New COSO Updated ERM Framework – Coming Soon – End of June, Perhaps – Could Be Very Important

Just a heads up, a source has suggested that the new long-anticipated COSO (Committee of Sponsoring Organizations of the Treadway Commission) ERM update might finally be out at the end of June. COSO is spending a very long time (since October 2014) preparing and vetting this “update” of the 2004 Enterprise Risk Management — Integrated Framework. COSO’s sponsoring organizations are the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), The Institute of Internal Auditors (IIA), and the National Association of Accountants (now the Institute of Management Accountants [IMA]), and the Commission includes representatives from industry, public accounting, investment firms, and SROs (exchanges).

We’ll have to wait and see what we get with this “update,” which will either simply be a relatively unimpressive or vague tweak, or a useful, modernized, sufficiently detailed guide which might become the standard to achieve, or somewhere in between. I’m hopeful for the useful version – ERM needs a big boost – this “update” is important. I find that there really are only three ways to provide this type of boost: sponsorship and push by large or influential organizations and people, mandatory (i.e., by law, regulation or rule) adoption, or, sometimes, push and expectancy by the public.

Here is the link to the COSO website https://www.coso.org/Pages/default.aspx

Best to you, David Tate, Esq., Litigation, D&O, audit committees, etc., Royse Law Firm http://rroyselaw.com/

Advertisements

Evaluating Director Independence – Zynga Shareholder Derivative Suit

Thomas Sandys Derivatively on Behalf of Zynga, Inc. v. Pincus, et al., Delaware Supreme Court, Case No. 157,2016, December 5, 2016, highlights the sometimes difficulty, and the importance of evaluating director independence in the circumstance of a shareholder derivative suit.

In Zynga the plaintiff filed his shareholder derivative suit without first making a demand upon the board that the Company sue Company insiders that were alleged to have improperly sold Company stock. Instead of first making the demand upon the board, plaintiff argued that such a demand would have been futile because a majority of the nine person board members lacked independence.

In summary, the plaintiff alleged two derivative claims based on allegations that certain top managers and directors at Zynga were given an exemption to the Company’s standing rule preventing sales of stock by insiders until three days after an earnings announcement, and that the insiders who participated in the sale breached their fiduciary duties by misusing confidential information when they sold their shares while in possession of adverse, material non-public information. And plaintiff also asserted a duty of loyalty claim against the directors who approved the sale.

The holding in Zynga is that at the pleading stage there was sufficient evidence to suggest that a majority of the board did lack independence so as to excuse not making the demand upon the board. The holding is primarily interesting for the Court’s discussion about three particular board members, and the reasons why the Court determined that there was evidence to sufficiently suggest that those three directors did in fact lack independence to impartially consider a demand that the Company bring suit against the selling insiders, which resulted in a majority of the board also lacking independence, so as to excuse making the pre-suit demand upon the board.

To plead demand excusal the plaintiff must plead particularized factual allegations that create a reasonable doubt that, as of the time the complaint was filed, the board of directors could have properly exercised its independent and disinterested business judgment in responding to a demand. At the pleading stage, a lack of independence turns on whether the plaintiff has pleaded facts from which the director‘s ability to act impartially on a matter important to the interested party can be doubted because that director may feel subject to the interested party‘s dominion or beholden to that interested party.
With respect to one of the directors in question, the Court found troubling for the purpose of independence or lack thereof that the particular board member and her husband co-owned an unusual asset, an airplane, with Zynga’s former CEO and controlling stockholder, which the Court found was suggestive of an “extremely intimate personal friendship between their families.”

And with respect to the other two directors, the Court found troubling for the purpose of independence or lack thereof that the directors are partners at a prominent venture capital firm and that they and their firm not only controlled 9.2% of Zynga‘s equity as a result of being early-stage investors, but have other interlocking relationships with the controller and another selling stockholder outside of Zynga. More specifically the Court stated “Although it is true that entrepreneurs like the controller need access to venture capital, it is also true that venture capitalists compete to fund the best entrepreneurs and that these relationships can generate ongoing economic opportunities. There is nothing wrong with that, as that is how commerce often proceeds, but these relationships can give rise to human motivations compromising the participants’ ability to act impartially toward each other on a matter of material importance. Perhaps for that reason, the Zynga board itself determined that these two directors did not qualify as independent under the NASDAQ rules, which have a bottom line standard that a director is not independent if she has ―a relationship which, in the opinion of the Company‘s board of directors, would interfere with the exercise of independent judgment . . . .[Footnote #1: NASDAQ Marketplace Rule 5605(a)(2)] Although the plaintiff’s lack of diligence made the determination as to these directors perhaps closer than necessary, in our view, the combination of these facts creates a pleading stage reasonable doubt as to the ability of these directors to act independently on a demand adverse to the controller‘s interests. When these three directors are considered incapable of impartially considering a demand, a majority of the nine member Zynga board is compromised for Rule 23.1 purposes and demand is excused. Thus, the dismissal of the complaint is reversed.”

As you might correctly assume, board member independence can arise as an issue in several different corporate and governance related circumstances.

* * * * *

When should you take your internal accounting error/mistake or irregularity/fraud investigation outside?

Most every audit committee member, in-house counsel, other board member, CEO, CFO, risk officer, and chief internal auditor will at some time consider whether an accounting related investigation that is being done internally should be taken outside. The decision to stay inside or to go outside isn’t necessarily clear, and there certainly could be differing opinions depending on the facts and circumstances of the situation. The following isn’t a formal or legal discussion, but below are at least some of the factors that I would consider and that you might consider. Every situation is different at least to some extent.

  1. Is there really the expertise in-house to do the investigation? This is an important consideration that I will have more to say about in other posts – however, consider whether it is important for the primary investigator to not only have a legal background in the subject matter, but also accounting or auditing backgrounds. Whereas an accounting or auditing firm might also be retained to assist with the investigation, you might well also find that it would be helpful for the primary investigator to be able to understand the accounting, internal control and auditing or auditor issues, and that the primary investigator might need those backgrounds to better lead the investigation and make decisions or evaluations.
  2. Is there really the time availability to handle the investigation in-house?
  3. Is the dollar amount involved sufficiently large to warrant going outside for the investigation?
  4. Are the qualitative natures of the issues sufficiently important to warrant going outside, such as because of possible public relations, ethics, fraud, or other considerations?
  5. Does it warrant going outside because of the possible people who might be interviewed, questioned or involved including their office or stature in the organization, and their relationships with the people who are investigating, the board, the audit committee, the executive officers and other people?
  6. For whatever reasons, is it warranted or required that the investigation be independent, or more independent in nature.
  7. If the initial investigation began in-house (which is entirely possible), has it for whatever reason now become more prudent to go outside?

That’s it for now. Just some thoughts. I’m sure that you can come up with additional thoughts – the above discussion isn’t all encompassing.

Dave Tate, Esq. (San Francisco and California)

DTatePicture_Square

Audit Committee 5 Lines of Defense 07182016

tates-excellent-audit-committee-guide-10202016-final-with-appendix-a

sec-whistleblower-awards

Important – SEC v. United – Administrative Proceeding Relating to United’s Internal Accounting Controls to Prevent Violation of United’s Policies

On December 2, 2016, the SEC issued an Accounting and Auditing Enforcement, Administrative Proceeding Order against United Continental Holdings, Inc. Here is a link to the Order, CLICK HERE

Why is this Order important – because the SEC found that “United failed to design and maintain a system of internal accounting controls that was sufficient to prevent its officers from approving the use of United’s assets in connection with the South Carolina Route in violation of United’s Policies, which prohibited the use of assets for corrupt purposes.” This isn’t a Foreign Corrupt Practices Act case – the alleged corruption or impropriety occurred in the United States. The SEC alleged that United “instituted the South Carolina Route following pressure from David Samson (“Samson”), then the Chairman of he Board of Commissioners of the Port Authority of New York and New Jersey (“Port Authority”). The route provided Samson – who exercised authority and influence as a Port Authority official in matters affecting United’s business interests – with a more direct route to his house in South Carolina.”

The scenario in this case could occur at any time that a public company (1) allegedly acts improperly, and (2) it is alleged that the act was allowed or able to occur because of insufficient internal controls (resulting in a violation of the books and records and internal accounting controls provisions of the Securities Exchange Act, which is automatically alleged in a great number of cases because it is easy in most situations to allege that something unexpected occurred because of inadequate internal controls), and (3) the alleged improper act also allegedly violates some policy or procedure of the public company (i.e., in this case to not use corporate assets for an allegedly corrupt or improper purpose).

What can a company (and the audit committee) do about these possible situations? Review the company’s policies and procedures, and adopt and enact sufficient internal controls, monitored and updated regularly, to ensure that the policies and procedures are followed. But, of course, it is difficult and probably impossible to ensure 100% compliance. I have previously written that the books and records and internal accounting controls provision in the Securities Exchange Act should be amended to include a standard of conduct provision (such as negligence) because it is unreasonable to expect that internal controls, no matter how good, will stop all alleged wrongful conduct.

Below is a screenshot of some of the SEC v. United Order, providing a summary of some of the facts, and I have also included below a link to Tate’s Excellent Audit Committee Guide. Dave Tate, Esq., San Francisco and California

sec-v-united-continental-holdings

The following is a link to Tate’s Excellent Audit Committee Guide (updated October 20, 2016), Click Here

The following is a link to my trust, estate, conservatorship and elder abuse litigation blog, http://californiaestatetrust.com

Audit Committee 5 Lines of Defense 07182016

 

Gretchen Carlson – Harassment & Discrimination – Culture – A Task For The Board – And Internal Audit?

I have provided below a link to a short article about Gretchen Carlson, an interview that she is giving, possible legislative efforts, and sexual harassment and discrimination. We all know, or should know, that this is an important topic. Not only sexual harassment and discrimination, but harassment, discrimination, retaliation, bullying, and hostile environments, and not only male harassment and discrimination of females, but also female v. male, male v. male, female v. female, and including race, color, ancestry and national origin, religion and creed, age and elder, mental and physical disability, sex and gender, sexual orientation, gender identity, and more.

This is or should become an area of oversight for your board, and it also relates to the culture of the organization, and tone at the top, at the middle, and at the lower employee levels, including an environment that encourages people to report harassment and discrimination without fear of retribution, anonymously if the desired, with the knowledge that the reported conduct will be timely, fairly and fully investigated, and that appropriate action will be taken.

This really isn’t new stuff from legal and governance perspectives. Are your board, and the board’s committees, on top of this issue and the culture of the organization?

These can and often are difficult issues and situations.  Of course anyone accused is entitled to a defense, and to rebut the allegations. At law, in most situations, innocence is presumed. In recent past years there have also been stories involving allegations of harassment and discrimination reported in the news that turned out to be false or at least not sufficiently supported.

An investigation into situations involving these allegations often should be performed by outside legal counsel with a reputation for integrity and knowledge and experience in these practice areas.

But let me also suggest that the culture of the organization (but not an actual investigation of a specific situation) also could be an area for attention by internal audit, if the board or management puts it on internal audit’s agenda, and if internal audit is provided education and training about the critical elements, and investigation techniques, and help preparing an audit and reporting program. After all, internal audit also is looking to become more relevant in helping the organization to achieve its organizational objectives, goals and strategies.

The following is a link to one of the articles about Gretchen Carlson and what she is trying to do and accomplish: http://people.com/tv/gretchen-carlson-alleged-sexual-harassment-in-2020-interview/

 

Who Evaluates the Chief Audit Executive (CAE)?

At the bottom of this post is a screen shot from the new publication Ethics and Pressure, Balancing the Internal Audit Profession, published primarily from the 2015 global practitioner survey of internal auditors worldwide. This is a really big survey. What do you think of the screen shot? Is it appropriate for management to evaluate the chief audit executive (“CAE”)? I say “yes,” of course.

I note however, that the writer also says “Exhibit 9 indicates that this responsibility [i.e., the responsibility for evaluating the performance of the CAE] is generally split evenly between management and the board. The big exception is in North America, where 61% of CAE’s are formally evaluated by management. Often however, these evaluations are reviewed by an audit committee.”

Let me just say, and I read a fair amount of materials from or relating to the internal audit profession, these sentences from the writer probably speak volumes. Do you mean to say that the audit committee isn’t always also doing its own evaluation of internal audit? I really hope that’s not what the writer is saying.

If you are on an audit committee, do you evaluate the performance of the CAE and of the internal audit function (if you have an internal audit function)? I certainly hope so. I mean, regardless of how internal audit operates with management, as an audit committee member aren’t you interacting with internal audit also, and isn’t internal audit helping you to satisfy your due diligence responsibilities? If not, you really need to sit down and think about how the audit committee is using internal audit.

And, if you are an internal audit CAE or member, if the audit committee isn’t sufficiently interested in you to evaluate your performance and how you help or don’t help the audit committee, then you are really missing the boat with a significant entity (i.e., the audit committee) that you should be helping.

In fact, most of the materials that I read from internal audit miss the boat, in my opinion. Yes, management’s use and interaction with internal audit is very important, but the audit committee really should value and make use of the availability of internal audit to help the audit committee satisfy it’s duties. If this isn’t happening, both the audit committee and internal audit are missing out on a tremendous opportunity. It might also be argued that both are failing to satisfy their responsibilities.

Here’s the screen shot from the survey and discussion:

who-evaluates-the-cae

The FCPA Blog – Richard Bistrong: The dangerous charm of agents – a very well-written scenario

Below is a link to an article from The FCPA Blog (The Foreign Corrupt Practices Act Blog). The article discusses a hypothetical (or perhaps actual) scenario that can happen to any corporate representative on any day. The following is a copy and paste from the beginning of the article (to get you interested in reading the remainder):

“What is it about agents, fixers, and intermediaries that makes them so attractive while potentially toxic to multinationals?

If you haven’t spent extended time with them, it’s hard to understand.

So here’s what I shared last week at the FCPA Blog NYC Conference.

During our session called The Other Side of the Sting, Getting Stung, Dick Cassin asked, “What’s it like working with intermediaries, on a personal level?”

That’s not something we often hear about. In most of my readings, agents are abstract concepts, part of an “issue” about potential ethical and legal hazards. But there’s often something much deeper going on.

Most top agents are extremely kind, courteous and gracious people. Let me add overly polite. When their clients come to see them at far off locales, either for the first time or over the course of an engagement, the agents are wonderful hosts. From arrival at an airport until departure, the client is treated as an honored guest, often even invited for a meal or two at the agent’s home.”

And here is the link to the entire article: CLICK HERE

Read the remainder of the short article. You can envision this scenario happening all the time, or not at all. The point is that there always is a risk. The agent might simply be being nice, and hospitable, or in accord with country or community customs. So, yes, obviously you all know that you need/must have a robust compliance and disciplinary program that is outwardly supported by executive and mid-management, and the board members, on down to all employees and throughout the entire organization, and the organizations suppliers and affiliates, but also keep in mind that some of these situations, if they turn wrongful, might also only be prevented or stopped and remedied by an engrained corporate culture of integrity and honesty.

Best to you, Dave Tate, Esq., San Francisco and California

Click on the following for Tate’s Excellent Audit Committee Guide, Tate’s Excellent Audit Committee Guide 10202016 with Appendix A

The Business Judgment Rule (animation, for fun, but it’s correct):

Audit Committee 5 Lines of Defense 07182016

DTatePicture_Square