Sources of Audit Committee Responsibilities

Audit committee responsibilities vary or differ depending on type of entity, business or organization, and its industry, plus other additional responsibilities, actions or tasks, if any, that the committee is delegated or voluntarily undertakes.

Audit committee responsibilities arise from several different sources and possible sources also depending on the type of entity, business or organization, and its industry, possibly including, for example:

– Is the business a public or a nonpublic company, and if it is a public company what federal laws, statutes, regulations and rules in that regard is the business or the audit committee subject to that are within the responsibilities of the audit committee?

– If the business is listed on a stock exchange or other similar board or self-regulatory organization (NYSE, NASDAQ, OTC, etc.), what requirements in that regard is the business or the audit committee subject to that are within the responsibilities of the audit committee?

– Is the business or organization subject to state laws, statutes, regulations and rules, and if so, what requirements in that regard is the business or the organization or the audit committee subject to that are within the responsibilities of the audit committee? For example, see Cal. Gov’t Code §12586 for California nonprofits.

– Is the business subject to international laws, statutes, regulation and rules, and if so, what requirements in that regard is the business or the audit committee subject to that are within the responsibilities of the audit committee?

– Has the board determined that the audit committee and the audit committee members are qualified, legally and otherwise, to serve as such?

– Does the audit committee have a written charter? If not, in my view it should whether or not legally required to do so. It is important for the audit committee, the board, executive and non-executive management, employees, owners, investors and shareholders, and other stakeholders to know what the audit committee is responsible for overseeing. What responsibilities does the audit committee charter delegate to the audit committee? I say delegate because the audit committee is a committee of the board.

– Oversight of the integrity and accuracy of the function, processes and actuality of the business’s internal controls, and its accounting and related reporting, including possible fraud or other unlawful acts relating thereto. It is required or standard that the audit committee exercise oversight in these areas.

– What independent auditor or outside auditor and auditing services does the business or organization need and retain? For example, audit, review, compilation, or single/government audit (formally A-133) services, or other audit or special audit services required by contract, donor, or otherwise? It is required or standard that the audit committee exercise oversight in these areas.

– Is the audit committee doing an audit committee self-evaluation whether legally required or not? It’s a good idea even if it is not legally required.

– Is the business required to have an internal audit function, or does it have such a function although not legally required to do so? It is required or standard that the audit committee exercise oversight in these areas.

– Is the audit committee legally responsible for or has the audit committee otherwise been delegated oversight of risk management or risk management processes? If so, has it been determined what that oversight will encompass and involve, and is the audit committee exercising the appropriate oversight?

– Anonymous reporting and investigation processes oversight, to the extent that such is a legal or other delegated responsibility of the audit committee.

– Other or select internal investigations and processes to the extent that such are a legal or other delegated responsibility of the audit committee, and that the audit committee members are situationally independent as is legally and necessarily required under the circumstances.

– Asset protection and asset protection processes to the extent that such are a legal or other delegated responsibility of the audit committee, possibly including, for example, oversight of processes for the protection of patents, trade secrets and trademarks, and other important bet-the-company assets.

– Oversight of processes for and compliance with laws, statutes, regulations, rules, and other legal and contractual requirements and obligations, to the extent that such are a legal or other delegated responsibility of the audit committee.

– Other transactions, events or situations in which situational independence is required or is advisable for oversight or evaluation and decision-making purposes such as certain M&A transactions, or transactions personally involving or relating to insiders or executive officers, or certain transactions involving or involving changes in command and control. Note that these matters are not per se audit committee responsibilities – instead I only mention these and other similar situations because typically directors who also serve on the audit committee could be involved in these situations because they have been determined by the board to be independent at least for audit committee member purposes. Of course, independence for audit committee member purposes does not necessary mean that a person is situationally independent for other matters, and for those other matters, situational independence from a legal perspective will also need to be evaluated and determined.

– Oversight of other business responsibilities, areas, tasks and processes relating thereto for which the audit committee has been delegated responsibility – there are several or many possible – just for example, possible oversight of processes for and actual business culture, safety (product, employee, customer, third party, environmental, information security and information use and privacy, computer, cloud and internet security and cybersecurity, and privacy), workplace environment, crisis management and response, insurance coverage, ESG, and other areas and tasks.

Note that the above is not an exhaustive list as audit committee responsibilities also depend on the specific business or organization, its industry, the situation at hand, and legal and delegated responsibilities.

—————————————————————

Remember, every case and situation is different. It is important to obtain and evaluate all of the evidence that is available, and to apply that evidence to the applicable standards and laws. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this post. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly. And please also subscribe to this blog and my other blog (see below), and connect with me on LinkedIn and Twitter.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

I am also the Chair of the Business Law Section of the Bar Association of San Francisco.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

My law practice primarily involves the following areas and issues:

Probate Court Disputes and Litigation

  • Trust and estate disputes and litigation, and contentious administrations representing fiduciaries and beneficiaries; elder abuse; power of attorney disputes; elder care and nursing home abuse; conservatorships; claims to real and personal property; and other related disputes and litigation.

Business and Business-Related Disputes and Litigation: Private, Closely Held, and Family Businesses; Public Companies; and Nonprofit Entities

  • Business v. business disputes including breach of contract; unlawful, unfair and fraudulent business practices; fraud, deceit and misrepresentation; unfair competition; licensing agreements, breach of the covenant of good faith and fair dealing; etc.
  • Misappropriation of trade secrets
  • M&A disputes
  • Founder, officer, director and board, investor, shareholder, creditor, VC, control, governance, decision making, fiduciary duty, conflict of interest, independence, voting, etc., disputes
  • Buy-sell disputes
  • Funding and share dilution disputes
  • Accounting, lost profits, and royalty disputes and damages
  • Access to corporate and business records disputes
  • Employee, employer and workplace disputes and processes, discrimination, whistleblower and retaliation, harassment, defamation, etc.

Investigations and Governance

  • Corporate and business internal investigations
  • Board, audit committee and special committee governance and processes, disputes, conflicts of interest, independence, culture, ethics, etc.

The following are copies of the tables of contents of three of the more formal materials that I have written over the years about accounting/auditing, audit committees, and related legal topics – Accounting and Its Legal Implications was my first formal effort, which resulted in a published book that had more of an accounting and auditing focus; Chapter 5A, Audit Committee Functions and Responsibilities, for the California Continuing Education of the Bar has a more legal focus; and the most recent Tate’s Excellent Audit Committee Guide (February 2017) also has a more legal focus:

Accounting and Its Legal Implications

Chapter 5A, Audit Committee Functions and Responsibilities, CEB Advising and Defending Corporate Directors and Officers

Tate’s Excellent Audit Committee Guide

The following are other summary materials that you might find useful:

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

From a prior blog post which you can find at https://wp.me/p75iWX-dk if the below scan is too difficult to read:

* * * * *

AUDIT COMMITTEE SELF-EVALUATION

David W. Tate

Attorney at Law

Certified Public Accountant (inactive California)

Copyright 2019 David W. Tate (however, you are authorized to download and print these materials for your use, and to also pass them to other people who would be interested)

BLOGS

D&O, Audit Committees, Risk Management, Compliance, Investigations & Governance: http://auditcommitteeupdate.com

Trust, Estate, Conservatorship & Elder Abuse Litigation: http://californiaestatetrust.com

Linkedin: http://www.linkedin.com/in/davetateesq

Twitter: http://twitter.com/davidtateesq

 

Self-evaluation is an important board and committee activity, and can be very helpful if done properly.

A.  Introduction and Overview

The following discussion covers audit committee self-evaluation and provides processes that you can use. As noted elsewhere in these materials, although many board and audit committee functions, responsibilities and tasks are specified by statute, regulation, rule or pronouncement, board and audit committee member standards of care remain significantly dependent on due diligence and prudent judgment.

Boards and audit committees of various entities are required by law, regulation or rule to conduct annual committee self-evaluations; however, it is worthwhile for boards and audit committees of all public and private companies and nonprofit entities to conduct self-evaluations. Board and audit committee jobs are challenging, ongoing, and technical in nature, and require the members to significantly interact with many people in different capacities within and outside of the entity. It only makes sense that both boards and audit committees should at least once each year take time to step back and review, evaluate and make improvements to their manners of operation, and also consider helpful actions that can be taken by other people with whom the boards and audit committees interact. Self-evaluation will be worthwhile even if it results in improving only one area of operation.

Board and audit committee responsibilities originate from several different sources at least including (1) activities and responsibilities that boards or audit committees voluntarily undertake or that are delegated to them; (2) the business judgment rule; (3) the specific laws, regulations and rules that are applicable to the entity’s directors and audit committee members; (4) the wording of the board and audit committee charters, if there are charters; (5) shareholder and stakeholder expectations, and (6) for audit committees, accounting and auditing pronouncements relating to the outside auditor’s activities.

Prudent board and audit committee processes and diligence are also important to reduce member and entity liability and reputation risk. An increasing number of cases hold that board and audit committee members can be liable for failure to exercise sufficient diligence, failure to spot and respond to red flags, and failure to take action. Active board, committee and corporate diligence tend to demonstrate prudent business judgment and negate allegations of recklessness, improper intent, intentional wrongdoing, or “scienter” such as in the context of securities litigation, thus reducing the risk of securities liability and damages. In the context of audit committee activities, potential entity, board, and audit committee member liability typically arises in the context of alleged improper accounting practices, written and oral public misrepresentations (such as with respect to financial matters), and improper employment practices.

Although not required, there can be advantages to having a facilitator conduct an interactive interview approach to the self-evaluation process, but without performance grading or rating: it can be difficult to construct a questionnaire with standardized questions that would be similarly understood by each of the participants in the self-evaluation process; different people use different rating scales; different people express responses in different manners; and certain important issues will change from year to year. A facilitated approach may encourage better discussion and comment, compilation, continuity, explanation, and follow-up. Contact me if you are interested in committee self-evaluation assistance at a reasonable fixed fee.

Issues and topic areas to consider during the self-evaluation process will naturally vary from entity to entity, and from board and audit committee to board and audit committee. Thus, to stimulate discussion, below for both boards and audit committees I have provided lists of potential broad issues or topic areas to consider for discussion and evaluation, including both successes and possible improvements; and I have also outlined processes to assist your board and audit committee self-evaluation processes.

B.  Audit Committee Self-Evaluation

1.  Sample List of Issues and Topics to Consider for Audit Committee Self-Evaluation

The following is a list of issues and topic areas to consider for discussion and evaluation. The list is intended to help trigger thought processes, but, of course, is not exhaustive as areas of discussion and evaluation will vary from entity to entity, and from committee to committee. The following list is not intended to and does not suggest that each or any of the below issues and topics must be considered or covered and is not a checklist – instead, if your audit committee is required to conduct a specific evaluation process or to cover certain specific issues and topics, you will need to separately consider the specific requirements, if any, for your audit committee and its evaluation process pursuant to law, regulation or rule. In that regard, please also see the disclaimer and limitations at the beginning of these materials.

-Audit committee meeting agenda preparation and dissemination process.

-Committee member independence and situational independence, financial literacy, experience and expertise.

-Committee member access to information and/or education pertinent to the functions and responsibilities of the audit committee. Are the needs of the committee members being met, so that they are sufficiently knowledgeable and educated about the company or nonprofit and its industry; relevant significant accounting and auditing issues; relevant legal matters; internal controls, risk assessment and management; governance; and new developments in those and other areas?

-Committee and committee member interactions, including interaction between committee members, and between the committee and the board, the CEO, the CFO, the outside auditor, the internal auditor, legal counsel, compliance and ethics, HR, consultants, and other people.

-The committee’s processes for identifying and spotting issues, evaluation and decision making.

-The contents of the audit committee charter, and a mutual understanding of the audit committee’s responsibilities and tasks. The charter is a requirement for public companies, and is a good idea for many private companies and nonprofit entities. The charter is a prudent document to identify and clarify the audit committee’s responsibilities. In addition to the committee itself, it is important for the board, the executive officers, and other stakeholders to have a correct understanding about the committee’s responsibilities and limitations, and the extent to which state or local jurisdiction, U.S. and international requirements and responsibilities apply or may apply to your audit committee.

-Selection of the outside auditor; audit planning; review of the performance of the outside auditor; and review of the quarterly review and annual audit report and process (or compilation if appropriate).

-Review of recent developments relating to the business judgment rule, standard of care and acceptable reliance on other people.

-Review of accounting and financial internal and fraud/embezzlement related controls and processes, risk assessment and management, possible entity and individual liability and reputation risk exposure; and compliance assessment and management relating to laws, regulations, and rules that are within the scope of the audit committee’s functions and responsibilities including issues relating to the Foreign Corrupt Practices Act.

– Review of the accounting department, and accounting and financial reporting for transactions including all of the subcomponents such as principles and policies applied (quality not just acceptability); judgments, estimates and reserves; timing and cutoff procedures; off balance sheet transactions; related party transactions; contingencies and liabilities; revenue recognition; expenses; inventories; goodwill; insider trading; and other matters relating to accounting and financial statement reports.

-Implementing revenue recognition rules, and other important, new or changing accounting principles.

-Review of internal investigation processes, procedures and needs.

-Review of the financial and internal audit functions, and how they can be helpful to the audit committee in the performance of its responsibilities and tasks.

-Review of risk management and uncertainty issues, practices and processes that are within the scope of the audit committee’s function and responsibilities.

-Implementing COSO 2013 or other appropriate processes.

-Documenting and reporting the audit committee’s activities and minutes.

-The audit committee’s use of attorneys and consultants.

-The company’s investor communication processes.

-Whistleblower, ethics, anonymous reporting and complaint handling processes to the extent that the reporting is within the scope of the audit committee’s function and responsibilities.

-Document retention policies.

-Review of the compliance and ethics function and processes that are within the scope of the audit committee’s responsibilities, and how they can be helpful to the audit committee in the performance of its responsibilities and tasks.

-Governance, including tone at the top, financial leadership, transparency and appearance.

-Review of employer, employee and workplace processes, culture, safety, and disciplinary practices that are within the scope of the audit committee’s function and responsibilities.

-Review of tax compliance and reporting issues that are within the scope of the audit committee’s function and responsibilities.

-Review of cybersecurity and internet security issues that are within the scope of the audit committee’s function and responsibilities.

-Insurance.

-Review of pension and health plan related issues that are within the scope of the audit committee’s function and responsibilities.

-Review of information privacy issues, practices and processes that are within the scope of the audit committee’s function and responsibilities.

-Review of asset protection, IP, trade secret, etc. practices to the extent that they are within the audit committee’s function and responsibilities.

-Review of environmental issues and safety that are within the scope of the audit committee’s function and responsibilities.

-Review of product and consumer safety issues, practices and processes that are within the scope of the audit committee’s function and responsibilities.

-Review of billing and accounting relating to the receipt of funds or revenue from governmental sources such as Medicare and Medicaid; compliance with applicable laws, regulations, rules and other requirements; and oversight of expenses relating to these areas.

-Review of the acceptance, receipt, allocation, expenditure or distribution, and accounting for all charitable and donor funds, grants, contributions, pledges and other resources, including compliance with all requirements, restrictions and special uses.

-Review of accounting for collaboration and joint venture arrangements, including the allocation of receipts/income and distributions/expenses between the entities.

-And, in this economic environment, review of the fair value of funds and investments, including loss of value; liquidity concerns; possible going concern issues; estimates for uncollectibles and related reserves; debt/loan covenants; and funding source uncertainties including those that relate to collaboration and joint venture arrangements.

-It is also important for the audit committee to clarify with the board what responsibilities it has, if any, for oversight of the numerous and various areas of taxation and compliance; ERISA, pension and health and welfare plans; investments; tax exempt status including fund raising, dues, solicitation, and political, campaign and lobby activities; and other areas significant to the entity.

-Discussion about audit committee membership and recruitment needs.

-Additional significant topics or issues that should be discussed.

2.  A Self-Evaluation Process and Format for Audit Committees

The following eight primary steps outline a proposed audit committee self-evaluation process that is workable for audit committees of public companies, private companies and nonprofit entities, whether using or not using, an outside facilitator.

 

Step 1. Determine the people who will be participating in the evaluation process, including the audit committee members, and other people, if any, to interview for comment.

Provide the names of the people who will participate in the evaluation process.

 

 

Step 2. Determine how the participant interviews will be conducted, individually or in a group, in person or by telephone, skype or some other means.

Provide comments or information about how the interviews will be handled with the various different people who will participate in the evaluation.

 

 

Step 3. Arrange participant individual or group interview dates and times.

Provide participant individual or group interview date and time information.

 

 

Step 4. Provide the participants with pre-interview materials and a list of possible issue or topic areas (broad and specific) for consideration and discussion. Of course, the participants can add additional issues or topics. Use this paper for that purpose.

Provide information regarding the status of disseminating the pre-interview materials.

 

 

Step 5. Have each participant provide a list of one to five, or more, issues or topic areas that the participant would specifically like to discuss during the evaluation process.

Provide comments and information regarding receipt of issues or topic areas from the self-evaluation process participants, and the respective issues or topic areas listed.

 

 

Step 6. Conduct information intake or interviews with participants individually or as a group.

Provide comments and information from the participants or the status of such – the input can be made by the participants themselves or by a facilitator during self-evaluation interviews.

 

 

Step 7. Summarize in a report format the issues and topic areas, information received, and suggestions made during the self-evaluation process.

Provide a summary in a report format.

 

 

Step 8. Provide a report back to the audit committee, and possibly conduct a committee group review of the self-evaluation process, information obtained, and suggestions made, and possible future actions or follow-up.

Provide additional comments and information about the self-evaluation process or results.

 

 

Concluding comments. I hope you have found this discussion helpful and at least a good starting point for your audit committee self-evaluation. Feel free to contact me if you are interested in discussing the audit committee self-evaluation process, or if you would like help with facilitation of committee self-evaluation at a reasonable fixed fee.

Best to you,

David Tate, Esq.

* * * * *

Forwarding two posts by Priya Cherian Huskins, Esq of Woodruff Sawyer: Delaware Supreme Court in Marchand discusses board-level monitoring, and director independence

I am forwarding two posts by Priya Cherian Huskins, Esq. of Woodruff Sawyer – Ms. Huskins’ posts highlight recent Delaware Supreme Court holdings in  Marchand which are or should be important considerations for all boards and board committees.

In the post immediately below (click the link) Ms. Huskins discusses the court’s holding that the board (and its committees) must have monitoring processes in place. As an example, whereas it is a management responsibility to design, implement, monitor, and update risk management (or ERM) and compliance processes, and it is often said that it is the responsibility of the board (or of a committee of the board in conjunction with the board) to oversee that management has done so (i.e., a duty to oversee), Marchand makes it clear that the board/board committee oversight responsibility is an active and diligent oversight responsibility and that the board/board committee must also itself have oversight processes in place – both management and the board/board committee must design, implement, monitor and update processes to satisfy their different responsibilities, and the board/board committee can be found to be in breach of its oversight responsibilities if it fails to do so.

Here is the link to Ms. Huskins’ post pertaining to Marchand and board/board committee oversight and monitoring processes: Delaware Supreme Court Underscores the Importance of Board-Level Monitoring in Marchand (Duty of Loyalty) https://woodruffsawyer.com/do-notebook/board-level-monitoring/

In the second post (click the link below) Ms. Huskins discusses the holding in Marchand pertaining to director independence, and as I often refer to independence as situational independence. You might be aware that whether or not a director is independent in a particular situation can be extremely important as it can impact whether or not the board/board committee has properly performed its responsibilities, the burden of proof or standard that will apply in evaluating whether or not the board/board committee has performed its responsibilities, whether or not the business judgment rule will or might apply, and whether or not the action, decision or vote by the board/board committee in the particular circumstance is valid and enforceable.

The issue of independence is determined by the court on a legal and factual basis depending on the law, facts and admissible evidence in the particular situation. For example, as you might be aware (and you should be aware), when evaluating whether a director is sufficiently independent from the CEO for the purpose of that director making a decision pertaining to that CEO, or when evaluating whether a director is sufficiently independent for the purpose of making a decision pertaining to a control or M&A transaction, or whether a director is sufficiently independent when making a decision pertaining to an evaluation or investigation pertaining to the actions of or an accusation against an executive officer, the courts do in fact also look at not only the direct and extended family relationships and connections between the director and the person(s) involved in or benefiting from the transaction, but also variously can consider their direct and indirect social and business groups, clubs, friends and activities; the co-ownership of assets; and whether the director might feel hesitant to act with independence for any particular reason including, for example, the importance of that directorship to the director, the extent to which the director and the other person(s) have children in the same schools or school classes together, spousal and significant other connections, and other similar relationships and connections, etc.

You get the point – whereas not too many years ago, whether or not a director is sufficiently situational independent was a much less potentially complicated evaluation and issue, those times have changed and are now long gone. Here is the link to Ms. Huskins’ post pertaining to Marchand and the evaluation of director independence: Delaware Supreme Court Further Clarifies Its View of Director Independence in Marchand https://woodruffsawyer.com/do-notebook/delaware-supreme-court-marchand-director-independence/?utm_source=newsletter&utm_medium=email&utm_campaign=blog-management-liability

—————————————————————

Remember, every case and situation is different. It is important to obtain and evaluate all of the evidence that is available, and to apply that evidence to the applicable standards and laws. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this website. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

I am also the Chair of the Business Law Section of the Bar Association of San Francisco.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

The following are copies of the tables of contents of three of the more formal materials that I have written over the years about accounting/auditing, audit committees, and related legal topics – Accounting and Its Legal Implications was my first formal effort, which resulted in a published book that had more of an accounting and auditing focus; Chapter 5A, Audit Committee Functions and Responsibilities, for the California Continuing Education of the Bar has a more legal focus; and the most recent Tate’s Excellent Audit Committee Guide (February 2017) also has a more legal focus:

Accounting and Its Legal Implications

Chapter 5A, Audit Committee Functions and Responsibilities, CEB Advising and Defending Corporate Directors and Officers

Tate’s Excellent Audit Committee Guide

The following are other summary materials that you might find useful:

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

From a prior blog post which you can find at https://wp.me/p75iWX-dk if the below scan is too difficult to read:

* * * * *

 

 

 

 

 

 

 

PCAOB staff guidance for new requirements on auditing accounting estimates (AS 2501), and auditor’s use of the work of specialists

On August 22, 2019, the PCAOB staff released four staff guidance documents to raise awareness and assist auditors in advance of the effective date of new estimates and specialists audit requirements. The requirements are effective for audits of financial statements for fiscal years ending on or after December 15, 2020.

Here is a link to the news release, Click Here

Focusing on the auditing of accounting estimates, the PCAOB has adopted AS 2501. The PCAOB adopted AS 2501 because, in the PCAOB’s own words:

“Why did the PCAOB adopt this standard?

The use of complex accounting estimates and fair value measurements continues to grow in financial reporting. As a result, the use of the work of specialists continues to increase in both frequency and significance. Estimates often have a significant impact on a company’s reported financial position and results of operations.

Accounting estimates are often some of the areas of greatest risk in an audit, requiring additional audit attention and appropriate application of professional skepticism.

The Board’s oversight activities have revealed a recurring pattern of deficiencies in this area. Over the years, PCAOB staff has provided guidance for auditors related to auditing accounting estimates, but this area remains challenging and practices among firms vary.”

Here is a link to AS 2501:  https://pcaobus.org/Standards/Auditing/Pages/AS2501.aspx

You might ask, why am I blogging about AS 2501 and the auditing of accounting estimates? Because these issues are important for management, and are or can become important for audit committees and/or boards, these can be challenging and complex issues, the PCAOB indicates that accounting estimates can be areas of greatest risk in an audit and has noted patterns of deficiencies, and these issue can present or can develop into Critical Audit Matters or CAMs. If you are involved in the accounting or auditing function, or in the oversight of an entity’s accounting or auditing (such the board or audit committee), I recommend that you click on the link above to AS 2501 and that you read the materials to get a feel for the new standard before then really diving into the detail. And the following are links to the four blog posts that I have written about CAMs (in order from the most recent post to oldest/earliest post: https://wp.me/p75iWX-im, https://wp.me/p75iWX-g4, https://wp.me/p75iWX-fr, and https://wp.me/p75iWX-df.

—————————————————————

Remember, every case and situation is different. It is important to obtain and evaluate all of the evidence that is available, and to apply that evidence to the applicable standards and laws. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this website. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

I am also the Chair of the Business Law Section of the Bar Association of San Francisco.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

The following are copies of the tables of contents of three of the more formal materials that I have written over the years about accounting/auditing, audit committees, and related legal topics – Accounting and Its Legal Implications was my first formal effort, which resulted in a published book that had more of an accounting and auditing focus; Chapter 5A, Audit Committee Functions and Responsibilities, for the California Continuing Education of the Bar has a more legal focus; and the most recent Tate’s Excellent Audit Committee Guide (February 2017) also has a more legal focus:

Accounting and Its Legal Implications

Chapter 5A, Audit Committee Functions and Responsibilities, CEB Advising and Defending Corporate Directors and Officers

Tate’s Excellent Audit Committee Guide

The following are other summary materials that you might find useful:

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

From a prior blog post which you can find at https://wp.me/p75iWX-dk if the below scan is too difficult to read:

* * * * *

 

Forwarding from The FCPA Blog – “Yes, ‘ethical culture’ can be measured” or audited – and so can governance, risk management, compliance, and almost everything, etc. . . .

I am forwarding a July 22, 2019, post by Vera Cherepanova on the FCPA Blog – the following is the link to Ms. Cherepanova’s post: http://www.fcpablog.com/blog/2019/7/22/yes-ethical-culture-can-be-measured.html

Ms. Cherepanova highlights the recent Department of Justice update to its “Evaluation of Corporate Compliance Programs,” and also references the U.S. Federal Sentencing Guidelines, noting that both in part refer to the importance “for a company to create and foster a culture of ethics and compliance.” She then queries: “But how does a company measure its culture of compliance, and what steps does it take in response to its measurement of the compliance culture?” Responding to her query, Ms. Cherepanova states, “Although they sometimes may be labeled differently, the key five you would want to incorporate [into] your measurement include the following: Achievability of targets, goals, and tasks . . . Communication . . . Leadership . . . Organizational justice . . . [and] Accountability.”

I view the blog post as discussing at least two issues: “yes, ethical culture can be measured,” and “criteria that might be used to measure ethical culture.” My response to the first issue also is “yes.” In fact, ethical culture not only can be measured, but can also be audited, such as by internal audit or outside audit. Related to culture, tone-at-the-top and internal controls and control processes have long been recognized as elements in an audit at least from the standpoint of evaluating the possibility of fraud and the extent to which records can be relied upon in designing the audit. Almost anything can be audited including, for example, not just financial transactions but also governance, risk management or risk management processes, compliance with laws, and the list is almost endless.

The more challenging issue is what criteria to use to measure or audit ethical culture and other areas? And, of course, there are follow up issues such as determining who will actually perform and evaluate the measurement or audit process, and will the task of establishing ethical culture not only involve management but also oversight by the board, or the audit committee, or a separate risk committee? Guidelines require board and/or board committee oversight. Relevant to these issues, also click on the following link for a May 2019 post that I wrote about the new DOJ guidelines https://wp.me/p75iWX-fc

Ms. Cherepanova lists some good key areas to measure or audit. It is possible to add additional key areas, and additional criteria can be added to the five areas that the blog post identifies. I’m not being critical of the five key areas that are listed, instead, I am merely pointing out that there is lack of agreement on the key areas to include in the measurement or audit process. Certainly at least DOJ and court case guidance should be consulted. It should also be added, for example, the establishment of a robust anonymous reporting process, and related investigation processes. In addition to others, you should also consult legal counsel for additional guidance. Consider using a team approach as these topics can require input from attorneys and other professionals who have backgrounds in a multitude of different areas.

Ms. Cherepanova’s post raises many additional issues, in fact too many to cover in this post. Under Leadership and Accountability, for example, does or will the alleged wrongdoer’s stature or status within the organization impact the investigation and/or the resulting discipline, if any? These can be difficult questions. Whereas one might argue that stature or status should not be relevant criteria, the severity of disciplinary measures can both positively and negatively impact an organization when a key member of the organization is involved.

My view has been and remains that organizational culture and ethical culture are here to stay as significant or at least relevant organizational issues.

—————————————————————

Remember, every case and situation is different. It is important to obtain and evaluate all of the evidence that is available, and to apply that evidence to the applicable standards and laws. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this website. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

I am also the new Chair of the Business Law Section of the Bar Association of San Francisco.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

The following are copies of the tables of contents of three of the more formal materials that I have written over the years about accounting/auditing, audit committees, and related legal topics – Accounting and Its Legal Implications was my first formal effort, which resulted in a published book that had more of an accounting and auditing focus; Chapter 5A, Audit Committee Functions and Responsibilities, for the California Continuing Education of the Bar has a more legal focus; and the most recent Tate’s Excellent Audit Committee Guide (February 2017) also has a more legal focus:

Accounting and Its Legal Implications

Chapter 5A, Audit Committee Functions and Responsibilities, CEB Advising and Defending Corporate Directors and Officers

Tate’s Excellent Audit Committee Guide

The following are other summary materials that you might find useful:

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

From a prior blog post which you can find at https://wp.me/p75iWX-dk if the below scan is too difficult to read:

* * * * *

MITSloan online tool to measure and compare company cultures – you should be aware – comments and screenshot FYI

This came to my attention – MITSloan online tool to measure and compare company cultures. I have previously written about culture, which, for example, is also an element of the COSO ERM framework, and was considerably in the news in 2018, including at the board level. But as I noted: will culture continue to be in the news, and will executive management and boards really take active interest? Culture also is, or could be a component of ESG.

Now apparently, and coming soon I suspect, proposals for different ways to measure culture. One or possibly two standards that are widely accepted would be helpful. Too many possible standards are not helpful, except to argue that there is no recognized standard. Business leaders, executive management, HR, directors, audit and risk committees, internal and outside auditors, in-house counsel, etc., should take note and be aware.

Regarding internal and outside audit, I have thought for a long time that they could (if they wanted to) become involved in auditing, or in auditing certain aspects or components of or processes relating to culture, governance, risk management, fraud risk, etc. I could argue that the value of internal audit and of outside audit are being passed by others who are taking the lead.

And if you are on a board, or on an audit or risk committee, where you are significantly reliant on other people to report to you, might this type of information be helpful to you in your oversight capacity? I have no explicit knowledge about how MITSloan goes about measuring and comparing company cultures, and I don’t know whether I would consider the criteria and processes that they use to be reliable and helpful; however, might it be interesting to search to see if your company is listed and evaluated? Dave Tate, Esq., San Francisco/California

Every case and situation is different. It is important to obtain and evaluate all of the evidence that is available, and to apply that evidence to the applicable standards and laws. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this website. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

I am also the new Chair of the Business Law Section of the Bar Association of San Francisco.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

The following are copies of the tables of contents of three of the more formal materials that I have written over the years about accounting/auditing, audit committees, and related legal topics – Accounting and Its Legal Implications was my first formal effort, which resulted in a published book that had more of an accounting and auditing focus; Chapter 5A, Audit Committee Functions and Responsibilities, for the California Continuing Education of the Bar has a more legal focus; and the most recent Tate’s Excellent Audit Committee Guide (February 2017) also has a more legal focus:

Accounting and Its Legal Implications

Chapter 5A, Audit Committee Functions and Responsibilities, CEB Advising and Defending Corporate Directors and Officers

Tate’s Excellent Audit Committee Guide

The following are other summary materials that you might find useful:

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

From a prior blog post which you can find at https://wp.me/p75iWX-dk if the below scan is too difficult to read:

* * * * *

 

 

 

ESG – SEC Commissioner Comments – And Who At Your Board Has Oversight?

Is ESG, or some version of it here to stay? There isn’t agreement on this. My view is that, yes, ESG or some version of it is here and will remain, either by market forces and expectations, or by statute, regulation or rule. However, for example, click on the following link to a recent June 18, 2019, speech by SEC Commissioner Peirce and her discussion and some criticism of ESG – https://www.sec.gov/news/speech/speech-peirce-061819. If you follow ESG developments you already know that ESG or aspects of it and related disclosures are slowly being mandated internationally, while in the U.S. market forces and expectations are more at play.

My view also is that at least some of ESG is already covered by risk management or enterprise risk management. “Environmental,” yes that’s a risk management issue. “Social,” yes certain aspects of “social” are or can be risk management issues, including, for example, culture, reputation, and perhaps some aspects of safety. “Governance,” yes that’s a risk management issue. But I agree with the comments or criticisms or warnings of the risk that under the heading of ESG, or risk management, or enterprise risk management, or sustainability, or corporate social responsibility, and the list goes on, anyone could at least argue that their particular special or particular interest fits somewhere under those headings, and that business or a particular business must take action with respect to that particular special or particular interest. The ability to make such an argument also has increased exponentially, and we are seeing it played out, as everyone has or can have an opinion on anything and everything through social media and other opportunities.

So . . . my view is that one way or another these issues are here to stay, and management must address and deal with them as appropriate for each individual business (and the industry in which the business operates). You can also see in the news that by different means different businesses are dealing with or handling these issues, and the ways of doing so will continue to develop.

One might ask, within a particular business (because businesses are separate and individual and should not be lumped as a whole), are there people at the board level who are exercising some oversight of the business’s procedures and processes for handling ESG or aspects of ESG, or risk management or enterprise risk management over environmental, social and governance matters?

People should remember, or should learn, that for most but not all matters, issues and tasks the board’s role is oversight not day-to-day management or involvement, such as, for example, under the business judgment rule. See my prior post with business judgement rule slides at https://wp.me/p75iWX-fm. But director proxy voting recommendations are also becoming more widely disseminated and vocalized about individual directors.

With respect to risk management, the board often delegates to the audit committee the initial oversight of risk management. However, my view is that any committee to which risk management is delegated should still report to the board about its oversight and what it has found, done, and recommended in that regard, and that oversight of overall risk management remains as a board-level matter. See also various stock exchange rules and auditing pronouncements referring and relating to audit committee, or board involvement in the oversight of risk management.

Board and audit committee responsibilities and potential new responsibilities, or at least what some people are arguing those responsibilities should be, also have increased and are greatly increasing. Risk management isn’t new, although what should or might be done to oversee risk management or enterprise risk management is still developing. For the most part, ESG as possibly a separately recognized item is new – and I would argue that “ESG” as a recognized item is vague and ambiguous because there is no agreement about just what criteria or items comprise ESG. I would also suggest that even if it is not specifically legally required, the board and/or its delegated committee should begin, if they don’t already do so, exercising appropriate oversight of management’s procedures and processes relative to ESG and if not of ESG then certainly risk management or enterprise risk management relative to appropriate environmental, social, and governance matters.

These certainly are developing areas of law and possible responsibilities.

Every case and situation is different. It is important to obtain and evaluate all of the evidence that is available, and to apply that evidence to the applicable standards and laws. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this website. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

I am also the new Chair of the Business Law Section of the Bar Association of San Francisco.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

The following are copies of the tables of contents of three of the more formal materials that I have written over the years about accounting/auditing, audit committees, and related legal topics – Accounting and Its Legal Implications was my first formal effort, which resulted in a published book that had more of an accounting and auditing focus; Chapter 5A, Audit Committee Functions and Responsibilities, for the California Continuing Education of the Bar has a more legal focus; and the most recent Tate’s Excellent Audit Committee Guide (February 2017) also has a more legal focus:

Accounting and Its Legal Implications

Chapter 5A, Audit Committee Functions and Responsibilities, CEB Advising and Defending Corporate Directors and Officers

Tate’s Excellent Audit Committee Guide

The following are other summary materials that you might find useful:

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

From a prior blog post which you can find at https://wp.me/p75iWX-dk if the below scan is too difficult to read:

* * * * *

 

 

PCAOB – Implementation of Critical Audit Matters Deeper Dive

As I discussed in a prior post re critical audit matters (Click Here), external auditors are required to include a discussion of critical audit matters in their audit opinion reports for large accelerated filers for audits of fiscal years ending on or after June 30, 2019, and for other public companies for audits of fiscal years ending on or after December 31, 2020. I expect that CAMs and the wording of CAMs will in some instances present or cause contentions between the external auditor on the one hand, and the audit committee, board, and executive officers on the other hand.

A Critical Audit Matter or CAM is defined as:

Any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee: and that:

  1. Relates to accounts or disclosures that are material to the financial statements; and
  2. Involved especially challenging, subjective, or complex auditor judgment.

Thus, based on the above definition, simply determining whether a matter is a CAM could be a challenging issue.

For example, in any given audit situation consider:

-What matters were communicated, or were required to be communicated to the audit committee;

-Relating to accounts or disclosures that are material to the financial statements; and

-Involved especially challenging, subjective, or complex auditor judgment?

The PCAOB has issued a more detailed and worthwhile discussion about critical audit matters and the reporting requirements that is entitled Implementation of Critical Audit Matters Deeper Dive. To view the paper, Click Here

In some circumstances critical audit matters will now become important topics for discussion. The Implementation of Critical Audit Matters Deeper Dive paper also identifies many uncertainties that are yet to be resolved relating to CAMs. Indeed, CAMs are principles based, and likely will vary from auditor to auditor based in part on the auditor’s objective, or subjective, evaluation and judgment. I note that the PCAOB’s paper provides a worthwhile discussion and many examples that should be studied. And the PCAOB also notes twice in the paper that they expect that most audits will include at least one or more CAM. And it should also be noted that the existence of a CAM should not automatically be thought of as a negative or detrimental item – it all depends on the nature of the CAM and how it is worded, as not all CAMs are equal.

Every case and situation is different. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this website. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

 

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

* * * * *