Companion Policy to National Instrument 52-109 Certification of Disclosure in Issuers' Annual and Interim Filings
Part 6 Design of DC&P and ICFR
Section 6.10

Identifying Significant Accounts and Disclosures and Their Relevant Assertions

(1) Significant accounts and disclosures and their relevant assertions – As described in subsection 6.6(2) of the Policy, a top-down, risk-based approach to designing ICFR involves identifying significant accounts and disclosures and the relevant assertions that affect each significant account and disclosure. This method assists certifying officers in identifying the risks that could reasonably result in a material misstatement in the issuer’s financial statements and not all possible risks the issuer faces.

(2) Identifying significant accounts and disclosures – A significant account could be an individual line item on the issuer’s financial statements, or part of a line item. For example, an issuer might present “net revenue”, which represents a combination of “gross revenue” and “returns”, but might identify “gross revenue” as a significant account. By identifying part of a line item as a significant account, certifying officers might be able to focus on balances that are subject to specific risks that can be separately identified. A significant disclosure relating to the design of ICFR could be any form of disclosure included in the issuer’s financial statements, or notes to the financial statements, that is presented in accordance with the issuer’s GAAP. The identification of significant disclosures for the design of ICFR does not extend to the preparation of the issuer’s MD&A or other similar financial information presented in a continuous disclosure filing other than financial statements.

(3) Considerations for identifying significant accounts and disclosures – A minimum threshold expressed as a percentage or a dollar amount could provide a reasonable starting point for evaluating the significance of an account or disclosure. However, certifying officers should use their judgment, taking into account qualitative factors, to assess accounts or disclosures for significance above or below that threshold. The following factors will be relevant when determining whether an account or disclosure is significant:

(a) the size, nature and composition of the account or disclosure;

(b) the risk of overstatement or understatement of the account or disclosure;

(c) the susceptibility to misstatement due to errors or fraud;

(d) the volume of activity, complexity and homogeneity of the individual transactions processed through the account or reflected in the disclosure;

(e) the accounting and reporting complexities associated with the account or disclosure;

(f) the likelihood (or possibility) of conditions that will give rise to significant contingent liabilities in the account or disclosure;

(g) the existence of related party transactions; and

(h) the impact of the account on existing debt covenants.

(4) Assertions – Using a top-down, risk-based approach, the certifying officers identify those assertions for each significant account and disclosure that presents a risk that could reasonably result in a material misstatement in that significant account or disclosure. For each significant account and disclosure the following assertions could be relevant:

(a) existence or occurrence – whether assets or liabilities exist and whether transactions and events that have been recorded have occurred and pertain to the issuer;

(b) completeness – whether all assets, liabilities and transactions that should have been recorded have been recorded;

(c) valuation or allocation – whether assets, liabilities, equity, revenue and expenses have been included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded;

(d) rights and obligations – whether assets are legally owned by the issuer and liabilities are the obligations of the issuer; and

(e) presentation and disclosure – whether particular components of the financial statements are appropriately presented and described and disclosures are clearly expressed. The certifying officers might consider assertions that differ from those listed above if the certifying officers determine that they have identified the pertinent risks in each significant account and disclosure that could reasonably result in a material misstatement.

(5) Identifying relevant assertions for each significant account and disclosure – To identify relevant assertions for each significant account and disclosure, the certifying officers determine the source of potential misstatements for each significant account or disclosure. When determining whether a particular assertion is relevant, the certifying officers would consider the nature of the assertion, the volume of transactions or data related to the assertion and the complexity of the underlying systems supporting the assertion. If an assertion does not present a risk that could reasonably result in a material misstatement in a significant account, it is likely not a relevant assertion. For example, valuation might not be relevant to the cash account unless currency translation is involved; however, existence and completeness are always relevant. Similarly, valuation might not be relevant to the gross amount of the accounts receivable balance, but is relevant to the related allowance accounts.

(6) Identifying controls, policies and procedures for relevant assertions – Using a top-down, risk- based approach, the certifying officers design components of ICFR to address each relevant assertion. The certifying officers do not need to design all possible components of ICFR to address each relevant assertion, but should identify and design an appropriate combination of controls, policies and procedures to address all relevant assertions. The certifying officers would consider the efficiency of evaluating an issuer’s ICFR design when designing an appropriate combination of ICFR components. If more than one potential control, policy or procedure could address a relevant assertion, certifying officers could select the control, policy or procedure that would be easiest to evaluate (e.g., automated control vs. manual control). Similarly, if a control, policy or procedure can be designed to address more than one relevant assertion, then certifying officers could choose it rather than a control, policy or procedure that addresses only one relevant assertion. For example, the certifying officers would consider whether any entity-wide controls exist that adequately address more than one relevant assertion or improve the efficiency of evaluating operating effectiveness because such entity-wide controls negate the need to design and evaluate other components of ICFR at multiple locations or business units. When designing a combination of controls, policies and procedures, the certifying officers should also consider how the components in subsection 6.7(2) of the Policy interact with each other. For example, the certifying officers should consider how information technology general controls interact with controls, policies and procedures over initiating, authorizing, recording, processing and reporting transactions.