August 16, 2002
Jonathan G. Katz, Secretary
U.S. Securities and Exchange Commission FILED ELECTRONICALLY
Mail Stop 6-9
450 Fifth Street, N.W.
Washington, DC 20549
RE: Sarbanes-Oxley Act of 2002
Dear Mr. Katz:
As we noted in our comment letter dated July 18, 2002 (included in this electronic file), we agree that it is timely and appropriate for CEOs and CFOs to expand their representations on financial statements. We also agree that an essential element of financial reporting is the maintenance and evaluation of internal controls to reasonably assure a company's ability to collect, process and disclose information on a timely basis. Below you will find comments regarding the Sarbanes-Oxley Act of 2002 (The Act), which relate to representations and internal controls (principally section 302). In general, we find several areas where further clarification by the SEC would be extremely helpful toward proper implementation.
Limitation of Internal Controls
The Act states that:
"The signing officers -- A) are responsible for establishing and maintaining internal controls; B) have designed such internal controls to ensure that material information...is made known to...officers; C) have evaluated the effectiveness of internal controls within 90 days..."
Due to their inherent limitations, designing internal controls to "ensure" that material information is made known to officers is unattainable. Similar to the independent auditor's report, a comprehensive evaluation provides "reasonable assurance" that the procedures are operating effectively, but practically cannot be expected to "ensure" their effectiveness. The Treadway Commission and Committee of Sponsoring Organizations (COSO) highlighted this inherent limitation in their "Internal Control - Integrated Framework", the most extensive study on internal controls to date:
"Internal control, no matter how well designed and operated, can provide only reasonable assurance to management and the board of directors regarding the achievement of an entity's objectives. The likelihood of achievement is affected by limitations inherent in all internal control systems. These include the realities that human judgment in decision-making can be faulty, and that breakdowns can occur because of such human failures as simple error or mistake."
Given the above, we strongly suggest clarifying the inherent limitations of internal controls.
Significant Internal Control Deficiencies
The Act requires the signing officers to disclose:
"All significant deficiencies in design or operation of internal controls which could adversely affect the issuers ability to record, process, summarize, and report financial data..."
Further, The Act also requires companies to indicate any significant changes (after each 90-day evaluation) to internal controls that could adversely affect financial reporting. Practically any deficiency or change could have an adverse effect on financial reporting. For example, upgrading to a new software application "could" have an adverse, significant effect on controls. Companies seek to mitigate these inherent weaknesses with compensating controls such as a review by competent, professional staff. We suggest providing clarification that defines reportable changes or deficiencies, which are "likely" or "probable" to result in a material misstatement in financial reporting.
90-Day Evaluation
We fully support and regularly perform internal audits, on a cycle-basis, to reasonably assure internal controls are operating as expected. A complete evaluation of internal controls within 90 days of issuing each annual or quarterly report for a global company, such as CSC, will be challenging and costly, at best. At worst, performing complete re-evaluations every quarter could prove to be impossible. The SEC should consider providing further guidance and clarification of this requirement.
"Certified" Financial Information
The terms "certify" and "certification" imply a level of exactness that is unreasonable for any company to attain. Investors may read the term "certification" as a guarantee of financial results and condition. As so aptly stated by the SEC's Chief Accountant, Robert Herdman, in a January 2002 speech to the Financial Executives Institute:
"As the complexity and subjectivity of judgments increase, the inherent level of precision in the financial statements decreases, which is a fact that investors should be told. What they think they know now, is that the numbers at the bottom of the income statement -- net income and earnings per share -- are the conclusive, perhaps even infallible, measures of a company's performance for a period. That's not really true, of course, and investors need a better picture."
If the terms "certify" and "certification" must be used, then we suggest clearly defining the terms for investors. For example:
Financial Information
To "certify" means to confirm that the consolidated financial statements are prepared in conformity with accounting principles generally accepted in the US, which fairly present, in all material respects, the financial position, results of operations, and cash flows of the company.
Non-Financial Information
To "certify" non-financial information means to confirm that the company has established a system of internal controls that provides reasonable assurance that the information is materially accurate and complete.
We encourage the definition of "representation" to include references to US GAAP, judgments, and the level of assurance reasonably provided by internal controls. In fact, we have been surprised that the Sarbanes-Oxley Act of 2002, the SEC and the NYSE proposals have not yet included any reference to US GAAP. The representation should specifically inform investors that US GAAP forms the fundamental basis for accounting and reporting that "fairly presents in all material respects the financial condition and results of operations." Please refer to Exhibit I for an example of a representation that includes these references.
We appreciate your efforts in advancing financial reporting and thank you for an opportunity to comment on our concerns regarding implementation of Sarbanes-Oxley Act of 2002.
Sincerely,
Leon J. Level
Vice President
and Chief Financial Officer
Enclosure
EXHIBIT I
Report of Management
The consolidated condensed financial statements included in this report are the responsibility of Computer Sciences Corporation management. These consolidated condensed financial statements have been prepared in conformity with accounting principles generally accepted in the United States of America, and accordingly, include amounts that are based upon management's best estimates and judgement.
The Company maintains a system of internal controls, which in the opinion of management provides reasonable assurance that assets are safeguarded and that transactions are executed and recorded in accordance with management's authorization. The system includes careful selection and training of qualified personnel who are expected to adhere to the Company's Code of Ethics and Standards of Conduct. On a regular basis, the system is tested and evaluated by the Company's internal auditors and by the independent auditors during their annual audit.
The Board of Directors has appointed an Audit Committee composed solely of directors who are not officers or employees of the Company. The Audit Committee meets regularly with management, the internal auditors and independent auditors to ensure each is properly discharging its responsibilities. The independent auditors and internal auditors meet periodically and privately with the Audit Committee to review accounting, auditing, internal controls and financial reporting matters.
Van B. Honeycutt |
Leon J. Level |
July 18, 2002
Jonathan G. Katz, Secretary
U.S. Securities and Exchange Commission FILED ELECTRONICALLY
Mail Stop 6-9
450 Fifth Street, N.W.
Washington, DC 20549
RE: File No. S7-21-02
Dear Mr. Katz:
We appreciate the Commission's efforts in advancing the quality of financial reports. We agree that it is timely and appropriate for CEOs and CFOs to expand their representations on financial statements.
We also would like the Commission to consider some of our preliminary comments on the SEC's proposed rule: Certification of Disclosure in Companies' Quarterly and Annual Reports, File No. S7-21-02. We will submit a more comprehensive response prior to the August 19, 2002 deadline.
We think the proposed certification process could be improved by substituting a "Report of Management" with SEC filings. This "Report" is already published in many companies' annual reports (see Exhibit I for our most recent Report). The Report, signed by our CEO and CFO, among other representations, accepts responsibility for the financial statements as having been prepared in accordance with US GAAP. We welcome and would suggest expanding this Report and requiring it to be filed in a manner similar to the proposed certificate. This approach is appropriate because:
EXHIBIT I
Report of Management Computer Sciences Corporation
The consolidated financial statements included in this report are the responsibility of Computer Sciences Corporation management and have been prepared in conformity with generally accepted accounting principles. These consolidated financial statements include amounts that are based upon management's best estimates and judgement. All financial data included in this report is consistent with the information included in the consolidated financial statements.
The Company maintains a system of internal accounting controls, which in the opinion of management provides reasonable assurance that assets are safeguarded and that transactions are executed and recorded in accordance with management's authorization. The system is tested and evaluated on a regular basis by the Company's internal auditors as well as by the independent auditors during their annual audit. To ensure the effective administration of internal controls, the Company carefully selects and trains its employees and provides them with a written Code of Ethics and Standards of Conduct.
The Board of Directors has appointed an Audit Committee composed entirely of outside directors who are not members of management. The Audit Committee meets regularly with management, the internal auditors and the independent auditors, to ensure that each is properly discharging its responsibilities. The independent auditors and internal auditors may periodically meet alone with the Audit Committee to discuss appropriate matters.
Van B. Honeycutt |
Leon J. Level |