下载文档原格式
SOX404萨班斯法案内容及实施方法1. SOX404萨班斯法案出台背景安然、世通等财务欺诈丑闻发生后,导致人们对金融市场信心丧失,并失去对公司会计记录和报告活动的信任,为此,美国国会于2002年7月出台了《2002年公众公司会计改革和投资者保护法案》。
该法案要求上市公司建立关于法人治理和财务报告的新实务。
该法案由美国众议院金融服务委员会主席奥克斯利和参议院银行委员会主席萨班斯联合提出,又被称作《2002年萨班斯—奥克斯利法案》 Sarbanes Oxley (2002) Regulations 。
萨班斯法案是对上市公司影响最广泛的法律之一。
该法案旨在保护在美国证券交易所开展股票交易的公司股东,并加大对这些公司决策人的可查力度。
2. SOX404具体内容是什么?萨班斯法案404条款要求,所有在美国上市的公司必须在其年度报告中披露管理层对公司当年与财务报告相关的内部控制体系有效性的评估报告。
同时外部审计师也需要对上市公司的财务报告相关的内部控制体系有效性发表审计意见。
该评估报告要求包括以下内容:●管理层有责任为企业建立和维护恰当的与财务报告有关的内部控制。
●识别管理层所采用的内部控制框架以便按要求评估公司与财务报告有关的内部控制的有效性。
●对从一上个会计年度末以来与财务报告有关的内部控制的有效性予以评估,其内容也包括有关与财务报告有关的内部控制是否有效的公开声明。
●年度审计报告中,注册会计师事务所发表的财务审计报告,包括管理层对与财务报告有关的内部控制有效性评估的证明报告。
●管理层关于公司针对财务报告内部控制有效性评估的书面结论,应包含在其对财务报告内部控制的报告和其对审计师的信函中。
这一书面结论可采取多种形式,但是管理层对公司面向财务报告的内部控制的有效性必须发表直接意见。
●如果与财务报告有关的内部控制中有一个或多个重要缺陷,管理层将不能对财务报告的内部控制有效性作出评估结论,而且,管理层应该披露自最近一个会计年度末以来财务报告内部控制方面的所有重要缺陷。
萨班斯法案404条款对中国上市公司的影响引言美国的萨班斯法案(Sarbanes-Oxley Act,简称SOX)是为了恢复对公众公司财务报告的信任而通过的法案。
SOX法案对于美国公司的财务披露和内部控制有着严格的要求,但是对于中国上市公司也产生了一定的影响。
本文将探讨SOX法案404条款对中国上市公司的影响。
SOX法案404条款的内容及要求SOX法案404条款是关于内部控制的要求,要求公司的管理层对其财务报告的内部控制进行评估,并对这些内部控制的有效性提供认证。
具体要求包括:1. 公司管理层必须对其财务报告的内部控制进行全面的评估,包括评估其设计和落实的有效性;2. 公司必须提供并公开披露其财务报告的内部控制评估的结果;3. 公司年度报告必须附带一份由独立注册会计师事务所出具的关于内部控制的评估报告。
SOX法案404条款对中国上市公司的影响对中国上市公司来说,SOX法案404条款带来了以下几个方面的影响:1. 内部控制强化:中国上市公司需要加强对其财务报告的内部控制的评估和落实。
这涉及到公司制定和执行一系列的制度和流程,以确保财务报告的可靠性和准确性。
内部审计和风险控制也需要得到加强和完善。
2. 成本增加:由于SOX法案404条款对公司的内部控制要求更加严格,中国上市公司需要花费更多的人力和财力资源来评估和维护其内部控制体系。
这增加了公司的运营成本。
3. 市场信任增强:SOX法案404条款对公司的财务报告透明度有着更高的要求,这有助于增强投资者对中国上市公司的信任。
这可以提高中国上市公司的国际形象,吸引更多的国际投资。
中国政府对SOX法案404条款的回应中国政府也意识到萨班斯法案404条款对中国上市公司的影响,并采取了一系列措施来应对:1. 加强监管:中国证监会对上市公司的内部控制和财务报告进行更加密切的监管,加强对公司的日常监督和检查,确保其财务报告的真实性和可靠性。
2. 建立制度:中国政府积极推动上市公司建立完善的内部控制制度,加强内部审计和风险控制体系,提高公司的财务管理水平。
美国萨班斯·奥克斯法案302和404条款下内部审计师的职责(部分)一、综述............二、目的............三、背景............四、404遵循性工作中阶段、工作和主要职责的简述五、审计委员会、管理层和外部审计师作用小结........ (一)审计委员会...........(二)管理层...................(三)外部审计师...........六、建议性内部审计作用................(一)项目监督...............(二)咨询和项目支持...(三)持续的监督和测试(四)项目审计...............七、实践的判断(一)咨询的源泉...........(二)作为管理层完成记录或测试的有力助手...(三)作为项目管理层.(四)作为内部控制培训或信息提供者............. (五)作为控制自我评估发起者.....(六)作为披露程序证明者.............八、如何处理对内部审计客观性的妨害..........一、综述随着各个公司逐渐展开对萨班斯·奥克斯法案(以下简称“SOX 法案”)的遵循性工作,内部审计也就其在遵循性工作中的地位和工作遇到一系列问题。
根据404条款的要求,管理层需要建立、健全财务报告内部控制,并对其进行评价,同时外部审计师要对上述评价进行再评价。
302条款不仅要求管理层每季度对财务报告相关内部控制进行评价,而且对信息披露方面的控制和程序也要进行评价。
保证对SOX法案302、404及其他条款的遵循性是公司管理层不可推卸的责任。
帮助管理层履行上述职责是内部审计的职责。
参与公司404遵循性工作是内部审计的重要工作,但是上述工作要与内部审计总体目标和章程相一致。
无论内部审计涉入404遵循性工作中的层次和性质是什么样的,都不应该违背内部审计的客观性和其监督公司主要风险区域的职能。
oecd 404 标准OECD 404标准简介OECD 404标准是经济合作与发展组织(OECD)制定的一个重要准则,旨在确保企业在进行贸易和投资活动时遵守环境规范和道德标准。
这一标准被广泛认可为全球企业社会责任的基准之一。
OECD 404标准要求企业在其业务活动中尽力避免对环境造成有害影响。
它涵盖了多个方面,包括环境影响评估、资源管理、废物处理、土地使用以及生态系统保护等。
企业需要确保其所采取的行动符合最佳实践,以减少不可避免的环境损害并改善环境绩效。
符合OECD 404标准对企业而言带来了多重益处。
首先,它有助于树立企业的良好声誉。
通过遵守环境规范,企业能够树立自己作为负责任市民和可持续发展倡导者的形象。
这种形象能够吸引顾客、投资者和合作伙伴,从而带来商业机会和竞争优势。
其次,符合OECD 404标准有助于降低企业的环境风险。
环境问题不仅可能导致法律诉讼和罚款,还可能对企业的经营造成长期不可逆转的影响。
通过严格遵守标准,企业可以减少环境事故和违规行为的发生,降低潜在的财务和声誉损失。
另外,符合OECD 404标准也有助于推动可持续发展目标的实现。
这个标准鼓励企业采用清洁生产技术和可再生能源,减少温室气体排放,保护生物多样性,促进资源的循环利用。
通过这些措施,企业可以为全球环境保护做出贡献,为经济可持续发展做出努力。
总之,OECD 404标准对企业而言是一个重要的参考框架,它提供了在贸易和投资活动中遵循环境道德和规范的具体指引。
符合这一标准不仅有助于树立企业的声誉和降低环境风险,还可以促进可持续发展目标的实现。
因此,企业应该认真对待并积极履行OECD 404标准所要求的各项要求。
版本页标题:信息技术管理制度主题:关键业务系统数据管理制度文档编号:版本说明:第1页.共6页第一条第二条第三条第四条第五条第六条第七条第八条第九条第十条关键业务系统数据管理制度第一节总则为规范数据管理工作,降低数据被非法生成、变更、泄露、丢失及破坏的风险,特制定本制度。
本制度中数据是指信息系统中的各种业务和财务数据。
本制度所指数据管理包含涉及数据修改、导入、提取,数据处理处理过程中对数据真实性的保证,数据内、外部传输的工作。
第二节数据保存管理对于与财务报告相关的各种业务数据,须保存10年。
重要的业务数据要保证物理上的安全,存放数据的介质必须放在安全的地方,非授权人员不得访问。
关于数据备份的管理,参见《备份管理制度》。
第三节数据导入和修改数据导入指信息技术部指定的lT人员应数据拥有部门要求,通过后台数据库,将数据导入运行环境的操作。
对于发生在批处理中的自动数据导入,请参参见《批处理操作管理及监控制度》中的相关内容。
数据修改指信息技术部指足的lT人员应数据拥有部门要求,对公司信息系统中的数据在后台数据库中进行的修改。
数据修改包含数据内容的修改以及数据库结构的变更。
数据拥有部门提交《数据导入/修改/提取申请表》(附件一),申请表中需要具体描述导入/修改的原因和内容,申请表需经过数据拥有部门负责人审批。
系统管理员(兼任数据库超级用户)收到申请表后,应与申请部门再次核对申请表内容,若是数据导入申请,对要导入的数据来源进行检验,确保其有效性和安全性;然后,分析导入/修改可行性及后果,若可以导入/修第2页.共6页第十一条第十二条第十三条第十四条第十五条第十六条第十七条改,进一步提供导入/修改方案。
方案中须提供准确性和完整性的检查办法和对错误数据录入/修改的处理办法。
最后,把这些结果提交lT系统主管审批。
IT系统主管根据系统管理员提供的意见决定是否接受数据导入/修改申请。
如不接受申请,出具理由,并告知申请部门;若接受申请,须进一步根据导入/ 修改方案的复杂程度,确定是否需要先在测试环境中测试,以保证数据导入/ 修改改方案的准确性。
SECURITIES AND EXCHANGE COMMISSION17 CFR PARTS 210, 228, 229, 240 and 249[RELEASE NOS. 33-8760; 34-54942; File No. S7-06-03]RIN 3235-AJ64INTERNAL CONTROL OVER FINANCIAL REPORTING IN EXCHANGE ACT PERIODIC REPORTS OF NON-ACCELERATED FILERS AND NEWLY PUBLIC COMPANIESAGENCY: Securities and Exchange Commission.ACTION: Final rule; extension of compliance dates; request for comment on Paperwork Reduction Act burden estimates.SUMMARY: We are extending further for smaller public companies the dates that were published on September 29, 2005, in Release No. 33-8618 [70 FR 56825], for their compliance with the internal control reporting requirements mandated by Section 404 of the Sarbanes-Oxley Act of 2002. Under the extension, a non-accelerated filer is not required to provide management’s report on internal control over financial reporting until it files an annual report for its first fiscal year ending on or after December 15, 2007. If we have not issued additional guidance for management on how to complete its assessment of internal control over financial reporting in time to be of sufficient assistance in connection with annual reports filed for fiscal years ending on or after December 15, 2007, we will consider whether we should further postpone this date. A non-accelerated filer is not required to file the auditor’s attestation report on internal control over financial reporting until it files an annual report for its first fiscal year ending on or after December 15, 2008. We will consider further postponing this date after we consider the anticipated revisions to Auditing Standard No. 2. Management’s report included in a non-accelerated filer’s annual report during the filer’s first year of compliance with the Section404(a) requirements will be deemed “furnished” rather than filed. Management’s report for foreign private issuers filing on Form 20-F or 40-F that are accelerated filers (but not large accelerated filers) also will be deemed furnished rather than filed for the year that such issuers are only required to provide management’s report. Companies that only provide management’s report during their first year of compliance in accordance with our rules must state in the annual report that the report does not include the auditor’s attestation report and that the company’s registered public accounting firm has not attested to management’s report on the company’s internal control over financial reporting.We also are adopting amendments that provide for a transition period for a newly public company before it becomes subject to the internal control over financial reporting requirements. Under the new amendments, a company will not become subject to these requirements until it either had been required to file an annual report for the prior fiscal year with the Commission or had filed an annual report with the Commission for the prior fiscal year. A newly public company is required to include a statement in its first annual report that the annual report does not include either management’s assessment on the company’s internal control over financial reporting or the auditor’s attestation report.DATES: Effective Date: The effective date published on June 18, 2003, in Release No. 33-8238 [68 FR 36636], remains August 14, 2003. The effective date of this document is [insert 60 days after publication in the Federal Register] except Temporary §210.2-02T(c), Temporary§228.308T, Temporary §229.308T, Temporary Item 15T of Form 20-F (§249.220f), Temporary Instruction 3T of General Instruction B(6) of Form 40-F (§249.240f), Temporary Item 4T of Form 10-Q (§249.308a), Temporary Item 3A(T) of Form 10-QSB (§249.308b), Temporary Item 9A(T) of Form 10-K (§249.310), and Temporary Item 8A(T) of Form 10-KSB (§249.310b) areeffective from [insert 60 days after publication in the Federal Register] to June 30, 2009. Temporary §210.2-02T(a) remains effective from September 14, 2006 to December 31, 2007.Compliance Dates: The compliance dates are extended as follows: A company that does not meet the definition of either an “accelerated filer” or a “large accelerated filer,” as these terms are defined in Rule 12b-2 under the Securities Exchange Act of 1934, is not required to comply with the requirement to provide management’s report on internal control over financial reporting until it files an annual report for its first fiscal year ending on or after December 15, 2007. Non-accelerated filers must begin to comply with the provisions of Exchange Act Rule 13a–15(d) or 15d–15(d), whichever applies, requiring an evaluation of changes to internal control over financial reporting requirements with respect to the company’s first periodic report due after the first annual report that must include management’s report on internal control over financial reporting. The extended compliance also applies to the amendments of Exchange Act Rule 13a-15(a) or 15d-15(a) relating to the maintenance of internal control over financial reporting. We also are extending the compliance date to permit a non-accelerated filer to omit the portion of the introductory language in paragraph 4 as well as language in paragraph 4(b) of the certification required by Exchange Act Rules 13a-14(a) and 15d-14(a) that refers to the certifying officers’ responsibility for designing, establishing and maintaining internal control over financial reporting for the company, until it files an annual report that includes a report by management on the effectiveness of the company’s internal control over financial reporting.A company that does not meet the definition of either an accelerated filer or a large accelerated filer is not required to comply with the requirement to provide the auditor’s attestation report on internal control over financial reporting until it files an annual report for its first fiscal year ending on or after December 15, 2008. Furthermore, until this type of companybecomes subject to the auditor attestation report requirement, the registered public accounting firm retained by the company need not comply with the obligation in Rule 2-02(f) of Regulation S-X. Rule 2-02(f) requires every registered public accounting firm that issues or prepares an accountant’s report that is included in an annual report filed by an Exchange Act reporting company (other than a registered investment company) containing an assessment by management of the effectiveness of the company’s internal control over financial reporting to attest to, and report on, such assessment.Comment Date: Comments regarding the collection of information requirements within the meaning of the Paperwork Reduction Act of 1995 should be received on or before [insert 30 days after the date of publication in the Federal Register].ADDRESSES: Comments may be submitted by any of the following methods:Electronic Comments:•Use the Commission’s Internet comment form (/rules/final.shtml);•Send an e-mail to rule-comments@. Please include File Number S7-06-03 on the subject line; or•Use the Federal Rulemaking Portal (). Follow the instructions for submitting comments.Paper Comments:•Send paper comments in triplicate to Nancy M. Morris, Secretary, Securities and Exchange Commission, 100 F Street, NE, Washington, DC 20549-1090.All submissions should refer to File Number S7-06-03. This file number should be included on the subject line if e-mail is used. To help us process and review your comments more efficiently, please use only one method. The Commission will post all comments on the Commission’sInternet Web site (/rules/final.shtml). Comments are also available for public inspection and copying in the Commission’s Public Reference Room, 100 F Street, NE, Washington, DC 20549. All comments received will be posted without change; we do not edit personal identifying information from submissions. You should submit only information that you wish to make available publicly.FOR FURTHER INFORMATION CONTACT: Sean Harrison, Steven G. Hearne, or Katherine Hsu, Special Counsels, Office of Rulemaking, Division of Corporation Finance, at (202) 551-3430, U.S. Securities and Exchange Commission, 100 F Street, NE, Washington, DC 20549-3628.SUPPLEMENTARY INFORMATION:We are amending certain internal control over financial reporting requirements in Rules 13a-14,1 13a-15,2 15d-14,3 and 15d-154 under the Securities Exchange Act of 1934,5 Item 308 of Regulations S-K6 and S-B,7 Item 15 of Form 20-F,8 General Instruction B(6) of Form 40-F,9 and Rule 2-02(f)10 of Regulation S-X.11 We also are adding the following temporary provisions: Rule 2-02T of Regulation S-X, Item 308T of Regulations S-K and S-B, Item 3A(T) of Form 10-QSB, Item 4T of Form 10-Q, Item 8A(T) of1 17 CFR 240.13a-14.2 17 CFR 240.13a-15.3 17 CFR 240.15d-14.4 17 CFR 240.15d-15.5 15 U.S.C. 78a et seq.6 17 CFR 229.10 et seq.7 17 CFR 228.10 et seq.8 17 CFR 249.220f.9 17 CFR 249.240f.10 17 CFR 210.2-02(f).11 17 CFR 210.1-01 et seq.Form 10-KSB, Item 9A(T) of Form 10-K, Item 15T of Form 20-F, and Instruction 3T of General Instruction B(6) of Form 40-F.I. BackgroundOn June 5, 2003,12 the Commission adopted several amendments to its rules and forms implementing Section 404 of the Sarbanes-Oxley Act of 2002.13 Among other things, these amendments require companies, other than registered investment companies, to include in their annual reports filed with us a report of management, and an accompanying auditor’s attestation report, on the effectiveness of the company’s internal control over financial reporting, and to evaluate, as of the end of each fiscal quarter, or year in the case of a foreign private issuer filing its annual report on Form 20-F or Form 40-F, any change in the company’s internal control over financial reporting that occurred during the period that has materially affected, or is reasonably likely to materially affect, the company’s internal control over financial reporting.Under the compliance dates that we originally established, companies meeting the definition of an “accelerated filer” in Exchange Act Rule 12b-214 would have become subject to the internal control reporting requirements with respect to the first annual report that they filed for a fiscal year ending on or after June 15, 2004. Non-accelerated filers15 would not have become subject to the requirements until they filed an annual report for a fiscal year ending on or after April 15, 2005. The Commission provided a lengthy compliance period for these requirements in light of the substantial time and resources needed by companies to implement12 See Release No. 33-8238 (June 5, 2003) [68 FR 36636].13 15 U.S.C. 7262.14 17 CFR 240.12b-2.15 Although the term “non-accelerated filer” is not defined in our rules, we use it throughout this release to refer to an Exchange Act reporting company that does not meet the Exchange Act Rule 12b-2 definitions of either an “accelerated filer” or a “large accelerated filer.”the rules properly.16 In addition, we believed that a corresponding benefit to investors would result from an extended transition period that allowed companies to implement the new requirements carefully, and noted that an extended period would provide additional time for the Public Company Accounting Oversight Board (the PCAOB) to consider relevant factors in determining and implementing new attestation standards for registered public accounting firms.17 In February 2004, we extended the compliance dates for accelerated filers to fiscal years ending on or after November 15, 2004, and for non-accelerated filers and for foreign private issuers to fiscal years ending on or after July 15, 2005.18 The primary purpose of this extension was to provide additional time for companies’ auditors to implement Auditing Standard No. 2, which the PCAOB had issued in final form in June 2004.19In March 2005, we approved a further one-year extension of the compliance dates for non-accelerated filers and for all foreign private issuers filing annual reports on Form 20-F or 40-F in view of the efforts by the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”) to provide more guidance on how the COSO framework on internal control can be applied to smaller public companies.20 We also acknowledged the significant efforts being expended by many foreign private issuers to apply the International Financial Reporting Standards.16 See Release No. 33-8238.17 Under the Sarbanes-Oxley Act, the PCAOB was granted authority to set auditing and attestation standards for registered public accounting firms.18 See Release No. 33-8392 (Feb. 24, 2004) [69 FR 9722].19 See Release No. 34-49884 File No. PCAOB 2004-03 (June 17, 2004) [69 FR 35083]. Auditing Standard No. 2, An Audit of Internal Control Over Financial Reporting Performed in Connection with an Audit of Financial Statements, provides the professional standards and related performance guidance for independent auditors to attest to, and report on, management’s assessment of the effectiveness of companies’ internal control over financial reporting.20 Release No. 33-8545 (Mar. 2, 2005) [70 FR 11528].Most recently, in September 2005, we again extended the compliance dates for the internal control over financial reporting requirements applicable to companies that are non-accelerated filers.21 Based on the September 2005 extension, domestic and foreign non-accelerated filers were scheduled to comply with the internal control over financial reporting requirements beginning with annual reports filed for their first fiscal year ending on or after July 15, 2007. This extension was based primarily on our desire to have the additional guidance in place that COSO had begun to develop to assist smaller companies in applying the COSO framework. In addition, the extension was consistent with a recommendation made by the SEC Advisory Committee on Smaller Public Companies.Since we granted that extension last year, a number of events related to internal control over financial reporting assessments have occurred. Most recently, on July 11, 2006, COSO and its Advisory Task Force issued Guidance for Smaller Public Companies Reporting on Internal Control over Financial Reporting.22 The guidance is intended to assist the management of smaller companies in understanding and applying the COSO framework. It outlines 20 fundamental principles associated with the five key components of internal control described in the COSO framework, defines each principle, describes a variety of approaches that smaller companies can use to apply the principles to financial reporting, and includes examples of how smaller companies have applied the principles.21 See Release No. 33-8618 (Sept. 22, 2005) [70 FR 56825].22 See SEC Press Release No. 2006-114 (July 11, 2006) at /news/press/2006/2006-114.htm.In addition, on April 23, 2006, the SEC Advisory Committee on Smaller Public Companies submitted its final report to the Commission.23 The final report includes recommendations designed to address the potential impact of the internal control reporting requirements on smaller public companies. Specifically, the Advisory Committee recommended that certain smaller public companies be provided exemptive relief from the management report requirement and from external auditor involvement in the Section 404 process under certain conditions unless and until a framework for assessing internal control over financial reporting is developed that recognizes the characteristics and needs of these companies.In April 2006, the U.S. Government Accountability Office (GAO) issued a report entitled Sarbanes-Oxley Act, Consideration of Key Principles Needed in Addressing Implementation for Smaller Public Companies.24 This report recommended that the Commission consider whether the currently available guidance, particularly the guidance on management’s assessment, is sufficient or whether additional action is needed to help companies comply with the internal control over financial reporting requirements. The report indicates that management’s implementation and assessment efforts were largely driven by Auditing Standard No. 2 because guidance at a similar level of detail was not available for management’s implementation and assessment process. Furthermore, the report recommended that the Commission coordinate its efforts with the PCAOB so that the Section 404-related audit standards and guidance are23 See Final Report of the Advisory Committee on Smaller Public Companies to the United States Securities and Exchange Commission (Apr. 23, 2006), available at/info/smallbus/acspc.shtml.24 U.S. Govt. Accountability Office, Report to the Committee on Small Business and Entrepreneurship, U.S. Senate: Sarbanes-Oxley Act: Consideration of Key Principles Needed in Addressing Implementation for Smaller Public Companies (April 2006).consistent with any additional guidance applicable to management’s assessment of internal control over financial reporting.25Finally, on May 10, 2006, the Commission and the PCAOB sponsored a roundtable to elicit feedback from companies, their auditors, board members, investors, and others regarding their experiences during the accelerated filers’ second year of compliance with the internal control over financial reporting requirements.26 Several of the comments provided at, and in connection with, the roundtable suggested that additional management guidance would be useful, particularly for smaller public companies, and also expressed support for revisions to the PCAOB’s Auditing Standard No. 2.27II.Extension of Internal Control Reporting Compliance Dates for Non-FilersAcceleratedOn May 17, 2006, the Commission and the PCAOB each announced a series of actions that they intended to take to improve the implementation of the Section 404 internal control over financial reporting requirements.28 These actions included:•Issuance of a concept release29 soliciting comment on a variety of issues that might be included in future Commission guidance for management to assist in its performance of a top-down, risk-based assessment of internal control over financial reporting;•Consideration of additional guidance from COSO;25 See GAO Report at 52-53, 58.26 Materials related to the roundtable, including an archived broadcast and a transcript of the roundtable, are available on-line at /spotlight/soxcomp.htm.27 See, for example, letters from the Biotech Industry Association, American Electronics Association, Emerson Electric Institute, U.S. Chamber of Commerce and Joseph A. Grundfest. These letters are available in File No. 4-511, at /news/press/4-511.shtml.28 See SEC Press Release 2006-75 (May 17, 2006), “SEC Announces Next Steps for Sarbanes-Oxley Implementation” and PCAOB Press Release (May 17, 2006), “Board Announces Four-Point Plan to Improve Implementation of Internal Control Reporting Requirements.”29 Release No. 34-54122 (July 11, 2006) [71 FR 40866].•Revisions to Auditing Standard No. 2;•Reinforcement of auditor efficiency through PCAOB inspections and Commission oversight of the PCAOB’s audit firm inspection program;•Development, or facilitation of development, of implementation guidance for auditors of smaller public companies;•Continuation of PCAOB forums on auditing in the small business environment; and •Provision of an additional extension of the compliance dates of the internal control reporting requirements for non-accelerated filers.Consistent with this announcement, on August 9, 2006, we proposed to extend further the date for complying with the internal control over financial reporting requirements for domestic and foreign non-accelerated filers.30 Approximately 44% of domestic companies filing periodic reports are non-accelerated filers, and an estimated 38% of the foreign private issuers subject to Exchange Act reporting are non-accelerated filers.31 Prior to today’s actions, non-accelerated filers were scheduled to begin complying with the management report requirement in Item308(a) of Regulations S-K and S-B and the auditor attestation requirement in Item 308(b) of Regulations S-K and S-B for their fiscal years ending on or after July 15, 2007. We proposed to postpone for five months (from fiscal years ending on or after July 15, 2007 to fiscal years ending on or after December 15, 2007) the date by which non-accelerated filers must begin to include management’s report. We also proposed to extend the compliance date for a non-30 Release No. 33-8731 (Aug. 9, 2006) [71 FR 47060].31 The percentage of domestic filing companies, excluding Investment Company Act of 1940 filers, that is categorized as non-accelerated filers is based on public float where available (or market capitalization, otherwise) from Datastream as of December 31, 2005. The estimated percentage of foreign private issuers that are non-accelerated filers is based on market capitalization data from Datastream as of December 31, 2005.accelerated filer regarding the auditor attestation report requirement for 17 months -- until it files an annual report for a fiscal year ending on or after December 15, 2008.32Furthermore, in a separate release also issued on August 9, 2006, we adopted an extension of the date for complying with the auditor attestation requirement for foreign private issuers that meet the Exchange Act definition of an accelerated filer, but not a large accelerated filer, and that file their annual reports on Form 20-F or 40-F, so that such issuers would not be subject to the auditor attestation requirement until a year after they first begin complying with the management report requirement.33We received letters from a total of 36 commenters on the proposed extension of the internal control over financial reporting compliance dates for non-accelerated filers.34 Thirty-five of these commenters generally supported the proposed extension.35 Many of these commenters believed that the extension would reduce compliance costs for smaller companies32 We also proposed and are extending the compliance dates for the auditor attestation report requirement appearing in Item 15(c) of Form 20-F and General Instruction B(6) of Form 40-F with respect to foreign private issuers that are non-accelerated filers.33 Release No. 33-8730A (Aug. 9, 2006) [71 FR 47056].34 The public comments we received are available for inspection in the Commission’s Public Reference Room at 100 F Street, NE, Washington DC 20549 in File No. S7-06-03. They are also available on-line at /rules/proposed/s70603.shtml.35 See letters from American Bar Association (ABA), American Bankers Association, America’s Community Bankers (ACB), American Institute of Certified Public Accountants (AICPA), BDO Seidman, LLP (BDO), Biotechnology Industry Organization and eight other commenters (BIO), Callidus Software Inc. (Callidus), Calix Networks, Inc. (Calix), Core-Mark International, Inc. (Core-Mark), Cravath, Swaine & Moore LLP (Cravath), Davis Polk & Wardwell (Davis Polk), Deloitte Touche LLP (Deloitte), Ernst & Young (E&Y), Financial Executives International (FEI), James Finn (J. Finn), Grant Thornton LLP (Grant Thorton), Graybar Electric (Graybar), Hermes Equity Ownership Services Ltd. (Hermes), Independent Community Bankers of America (ICBA), Idaho Independent Bank (IIB), IncrediMail Ltd., Institute of Public Auditors of Germany (IDW), Key Technology (Key), KPMG LLP (KPMG), LaCrosse Footwear, Inc. (LaCrosse), Congressman Stephen F. Lynch (Congressman Lynch), George Merkl (G. Merkl), MOCON, Inc. (MOCON), National Venture Capital Association (NVCA), PricewaterhouseCoopers LLP (PwC), Priority Fulfillment Services, Inc. (PFS), The Office of Advocacy of the Small Business Administration (SBA), Telecommunications Industry Association (TIA), Village Super Market, Inc. (Village) and Washington Legal Foundation.and provide them with additional time to develop best practices for compliance and greater efficiencies in preparing management reports.36 Some commenters suggested that the Commission extend the compliance date associated with the management report requirement for an even longer period of time than proposed.37 The commenter that did not express support for the proposed extension opposed, in particular, the 17-month extension of the auditor attestation compliance date.38We are adopting the extension of the compliance dates substantially as proposed. In response to public comment, we are adding a requirement that a non-accelerated filer clearly disclose in management’s report that management’s assessment of internal control has not been attested to by the auditor, if it is providing only management’s report during its first year of compliance with the Section 404 requirements.39Some commenters suggested that the Commission broaden the scope of relief so that the extended compliance dates would still cover companies that currently are non-accelerated filers even if they become accelerated filers or large accelerated filers before December 15, 2008.40 We are not adopting this relief as proposed. Consistent with the Exchange Act Rule 12b-2 definition of an accelerated filer and of a large accelerated filer, companies should determine their accelerated filing status at the end of the fiscal year in order to determine whether the extension is applicable to them.36 See, for example, letters from Core-Mark, FEI, J. Finn, Graybar, and Village.37 See, for example, letters from ABA, ACB, Davis Polk, ICBA, and MOCON.38 See letter from Council of Institutional Investors (CII). This commenter indicated that it would not oppose one additional modest extension of the compliance date for the internal control over financial reporting requirements for non-accelerated filers.39 See paragraph 4 of Item 308T of Regulations S-K and S-B, paragraph 4 of Item 15T of Form 20-F, and Instruction 3T of General Instruction B(6) of Form 40-F.40 See letters from Callidus, Core-Mark, IIB, PFS, and Village.Pursuant to the extension, a non-accelerated filer must begin to provide management’s report on internal control over financial reporting in an annual report it files for its first fiscal year ending on or after December 15, 2007.41 Non-accelerated filers must begin to comply with the provisions of Exchange Act Rule 13a–15(d) or 15d–15(d),42 whichever applies, requiring an evaluation of changes to internal control over financial reporting requirements with respect to the company’s first periodic report due after the first annual report that must include management’s report on internal control over financial reporting. The extended compliance date also applies to the amendments of Exchange Act Rule 13a-15(a) or 15d-15(a)43 relating to the maintenance of internal control over financial reporting. Under the extension, a non-accelerated filer must begin to provide the auditor attestation report in the annual report it files for its first fiscal year ending on or after December 15, 2008. We believe that these changes will make the internal control reporting process more efficient and effective, while preserving the intended benefits of the internal control over financial reporting provisions to investors.41 While the definition of an accelerated filer in Exchange Act Rule 12b–2 previously has had applicability only for a foreign private issuer that files its Exchange Act periodic reports on Forms 10–K and 10–Q, the definition by its terms does not exclude foreign private issuers. A foreign private issuer that is a large accelerated filer under the Exchange Act Rule 12b–2 definition, and that files its annual reports on Form 20–F or Form 40–F, must begin to comply with the internal control over financial reporting and related requirements in the annual report for its first fiscal year ending on or after July 15, 2006. A foreign private issuer that is an accelerated filer, but not a large accelerated filer, under the definition in Rule 12b-2 of the Exchange Act, and that files its annual report on Form 20-F or Form 40-F, must begin to comply with the requirement to provide the auditor’s attestation report on internal control over financial reporting in the annual report filed for its first fiscal year ending on or after July 15, 2007.A foreign private issuer that is not an accelerated filer under the Exchange Act Rule 12b–2 definition is required, under this extension, to begin to comply with the management report requirement in its annual report for its first fiscal year ending on or after December 15, 2007.42 17 CFR 240.13a-15(d) and 17 CFR 240.15d-15(d).43 17 CFR 240.13a-15(a) and 17 CFR 240.15d-15(a).。
SOX 404 Implementation Guidance October 2003STRICTLY FOR INTERNAL CIRCULATION ONLYContentsPage 1Sarbanes-Oxley, 2002, Section 404 (“SOX 404”) 3 1.1Management’s attestation requirement under SOX 404 3 1.2Management’s attestation 3 2Overview of the COSO framework 4 2.1COSO Framework 4 2.2Components of COSO framework 5 3Internal control 6 3.1Who 6 3.2Objective 6 3.3Effective internal controls 6 4IINV’s SOX 404 Framework 7 4.1SOX 404 framework 7 4.2Entity Assessment Questionnaires 7 4.3Controls performed at the Corporate Office 8 4.4Controls not documented or not formalised 8 5Financial Statements and Disclosure Assertion 9 5.1The Six assertions 9 5.2Financial statement caption 10 5.3Assertion Risk 10 5.4Mitigating controls 10 5.5Examples of control techniques 11 6Documentation 12 6.1Routine transactions 12 6.2Non-routine transactions 13 6.3Estimations 13 6.4Informal controls 14 6.5Some sources of Control Documentation 14 7How to address deficiencies 15 8Roles and responsibilities 16 8.1Unit management 16 8.2Unit Internal Assurance 16 8.3External Auditors 16SOX 404 – Implementation GuidanceOctober 20039Corporate Assistance 17 9.1Contacts 17 9.2Further guidance 17Appendices1 2 Management Attestation to be signed by the Unit CEO and CFOSample template for control documentationSOX 404 – Implementation GuidanceOctober 20031 Sarbanes-Oxley, 2002, Section 404 (“SOX 404”)1.1 Management’s attestation requirement under SOX 404The SEC Rules implementing SOX 404 require that each annual report of an SEC registrant should include an internal control report by management which contains the following:State responsibility of management for establishing and maintaining an adequateinternal control structure and procedures for financial reporting.Statement identifying the framework used by management to evaluate the effectivenessof internal controlContain an assessment of the effectiveness of the internal control structure andprocedures for financial reporting.External auditors are required attest management’s assertion on effectiveness ofinternal controls and procedures for financial reporting.1.2 Management’s attestationA sample of the attestation is given in Appendix 1 of this guidance note.SOX 404 – Implementation GuidanceOctober 20032 Overview of the COSO framework2.1 COSO FrameworkA SOX 404 assessment requires a suitable criteria for an effective internal control system.Committee of Sponsoring Organizations of the Treadway Commission (COSO) developed an internal control framework in 1992 (“COSO Framework”). IINV has chosen the COSO framework due to the following reasons:In the SEC rule to implement SOX 404, SEC has suggested COSO to be preferredframework;Draft AICPA guidelines for evaluation of internal control for SOX 404 recommends theuse of the COSO framework to provide the attestation.Suitable, recognised control framework developed through due process including publiccomment.The COSO Framework is illustrated below:SOX 404 – Implementation GuidanceOctober 20032.2 Components of COSO framework2.2.1 Control EnvironmentReflects tone set by top managementOverall attitude, awareness and actions of the board, management, owners, and othersconcerning importance of internal control and the emphasis placed on control in thecompany’s policies, procedures, methods, and organizational structure.Foundation for all other components of internal control, providing discipline andstructure.2.2.2 Risk AssessmentEntity’s identification and analysis of relevant risks (both internal and external) to theachievement of its objectives, forming a basis for determining how the risks should bemanaged.Entity-level objectives, including how they are supported by strategic plans and complemented on a process/application level, have been established andcommunicated.Risk assessment process, including estimating the significance of risks, assessing thelikelihood of their occurrence, and determining needed actions, has been established.2.2.3 Control ActivitiesPolicies and procedures ensure that management’s directives are carried out andcontrols called for by policy are being applied.Mitigating and monitoring controls related to specific risks for each financial statementcaption in the balance sheet and income statement.2.2.4 Information and CommunicationInformation and communication systems support identification, capture, and exchangeof information in a form and time frame that enable management and other appropriatepersonnel people to carry out their responsibilities.2.2.5 Monitoring and EvaluationMonitoring is a process that assesses the quality of internal control performance overtime.Periodic evaluations of internal control are made and personnel, in carrying out theirregular duties, obtain evidence as to whether the system of internal control continues to function.SOX 404 – Implementation GuidanceOctober 20033 Internal controlInternal control is a process, effected by an entity’s board of directors, management andother personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:Effectiveness and efficiency of operations Reliability of financial reportingCompliance with applicable laws and regulations3.1 WhoProcess designed by, or under the supervision of, the registrant's principal executive and principal financial officers and effected by the registrant's board of directors, management and other personnel3.2 ObjectiveTo provide reasonable assurance regarding reliability of financial reporting for external purposes in accordance with GAAP.3.3 Effective internal controlsEffective internal controls include policies and procedures for:maintenance of records that in reasonable detail accurately and fairly reflecttransactions and dispositions of assets;providing reasonable assurance that transactions are recorded as necessary to permitpreparation of financial statements in accordance with GAAP, and receipts and expenditures of the registrant are being made only in accordance with authorizations of management and directors of the registrant; andproviding reasonable assurance regarding prevention or timely detection ofunauthorized acquisition, use or disposition of assets that could have a material effect on financial statements.SOX 404 – Implementation GuidanceOctober 20034 IINV’s SOX 404 Framework4.1SOX 404 framework4.2 Entity Assessment QuestionnairesThere are five questionnaires covering Control Environment, Risk Assessment, Control Activities, Information & Communications and Monitoring & Evaluation. The entity assessment questionnaires are essential for overall assessment of elements of COSO framework. Management will need to answer all questions and provide:explanations for each “Yes” or “No”;Reference to relevant processes, documentation and other supporting information; self-assessment of the relevant control;audit trail to demonstrate effectiveness of design and effectiveness of controlsSOX 404 – Implementation GuidanceOctober 20034.3 Controls performed at the Corporate OfficeCross refer to policy and procedures followed by the Corporate Office, for example reporting and control exercised by the Audit Committee.4.4 Controls not documented or not formalisedIn certain cases, there may not be formal documentation for certain controls. For example, controls such as daily or regular routine plant/facility visits, conference calls to corporate for performance update etc. In such cases, the processes and controls should be made:transparent and verifiable in terms of regularity and observable for the purpose ofattestation.result of the control activity should be observable and be available for objectiveevaluation.consider formalising and documenting controls.Please refer to the section 6 for minimum “Documentation”.SOX 404 – Implementation GuidanceOctober 20035 Financial Statements and Disclosure Assertion5.1 The Six assertions5.1.1 Completenessno unrecorded assets, liabilities, transactions or events, or undisclosed items. controls exist to ensure actual transactions are not omitted from the records, all transactions are reflected in the proper accounting period5.1.2 ExistenceAsset or a liability exists at a point in time.Controls exist to ensure only valid assets and liabilities are recorded, safeguarded andperiodic accountability is maintained.Controls exist to ensure legal title to recorded assets and rights to assets are onlyassigned with appropriate authorization, andOnly liabilities of the company are recorded.5.1.3 AccuracyControls exist to ensure that transactions are recorded at correct monetary amounts.5.1.4 Valuationasset or liability is recorded at an appropriate amount using an appropriate method ofvaluation in line with US GAAPtransaction or event is recorded at the proper amount and revenue or expense isallocated to the proper period.5.1.5 OccurrenceAn assertion that a recorded transaction or event actually took place during the period. Controls exist to ensure fictitious or duplicate transactions are not included in therecords.5.1.6 DisclosureItem is properly classified,described, and disclosed in the financial statements.SOX 404 – Implementation GuidanceOctober 20035.2 Financial statement captionFinancial statement line items which are included in Hyperion for financial reporting purposes.5.3 Assertion RiskRisk that amounts reflected in the financial statements do not reflect the assertions. See The Six Assertions5.4 Mitigating controls Preventive controls designed to detect a fraud or prevent an errorusually applied at individual transaction levelmanual or IT controlsauthorization would be one of the mainpreventative controls.Transaction ProcessingControlsControls to ensure completeness and accuracy of transactions reflected in the financial statements. Detection controlssubstantiation or evaluation controls designed tomonitor an assertion risk, including identification of a fraud or errors.usually applied to groups of transactions. Physical safeguardcontrols segregation of duties,physical observationother techniques to limit access to assets,records, forms and processing5.5 Examples of control techniquesApprovalsMatching and comparisonsSequence checking and control logsRecalculationsControl totalsValidationAnalytical proceduresVerification of physical existenceVerification with third partiesReconciliation of control accountsPeriodic determination of valuation allowancesAccess restrictions6 DocumentationThe following paragraphs outline the minimum documentation required for routine, non-routine and estimations. Units may provide additional documentation for its processes and controls but he following minimum standards will need to be followed to comply with the requirements of SOX 404. Documentation requirements for each class of transactions is given below.6.1 Routine transactions6.1.1 OverviewRoutine transactions are frequently recurring financial activities reflected in the books and records in the normal course of business (e.g., sales, purchases, cash receipts, cash disbursements, payroll).The Units should examine or prepare copies of documentation which provides a basic understanding of the flow of transactions. This documentation should include how transactions are initiated, recorded, processed, and reported. The Unit should also consider other existing documentation (e.g., process models, flowcharts, procedural manuals, job descriptions, documents, forms).The documentation reflects all the relevant processing procedures, whether performed manually or automated. The project team generally obtains copies of or prepares certain information technology documentation. Since the primary purpose of this documentation is to help identify where errors or fraud can occur, the Unit should concentrate on documenting:Brief description and objective of the control and how it mitigates the assertion risk Major input sourcesDescribe whether the control is manual or automatedImportant data files (e.g., customer and price master files), documents, and records Significant processing procedures, including on-line entry and updating processes Important output files, reports, and recordsFunctional segregation of duties indicating the person primarily responsible for thecontrol.Physical evidence for the control to the extent possible or physical observation of thecontrol or result of the control activity.How is the control activity is performed and how often is it performed?For a control documentation template see Appendix 2 of this Guidance.6.1.2 Segregation of dutiesA lack of segregation of duties exists if any individual performs incompatible activities or if access controls of a computer application grant users inappropriate or excessive access to functionality (e.g., if an individual is in a position to both perpetrate and conceal fraud in the normal course of performing his or her duties). Thus, the Unit should consider whether any individuals:perform processing procedures that are incompatible with each other,perform both processing procedures and related controls, orhave inappropriate access to the accounting records and related assets.We recommend that Units develop methods for identifying inadequacies in the segregation of duties for each major class of transactions.6.2 Non-routine transactionsNon-routine transactions are financial activities that occur only periodically (e.g., taking physical inventory, calculating depreciation, adjusting for foreign currencies). A distinguishing feature of non-routine transactions is that data involved generally are not part of the routine flow of transactions. The Unit should focus on documenting:Procedures or forms the company uses (e.g., the written instructions used in a physicalinventory)Any computer applications the company uses in the accounting activities (e.g.,applications, purchased or internally-developed, used to calculate depreciation or to capture the physical inventory counts through barcode scanning)Assumptions, if any, employed in the transaction (e.g., the average useful livesemployed in calculating depreciation)frequency with which the non-routine transactionoccursThe company personnel involved in the accounting activities6.3 EstimationsEstimation transactions are financial activities that involve management judgments or assumptions in formulating an accounting balance in the absence of a precise means of measurement (e.g., determining the allowance for doubtful accounts, establishing warranty reserves, assessing assets for impairment). For this class of transactions, the Unit should focus on documenting the following:Data used to make the estimate (e.g., the aged listing of accounts receivable may beused to identify potential bad debts)Relevant factors and assumptions that company personnel consider in making theestimate, including the reasons for the particular assumptionsTechniques (i.e., the models) company personnel use to apply the assumptions to thedata, including the procedures to collect, calculate, and aggregate the relevant dataFrequency with which the estimation transaction occursDegree of subjectivity involvedCompany personnel (or third party specialists) involved in making the estimatedepreciation)Frequency with which the non-routine transaction occursCompany personnel involved in the accounting activities6.4 Informal controlsIt is likely that there will be a number of informal controls over processes and certain transaction. In such cases, Unit Management will have to consider documenting those controls based on the guidelines given above. It should also make such informal controls transparent and verifiable in terms of regularity and observable for independentattestationresult of the control activity should be observable and be available for objectiveevaluation.consider formalising and documenting controls.6.5 Some sources of Control DocumentationSystems implementation such as ERP or SAPPolicy and procedures manualISO certification manualsWritten procedures – manual and/or IT systems proceduresProcess flow /control chartsStrategy documents Budget and/or regular performance/variance update.7 How to address deficienciesAll significant deficiencies and material weaknesses need to be communicated in writing. These items should be set forth by management as part of its assessment report. In addition, the existence of a material weakness in internal control precludes an unqualified opinion that internal control is effective. The broad approach to significant deficiencies is as follows:Where there are no formal controls – management should document controls to ensureresults of the control activity are transparent and the process is observableWhere there are no controls – management should design and implement controls as amatter of utmost urgencyControls are not working satisfactorily – Management will need to review design of thecontrol and develop a remedial action plan to ensure controls are operating effectively. Please inform the Steering Committee and the SOX 404 Project Manager at the earliestopportunity should you come across a significant deficiency or a material weakness8 Roles and responsibilities8.1 Unit managementPrimary responsibility of management to ensure and monitor the existence of effectiveinternal controls.Appoint coordinators at each unit for SOX 404 implementationAssess need for completion of questionnaires by management of subsidiariesconsolidated within each primary reporting unit. This may need to be done in conjunction with IINV management.Process must be properly documented to permit attestation firstly by management andthen by internal auditors.Complete Management Self Assessment periodically and for timely review by internaland external auditors.Report ALL deficiencies and material weaknesses. Significant deficiencies will bereported to audit committee and addressed in the auditors reportDevelop action plan to eliminate deficiencies and material weaknesses with detailedtime table and responsibilities.Management attestation report from all units, signed by CEO and CFO.Please see Appendix 2 for the Management Certification required under SOX 404.8.2 Unit Internal AssuranceTest management self assessments at each unitProvide assurance to unit, corporate management and audit committee of IINVNO involvement in developing controls or preparing documentation of internal control –Essential to maintain their independence of internal auditors.8.3 External AuditorsTest unit’s assertions on internal control by reviewing work performed by InternalAssurancePerform additional testing for areas to be determined by them.9 Corporate Assistance9.1 ContactsThe Toolset will contain detailed guidance for completing each questionnaire. In order to facilitate this process we have a dedicated project team based in London led by Homiyar Wykes and will be your first point of contact. He will liaise with the Steering Committee for SOX 404 and respond to your questions and concerns. Members of the Steering Committee for SOX 404:Arvind Chopra, Director - Internal Assurance : + 44 (0)20 7543 1158T.N. Ramaswamy, Director - Finance: + 44 (0)20 7543 1174Simon Evans, General Counsel: + 44 (0)20 7543 1183Homiyar Wykes - hwykes@ - +44 20 7543 11369.2 Further guidanceAdditional guidance on implementation will be provided through separate inter office memoranda.Appendix 1 Management Attestation to be signed by the Unit CEO and CFOIn addition to the existing management certification under section 302 or the Sarbanes-Oxley Act, Unit CEO and CFO will be required to attest to the following once SOX 404 has been fully implemented:“As the certifying officers of Ispat [specify Unit Name], we are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-1415(e) and 15d-1415(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for Ispat [specify unit name] and have designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles.Based on our continuous review process we can certify, that adequate internal controls over financial reporting has been maintained in Ispat [specify unit name], over the period of twelve months ending December 31, 200[X].”Appendix 2Sample template for control documentationUnit NameFinancial Statement CaptionControl ObjectiveDescription of Control Activity How is the control activity performed and how often ?Manual / Automated / Semi automatedControl Procedures (Please describe briefly each of the applicable)AuthorisationCompletenessAccuracySubstantiationEvaluationAccess to AssetsRisk mitigated by the controlPrimary input sources Should include important data files (e.g., customer and pricemaster files), documents, and recordsProcessing procedures Significant processing procedures, including on-line entry andupdating processesPrimary OutputKey output files, reports, and recordsPhysical evidence for the control to the extent possible or physical observation of the control or result of the control activity.Segregation of duties Functional segregation of duties indicating the personprimarily responsible for the control.Process Recording Access Prepared by / Updated on: Name Designation Date Responsibility for control activity Name Designation DateDate of approval and authority Name Designation DateLast reviewed on: Name Designation Date。
