In connection with yesterday’s AICPA conference, SEC Chief Accountant Wes Bricker provided this statement on financial reporting & auditing issues that he’s been discussing with SEC Chair Jay Clayton and others. As you’d expect, a lot of the statement is aimed toward auditors – e.g. what they should be doing to improve quality. But the statement also emphasizes the role of companies in the financial reporting process – with plenty of recommendations for audit committees and management:
– Internal controls – particularly where there are close calls as to a significant deficiency or material weakness, audit committees should pay extra attention to the adequacy of & basis for the company’s ICFR assessment, and seek training if necessary (citing this enforcement action). It’s vital to focus not just on actual misstatements but also whether it’s reasonably possible that a material misstatement won’t be prevented or detected in a timely manner.
Also remember that it’s the company’s responsibility to develop, maintain & assess ICFR – and that the thresholds for auditor attestation don’t change these requirements (it’s not obvious whether this remark is intended to foreshadow a change to the attestation requirement, which was discussed as a future possibility when the SEC increased the smaller reporting company threshold and in today’s Senate testimony by SEC Chair Jay Clayton). This blog from Cooley’s Cydney Posner reports that several members of the OCA Staff also discussed internal controls issues at yesterday’s AICPA Conference – with tips on how to assess controls and how to adequately disclose a material weakness.
Tate: As you are aware, whether an item or situation is material can be based on quantitative or qualitative aspects, or both. Definitely be mindful not only of actual misstatements, but also the processes and procedures for the design, implementation, review and updating of internal controls, and whether it is reasonably possible that a material misstatement won’t be prevented. As an audit committee member of course you should be concerned if you cannot rule out that it is reasonably possible that a material misstatement won’t be prevented. Also note the comment: seek training if necessary – training or education should be automatic under the business judgment rule. Yes, also click on the Cooley blog link. It is a useful list, and might lead to inquiries for audit committee’s to explore with executive management, internal audit, and the external auditor to gain assurance that all is in order.
– CAMs – conduct a “dry run” so that the auditors & audit committee can discuss issues. It’s also important to understand that CAMs aren’t intended to duplicate management’s MD&A disclosure of critical accounting estimates.
Tate: The CAMs will be interesting to watch and evaluate. I will be writing additional posts on this. Currently, the CAMs and guidance that I have seen suggest that the CAMs are not required to be as detailed as I had thought. However, one guidance comment also states that the audit committee members should be prepared to address the CAM issues in greater detail than the information that is contained in the CAM disclosure. And, in fact, I would assume and expect that the audit committee members will have more knowledge about the issues discussed in the CAM disclosure.
– Continuing education for audit committees – audit committee members must have time, commitment and experience to do the job well. Just possessing financial literacy may not be enough to understand the financial reporting requirements fully or to challenge senior management on major, complex decisions. Audit committees must stay abreast of these issues through adequate, tailored, and ongoing education.
Tate: Absolutely. Audit committees are expected to deal with some pretty challenging accounting, auditing, internal control, governance, investigation, risk management, and legal issues.
– Audit committee agendas – must be balanced toward understanding accounting, ICFR and reporting requirements. For example, as business, technology, accounting, and reporting requirements change, it is crucial that the audit committee understand management’s approach for designing and maintaining effective internal controls.
Tate: Consider, who has input in and decides what will be included on the audit committee agenda? You can discuss this in your annual, or more often, Audit Committee self-evaluation.
– Voluntary disclosure – OCA Staff encourages audit committees for listed public companies of all sizes to communicate how the listing requirements related to the “appointment, compensation, and oversight of the work of any registered public accounting firm. . .” are carried out, especially among smaller companies. There are positive disclosure trends among S&P 1500 companies when it comes to disclosing considerations in appointing the audit firm, fee negotiations and evaluations – but there are opportunities for more progress among mid- and small-cap companies.
Tate: Yes, this is important.
– Company processes to ensure auditor independence – emphasizing the role of companies to promote compliance by regularly monitoring corporate structural changes or other operational events that may result in new affiliates or business relationships and timely communicating these changes to the auditor, as well as evaluating the sufficiency of these monitoring processes & practices. Also note that the OCA Staff is assessing comments on the auditor independence “loan” rule – final rulemaking is expected in 2019.
Tate: Yes, this is important.
– Auditor communications – to enhance oversight, audit committees should consider requesting additional voluntary information from the auditor to understand their level of investment in quality control functions, the connection of technology to audit quality and how audit firm performance compares to others.
Tate: ” . . . audit committees should consider requesting additional voluntary information from the auditor . . . . ” I would say, don’t just “consider requesting” – yes, absolutely audit committee members should ask anything that they believe they need to know in order to satisfy their oversight functions and duties. Audit committee members have to significantly rely upon other qualified and trustworthy people to provided them with information that they need so that they can prudently go about performing their responsibilities. And also ask, for example, “Is there anything else that you know that you believe that I should know.”
– New GAAP standards – continue to focus on implementing & refining compliance with new standards on revenue recognition, leases & current expected credit losses.
Tate: For audit committee members, and what is expected of them, there are significant and numerous ongoing changes occurring with respect to GAAP (generally accepted accounting principles), GAAS (generally accepted auditing standards), internal audit, risk management and ERM, compliance, reporting, governance, investigations, legal issues, and other matters. The list is too long to summarize. For example, CAMs now focus on any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee: and that:
1. Relates to accounts or disclosures that are material to the financial statements; and
2. Involved especially challenging, subjective, or complex auditor judgment.
As another example, for your business and the industry in which it operates, consider estimates that are used in the recognition of revenue, or in situations of possible asset impairment. It is also interesting and relevant that generally accepted accounting principles (GAAP) are now turning away from a more rules-based approach toward a more principles-based approach which is the approach that existed when I first became a CPA. It is arguable that with a more principles-based approach, decisions, including, for example, how to account for something, are based more on judgment instead of definitive rules. And in 2018 “culture” became a hot “new” topic although culture already was and has been or should have been an issue or criteria relevant to financial fraud prevention, material misstatements, and compliance with laws.
* * * * *