disclosure controls and procedures, internal control over financial
reporting must be considered.         Please refer to another paper for more details on the
implementation of this instrument.

As well, there are certain exemptions that are available from the requirements of this instrument.
These exemptions are not covered in this paper. Please refer to another paper for more details on
these exemptions.

Multilateral Instrument 52-111 requires that management (including the CEO and CFO) of an
issuer evaluate the effectiveness of the issuer's internal control over financial reporting. As well,
the issuer must maintain evidence to provide reasonable support for management's assessment of
the effectiveness of its internal control over financial reporting. An internal control report must
be filed as part of the issuer's annual disclosure documents. The report must state among other
things:

   a)        that management is responsible for establishing and maintaining adequate internal
             controls over financial reporting;
   b)        the particular control framework used by management to evaluate the effectiveness of
             the issuer's internal control over financial reporting;
   c)        management's assessment of the effectiveness of the issuer's internal control over
             financial reporting and whether or not it is effective; and
   d)        any material weaknesses in the issuer's internal control over financial reporting.
                                                -6-


Effectively, this means management must regularly review the steps taken to ensure the integrity
and reliability of the issuer's financial accounts and inform the public if there are any "material
weaknesses" in the design or operation of these steps.

The firm that audited the issuer's annual financial statements must also issue an internal control
audit report. This report must expressed an opinion or state that an opinion cannot be expressed
concerning the management's assessment of the effectiveness of the issuer's internal control over
financial reporting.

The companion policy to MI 52-111 contains some good commentary on this instrument. Some
of this commentary is set out below to provide some context for MI 52-111:

       No formal requirement for interim evaluation - The Instrument does not require
       interim evaluations of internal control over financial reporting. We recognize that some
       controls operate continuously while others operate only at certain times, such as the end
       of a financial year. The management of an issuer should perform evaluations of the
       design and operation of the issuer’s internal control over financial reporting over a period
       of time that is adequate for it to determine whether, as of the end of the issuer’s financial
       year, the design and operation of the issuer’s internal control over financial reporting are
       effective.
                                                      …
       Scope of evaluation -
       The assessment of an issuer’s internal control over financial reporting should be based
       upon procedures sufficient to evaluate its design and to test its operating effectiveness.
       The controls subject to such assessment include:
            (a) controls over initiating, authorizing, recording, processing and reporting
                significant accounts and disclosures and related assertions included in the
                financial statements;
            (b) controls related to the initiation and processing of non-routine and non-
                systematic transactions, such as accounts involving judgments and estimates;
            (c) controls related to the selection and application of appropriate accounting
                policies that are in accordance with the issuer’s GAAP;
            (d) anti-fraud programs and controls;
            (e) controls, including information technology general controls, on which other
                controls are dependent;
            (f) controls over the period-end financial reporting process, including controls over
                procedures used to enter transaction totals into the general ledger, to initiate,
                authorize, record and process journal entries in the general ledger and to record
                                         -7-


         recurring and nonrecurring adjustments to the financial statements (for example,
         consolidating adjustments, report combinations and reclassifications); and
    (g) controls that have a pervasive impact such as those within the control
        environment, including the “tone at the top”, assignment of authority and
        responsibility, consistent policies and procedures and issuer wide programs that
        apply to all locations and business units.
The nature of an issuer’s testing activities will largely depend on the circumstances of the
issuer and the significance of a control. Inquiry alone, however, will not generally
provide an adequate basis for management’s assessment. This statement should not be
interpreted to mean that management personally must conduct the necessary activities to
evaluate the design and test the operating effectiveness of the issuer’s internal control
over financial reporting. Activities, including those necessary to provide management
with the information on which it bases its assessment, may be conducted by non-
management personnel acting under the supervision of management. Management,
however, has overall responsibility for the preparation of the internal control report.
Control framework for evaluation -
The Instrument does not mandate the use of a particular control framework in recognition
of the fact that other evaluation standards exist and may be developed in the future that
may satisfy the intent of the Instrument.
A suitable control framework should:
   (a) be free from bias;
   (b) permit reasonably consistent qualitative and quantitative measurements of an
       issuer’s internal control over financial reporting;
   (c) be sufficiently complete so that those relevant factors that would alter a
       conclusion about the effectiveness of an issuer’s internal control over financial
       reporting are not omitted; and
   (d) be relevant to an evaluation of internal control over financial reporting.
Without limiting the generality of [the above], the following control frameworks satisfy
our criteria for the purposes of section 2.2 of the Instrument:
    (a) the Risk Management and Governance (formerly: Guidance of the Criteria of
        Control Board) published by The Canadian Institute of Chartered Accountants;
    (b) the Internal Control – Integrated Framework published by The Committee of
        Sponsoring Organizations of the Treadway Commission; and
    (c) the Turnbull Report published by The Institute of Chartered Accountants in
        England and Wales.
The control frameworks referred to [above] include in their definition of “internal
control” three general categories: effectiveness and efficiency of operations, reliability of
financial reporting and compliance with applicable laws and regulations. The term
“internal control over financial reporting”, as defined in the Instrument, is a subset of
internal controls addressed in these control frameworks. The definition in the Instrument
                                                -8-


        does not encompass the elements of these control frameworks that relate to effectiveness
        and efficiency of an issuer’s operations and an issuer’s compliance with applicable laws
        and regulations, with the exception of compliance with the applicable laws and
        regulations directly related to the preparation of financial statements, such as the
        securities regulatory authorities’ financial reporting requirements.
        Evidence -
        The Instrument requires that an assessment of the effectiveness of internal control over
        financial reporting be supported by evidence. We expect this evidence to include
        information about the design of internal control over financial reporting and the testing
        processes used by management.
        We believe that this evidence should provide reasonable support:
            (a) for the evaluation of whether the control is designed to prevent or detect material
                misstatements or omissions in the issuer’s financial disclosure; and
            (b) for the conclusion that the tests were appropriately planned and performed and
                that the results of the tests were appropriately considered.
        To provide reasonable support for management’s assessment of the effectiveness of
        internal control over financial reporting, the evidence should include:
            (a) the design of controls over relevant assertions related to all significant accounts
                and disclosures in the financial statements;
            (b) information about how significant transactions are initiated, authorized, recorded,
                processed and reported;
            (c) sufficient information about the flow of transactions to identify the points at
                which material misstatements due to error or fraud could occur;
            (d) a listing of controls designed to prevent or detect fraud, including who performs
                the controls and related segregation of duties;
            (e) a listing of controls over period-end financial reporting processes;
            (f) a listing of controls over safeguarding of assets; and
            (g) results of management’s testing and evaluation.

Assessment of Controls

In relation to controls, Multilateral Instrument 52-109 requires the officer to certify, among other
things, that he or she:

    (a) designed or supervised the design of the disclosure controls and procedures to provide
        reasonable assurances that they are informed of material information relating to the
        issuer;
                                                  -9-


   (b) the officer designed or supervised the design of the internal control over financial
       reporting to provide reasonable assurances regarding the reliability of financial
       reporting; and
   (c) the officer has evaluated the effectiveness of such disclosure controls and procedures and
       caused the issuer to disclose their conclusions regarding their evaluation.

Similarly, Multilateral Instrument 52-111 requires management of the issuer to evaluate the
effectiveness of the issuer's internal controls in relation to financial reporting and file an internal
control report that must state among other things:

   (a) that management is responsible for establishing and maintaining adequate internal
       controls over financial reporting; and
   (b) management's assessment of the effectiveness of the issuer's internal control over
       financial reporting and whether or not it is effective.

These items require that management and the executive of the issuer understand, document and
assess their disclosure control procedures and understand, document and assess their internal
control over financial reporting. This should include a review of the policies and procedures that
relate to the gathering of information, maintenance of accounting records, authorization of
receipts and disbursements and safeguarding of assets.

These requirements in relation to the controls of the issuer are intended to provide reasonable
assurances to investors of the reliability of financial and non-financial disclosure.

Generally, the controls of concern include:

   (a) controls over initiating, recording, processing and reconciling account balances, classes
       of transactions and disclosure and related assertions included in the financial statements;
   (b) controls related to the initiation and processing of non-routine and non-systematic
       transactions;
   (c) controls related to the selection and application of appropriate accounting policies;
   (d) controls related to the prevention, identification and detection of fraud; and
   (e) controls related to the generation and dissemination of material information.

In relation to internal controls over financial reporting, the issuer will need to ensure that it has
procedures sufficient to evaluate the design of the controls and to test their operational
                                                 -10-


effectiveness. As well, the issuer will need to preserve evidence sufficient to demonstrate the
operational effectiveness of these controls.

Set out below is an example of the steps that can be taken in assessing controls. These steps are
included to give context for the discussion appearing later in this paper.

In assessing controls, the first step should include identifying all items of interest. An item of
interest would include, for example, any significant account or disclosure.            In relation to
financial reporting, the item of interest could be a line item in a financial statement.

Once that has been done, the sources of the item of interest need to be identified. For example,
in relation to a line item in the financial statements, what are the sources of the information
making up the line item. The controls that are in place in relation to the specific item of interest
will then need to be identified.

From there, these controls will need to be assessed to determine whether or not they are adequate
and whether or not they are operating properly. The certifying officers need to understand how
these controls are supposed to work and whether or not they are functioning and whether or not
they are adequate when they are functioning.            This assessment can be achieved through
reviewing and testing the controls. This testing can include the testing of the controls by internal
audit, the testing of the controls by others under the direction of management, using a service
organization’s report and testing by means of a self-assessment process.

As well, as part of the assessment, the various risks associated with the item of interest should be
identified and the controls reviewed to determine whether or not the controls take into account
all material risks. This will help in assessing the adequacy of the control. For example, would a
control catch an incorrect data entry or data that is being processed incorrectly by software. The
standard is whether or not a failure of a control or an inadequacy of a control would result in a
material misstatement.

Section 2.3 of Multilateral Instrument 52-111 requires an issuer maintain evidence to provide
reasonable support for management’s assessment of the effectiveness of the issuer’s internal
control over financial reporting. This evidence can include documentation relating to:
                                                  -11-


   (a) The design of the controls over items of interest including those designed to prevent or
       detect fraud;
   (b) Information about how significant transactions are initiated, authorized, recorded,
       processed and reported;
   (c) Information on the flow of transactions to help identify risks relating to material
       misstatements due to error or fraud;
   (d) Controls over the period-end financial reporting process;
   (e) Controls over safeguarding of assets to protect against unauthorized acquisition, use or
       disposition; and
   (f) The testing/assessment conducted and results of the testing/assessment.

Any material weaknesses that are found in the controls will need to be corrected and disclosed in
the internal control report if they are not corrected.

Outsourcing and Service Providers

       Outsourcing

The use of service providers and the outsourcing of information technology and business process
functions are fairly common in this economy. There are many reasons for this. For example,
outsourcing allows an organization to concentrate on its core competencies when the
organization farms out its non-core activities to third parties. Often, these third party service
providers are able to execute these non-core activities more effectively and efficiently due to
their expertise and, perhaps, economies of scale.

The outsourcing of information technology processes can include offsite hosting of computer
servers, software applications and data and possibly, the entire information technology group. In
relation to business process outsourcing, examples include customer service (e.g. call centers),
human resources (e.g. management of benefits and payroll), supply chain management,
administration, finance (e.g. accounts payable and accounts receivable) and manufacturing.

As well, adding to the complexity many organizations engage service providers that are located
in other countries of the world, such as India.

       Obligations in Relation to Service Providers
                                                 -12-


Just because a third party takes over some part of the business operations does not relieve the
certifying officers and the issuer of their obligations under MI 52-109 and MI 52-111. The
certifying officers’ and issuer’s obligations in relation to disclosure controls and procedures and
internal control over financial reporting is unrelated to who is responsible for those activities.

A service provider would come under the umbrella of the issuer's internal control over financial
reporting when it provides any service that affects:

    (a) transactions, accounting procedures, record keeping functions, information systems or
        reporting procedures in a manner that affects the issuer's financial statements.
    (b) how the issuer initiates its transaction;
    (c) how the issuer's transactions are processed and reported in its accounting records,
        supporting information and specific financial statement accounts;
    (d) how the issuer's transactions are processed from the initiation of the transaction to its
        inclusion in the financial statements; or
    (e) how the financial reporting process is used to prepare the issuer's financial statements.

The issuer must also consider those circumstances in which the service provider may come into
possession of any material information requiring consideration by management and disclosure
under securities regulation. In particular, the CEO and CFO will have to consider how they can
make their certifications in relation to the design and effectiveness of the disclosure controls and
procedures to provide reasonable assurances that they are informed of material information
relating to the issuer in a timely manner.

Therefore, the issuer must understand the extent to which the service provider's services affect
the issuer's internal control over financial reporting and disclosure controls and procedures and
must consider the activities of the service provider in making their assessments and
certifications.

In relation to the assessment of internal control over financial reporting, the issuer needs to
satisfy itself that such controls are sufficient and are operating effectively. The issuer must:

    (a) understand the controls of the issuer over the activities of the service provider;
    (b) understand the controls of the service provider that are relevant to the issuer's internal
        controls; and
                                                 -13-


    (c) obtain evidence that the controls are operating effectively.

If the service provider has responsibility for activities that relate to internal control over financial
reporting, management will need to evaluate these activities of the service provider to determine
the nature, timing and extent of evidence required to support their assessment.

Often times service providers may have their own auditors which can review and report on the
processes and controls that the service provider uses in the course of providing services to the
issuer. The report can include a discussion on the effectiveness of the controls as they relate to
the issuer's transactions. Whether or not management can rely on this report will depend on a
number of things including:

    (a) the materiality of the activities of the service provider in relation to disclosure controls
        and internal control over financial reporting;
    (b) the nature of the controls used by the service provider;
    (c) the competence and objectivity of the auditor;
    (d) the quality and effectiveness of their work; and
    (e) the scope and period covered by the report and the timing of the report.

If the issuer’s operations are highly integrated with the service provider’s then perhaps the issuer
can rely on its own controls to assess the operations of the service provider. Otherwise, the
issuer may have no alternative but to review the controls of the service provider.

        Outsourcing Contract – Existing

Any existing contracts with service providers should be reviewed to determine how the issuer
will meet its obligation in relation to the services provided by the service provider. For example,
does the contract permit the issuer to audit the service provider’s operations.

Most long-term outsourcing contracts provide a mechanism to allow the services to be modified
from time to time to meet the ongoing business and legal needs of the issuer. In this respect, the
issuer's certification and reporting obligations would obviously constitute a new need. The
provisions of the existing contract, and in particular, the change control provisions, will need to
be reviewed to determine how these changes can be implemented. As well, in relation to cost,
                                                 -14-


the contract should be reviewed to determine the additional costs to the issuer of any additional
activities undertaken by the service provider.

At any rate, even if the contract is not sufficiently flexible, it is often in the best interest of the
service provider to permit the issuer to meet its compliance obligations. In relation to cost, if the
services were part of an issuer's internal operations, the issuer would be responsible for the
additional costs associated with complying. Likewise, the service provider will likely insist that
the issuer be responsible for any additional costs associated with the additional activities of the
service provider in relation to the issuer's compliance.

       Outsourcing Contract – New Contracts

When outsourcing any function or system that could impact the financial reporting or controls of
the issuer, the CEO and CFO should, at the outset: (a) be involved in the design and evaluation
of such functions or systems; and (b) ensure that the appropriate processes are in place to support
their certification of the information derived from the outsourced functions or systems. As well,
consideration should be given to requiring the service provider implement systems that are
consistent and compatible with the issuer’s own disclosure and internal controls and procedures.

Certainly, any new outsourcing or service provider agreement should set out clearly the
obligations of each party such that the reporting issuer is able to meet its obligations under these
legislative initiatives in the most effective manner possible. This will typically include the right
to audit the service provider. An audit would look at a number of facets of the service provider’s
operations including data integrity, system security, system availability, accuracy and correctness
of operations. The provisions which will aid in the audit include provisions that permit access to
the premises of the service provider, access to the information of the issuer that is in the
possession or control of the service provider and access to the systems of the service provider
that process this information in order to evaluate them.

On the other hand, the service provider may be reluctant to grant such access as it may be in
possession of confidential information of its other customers. As well, granting access to the
issuer increases the risk of disruption or interference of the operations of the various systems of
the service provider which may, in turn, affect the other customers of the service provider.
                                               -15-


Summary
All of these considerations will likely have future implications for the implementation, oversight
and review of the outsourcing of key corporate functions and processes.

As well, while compliance is a legal requirement, the issuer should also look at this as an
opportunity to improve their various business processes. If management is able to get better
information in a more timely manner they will be in a better position to understand and manage
risks, lead the issuer and respond to external forces in a timely manner.

				
Jun Wang Jun Wang Dr
About Some of Those documents come from internet for research purpose,if you have the copyrights of one of them,tell me by mail vixychina@gmail.com.Thank you!