Forwarding from The FCPA Blog – “Yes, ‘ethical culture’ can be measured” or audited – and so can governance, risk management, compliance, and almost everything, etc. . . .

I am forwarding a July 22, 2019, post by Vera Cherepanova on the FCPA Blog – the following is the link to Ms. Cherepanova’s post: http://www.fcpablog.com/blog/2019/7/22/yes-ethical-culture-can-be-measured.html

Ms. Cherepanova highlights the recent Department of Justice update to its “Evaluation of Corporate Compliance Programs,” and also references the U.S. Federal Sentencing Guidelines, noting that both in part refer to the importance “for a company to create and foster a culture of ethics and compliance.” She then queries: “But how does a company measure its culture of compliance, and what steps does it take in response to its measurement of the compliance culture?” Responding to her query, Ms. Cherepanova states, “Although they sometimes may be labeled differently, the key five you would want to incorporate [into] your measurement include the following: Achievability of targets, goals, and tasks . . . Communication . . . Leadership . . . Organizational justice . . . [and] Accountability.”

I view the blog post as discussing at least two issues: “yes, ethical culture can be measured,” and “criteria that might be used to measure ethical culture.” My response to the first issue also is “yes.” In fact, ethical culture not only can be measured, but can also be audited, such as by internal audit or outside audit. Related to culture, tone-at-the-top and internal controls and control processes have long been recognized as elements in an audit at least from the standpoint of evaluating the possibility of fraud and the extent to which records can be relied upon in designing the audit. Almost anything can be audited including, for example, not just financial transactions but also governance, risk management or risk management processes, compliance with laws, and the list is almost endless.

The more challenging issue is what criteria to use to measure or audit ethical culture and other areas? And, of course, there are follow up issues such as determining who will actually perform and evaluate the measurement or audit process, and will the task of establishing ethical culture not only involve management but also oversight by the board, or the audit committee, or a separate risk committee? Guidelines require board and/or board committee oversight. Relevant to these issues, also click on the following link for a May 2019 post that I wrote about the new DOJ guidelines https://wp.me/p75iWX-fc

Ms. Cherepanova lists some good key areas to measure or audit. It is possible to add additional key areas, and additional criteria can be added to the five areas that the blog post identifies. I’m not being critical of the five key areas that are listed, instead, I am merely pointing out that there is lack of agreement on the key areas to include in the measurement or audit process. Certainly at least DOJ and court case guidance should be consulted. It should also be added, for example, the establishment of a robust anonymous reporting process, and related investigation processes. In addition to others, you should also consult legal counsel for additional guidance. Consider using a team approach as these topics can require input from attorneys and other professionals who have backgrounds in a multitude of different areas.

Ms. Cherepanova’s post raises many additional issues, in fact too many to cover in this post. Under Leadership and Accountability, for example, does or will the alleged wrongdoer’s stature or status within the organization impact the investigation and/or the resulting discipline, if any? These can be difficult questions. Whereas one might argue that stature or status should not be relevant criteria, the severity of disciplinary measures can both positively and negatively impact an organization when a key member of the organization is involved.

My view has been and remains that organizational culture and ethical culture are here to stay as significant or at least relevant organizational issues.

—————————————————————

Remember, every case and situation is different. It is important to obtain and evaluate all of the evidence that is available, and to apply that evidence to the applicable standards and laws. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this website. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

I am also the new Chair of the Business Law Section of the Bar Association of San Francisco.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

The following are copies of the tables of contents of three of the more formal materials that I have written over the years about accounting/auditing, audit committees, and related legal topics – Accounting and Its Legal Implications was my first formal effort, which resulted in a published book that had more of an accounting and auditing focus; Chapter 5A, Audit Committee Functions and Responsibilities, for the California Continuing Education of the Bar has a more legal focus; and the most recent Tate’s Excellent Audit Committee Guide (February 2017) also has a more legal focus:

Accounting and Its Legal Implications

Chapter 5A, Audit Committee Functions and Responsibilities, CEB Advising and Defending Corporate Directors and Officers

Tate’s Excellent Audit Committee Guide

The following are other summary materials that you might find useful:

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

From a prior blog post which you can find at https://wp.me/p75iWX-dk if the below scan is too difficult to read:

* * * * *

New July 11, 2019, PCAOB CAM Guidance For Audit Committees – Is A Matter A CAM (See Chart); And Responses To FAQs

On July 11, 2019, the PCAOB published additional guidance for audit committees about CAMs (Critical Audit Matters). I have provided a link below to the additional guidance. From the additional guidance, I am also providing immediately below a snapshot to the PCAOB’s chart to help determine whether a matter is a CAM, plus four of the PCAOB’s responses to frequently asked questions that I found interesting. This is my fourth relatively recent post in which I have commented about CAMs.

Immediately below is a snapshot to the PCAOB’s chart to determine whether a matter is a CAM:

The following are snapshots of four of the PCAOB’s responses to frequently asked questions that I found to be interesting. While the responses are useful and helpful, I don’t find that they simplify the matter. The response in the first snapshot below also could be confusing – I expect that audit committees will want to have a significant role in, or at least significant input in or comments about, CAMs and certain specific CAMs and proposed CAMs in particular. Whereas the auditor might have ultimate say about how a CAM is worded (because it is the auditor’s report), I expect that audit committees will be directly involved in and vocal about whether or not a matter is a CAM, and how the CAM is communicated. And I expect that in some circumstances there might be or will be disagreement, at which point the audit committee, or the board, or the company might be put the position of having to evaluate whether to communicate or respond further about the CAM, and the manner of doing so.

The following are snapshots of four of the PCAOB’s responses to frequently asked questions that I found to be interesting:

Click on the following link to be taken to the PCAOB’s page with the new July 11, 2019, PCAOB guidance for audit committees about CAMs:

https://pcaobus.org/Documents/Audit-Committee-Resource-CAMs.pdf

—————————————————————

Remember, every case and situation is different. It is important to obtain and evaluate all of the evidence that is available, and to apply that evidence to the applicable standards and laws. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this website. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

I am also the new Chair of the Business Law Section of the Bar Association of San Francisco.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

The following are copies of the tables of contents of three of the more formal materials that I have written over the years about accounting/auditing, audit committees, and related legal topics – Accounting and Its Legal Implications was my first formal effort, which resulted in a published book that had more of an accounting and auditing focus; Chapter 5A, Audit Committee Functions and Responsibilities, for the California Continuing Education of the Bar has a more legal focus; and the most recent Tate’s Excellent Audit Committee Guide (February 2017) also has a more legal focus:

Accounting and Its Legal Implications

Chapter 5A, Audit Committee Functions and Responsibilities, CEB Advising and Defending Corporate Directors and Officers

Tate’s Excellent Audit Committee Guide

The following are other summary materials that you might find useful:

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

From a prior blog post which you can find at https://wp.me/p75iWX-dk if the below scan is too difficult to read:

* * * * *

ESG – SEC Commissioner Comments – And Who At Your Board Has Oversight?

Is ESG, or some version of it here to stay? There isn’t agreement on this. My view is that, yes, ESG or some version of it is here and will remain, either by market forces and expectations, or by statute, regulation or rule. However, for example, click on the following link to a recent June 18, 2019, speech by SEC Commissioner Peirce and her discussion and some criticism of ESG – https://www.sec.gov/news/speech/speech-peirce-061819. If you follow ESG developments you already know that ESG or aspects of it and related disclosures are slowly being mandated internationally, while in the U.S. market forces and expectations are more at play.

My view also is that at least some of ESG is already covered by risk management or enterprise risk management. “Environmental,” yes that’s a risk management issue. “Social,” yes certain aspects of “social” are or can be risk management issues, including, for example, culture, reputation, and perhaps some aspects of safety. “Governance,” yes that’s a risk management issue. But I agree with the comments or criticisms or warnings of the risk that under the heading of ESG, or risk management, or enterprise risk management, or sustainability, or corporate social responsibility, and the list goes on, anyone could at least argue that their particular special or particular interest fits somewhere under those headings, and that business or a particular business must take action with respect to that particular special or particular interest. The ability to make such an argument also has increased exponentially, and we are seeing it played out, as everyone has or can have an opinion on anything and everything through social media and other opportunities.

So . . . my view is that one way or another these issues are here to stay, and management must address and deal with them as appropriate for each individual business (and the industry in which the business operates). You can also see in the news that by different means different businesses are dealing with or handling these issues, and the ways of doing so will continue to develop.

One might ask, within a particular business (because businesses are separate and individual and should not be lumped as a whole), are there people at the board level who are exercising some oversight of the business’s procedures and processes for handling ESG or aspects of ESG, or risk management or enterprise risk management over environmental, social and governance matters?

People should remember, or should learn, that for most but not all matters, issues and tasks the board’s role is oversight not day-to-day management or involvement, such as, for example, under the business judgment rule. See my prior post with business judgement rule slides at https://wp.me/p75iWX-fm. But director proxy voting recommendations are also becoming more widely disseminated and vocalized about individual directors.

With respect to risk management, the board often delegates to the audit committee the initial oversight of risk management. However, my view is that any committee to which risk management is delegated should still report to the board about its oversight and what it has found, done, and recommended in that regard, and that oversight of overall risk management remains as a board-level matter. See also various stock exchange rules and auditing pronouncements referring and relating to audit committee, or board involvement in the oversight of risk management.

Board and audit committee responsibilities and potential new responsibilities, or at least what some people are arguing those responsibilities should be, also have increased and are greatly increasing. Risk management isn’t new, although what should or might be done to oversee risk management or enterprise risk management is still developing. For the most part, ESG as possibly a separately recognized item is new – and I would argue that “ESG” as a recognized item is vague and ambiguous because there is no agreement about just what criteria or items comprise ESG. I would also suggest that even if it is not specifically legally required, the board and/or its delegated committee should begin, if they don’t already do so, exercising appropriate oversight of management’s procedures and processes relative to ESG and if not of ESG then certainly risk management or enterprise risk management relative to appropriate environmental, social, and governance matters.

These certainly are developing areas of law and possible responsibilities.

Every case and situation is different. It is important to obtain and evaluate all of the evidence that is available, and to apply that evidence to the applicable standards and laws. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this website. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

I am also the new Chair of the Business Law Section of the Bar Association of San Francisco.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

The following are copies of the tables of contents of three of the more formal materials that I have written over the years about accounting/auditing, audit committees, and related legal topics – Accounting and Its Legal Implications was my first formal effort, which resulted in a published book that had more of an accounting and auditing focus; Chapter 5A, Audit Committee Functions and Responsibilities, for the California Continuing Education of the Bar has a more legal focus; and the most recent Tate’s Excellent Audit Committee Guide (February 2017) also has a more legal focus:

Accounting and Its Legal Implications

Chapter 5A, Audit Committee Functions and Responsibilities, CEB Advising and Defending Corporate Directors and Officers

Tate’s Excellent Audit Committee Guide

The following are other summary materials that you might find useful:

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

From a prior blog post which you can find at https://wp.me/p75iWX-dk if the below scan is too difficult to read:

* * * * *

 

 

A Few Comments About Going Concern Uncertainties, CAMs, Etc.

I don’t hear or see much in the news about disclosures about an entity’s going concern, but I have a feeling that this is going to become a bigger issue for certain public companies, their boards and audit committees, and their auditors. Evaluating going concern is a complicated topic – thus, in this post I am highlighting one aspect, but an important aspect. See, FASB ASU No. 2014-15, and subsequent materials relating thereto. I suspect that most people would conclude that evaluating a potential issue relating to going concern involves, or depending on the circumstances could involve, especially challenging, subjective, or complex auditor judgment – thus, potentially raising critical audit matters or CAMs. Click on the following link  https://wp.me/p75iWX-fr for a prior summary post about CAMs. I digress here for one comment: in regard to CAMs, one might ask, for example, “When are the circumstances of an auditor’s judgment simply ‘challenging’ v. ‘especially challenging’”?

Going concern can generally be defined as an evaluation of the entity’s expected ability to continue as an ongoing viable going concern business entity within one year after the date that its financial statements are issued (or within one year after the date that the financial statements are available to be issued, when applicable). Thus, for example, obviously for some business entities it can become a question of liquidity or liquid assets v. rate of cash burn. For the purpose of this post, I am looking at this issue only from an accounting/auditing viewpoint. Many other issues can arise, such as, for example, possible shareholder, investor, and creditor rights, and possible officer, director, and shareholder or majority shareholder liability relating thereto.

Now to the single point of this post, ASU No. 2014-15 provides that when evaluating conditions and events as to whether there is substantial doubt about an entity’s ability to continue as a going concern, the “initial” evaluation does not take into consideration the potential effect of management’s plans that have not been fully implemented as of the date that the financial statements are issued (for example, the initial evaluation might not take into consideration plans to raise capital, borrow money, restructure debt, or dispose of an asset, that have been approved but that have not been fully implemented as of the date that the financial statements are issued). Again, I digress for one comment: in the above discussion, consider, for example, how to evaluate when a matter is “approved” v. “fully implemented.”

Importantly, I note, however, that later in the going concern evaluation process, mitigating factors should be taken into consideration including, for example, the probability that management’s plans will be effectively implemented within one year after the date that the financial statements are issued, and the probability that management’s plans, when implemented, will mitigate the relevant conditions or events that raise substantial doubt about the entity’s ability to continue as a going concern within one year after the date that the financial statements are issued. Thus, in the evaluation process there is a timing aspect to considering possible mitigating factors: first they are not considered, but subsequently they are considered including their probability of implementation and success. Obviously, the going concern evaluation can be or can become complicated.

With the development of CAMs, I am sensing that issues such as these will be discussed more in public and investor view.

Onward.

Every case and situation is different. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this website. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

I am also the new Chair of the Business Law Section of the Bar Association of San Francisco.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

 

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

* * * * *

 

PCAOB – Implementation of Critical Audit Matters Deeper Dive

As I discussed in a prior post re critical audit matters (Click Here), external auditors are required to include a discussion of critical audit matters in their audit opinion reports for large accelerated filers for audits of fiscal years ending on or after June 30, 2019, and for other public companies for audits of fiscal years ending on or after December 31, 2020. I expect that CAMs and the wording of CAMs will in some instances present or cause contentions between the external auditor on the one hand, and the audit committee, board, and executive officers on the other hand.

A Critical Audit Matter or CAM is defined as:

Any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee: and that:

  1. Relates to accounts or disclosures that are material to the financial statements; and
  2. Involved especially challenging, subjective, or complex auditor judgment.

Thus, based on the above definition, simply determining whether a matter is a CAM could be a challenging issue.

For example, in any given audit situation consider:

-What matters were communicated, or were required to be communicated to the audit committee;

-Relating to accounts or disclosures that are material to the financial statements; and

-Involved especially challenging, subjective, or complex auditor judgment?

The PCAOB has issued a more detailed and worthwhile discussion about critical audit matters and the reporting requirements that is entitled Implementation of Critical Audit Matters Deeper Dive. To view the paper, Click Here

In some circumstances critical audit matters will now become important topics for discussion. The Implementation of Critical Audit Matters Deeper Dive paper also identifies many uncertainties that are yet to be resolved relating to CAMs. Indeed, CAMs are principles based, and likely will vary from auditor to auditor based in part on the auditor’s objective, or subjective, evaluation and judgment. I note that the PCAOB’s paper provides a worthwhile discussion and many examples that should be studied. And the PCAOB also notes twice in the paper that they expect that most audits will include at least one or more CAM. And it should also be noted that the existence of a CAM should not automatically be thought of as a negative or detrimental item – it all depends on the nature of the CAM and how it is worded, as not all CAMs are equal.

Every case and situation is different. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this website. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

 

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

* * * * *

Forwarding a post by Eugene Fram – Nonprofit & Business Directors Must Be Vigilant – Board Liability Costs Could be $2.2 Million!

Below I have provided a link to a blog post by Eugene Fram. Eugene writes good materials for nonprofits. There have been rumblings for some time now about the possibility that a couple of states might start more actively overseeing nonprofits and their operations. And a few of the big players in the nonprofit community have suggested that more robust nonprofit governance might be beneficial. I ask that you click on the link below to Eugene’s post – although state action is unusual, the example situations that Eugene describes are less unusual. I am also updating my materials for nonprofit audit committees, which I will post soon.

Here is the link to Eugene’s post:  https://non-profit-management-dr-fram.com/2019/01/27/nonprofit-business-directors-must-be-vigilant-board-liability-costs-could-be-2-2-million-3/

Thanks for reading this post. If you have found value in this post, I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly. And please also subscribe to this blog and my other blog (see below), and connect with me on LinkedIn and Twitter.

Every case situation is different. You do need to consult with professionals about your particular situation. This post is not a solicitation for services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only

Blogs: California trust, estate, and elder abuse litigation and contentious administrations http://californiaestatetrust.com; D&O, audit committee, governance and risk management http://auditcommitteeupdate.com

Auditor Inclusion of Critical Audit Matters in Audit Opinion – Center for Audit Quality Release to Help Understanding

You might be aware that external auditors are required to include a discussion of critical audit matters in their audit opinion reports for large accelerated filers for audits of fiscal years ending on or after June 30, 2019, and for other public companies for audits of fiscal years ending on or after December 31, 2020. I expect that CAMs will in some instances present or cause contentions between the external auditor on the one hand, and the audit committee, board, and executive officers on the other hand.

A Critical Audit Matter or CAM is defined as:

Any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee: and that:

  1. Relates to accounts or disclosures that are material to the financial statements; and
  2. Involved especially challenging, subjective, or complex auditor judgment.

Thus, based on the above definition, simply determining whether a matter is a CAM could be a challenging issue.

For example, in any given audit situation consider:

-What matters were communicated, or were required to be communicated to the audit committee;

-Relating to accounts or disclosures that are material to the financial statements; and

-Involved especially challenging, subjective, or complex auditor judgment?

I will be discussing the good, the bad, the ugly, and the confusing as this upcoming new area of audit opinion report continues to develop. Auditors and audit committees will need to carefully evaluate what to communicate and what is required to be communicated, materiality (qualitative and quantitative), and whether a matter involves especially challenging, subjective, or complex audit judgment.

For additional help with these issues, the following is a link to a June 24, 2018, release by the Center for Audit Quality entitled Critical Audit Matters: Key Concepts and FAQs for Audit Committees, Investors, and other Users of Financial Statements – click on the following link https://www.thecaq.org/critical-audit-matters-key-concepts-and-faqs-audit-committees-investors-and-other-users-financial

Best to you, David Tate, Esq. (and California inactive CPA)