Tag Archives: auditor

Gretchen Carlson – Harassment & Discrimination – Culture – A Task For The Board – And Internal Audit?

Posted on by

I have provided below a link to a short article about Gretchen Carlson, an interview that she is giving, possible legislative efforts, and sexual harassment and discrimination. We all know, or should know, that this is an important topic. Not only sexual harassment and discrimination, but harassment, discrimination, retaliation, bullying, and hostile environments, and not only male harassment and discrimination of females, but also female v. male, male v. male, female v. female, and including race, color, ancestry and national origin, religion and creed, age and elder, mental and physical disability, sex and gender, sexual orientation, gender identity, and more.

This is or should become an area of oversight for your board, and it also relates to the culture of the organization, and tone at the top, at the middle, and at the lower employee levels, including an environment that encourages people to report harassment and discrimination without fear of retribution, anonymously if the desired, with the knowledge that the reported conduct will be timely, fairly and fully investigated, and that appropriate action will be taken.

This really isn’t new stuff from legal and governance perspectives. Are your board, and the board’s committees, on top of this issue and the culture of the organization?

These can and often are difficult issues and situations.  Of course anyone accused is entitled to a defense, and to rebut the allegations. At law, in most situations, innocence is presumed. In recent past years there have also been stories involving allegations of harassment and discrimination reported in the news that turned out to be false or at least not sufficiently supported.

An investigation into situations involving these allegations often should be performed by outside legal counsel with a reputation for integrity and knowledge and experience in these practice areas.

But let me also suggest that the culture of the organization (but not an actual investigation of a specific situation) also could be an area for attention by internal audit, if the board or management puts it on internal audit’s agenda, and if internal audit is provided education and training about the critical elements, and investigation techniques, and help preparing an audit and reporting program. After all, internal audit also is looking to become more relevant in helping the organization to achieve its organizational objectives, goals and strategies.

The following is a link to one of the articles about Gretchen Carlson and what she is trying to do and accomplish: http://people.com/tv/gretchen-carlson-alleged-sexual-harassment-in-2020-interview/

 

Who Evaluates the Chief Audit Executive (CAE)?

Posted on by

At the bottom of this post is a screen shot from the new publication Ethics and Pressure, Balancing the Internal Audit Profession, published primarily from the 2015 global practitioner survey of internal auditors worldwide. This is a really big survey. What do you think of the screen shot? Is it appropriate for management to evaluate the chief audit executive (“CAE”)? I say “yes,” of course.

I note however, that the writer also says “Exhibit 9 indicates that this responsibility [i.e., the responsibility for evaluating the performance of the CAE] is generally split evenly between management and the board. The big exception is in North America, where 61% of CAE’s are formally evaluated by management. Often however, these evaluations are reviewed by an audit committee.”

Let me just say, and I read a fair amount of materials from or relating to the internal audit profession, these sentences from the writer probably speak volumes. Do you mean to say that the audit committee isn’t always also doing its own evaluation of internal audit? I really hope that’s not what the writer is saying.

If you are on an audit committee, do you evaluate the performance of the CAE and of the internal audit function (if you have an internal audit function)? I certainly hope so. I mean, regardless of how internal audit operates with management, as an audit committee member aren’t you interacting with internal audit also, and isn’t internal audit helping you to satisfy your due diligence responsibilities? If not, you really need to sit down and think about how the audit committee is using internal audit.

And, if you are an internal audit CAE or member, if the audit committee isn’t sufficiently interested in you to evaluate your performance and how you help or don’t help the audit committee, then you are really missing the boat with a significant entity (i.e., the audit committee) that you should be helping.

In fact, most of the materials that I read from internal audit miss the boat, in my opinion. Yes, management’s use and interaction with internal audit is very important, but the audit committee really should value and make use of the availability of internal audit to help the audit committee satisfy it’s duties. If this isn’t happening, both the audit committee and internal audit are missing out on a tremendous opportunity. It might also be argued that both are failing to satisfy their responsibilities.

Here’s the screen shot from the survey and discussion:

who-evaluates-the-cae

New ISO Anti-Bribery Standard – Will It Give Companies An Absolute Defense?

Posted on by

ISO has published its new international anti-bribery standard, ISO 37001. You can find select information about the new standard HERE and at http://http://www.iso.org/iso/home/standards/management-standards/iso37001.htm .

The short PowerPoint presentation in part says:

The Standard benefits an organization by providing:

  • Minimum requirements and supporting guidance for implementing or benchmarking an anti-bribery management system
  • Assurance to management, investors, employees, customers, and other stakeholders that an organization is taking reasonable steps to prevent bribery
  • Evidence in the event of an investigation that an organization has taken reasonable steps to prevent bribery.

SO HERE’S AN INTERESTING QUESTION: will compliance with the standard give the company a free pass on bribery liability with the SEC and other state and federal entities and agencies if in fact a bribery occurs? I bet not. However, consider that generally liability does not result unless the person or entity charged has breached or failed to satisfy the applicable standard or duty of care (except in select situations, e.g., such as strict liability or products liability, etc.), and that breach or failure causes damages. Thus, if the applicable standard becomes ISO 37001, and if that standard is met or satisfied, it certainly is arguable that no fault or liability should result if a bribery occurs.

Best to you, Dave Tate, Esq., San Francisco and California. See also Tate’s Excellent Audit Committee Guide (updated October 2016), tates-excellent-audit-committee-guide-10202016-final-with-appendix-a

The Business Judgment Rule – a short animation (for fun, but also correct):

Audit Committee 5 Lines of Defense 07182016

DTatePicture_Square

Updated Tate’s Excellent Audit Committee Guide – Attached – Use It – Pass It Along – Free

Posted on by

Below is a link to my updated Tate’s Excellent Audit Committee Guide (updated October 20, 2016). Please use it, and pass it to other people who would be interested, such as audit committee members, directors, officers, accountants, internal and external auditors, in-house counsel, compliance professionals, and other people.

I do note that as I was updating these materials, and going through the entire Guide, it definitely hit me that all of the specifically enacted statutes, regulations, rules and pronouncements definitely could cause an audit committee member to not be able to see the forest for the tress. So let’s also not forget to look at the situation as a whole.

Although the Guide is 186 pages, I do expect some significant updates soon, and perhaps prior to the end of 2016. Many of the updates will be posted to this blog first, and then to the Guide. I am looking forward to the COSO enterprise risk management (ERM) updated framework.

Best to you. Dave Tate, Esq., San Francisco and California.

Here is a link to the updated Tate’s Excellent Audit Committee Guide (updated October 20, 2016), tates-excellent-audit-committee-guide-10202016-final-with-appendix-a

Audit Committee 5 Lines of Defense 07182016

The business judgment rule – an animated video:

 

DTatePicture_Square

Sustainability Disclosures – From PWC – Audit Committee Need to Know?

Posted on by

I’m forwarding this along – sustainability disclosure guidance from PWC – click on the following link for the materials and the discussion, CLICK HERE

And I am thinking that there could be a need for increasing audit committee member expertise in the sustainability disclosure area.

Below is a snapshot from the PWC website, followed by a link to Tate’s Excellent Audit Committee Guide (updated January 2016), followed by the Audit Committee 5 Lines of Diligence and Defense. Thank you. Dave Tate, Esq., San Francisco and California.

PWC Sustainability Disclosure Guidance

 

See also my Tate’s Excellent Audit Committee Guide, updated January 2016, Tate’s Excellent Audit Committee Guide 01032016 with Appendix A Final

Audit Committee 5 Lines of Defense 07182016

DTatePicture_Square

 

New PCAOB Guidance On Form AP – Yes, To My Surprise, Some Of This Is Interesting

Posted on by

I have previously commented briefly about the new audit partner disclosure requirement – essentially, my comment was that I did not really see what the big deal is about this. But on June 28, 2016, the PCAOB issued staff guidance for Form AP, and as a result, I have to step back a little my initial comments. The following is a link to the PCAOB guidance, and Form AP, CLICK HERE

I still don’t believe in the broad view that it is a big deal to name the audit partner, however, I am now seeing that it might be possible to do a tally on how many audits a particular person (identified by a specific numeric code for that particular person) is listed as the audit partner, and it would not surprise me if someone in the future, or even the PCAOB, or the SEC, or plaintiffs’ counsel in a litigation case for auditor liability, questions the number of audits on which someone can effectively perform as the primary audit partner?

Further, if my reading of the Form AP, and the guidance, are correct, it appears that the Form requires the auditor/auditing firm to provide the numbers of hours spent performing the audit, and it appears that to some extent those hours need to be further divided or broken down into some of the different important audit areas or programs.  This information could be useful for a number of purposes. It would allow a comparison of audit fee to hours spent between different entities and industries (and how much is being charged per hour). It gives the regulatory entities, such as the PCAOB and the SEC useful information to evaluate audit effectiveness. If admissible in court, it could be used to argue in particular cases whether the auditor spent enough time on a particular audit area or program. And the information about the different audit firms involved in the audit and their time spent might be similarly interesting.

And all of this might be of interest to the audit committee in its hiring, evaluation and retention of the audit firm, assuming, of course, that someone or some entity compiles and reports this information in a useful format.

Best, Dave Tate, Esq., San Francisco and California

Click on the following for my Tate’s Excellent Audit Committee Guide, Tate’s Excellent Audit Committee Guide 01032016 with Appendix A Final

See also my trust, estate, conservatorship, power of attorney, and elder abuse litigation blog at http://californiaestatetrust.com

Audit Committee 5 Lines of Defense 07182016

DTatePicture_Square

Basic Insurance for Start-Up Companies – Priya Cherian Huskins, Esq., Woodruff Sawyer

Posted on by

Passing this along, Basic Insurance for Start-Up Companies, the following is a worthwhile read from the D&O Notebook, Priya Cherian Huskins, Esq., Woodruff Sawyer, click on the below link/box for the discussion, enjoy,

https://wsandco.com/do-notebook/startup-insurance/

Best, Dave Tate, Esq., San Francisco and California.

TATE’S EXCELLENT AUDIT COMMITTEE GUIDE updated January 2016, click on the following link, http://wp.me/p75iWX-q

Audit Committee 5 Lines of Defense 07182016

 

DTatePicture_Square

Really Massive Changes in Accounting, Auditing, Reporting and Communicating – The End Of Accounting?

Posted on by

Although I practice as an attorney, I previously practiced as a CPA and I have experienced several times over the years when there were significant changes occurring in the accounting practice and profession. But right now, I believe that I am witnessing multiple massive changes that have been long in the making. The following is a link to an Accounting Today article which does a pretty good job of discussing some of the changes, and also includes a question whether this is the end of accounting – click on the following link, CLICK HERE

It’s not like these changes are screaming at you in the headlines, but the cumulative effect is significant, new changes are continuing and will continue, and perhaps more important, the reasons for the changes are permanent.

For a long, long time the value of the audit and of the audit report have been questioned.

For a long, long time, the value of the information provided by an accounting that is prepared in conformity with generally accepted accounting principles has been questioned.

Different stakeholders also have different needs, and speed at which the flow of information is needed and expected is ever-increasing. Audited financial statements, for example, don’t tell you very much about the future investment or business generating value of the entity or of the transactions reported, or of the risks that are associated.

So now, for example, in addition to GAAP accounting we have non-GAAP accounting and reporting, we are seeing an increased ability to audit all transactions by computer software, GAAP is moving from the more detailed and specific rules based approach back to the more principles based approach that was in place when I first became a CPA, and non-GAAP measurements or criteria are becoming or should become more important such as some of the governance criteria (integrity, tone-at-the-top, culture, etc.), sustainability, transparency, risk management, and more emphasis on internal controls such as COSO.

However, I don’t agree with the suggestion or question in the title to the above linked article – it’s not the end of accounting. Traditional accounting serves a useful purpose – can you imagine what a free for all it would be without traditional accounting? There would be absolutely no checks or balances. There would be a “zero” reliability factor, and no comparability between different entities or industries.

But there is no question that the changes that have occurred and that continue to occur in accounting and auditing create both opportunities and risks for investors, financial institutions and other stakeholders, executive, financial, accounting and audit officers and professionals, boards, and audit and risk committees. The people who will excel are the people who will embrace and become expert in these changes. It’s a lifetime of learning to stay ahead and relevant.

Best to you. Dave Tate, Esq.

The following is a link to my Tate’s Excellent Audit Committee Guide, updated January 2016, CLICK HERE

Audit Committee of the Future – From the CAQ

Posted on by

Below is a link to a paper by the Center for Audit Quality entitled The Audit Committee of the Future. Although the discussion paper is a disappointment (too basic, and lack of meaningful insight) as the CAQ usually has worthwhile materials, in the list of five ways to enhance the audit committee, I thought that one of the five ways is worth noting for its subject matter (but again, not for the discussion insight). The following is the discussion about fostering robust communication and engagement:

“Fostering robust communication and engagement: In addition to enhancing communication with investors and other parties via disclosure, panelists agreed that audit committees need to focus strongly on developing healthy channels of internal communication. “That’s an important skill set for the chairman of the audit committee,” said one, “how to make sure you’re having those periodic meetings outside the boardroom with the auditor, with the internal auditor, with the CFO, with the controller.” Of course, the onus on fostering communication does not fall on the audit committee chair alone. “It’s important to have all parties around the table fully engaged,” said one participant. Others emphasized the need for external auditors to engage in dialogue, particularly if a sense emerges that the audit committee is not asking the right questions. “You need an audit firm to speak up,” said a panelist.”

Obviously the above comments can be expanded upon greatly, including, for example, discussions about agenda setting, risk management and internal controls, critical decision making processes, investigations, and follow up.

Here is a link to the CAQ paper

Click to access caq_insights_audit_committee_future.pdf

And the following is a link to Tate’s Excellent Audit Committee Guide, updated January 2016. Enjoy. CLICK HERE FOR THE POST CONTAINING A LINK TO THE AUDIT COMMITTEE GUIDE

Best, Dave Tate, Esq., San Francisco and California, http://auditcommitteeupdate.com

Audit Committee 5 Lines of Defense 02132016 David W. Tate, Esq.

DTatePicture_Square

Auditors – Derivatives – Auditing v. Risk Management, Big Difference – Reporting v. Evaluation

Posted on by

I have been reading an email thread by some very good auditors and risk management professionals. It struck a chord with me. The discussion was about derivatives in general.

One participant posted recent comments or possible comments by Warren Buffett about the difficulties of evaluating derivative transactions and banks and companies that hold derivative contracts or instruments.

Another participant differentiated auditing and risk management in the context of derivatives – stating that the external auditor audits to determine whether the derivative transaction has been properly accounted for within the context of generally accepted accounting principles.

But the auditor’s clean opinion really doesn’t tell management, or the board, or the audit committee, or the investor how the derivative will behave or react in different situations, or the risk associated with the derivative. Of course, that audit weakness also is true with respect to all audited transactions – the auditor is only telling you that within GAAP and GAAS, and the determined level of materiality, the transactions have been properly recorded. Although proper accounting is important, the risk associated is equally and perhaps more important.

A few of my other posts have discussed derivatives – here is a link to a post about derivatives and audit committees http://wp.me/p75iWX-h.

And, as audit committees have oversight of risk management or certain aspects of risk management (which is too vague of a term (i.e., risk management), and lacking in specifics for my liking, see also http://wp.me/p75iWX-1F re risk management, audit committees, and AC charters ), as an audit committee member should you evaluate whether you and your committee, and management, are sufficiently on top of the derivative issue and the risks that they might present to your entity and its shareholders, and to you and your reputation? I’m not anti-derivative – they can be helpful and prudent – I’m simply saying that as part of your oversight and diligence you should consider whether you and your organization are sufficiently on top of the issue and understand the risks that the different derivative instruments and transactions present.

And here is a link to my audit committee guide, updated January 2016, http://wp.me/p75iWX-q

Thanks for reading. Dave Tate, Esq. (San Francisco/California)

DTatePicture_Square