16 August 2002

Mr. Jonathan G. Katz
Securities and Exchange Commission
450 Fifth Street, NW
Washington, DC 20549-0609

Re: Requests for Comment: SEC Release No. 34-46300 (File No. S7-21-02)

Dear Mr. Secretary:

This letter responds to the Commission's request of August 2, 2002 for comment on the rules it is developing under § 302 of the Sarbanes-Oxley Act of 2002 ("the Act"), P.L. 107-204.

Together, the undersigned companies represent some of the largest U.S. issuers listed on exchanges and the over-the-counter market in this country and offer many years of experience as public reporting companies in the U.S. Some are part of the broadest market indices: the S&P 500 and the Dow Jones Industrial Average. We have extensive experience establishing and maintaining effective compliance systems and are keenly aware of the practical considerations raised when implementing effective systems that ultimately serve the investing public. In that spirit, we offer the following suggestions for how the Commission should implement the changes required by the Act within the next few weeks.

Given the breadth and diversity of the revisions to the law, this letter is not a complete review of the Act nor does it present our complete opinions. We are seeking only to raise and address those key points that are most critical from a compliance standpoint and which the Commission must address in the next few weeks. We may offer further comments on the Act, either individually or as a group.

We recommend that the Commission reconcile the certification procedures required by §§ 302 and 906 of the Act and the annual internal controls assessment required by § 404 of the Act to require public company officers to execute one certificate per periodic report.1 To that end, we recommend that the Commission consider the following suggestions. We have also attached proposed model certificates consistent with our recommendations.

A. Require Review and Certification of Internal Controls Annually, Not Quarterly

The Sarbanes-Oxley Act requires corporate officers to certify both periodic reports and internal controls. Specifically, paragraphs 302(a)(1)-(3) of the Act require public company officers to certify that the officer has reviewed the periodic report, and that, based on the officer's knowledge, its contents are not misleading and its financial statements and financial information fairly reflect the company's financial condition and results of operation. Paragraph 302(a)(4) of the Act requires the officer to certify the company's internal controls regarding material information. Section 404 of the Act requires a meaningful internal controls and financial reporting assessment on an annual basis.

Congress explicitly delegated to the Commission the authority to require the certifications enumerated in paragraph 302(a), "in each annual or quarterly report." Certainly, chief executive and chief financial officers of public companies will be certifying the quarterly and annual reports on a quarterly and annual basis. To reconcile the internal controls review and certification provisions and ensure that they will be meaningful, however, we believe that the Commission should use the rulemaking authority explicitly provided by Congress under § 302 to require certification of a company's internal controls under paragraph 302(a)(4) only on an annual basis in a company's Form 10-K.

An annual internal controls review and certification requirement would be consistent with the Commission's rulemaking authority, the Sarbanes-Oxley Act and the Commission's proposed rules addressing certification and internal control reviews.2 Congress recognized that requiring management to oversee and produce a thorough review of a company's internal controls and provide a material report on that review to the public would take time and divert resources. As a result, Congress required such reviews only on an annual basis in § 404 of the Act in order to best protect investors. Similarly, the SEC's proposed rules requiring a similar review of internal controls would require only annual, not quarterly, reviews.3

Practically speaking, the burdens of an internal controls review on individual companies are substantial. The task of providing a complete internal controls report every three months - with all the required meetings, documents, and reviews - would transform an otherwise meaningful annual exercise into a quarterly bureaucratic chore.

We believe that the cost benefit balance of the § 302 certification and the § 404 annual assessment supports the conclusion that this broad certification procedure need only occur once a year. Annual report disclosures required by these provisions can then be efficiently incorporated into an issuer's annual report on Form 10-K and meet part of the certification requirements of the Act. We suggest that the Commission use the flexibility explicitly delegated to it in § 302 to require certifications regarding the internal controls (i.e., those enumerated in paragraph 302(a)(4)) on an annual basis consistent with the Congressional mandate in § 404.4

B. Apply a Knowledge Qualifier and Materiality Standards to Section 302 Internal Controls Certification

Paragraph 302(a)(5) requires an issuer's CEO and CFO to report to the audit committee of the company's board and its outside auditors all "significant deficiencies" affecting internal controls. Paragraph 302(a)(6) further requires public disclosure of any "significant changes" in internal controls or factors that could affect internal controls, including "corrective actions" taken to address "significant deficiencies" and "material weaknesses".

We believe the current standards of materiality5 apply to any determination of what constitutes a "significant deficiency" under paragraphs 302(a)(5) and (6) and encourage the Commission to issue guidance in its rulemaking to that effect. The Commission itself explicitly stated in its proposed rules requiring officer certification of internal procedures on an annual basis that it "intend[s] the proposed certification to reflect current disclosure standards for `material" information' and that it believes it would not "change the underlying liability standard as to materiality or create an unacceptable risk of increased liability for a company's [officers]."6 We believe the § 302 certification requirements were also not meant to alter current materiality standards that apply to disclosures required under the Exchange Act and the Securities Act.

Making reference to current, well-established materiality standards would allow a company to focus on those deficiencies that matter to investors.7 We believe, therefore, that public disclosures and reports to auditors and the audit committee of "significant deficiencies" should be limited to those events that are material to the issuer.

We also believe that the certifications required by paragraphs 302(a)(5) and (6) should be subject to a knowledge qualifier since those paragraphs, combined with paragraph 302(a)(4), already define the level of inquiry to be made by the officers. Without a knowledge qualifier, a company's CEO and CFO could be held responsible for internal controls problems intentionally hidden from them as a result of others' fraudulent conduct.

C. Clarify the Scope of § 906 Certifications

Section 906 of the Act imposes criminal penalties on an issuer's CEO and CFO for the first time where such officers provide certifications under § 906 knowing that the periodic reports they are certifying do not meet the Act's requirements. The text of the certifications required under § 906 is, unfortunately, not entirely consistent with that called for in § 302 of the Act, leading to confusion for investors and management alike. As noted above, we believe the Commission should draft one certification that meets the requirements of both § 302 and § 906 and satisfies both the Commission and the Department of Justice.

In particular, we believe that a knowledge qualifier is consistent with both provisions of the Act and is required for the fair and meaningful implementation of § 906 of the Act given the section's criminal penalties.8 A knowledge qualifier is implicit in Congress's choice to impose criminal penalties only for knowing and willful violations of § 906. A knowledge qualifier is also be consistent with the certification required under the Commission's current one-time certification order9 and the language of paragraphs 302(a)(2) and (3) of the Act. We therefore encourage the Commission to work with the Department of Justice to ensure that any prescribed content for the § 906 certifications implements the knowledge standard deliberately chosen by Congress.

Separately, we encourage the Commission, in agreement with the Department of Justice, to clarify that § 906 certifications, like § 302 certifications, apply only to an issuer's annual and quarterly reports on Forms 10-K and 10-Q and not current reports on Form 8-K. The use of the term "periodic report" in § 906 excludes the Form 8-K which is titled a "current report."10 Still, confusion has arisen because the terms "annual and quarterly reports" are used in § 302 of the Act while the term "periodic report" is used in § 906 of the Act. Beyond the text of the Act, we believe the weight and importance of § 906 certification is appropriately reserved for annual and quarterly periodic financial filings.

We appreciate having the opportunity to present these points and suggestions. If you would like additional information about this submission, or would like our perspective about other aspects of the Act, please feel free to contact any one of the persons listed below.


Terry L. Overbey
Secretary and Associate General Counsel
The Procter & Gamble Company

John A. Seethoff
Deputy General Counsel, Finance and Operations
Microsoft Corporation

Gary P. VanGraafeiland
General Counsel and Senior Vice President
Eastman Kodak Company

Bart Schwartz
Senior Vice President and General Counsel
The MONY Group Inc.

Paul L. Reynolds
Executive Vice President, Secretary and General Counsel
Fifth Third Bancorp

Douglas E. Scott
Senior Vice President and General Counsel
Science Applications International Corporation

1 In order to maximize the efficiency of using a single certificate that covers both sections of the Act, the Commission should clarify that the certificate not be deemed "filed" with the periodic report.
2 The Commission already has broad authority to issue rules and regulations that implement the disclosure requirements of the Exchange Act. See, Section 19(a) of the Securities Act of 1933, as amended, 15 U.S.C. 77s(a) and Section 23(a)(1) of the Securities Exchange Act of 1934, as amended, 15 U.S.C. sec. 78w(a)(1).
3 See, SEC Rel. 34-4607 (June 14, 2002) at IV. B., proposing new rules requiring similar certifications and review of internal controls based on "the authority set forth in Sections 10(b), 13, 15(d) and 23(a) of the Exchange Act."
4 Our suggestion is also consistent with the Commission's own proposed rules which would require an officer to certify as to the company's internal procedures on an annual, and not a quarterly, basis. Ibid.
5 The applicable standards of materiality for federal securities law disclosure requirements are expressed in such seminal cases as TSC Industries, Inc., v. Northway, Inc., 426 U.S. 438 (1976) and Basic, Inc., v. Levinson, 485 U.S. 224 (1988). See also, SEC Staff Accounting Bulletin No. 99 -- Materiality (August 12, 1999) for a discussion of materiality standards as applied to financial disclosures.
6 SEC Rel. 34-4607 at II.A.2. The SEC's proposed review of internal procedures would include those related to both financial and non-financial reporting.
7 For instance, current materiality standards are explicit that information is material and must be disclosed if "there is a substantial likelihood that a reasonable shareholder would consider it important" in making an investment decision. TSC v. Northway, 426 U.S. at 449.
8 In the words of one of the original sponsors of sec. 906, Senator Joseph Biden (D-DE), "Truth be told, the certification requirement only imposes criminal sanctions for top corporate officials who lie about their financial records. Specifically, it only applies to `knowing' and `willful' failures to certify financial statements -- a very high standard. It would be one thing if the requirement applied criminal sanctions on a `strict liability' or `negligence' standard ... But our requirement is only triggered where top corporate officials knowingly or willfully certify financial statements that they know to be false. So, only top corporate officers who are consciously aware of a false statement ... would conceivably be subject to criminal sanctions." Congressional Record (July 26, 2002) at p. S7427. (emphasis added).
9 SEC Order 4-460 Requiring the Filing of Sworn Statements Pursuant to Section 21(a) of the Securities Exchange Act of 1934 (June 27, 2002), OMB No. 3235-0569.
10 17 CFR 249.308. The Commission also refers to the Form 8-K as "current reports on Form 8-K in its proposed revisions to the form, SEC Rel. 34-4607 (June 17, 2002), while it refers exclusively to Forms 10-K and 10-Q as periodic reports throughout its release proposing accelerated deadlines for filing of those forms, SEC Rel. 34-45741 (Apr. 12, 2002).

[To be Filed on an Annual Basis]

Model Officer's Certificate in compliance with sections 302 and 906
of the Sarbanes-Oxley Act of 2002

In connection with the Annual report of COMPANY NAME on Form 10-K for the period ending DATE, as filed with the U.S. Securities and Exchange Commission on the date hereof (the "report"), I, OFFICER'S NAME, TITLE of COMPANY NAME,

do hereby certify that:

do hereby further certify that, to the best of my knowledge:

do hereby further certify that, to the best of my knowledge and solely for purposes of section 1350 of chapter 63 of title 18, United States Code, that:

Signature Line:

[To be filed on a Quarterly Basis]

Model Officer's Certificate in compliance with sections 302 and 906
of the Sarbanes-Oxley Act of 2002

In connection with the Quarterly report of COMPANY NAME on Form 10-Q for the period ending DATE, as filed with the U.S. Securities and Exchange Commission on the date hereof (the "report"), I, OFFICER'S NAME, TITLE of COMPANY NAME,

do hereby certify that:

do hereby further certify that, to the best of my knowledge:

do hereby further certify that, to the best of my knowledge and solely for purposes of section 1350 of chapter 63 of title 18, United States Code, that:

Signature Line: