SEC Chief Accountant – Recommendations for Your Financial Reporting Role, Including Audit Committees – Forwarded From thecorporatecounsel.net

I am forwarding the below information from thecorporatecounsel.net (https://www.thecorporatecounsel.net/blog/), or you can also click on the following direct link Click HereI thank thecorporatecounsel.net for making this material available.

I have also inserted some of my comments into the materials below. My comments are marked “Tate: ____________.”

Best to you. David Tate, Esq. (and California inactive CPA) – my blogs: D&O, Corporate, and Audit Committees: http://auditcommitteeupdate.com; Trust, Estate and Elder and Dependent Adult Abuse Litigation: http://californiaestatetrust.com

SEC Chief Accountant: Recommendations for Your Financial Reporting Role

In connection with yesterday’s AICPA conference, SEC Chief Accountant Wes Bricker provided this statement on financial reporting & auditing issues that he’s been discussing with SEC Chair Jay Clayton and others. As you’d expect, a lot of the statement is aimed toward auditors – e.g. what they should be doing to improve quality. But the statement also emphasizes the role of companies in the financial reporting process – with plenty of recommendations for audit committees and management:

– Internal controls – particularly where there are close calls as to a significant deficiency or material weakness, audit committees should pay extra attention to the adequacy of & basis for the company’s ICFR assessment, and seek training if necessary (citing this enforcement action). It’s vital to focus not just on actual misstatements but also whether it’s reasonably possible that a material misstatement won’t be prevented or detected in a timely manner. 

Also remember that it’s the company’s responsibility to develop, maintain & assess ICFR – and that the thresholds for auditor attestation don’t change these requirements (it’s not obvious whether this remark is intended to foreshadow a change to the attestation requirement, which was discussed as a future possibility when the SEC increased the smaller reporting company threshold and in today’s Senate testimony by SEC Chair Jay Clayton). This blog from Cooley’s Cydney Posner reports that several members of the OCA Staff also discussed internal controls issues at yesterday’s AICPA Conference – with tips on how to assess controls and how to adequately disclose a material weakness.

Tate: As you are aware, whether an item or situation is material can be based on quantitative or qualitative aspects, or both. Definitely be mindful not only of actual misstatements, but also the processes and procedures for the design, implementation, review and updating of internal controls, and whether it is reasonably possible that a material misstatement won’t be prevented. As an audit committee member of course you should be concerned if you cannot rule out that it is reasonably possible that a material misstatement won’t be prevented. Also note the comment: seek training if necessary – training or education should be automatic under the business judgment rule.  Yes, also click on the Cooley blog link. It is a useful list, and might lead to inquiries for audit committee’s to explore with executive management, internal audit, and the external auditor to gain assurance that all is in order.

– CAMs – conduct a “dry run” so that the auditors & audit committee can discuss issues. It’s also important to understand that CAMs aren’t intended to duplicate management’s MD&A disclosure of critical accounting estimates.

Tate: The CAMs will be interesting to watch and evaluate. I will be writing additional posts on this. Currently, the CAMs and guidance that I have seen suggest that the CAMs are not required to be as detailed as I had thought. However, one guidance comment also states that the audit committee members should be prepared to address the CAM issues in greater detail than the information that is contained in the CAM disclosure. And, in fact, I would assume and expect that the audit committee members will have more knowledge about the issues discussed in the CAM disclosure.  

– Continuing education for audit committees – audit committee members must have time, commitment and experience to do the job well. Just possessing financial literacy may not be enough to understand the financial reporting requirements fully or to challenge senior management on major, complex decisions. Audit committees must stay abreast of these issues through adequate, tailored, and ongoing education.

Tate: Absolutely. Audit committees are expected to deal with some pretty challenging accounting, auditing, internal control, governance, investigation, risk management, and legal issues.

– Audit committee agendas – must be balanced toward understanding accounting, ICFR and reporting requirements. For example, as business, technology, accounting, and reporting requirements change, it is crucial that the audit committee understand management’s approach for designing and maintaining effective internal controls.

Tate: Consider, who has input in and decides what will be included on the audit committee agenda? You can discuss this in your annual, or more often, Audit Committee self-evaluation.

– Voluntary disclosure – OCA Staff encourages audit committees for listed public companies of all sizes to communicate how the listing requirements related to the “appointment, compensation, and oversight of the work of any registered public accounting firm. . .” are carried out, especially among smaller companies. There are positive disclosure trends among S&P 1500 companies when it comes to disclosing considerations in appointing the audit firm, fee negotiations and evaluations – but there are opportunities for more progress among mid- and small-cap companies.

Tate: Yes, this is important.

– Company processes to ensure auditor independence – emphasizing the role of companies to promote compliance by regularly monitoring corporate structural changes or other operational events that may result in new affiliates or business relationships and timely communicating these changes to the auditor, as well as evaluating the sufficiency of these monitoring processes & practices. Also note that the OCA Staff is assessing comments on the auditor independence “loan” rule – final rulemaking is expected in 2019.

Tate: Yes, this is important.

– Auditor communications – to enhance oversight, audit committees should consider requesting additional voluntary information from the auditor to understand their level of investment in quality control functions, the connection of technology to audit quality and how audit firm performance compares to others.

Tate: ” . . . audit committees should consider requesting additional voluntary information from the auditor . . . . ” I would say, don’t just “consider requesting” – yes, absolutely audit committee members should ask anything that they believe they need to know in order to satisfy their oversight functions and duties. Audit committee members have to significantly rely upon other qualified and trustworthy people to provided them with information that they need so that they can prudently go about performing their responsibilities. And also ask, for example, “Is there anything else that you know that you believe that I should know.”

– New GAAP standards – continue to focus on implementing & refining compliance with new standards on revenue recognition, leases & current expected credit losses.

Tate: For audit committee members, and what is expected of them, there are significant and numerous ongoing changes occurring with respect to GAAP (generally accepted accounting principles), GAAS (generally accepted auditing standards), internal audit, risk management and ERM, compliance, reporting, governance, investigations, legal issues, and other matters. The list is too long to summarize. For example, CAMs now focus on any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee: and that:

     1. Relates to accounts or disclosures that are material to the financial statements; and

     2. Involved especially challenging, subjective, or complex auditor judgment.

As another example, for your business and the industry in which it operates, consider estimates that are used in the recognition of revenue, or in situations of possible asset impairment.  It is also interesting and relevant that generally accepted accounting principles (GAAP) are now turning away from a more rules-based approach toward a more principles-based  approach which is the approach that existed when I first became a CPA. It is arguable that with a more principles-based approach, decisions, including, for example, how to account for something, are based more on judgment instead of definitive rules.  And in 2018 “culture” became a hot “new” topic although culture already was and has been or should have been an issue or criteria relevant to financial fraud prevention, material misstatements, and compliance with laws.

* * * * *

 

 

 

 

Do Your Directors & Audit Committee Members Tour the Workplace?

Comments for thought:

Best to you, David Tate, Esq., and California inactive CPA

Blogs:

Audit committees, D&O, business, governance, compliance, investigations, litigation, responsibilities and rights, liability, and risk management http://auditcommitteeupdate.com

Trust, estate, and elder and dependent audit abuse disputes and litigation, and contentious administrations http://californiaestatetrust.com

Please also connect with me on Linkedin and Twitter.

Guidance for Investigations – Workplace, Business, Board, Audit Committee and Special Committee

By David Tate, Esq., California (and California inactive CPA)

The following is some guidance for business-related investigations. We are seeing ongoing news about situations where investigations either should be considered or are required – including situations in which investigations were conducted, or have been starting or are in progress, or have not occurred, or did not occur, and also situations where alleged possible unlawful activity occurred or might have occurred but was not reported (although in some such situations knowledge of possible unlawful activity might have been known or perhaps should have been known). These issues don’t simply reflect on the accuser and the accused, but reflect on the business, nonprofit, or governmental entity at issue, and, variously depending on the situation, elected representatives, executive officers, boards of directors and the board committees including the audit committee, general counsel, compliance and ethics professionals, HR, employees, perhaps internal audit and even the external auditor, etc., and throughout the entire organization or entity.

In the workplace setting, for example, an employer has a duty to take reasonable steps to prevent harassment, discrimination, and unlawful employment practices, and to correct inappropriate workplace behavior. See, e.g., California Gov. Code §12940(k); and 29 CFR 1604.11(d). An employer can be liable for the failure to investigate, at least if there was underlying unlawful activity. And a failure to investigate can be considered ratification of unlawful activity. In appropriate circumstances on a claim of wrongful termination, the question can become whether the employer acted appropriately and in good faith after conducting a reasonable investigation and based on a reasonable belief in that investigation – in other words, the reasonableness of the employer’s investigation can become the standard by which the employer is judged for alleged wrongful termination liability purposes.

At the board level, for example, audit committees and special committees can be required to conduct and to oversee investigations in a host of situations such as alleged executive officer wrongdoing; accounting error or impropriety, fraud and foreign corrupt practice allegations; transactions affecting corporate control; affiliate arrangements; liability and derivative claims and litigation; alleged shareholder insider trading; or alleged self-dealing.

The following are some of the issues and steps to consider or follow when determining whether the investigation of a serious situation or allegation of misconduct was reasonable, and whether a reasonable belief in the outcome of the investigation and its process is warranted:

  • Take the complaint of wrongdoing seriously;
  • Maintain confidentiality of the situation to the extent reasonably possible;
  • Conduct a timely investigation promptly after receiving the complaint of wrongdoing or becoming aware of the possible situation;
  • Decide and appoint an appropriate sufficiently independent and qualified person or committee to oversee the investigation, and for decision-making;
  • Consider whether the investigator will be someone in-house or from outside the entity, and how the investigator will be retained, such as through legal counsel;
  • Have the investigation performed by an investigator who is competent and knowledgeable about the relevant subject matter and issues (including for example, as necessary, claims, defenses, applicable law, burdens of proof, presumptions, gathering evidence and the showing required, etc.), and also how to conduct (and evaluate) investigations, investigation techniques, evidence (including, e.g., credibility, admissibility, whether the evidence or possible evidence is “A” or “B” or “C, ” examination, confirmation or support, cross-examination, rebuttal or debunking, and impeachment), writing reports and opinions, and oral communication and witness testimony experience and abilities. Also note issues that might be present if the investigation is performed by an attorney for whom attorney client or work product privileges might be claimed. In short, work these issues out before the investigator is selected;
  • Consider qualified legal counsel and possible additional specialty assistance needed (such as CPA or forensic accountant experts hired through counsel or possibly through the investigator); consider the issue of independence depending on the capacity in which the person, firm or entity is providing services; and also carefully consider any possible appearance of inappropriate conflict or bias, including as viewed by courts, legal authorities, third party stakeholders, and other people in general.
  • Follow appropriate complaint investigation procedures;
  • Listen to and treat the difference sides fairly and equally;
  • Obtain, evaluate and understand the claims that are being made and possible defenses – including, e.g., claims based on a statute or section of law, a regulation, or a rule, and also claims based on some other standard such as any applicable policy, handbook, code of conduct, contract, collective bargaining agreement, etc. that had been enacted or adopted;
  • Provide the accuser with ample opportunity to offer evidence of his or her claims including what occurred or not, documents that might be relevant, and the names of and information about witnesses who he or she believes can provide relevant comments about the alleged occurrence(s);
  • Give the alleged wrongdoer fair notice of the claims being made;
  • Provide the alleged wrongdoer with ample opportunity to offer evidence in his or her defense, including what occurred or not, documents that might be relevant, and the names of and information about witnesses who he or she believes can provide relevant comments about the alleged occurrence(s);
  • When appropriate, provide and communicate an appropriate means whereby third parties can provide information that is relevant to the issues and the investigation;
  • Have the investigator conduct a thorough investigation, under the circumstances (note that in some circumstances courts have held that the investigation need not necessarily be perfect, but it should be sufficient, reasonable and thorough under the exigencies and circumstances at hand without the benefit of full discovery or a trial);
  • Have the investigator prepare a well-reasoned report and conclusions, supported by and based on objective evidence;
  • Have the investigator report to the decision-making person or committee;
  • Have the decision-maker or committee prudently and appropriately evaluate the claims, defenses and investigation; and
  • Implement progressive discipline if appropriate?

Of course, each situation is different, and for some of the above points the courts and regulatory agencies have provided additional guidance.

Best to you,

David Tate, Esq., California (and California inactive CPA) – blogs: audit committees, D&O, governance, compliance, investigations, responsibilities and rights, liability, and risk management http://auditcommitteeupdate.com – trust, estate, and elder and dependent audit abuse litigation http://californiaestatetrust.com – please also connect with me on Linkedin and Twitter.

Disclaimer. This post is not a solicitation for legal or other services inside or outside of California, and also does not provide legal or other professional advice to you or to anyone else, or about a specific situation – remember that laws are always changing – and also remember and be aware that you need to consult with an appropriate lawyer or other professional about your situation. This post also is not intended to and does not apply to any particular situation or person, nor does it provide and is not intended to provide any opinion or any other comments that in any manner state, suggest or imply that anyone or any entity has done anything unlawful, wrong or wrongful – instead, each situation must be fully evaluated with all of the evidence, whereas this post only includes summary comments about information that may or may not be accurate and that most likely will change over time.

Auditor Inclusion of Critical Audit Matters in Audit Opinion – Center for Audit Quality Release to Help Understanding

You might be aware that external auditors are required to include a discussion of critical audit matters in their audit opinion reports for large accelerated filers for audits of fiscal years ending on or after June 30, 2019, and for other public companies for audits of fiscal years ending on or after December 31, 2020. I expect that CAMs will in some instances present or cause contentions between the external auditor on the one hand, and the audit committee, board, and executive officers on the other hand.

A Critical Audit Matter or CAM is defined as:

Any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee: and that:

  1. Relates to accounts or disclosures that are material to the financial statements; and
  2. Involved especially challenging, subjective, or complex auditor judgment.

Thus, based on the above definition, simply determining whether a matter is a CAM could be a challenging issue.

For example, in any given audit situation consider:

-What matters were communicated, or were required to be communicated to the audit committee;

-Relating to accounts or disclosures that are material to the financial statements; and

-Involved especially challenging, subjective, or complex auditor judgment?

I will be discussing the good, the bad, the ugly, and the confusing as this upcoming new area of audit opinion report continues to develop. Auditors and audit committees will need to carefully evaluate what to communicate and what is required to be communicated, materiality (qualitative and quantitative), and whether a matter involves especially challenging, subjective, or complex audit judgment.

For additional help with these issues, the following is a link to a June 24, 2018, release by the Center for Audit Quality entitled Critical Audit Matters: Key Concepts and FAQs for Audit Committees, Investors, and other Users of Financial Statements – click on the following link https://www.thecaq.org/critical-audit-matters-key-concepts-and-faqs-audit-committees-investors-and-other-users-financial

Best to you, David Tate, Esq. (and California inactive CPA)

 

 

 

 

Can’t get fire insurance for homes in the California foothills? Owner and lender risk management and more . . .

I heard this today. I don’t know if it is true or not, but it sounds possible. People who own houses in the California foothills and related possible fire zones might be having trouble and might not be able to get fire insurance for their homes, or the premiums could be prohibitively expensive.

Considering the fires in both northern and southern California during the last 2-3 years, there could be a lot of fire zone areas.

If this is true, it raises a whole host of issues in addition to the owners simply wanting to insure one of their most valued assets. Other issues include, and this is not an exhaustive list, what if there is a mortgage on the house and the loan agreement requires the owner/borrower to have fire insurance – what are the lenders going to do in this circumstance; what areas will insurance companies classify as unusual fire zone or hazard areas that are subject to different fire insurance coverage or offerings; are any insurance companies at risk of insolvency or bankruptcy due to exposure for having to pay for damages arising from the fires; and what will the California government do and say about these issues (hint – I’m not hearing anything)? And I am sure that you can come up with a more comprehensive list.

Insurance typically is considered a risk management issue, but it is a personal issue for homeowners, and it would not surprise me if fire insurance coverage, and building in general, become political in this instance.

Back to work – a full day ahead working on pleadings, declarations, court filings, and meetings.

Best to you, David Tate, Esq. (California). My two primary blogs: trust, estate, elder and dependent adult abuse litigation, etc. – http://californiaestatetrust.com, and D&O, audit committees, governance, etc. – http://auditcommitteeupdate.com

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

 

Tate’s Excellent Audit Committee Guide (02172017) – posted here, and being update

Below I have provided a link to Tate’s Excellent Audit Committee Guide, which I last fully updated February 17, 2017. Since that time developments relating to various of the discussion topics have been posted to this blog. I am starting the process of fully updating the Guide. To be sure there have been changes and developments since February 17, 2017; however, I believe that you will still find the Guide useful.

Click on the following link to the February 17, 2017, Guide Tate’s Excellent Audit Committee Guide 02172017 with Appendix A-2

The following is a screenshot of the Guide’s cover:

 

 

 

Risk Management – We Really Haven’t Gotten As Far As I Would Have Thought – My Suggestion: Government, Nonprofits, Education, Healthcare, Etc., Should Be Leaders

Risk management or the need for a business to have and implement risk management processes is obvious, or at least in my view it is. Of course, each business is different and risk management will vary from business to business. Thus, a recent article in the Journal of Accountancy (see link below) was disappointing – assuming the article is correct, in terms of recognizing the need for and implementing risk management processes we really haven’t gotten nearly as far as I would have hoped, or expected, or thought. Perhaps that is so because, although the need for risk management processes is obvious or intuitive, or in my view it should be obvious or intuitive, you have to actually schedule and spend time to perform risk management – you have to make a conscious decision to evaluate, design and implement appropriate risk management processes – and I find that in business (including governmental entities, nonprofits, public companies, and private businesses), except for actions or tasks that must specifically and directly be performed to design, produce, and market a product or service, people generally only perform a task or take an action, especially when they do not view that task or action as being directly tied to the making or marketing and offering of the product or service:

(1) If required to do so by law, regulation, rule or similar requirement, or

(2) If required or expected to do so by the consumers, or important or influential stakeholders or organizations, or the community or public, or

(3) Pursuant to the personal values, beliefs, morals or expectations of the business itself or of the person performing the task or action.

I follow articles and posts written by several very experienced and influential risk management and enterprise risk management professionals and organizations. Thus, information in the recent article in the Journal of Accountancy about the status of risk management took me by surprise as it indicates or at least suggests that the development and implementation of risk management processes is across the board less than I had assumed. At this point, knowledge and implementation of risk management or enterprise risk management processes should be well-recognized, accepted, and implemented, not only at public companies, but also at governmental entities, nonprofits, and private businesses. Here is the link to the Journal of Accountancy article: https://www.journalofaccountancy.com/issues/2018/sep/risk-oversight-can-inform-audits.html

Below in this blog post I have inserted six snapshots of information from the article. Although the article is less detailed than I would have wished, in terms of risk management, I would have expected not only much greater implementation of risk management processes, but also I would have expected that accountant auditors already would be taking the entity’s risk management processes, or lack thereof, into consideration. I have to say that the lack of progress in this regard seems ridiculous. 

What actions are required to bring about or achieve increased or even universal acceptance of the need to evaluate, design and implement risk management processes? Only time will tell. One answer is more laws, regulations, or rules mandating more broad and specific risk management requirements. That might be one of the solutions, and I can certainly see the need for more specific mandated risk management requirements and processes in certain high-risk situations, or in certain situations where there is potential significant risk to an innocent third-party (such as a consumer or employee) and where that risk is controlled or can be controlled only by a third party such as a manufacturer or employer. 

The typical approach is to enact more laws, regulations, or rules mandating more broad and specific risk management requirements. Let me suggest another answer or solution. For the most part a business only has responsibilities to its shareholders (and sometimes to prospective shareholders), and, in appropriate circumstances, such as product liability or environmental contamination as examples, there can also be legal responsibilities to not cause harm to other people.

However, other entities exist which have responsibilities and perhaps influence that are broader, such as, for example, governmental and nonprofit entities and organizations. Let me suggest that although enacting more broad and specific risk management requirements on public companies is one approach to bring about increased risk management processes and activities, and perhaps that approach is necessary, a more or equally constructive approach is to educate the public at large and other stakeholders, and to lead by example, particularly in the context of governmental entities which enact and impose specific risk management requirements upon others.

Thus, I suggest that governmental entities lead by example, and that they not only evaluate, design and implement their own risk management processes, but then also report to the public what the governmental entity is doing in the context of risk management evaluation, design and implementation, thereby creating a heightened awareness and expectation level for all, including for governmental entities, public companies, nonprofits, and private businesses.

I referenced above governmental entities and nonprofits as having responsibilities and perhaps influence that are broader and that can exceed those of businesses in general. That is, both governmental entities and nonprofits have responsibilities that are for the broader public benefit.  And there are other institutions and industries or professions – for example, influential institutions or entities such as mid- and higher-level education, the media and the press, and medical or healthcare institutions and entities – each of which can and should be a leader, and can enhance or heighten the public’s awareness and expectations about risk management and risk management processes, in addition to evaluating, designing and implementing their own risk management processes. It seems to me that this is a clear win all around for everyone. We just need some influential people and organizations to run with it. Are there any that are willing and interested in doing so? The alternative might be increased mandatory requirements or lawsuits. Risk management processes also are worthwhile to reduce liability and legal damages exposure. 

The following are six snapshots from the Journal of Accountancy Article, several times the words “some” and “may” are used – it is time to get past the “some” and “may” and use words that indicate and evidence definite and universal expectation and acceptance of the evaluation, design and implementation of risk management processes for public companies, governmental entities, nonprofits, and private businesses:

Snapshot 1:

Journal of Accountancy Sept 1 2018 article snapshot 1 Snapshot 2:

Journal of Accountancy Sept 1 2018 article snapshot 2

Snapshot 3:

Journal of Accountancy Sept 1 2018 article snapshot 3

Snapshot 4:

Journal of Accountancy Sept 1 2018 article snapshot 4

Snapshot 5:

Journal of Accountancy Sept 1 2018 article snapshot 5

Snapshot 6:

Journal of Accountancy Sept 1 2018 article snapshot 6

Best to you, David Tate, Esq. (and California CPA (inactive)), Royse Law Firm, Menlo Park, California office, with offices in northern and southern California.  My blogs: trust, estate, elder abuse and conservatorship litigation http://californiaestatetrust.com, D&O, boards, audit committees, governance, etc. http://auditcommitteeupdate.com, workplace http://workplacelawreport.com

David Tate, Esq., Overview of My Practice Areas (Royse Law Firm, Menlo Park, California office, with offices in northern and southern California. http://rroyselaw.com),

  • Civil Litigation: business, commercial, real estate, D&O, board and committee, founder, owner, investor, creditor, shareholder, M&A, trade secrets, IP, and other disputes and litigation; and investigations
  • Probate Court Litigation: trust; estate; power of attorney; elder, disability, and dependent adult abuse and protection; and conservatorship disputes and litigation
  • Administration: trust and estate administration and contentious administrations representing fiduciaries and beneficiaries
  • Workplace (including discrimination) litigation and consulting
  • Board, director, committee and audit committee, and executive officer responsibilities and rights, governance, and investigations

Royse Law Firm – Overview of Firm Practice Areas – San Francisco Bay Area and Los Angeles,

  • Corporate and Securities, Financing and Formation
  • Corporate Governance, D&O, Boards and Committees, Audit Committees, Etc.
  • Intellectual Property – Patents, Trademarks, Copyrights, Trade Secrets
  • International
  • Immigration
  • Mergers & Acquisitions
  • Labor and Employment
  • Litigation (I broke out the litigation as this is my primary area of practice)
  •             Business & Commercial
  •             IP – Patent, Trademark, Copyright, Trade Secret, NDA
  •             Accountings, Fraud, Lost Income/Royalties, Etc.
  •             Internet Privacy, Hacking, Speech, Etc.
  •             Labor and Employment
  •             Mergers & Acquisitions
  •             Real Estate
  •             Owner, Founder, Investor, D&O, Board/Committee, Shareholder
  •             Lender/Debtor
  •             Investigations
  •             Trust, Estate, Conservatorship, Elder Abuse, and Administrations
  • Real Estate
  • Tax (US and International) and Tax Litigation
  • Technology Companies and Transactions, Including AgTech and HealthTech, Etc.
  • Wealth and Estate Planning, Trust and Estate Administration, and Disputes and Litigation

Disclaimer. This post is not a solicitation for legal or other services inside or outside of California, and also does not provide legal or other professional advice to you or to anyone else, or about a specific situation – remember that laws are always changing – and also remember and be aware that you need to consult with an appropriate lawyer or other professional about your situation. This post also is not intended to and does not apply to any particular situation or person, nor does it provide and is not intended to provide any opinion or any other comments that in any manner state, suggest or imply that anyone or any entity has done anything unlawful, wrong or wrongful – instead, each situation must be fully evaluated with all of the evidence, whereas this post only includes summary comments about information that may or may not be accurate and that most likely will change over time.

 

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles