It’s been nearly two decades since the Canadian government passed Bill 198, Keeping the Promise for a Strong Economy Act. The bill is frequently referred to as the Canadian SOX or C-SOX in reference to the American counterpart, the Sarbanes-Oxley Act or SOX. Why are we talking about a 20-year-old bill? Because C-SOX compliance matters to mining companies — and what you don’t know about it could cost you both financially and through missed opportunities. Here’s what mining companies need to know about C-SOX.

SOX it to me — A C-SOX Primer

C-SOX legislation encompasses many areas. It is perhaps best known, though, for clauses that provide equivalent legislation to the U.S. Sarbanes-Oxley Act, seeking to protect investors by improving the accuracy and reliability of corporate disclosures. To greatly simplify things for our purposes, C-SOX compliance refers to the annual audit in which a public company is obligated to provide proof of accurate, data-secured financial reporting.

C-SOX compliance refers to the annual audit in which a public company is obligated to provide proof of accurate, data-secured financial reporting.

To comply, with C-SOX, Canadian companies must deliver a “reasonable assurance” they have mitigated the risk of material misstatement. In order to provide such assurance, the companies must display a high level of commitment, care, and meticulousness for reviewing and documenting their internal controls.

While the U.S. SOX Act compliance requires an external audit, Canadian companies do not have to submit an external auditor attestation of the adequacy of internal controls. Instead, Canada requires that both a company’s CEO and CFO internally certify the controls.

C-SOX does not provide a specific set of business practices and does not stipulate the manner of business record storage. Instead, it defines which records are to be stored and for how long.

Knock your SOX off — Why C-SOX matters even if you’re not publicly traded

All businesses that are publicly listed in Canada are required to comply with C-SOX. However,there are a multitude of good reasons for privately-held mining companies to embrace C-SOX compliance — not the least of which might be the company’s goal to go public or attract private investors at some point.

Compliance with C-SOX facilitates the process of raising capital, both in the private markets and through an IPO. Private investors are more likely to risk their capital on companies that they believe to be managed in accordance with best practices. And companies that wish to go public need to be in compliance with C-SOX before they can do so. Compliance with C-SOX also makes mining companies more attractive acquisition candidates for publicly held companies as it significantly reduces their risk.

Compliance with C-SOX facilitates the process of raising capital, both in the private markets and through an IPO.

Put a SOX in it — How mining companies can ensure compliance with C-SOX

C-SOX compliance need not be overly onerous. Essentially, C-SOX compliance can be boiled down to meticulous record keeping combined with common best business practices such as a segregation of duties.

When instituting compliance initiatives, Nigel Wallis, research manager for Canadian applications services at IDC Canada, suggests the ultimate objective should be to reduce cost, increase efficiency, and create a repeatable, automated environment that evaluates internal controls in a way that’s sustainable and scalable. “It’s not just about the internal controls,” he says. “You can also incorporate other risks and compliance and governance issues into those same automated controls.”

For smaller firms who may not have the same resources as the bigger organizations but have to comply with C-SOX, simple initiatives like checks and balances and segregation of duties will go a long way toward implementing internal controls and embracing best practices.

An effective way to help you achieve and maintain C-SOX compliance is with a Mining ERP like Caron Mining Solutions Powered by Sage. Caron Mining Solutions is built upon Sage X3, a fully integrated ERP system using one common database so all system users access, enter information into, and report on the same data. Below are some key areas of the solution’s functionality specifically relating to C-SOX compliance.

  • Visual Process Flows: Visual process flows ensure a logical, controlled sequencing of activities for each defined business process. These visual process flows serve as the required controls that help document the system’s behavior.
  • Workflow and Alerts: Automated workflows and alerts support control point notification for managing exception-based transactions. When exceptions like credit or margin failures occur on orders, the system automatically notifies the appropriate individuals of the irregularity.
  • Robust Security: Robust system-wide security ensures database integrity. An audit trail of all system updates and occurrences from password-protecting user access to specific data to time and date-stamping every transaction with the user’s identification.
  • Electronic Signatures: Safeguard data and business processes with digital electronic signatures. Leveraging electronic signatures throughout ERP processes can improve security and control over internal automated workflows.
  • Financial Reporting: The financial reporting capabilities provide complete audit traceability from financial statement to legal source document. The system pegs legal documents, such as invoices and purchase orders, from the line items listed to the corresponding transactions recorded in the general ledger. Ledger-auditing automatically directs inquiries and audit efforts towards related documentation.
  • Performance Monitoring: Streamline access to corporate data with a data warehouse, an intelligence engine, and a library of predefined reports that centralizes data then delivers it on demand to the right people at the right time. Graphs, dashboards, and KPIs are especially useful for showing real-time information related to financial and operational performance.

While Caron Mining Solutions supports C-SOX-compliant processes, it (or any ERP) will only enforce processes and workflows that your organization has identified and configured. It is ultimately your responsibility to configure your solution to be compliant with internal or regulatory compliance requirements.

If you’re ready to learn more about how Caron Mining Solutions can help your mining company improve its internal controls and achieve C-SOX compliance, give us a call at 877-560-5063 or email us at info@caronbusiness.com.

Paul has been involved with Sage 300 software for almost 30 years. He brings a well-rounded perspective to business management software implementation projects. His depth of knowledge and expertise in business process analysis has benefited several clients.