Final answer:
CEOs and CFOs must certify to the audit committee any disclosed material control weaknesses and ensure financial statements comply with GAAP under the Sarbanes-Oxley Act. They are not required to certify that all instances of fraud have been detected or prevented.
Step-by-step explanation:
Under the Sarbanes-Oxley Act of 2002, chief executive officers (CEOs) and chief financial officers (CFOs) are indeed required to personally certify the accuracy of the financial statements and disclosures contained in annual and quarterly SEC filings. Among the items they must certify are:
- They have disclosed to the audit committee any significant deficiencies in the design or operation of internal controls which could adversely affect the company's ability to record, process, summarize, and report financial data.
- They have identified any material weaknesses in internal controls.
- They have disclosed to the auditors and the audit committee any fraud, whether or not material, that involves management or other employees who have a significant role in the company's internal controls.
- The financial statements, and other financial information included in the filing, fairly present in all material respects the financial condition and results of operations of the company.
While it's true that the executives must certify that the financial statements were prepared in conformity with generally accepted accounting principles (GAAP), and they must disclose any material control weaknesses, they are not required to assert that the company's internal controls have prevented or detected all material instances of fraud during the last year. Rather, they need to disclose any detected fraud involving employees who have a significant role in internal controls. Thus, the correct answer to the certification items required by Sarbanes-Oxley is a combination of options 1) and 2): They have disclosed to the audit committee any material control weaknesses, and the financial statements were prepared in conformity with GAAP.