SOX Section 302 Quarterly Certification Checklist

The CEO and CFO must evaluate DC&P effectiveness as of the last day of the fiscal quarter being reported — not as of the filing date. Document the evaluation date explicitly.

Sub-certs gather written representations from CFOs and controllers of significant subsidiaries whose numbers roll into consolidated financials. They are not required by the rules but are standard practice and the first thing enforcement looks for when a misstatement occurs at the subsidiary level.

The disclosure committee should meet before each quarterly filing to review material items, open litigation, and management estimates. Minutes must be finalized and signed before the 302 certification.

If DC&P deficiencies were identified, they must be evaluated for materiality. Significant deficiencies and material weaknesses require disclosure. Document the assessment and conclusion in writing.

Any significant change in ICFR during the quarter — new ERP system, major process redesign, acquisition, disposition — must be identified and disclosed in Item 4 of Form 10-Q. 'No changes' is itself an affirmative statement requiring verification.

This is the core substantive certification. The 'fair presentation' standard goes beyond GAAP compliance — it requires that the statements, taken as a whole, provide an accurate picture of financial position. Review analyst questions, auditor communication, and board discussions for any suggestion of contrary view.

Off-balance-sheet arrangements (operating leases pre-ASC 842, guarantees, variable interest entities) that could materially affect liquidity, capital resources, or results must be disclosed. Review with treasury and legal for any new arrangements entered into during the quarter.

New regulatory investigations, material litigation developments, consent decrees, and governmental inquiries may require disclosure even if not finalized. Get a written update from GC covering the quarter through the filing date.

Any identified deficiency in ICFR must be communicated to the audit committee. Material weaknesses require communication in writing. Document that this communication occurred and confirm auditor acknowledgment.

Review all transactions with directors, officers, 5%+ shareholders, and their affiliates during the quarter. Related-party transactions must be disclosed under Regulation S-K Item 404 and ASC 850. New arrangements need audit committee pre-approval under most public company policies.

Any change in revenue recognition policy — new contract types, modified performance obligations, updated standalone selling prices — must be identified and disclosed. Revenue is the highest-risk line item for SEC enforcement.

Goodwill impairment assumptions, allowance for doubtful accounts, warranty reserves, and restructuring charges are common SEC inquiry targets. Document the basis for each estimate and compare to prior periods for consistency.

Every quarterly report must include CEO and CFO certifications under Section 302 (Exhibits 31.1 and 31.2) and Section 906 (Exhibits 32.1 and 32.2). Missing or late certifications are automatic filing deficiencies.

Large accelerated and accelerated filers must file within 40 days of quarter end. Non-accelerated filers have 45 days. Late filings trigger delinquency notices and may cause S-3 shelf registration ineligibility.

Segment information must reflect how the CODM (chief operating decision maker) actually evaluates performance. If business unit reorganization occurred during the quarter, segment disclosures may require updating.

EDGAR inline XBRL must correctly tag all financial statement line items. Common errors: incorrect element selection, wrong sign convention, missing units. EDGAR validation errors must be resolved before filing.

Newly appointed CEOs and CFOs who sign their first certification should receive briefing from outside securities counsel covering criminal liability, the sub-certification process, and disclosure committee operation.

Non-GAAP measures in the press release must reconcile to GAAP in the 10-Q. Inconsistencies between the press release and the 10-Q filing are a red flag for SEC staff reviewing the filing.

Trading window administration and 10b5-1 plan documentation are ICFR-adjacent controls. Recent SEC amendments to Rule 10b5-1 added cooling-off periods and single-trade plan limits that may affect officer trading.

Since December 2023, material cybersecurity incidents require 8-K disclosure within 4 business days of determining materiality. Review any incidents with CISO and GC. Document the materiality determination regardless of outcome.

Audit committee review of quarterly financials (SAS 100 review procedures) should be completed and documented before the CEO/CFO sign their 302 certifications. The committee chair should confirm completion in writing.

SEC rules require retention of records relevant to the certification for at least 7 years. This includes sub-certifications, disclosure committee minutes, legal updates, and audit communication. Store in a non-alterable medium or document management system.

The certifications must be signed by the principal executive officer and principal financial officer individually. They cannot be delegated to deputies, IROs, or general counsel. Using an authorized signatory other than the actual PEO/PFO is a filing deficiency.