What C-SOX Means for Canadian Companies

Learn why Canadian companies must comply with C-SOX (Bill 198) and why they should invest in being compliant with the legislation.

September 27, 2023 · READ

The Sarbanes-Oxley (SOX) Act was passed by Congress in 2002 and changed how many companies in the United States reported their financial standings. The new approach greatly benefited shareholders and stock investors by bolstering transparency in fiscal reporting. As such, other countries followed suit, including Canada, with Bill 198 — which is unofficially known as “C-SOX”.

The “Keeping the Promise for a Strong Economy Act” bill was passed on April 7, 2003, to enhance the transparency of information provided by Canadian-based corporations to the public. Its aim was to encourage investors to take legal action against reporting issuers and individuals responsible for either misrepresentations or neglecting to disclose significant changes. Furthermore, it sought to rectify a perceived disparity in Ontario’s class action system by granting primary market investors, who purchase securities under a prospectus, the right to pursue legal remedies, while providing no such recourse for secondary market investors.

In order to adhere to C-SOX requirements, companies are required to offer “reasonable assurance” that they have effectively minimized the possibility of significant errors or inaccuracies. This involves demonstrating a strong commitment to a thorough audit and meticulous documentation of their internal controls, displaying a high level of dedication and attention to detail.

Regulations for Bill 198

C-SOX mandates organizations to create and implement strategies for compliance that specifically target the outlined risks, while also evaluating or examining the efficiency of these strategies. While the primary focus was on financial controls, policies, and procedures, it is widely recognized that operational and technological processes also harbor notable risks that may lead to financial errors. 

That is why, shortly after the bill was passed, the Canadian Securities Administrators (CSA) issued three additional regulations, or Multilateral Instruments (MI) for companies and auditors:

1. MI 52-108

This requires securities issuers to use auditors who participate in the Canadian Public Accountability Board’s independent oversight program.

2. MI 52-109

Under this regulation, Chief Executive Officers and Chief Financial Officers would need to verify their filings (both annual and interim) are accurate representations of their company’s current financial status. MI 52-109 is similar to the basic components of SOX 404 and requires companies to disclose policy and develop procedures for collection, capturing, evaluation, and disclosing information.

3. MI 52-110

This regulation outlines the role of audit committees in any business or organization that issues securities, indicating that the prerequisites for an autonomous audit committee, although it is not mandatory for every independent audit committee, to include a “financial expert.”

How much time could you save by automating risk management? Try the ROI calculator

How should Canadian companies ensure they are C-SOX compliant?

Much like the original SOX Act, Bill 198 requires companies, regardless of size, to spend a great deal of money on compliance with the legislation. Not meeting C-SOX compliance demands can include not having or submitting the proper documentation to auditors which could result in hefty fines.

Compliance with C-SOX is an ongoing process, and companies should work closely with legal and financial experts to ensure they meet the requirements. Some of these steps include:

  • Establish an independent audit committee: The committee should be composed of board members who are not involved in the day-to-day operations of the company and be responsible for overseeing the financial reporting process and the external audit.
  • Internal controls: Companies must establish and maintain effective internal control structures to ensure the reliability of financial reporting. This includes processes for financial transactions, reporting, and safeguarding assets.
  • Financial disclosures: Companies must provide clear and accurate financial statements and disclosures in their annual reports and other public filings. These reports should be transparent and follow generally accepted accounting principles.
  • Record retention and document management: Companies must retain financial records and documents for specific periods as mandated by C-SOX. This includes electronic records and emails.
  • External audit: Public companies must hire an external audit firm to conduct an annual audit of their financial statements. This audit should include an assessment of the effectiveness of internal controls.
  • Disclosure controls and procedures: Companies need to establish, evaluate, and maintain disclosure controls and procedures to ensure that information required to be disclosed is recorded, processed, summarized, and reported accurately and on time.
  • Continuous monitoring and testing: Regularly monitor and test internal controls to identify weaknesses and areas for improvement. Implement corrective actions as needed.

Also read: Navigating the Current Regulatory Landscape: Top 5 Challenges for Compliance Teams

Simplifying C-SOX with Resolver’s Compliance Management Software

Compliance with C-SOX requirements can be complex, requiring meticulous record-keeping, robust internal controls, and transparency in financial reporting. To help companies navigate these challenges, Resolver’s Compliance Management Software streamlines the process of adhering to SOX regulations. 

Our solution simplifies this task by providing a centralized repository for all compliance-related documents. With secure access controls and version tracking, you can confidently manage your documentation while ensuring its integrity. By leveraging Resolver’s Compliance Management software, organizations can efficiently maintain C-SOX compliance while focusing on their core business activities with peace of mind.

This content was originally published on June 5, 2015
Want to learn more about Resolver's software? Get A Free Demo

Request a Demo

I'd like to learn more about
  • I'd like to learn more about
  • Enterprise Risk Management
  • Incident Management
  • IT Risk
  • IT Compliance
  • Investigations Management
  • Security Operations Management
  • Compliance
  • Security Audit
  • Loss Prevention
  • Brand Protection
  • ESRM
  • Internal Audit
  • Internal Control (SOX)
  • Third Party Risk Management
  • Threat Assessment

I agree to receive promotional email messages from Resolver Inc about its products and services. I understand I can unsubscribe at any time.

By submitting this form you agree to Resolver's Terms Of Service and Privacy Policy.