Tag Archives: IIA

Prioritizing the Audit Committee Agenda – CPA Journal – Really Important for Audit and Other Committees (and the Board) – with Tate Comments Added

Posted on by

I have pasted below a link to a March, 2020, article in the CPA Journal, Prioritizing the Audit Committee Agenda. As the article notes, and as is well-known, an audit committee’s agenda and possible agenda is large and growing. Click on the link below for the full article.

The primary areas discuss in the article are the following:

“To help audit committees stay focused and optimize their time, KPMG’s Audit Committee Institute has highlighted seven items to consider when assessing and prioritizing the 2020 agenda:

  • Maintain (or regain) control of the committee’s agenda
  • Reinforce audit quality and set clear expectations for the external auditor
  • Closely monitor management’s progress on implementing FASB’s new credit loss standard
  • Redouble the focus on the company’s ethics, compliance, and whistleblower programs
  • Understand how technology is impacting the finance organization’s talent, efficiency, and added value
  • Reassess the scope and quality of environmental, social, and governance (ESG) or sustainability reports and disclosures
  • Help ensure that internal audit’s eyes and ears are focused on key risks beyond financial reporting.”

The article might help you to focus on the big picture. On the other hand, for each of the topics listed the audit committee would be required to drill down into the detail, which also would illustrate the amount of work that is on the audit committee’s plate.

A couple of additional comments:

(1) I note that some of the major topic areas listed are not necessary required (i.e., are not legally required by statute, regulation or rule) audit committee responsibilities, but they might be required by the audit committee’s charter or other understanding – there needs to be an understanding about just what each individual audit committee is responsible for under its oversight responsibilities;

(2) An audit committee’s legal responsibilities also depend not only on (1) above, but also on whether the entity is a public company (and the size of the filing entity as legal requirements can vary based on size), non-public/private entity, nonprofit entity, or governmental entity (I add the governmental entity category because I believe that there should also be more a focus in that area);

(3) Implementation of some of the new lease and related accounting standards recently have been delayed;

(4) The audit committee might or might not be responsible for ESG (but beware that it may still be responsible for oversight of disclosures) – for example, some boards might delegate oversight of ESG topics and areas to other committees – I have seen that at least one company has renamed its nominating and governance committee to nominating, environmental, social, and governance committee;

(5) The article reminds us that the topic areas that are listed are not exhaustive;

(6) Each audit committee really does need to conduct an effective self-evaluation annually or more often (contact me if you would like some help or facilitation with this);

(7) The board and its committees really do need to conduct a joint self-evaluation annually or more often to be sure that everyone is on the same page;

(8) Use internal audit and make sure that internal audit is providing the audit committee with the services and information that the audit committee needs (if your entity has an internal audit function, or needs to start one);

(9) Make sure that the audit committee and its members have the resources, information, communications, and knowledge or education and they need within the committee and with people outside of the committee, including access to outside legal counsel; and

(10) The above comments (1) through (9) can be increased, of course.

Click on the following link or picture for the full article: https://www.cpajournal.com/2020/03/13/prioritizing-the-audit-committee-agenda/

Best to you, Dave Tate, Esq.

———————————————————————-

Remember, every case and situation is different. It is important to obtain and evaluate all of the evidence that is available, and to apply that evidence to the applicable standards and laws. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this post. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly. And please also subscribe to this blog and my other blog (see below), and connect with me on LinkedIn and Twitter.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

I am also the Chair of the Business Law Section of the Bar Association of San Francisco.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance and governance committee, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

My law practice primarily involves the following areas and issues:

Trust, Estate, Probate Court, Elder and Dependent Adult, and Disability Disputes and Litigation

  • Trust and estate disputes and litigation, and contentious administrations representing fiduciaries and beneficiaries; elder abuse; power of attorney disputes; elder care and nursing home abuse; conservatorships; claims to real and personal property; and other related disputes and litigation.

Business, Business-Related, and Workplace Disputes and Litigation: Private, Closely Held, and Family Businesses; Public Companies; Nonprofit Entities; and Governmental Entities

  • Business v. business disputes including breach of contract; unlawful, unfair and fraudulent business practices; fraud, deceit and misrepresentation; unfair competition; licensing agreements, breach of the covenant of good faith and fair dealing; etc.
  • Misappropriation of trade secrets
  • M&A disputes
  • Founder, officer, director and board, investor, shareholder, creditor, VC, control, governance, decision making, fiduciary duty, conflict of interest, independence, voting, etc., disputes
  • Buy-sell disputes
  • Funding and share dilution disputes
  • Accounting, lost profits, and royalty disputes and damages
  • Access to corporate and business records disputes
  • Employee, employer and workplace disputes and processes, discrimination, whistleblower and retaliation, harassment, defamation, etc.

Investigations, Governance, and Responsibilities and Rights

  • Corporate, business, nonprofit and governmental internal investigations
  • Board, audit committee, governance committee, and special committee governance and processes, disputes, conflicts of interest, independence, culture, ethics, etc.; and advising audit committees, governance committees, officers, directors, and boards

The following are copies of the tables of contents of three of the more formal materials that I have written over the years about accounting/auditing, audit committees, and related legal topics – Accounting and Its Legal Implications was my first formal effort, which resulted in a published book that had more of an accounting and auditing focus; Chapter 5A, Audit Committee Functions and Responsibilities, for the California Continuing Education of the Bar has a more legal focus; and the most recent Tate’s Excellent Audit Committee Guide (February 2017) also has a more legal focus:

Accounting and Its Legal Implications

Chapter 5A, Audit Committee Functions and Responsibilities, CEB Advising and Defending Corporate Directors and Officers

Tate’s Excellent Audit Committee Guide

The following are other summary materials that you might find useful:

An internal investigation summary overview page from a prior blog post which you can find at https://wp.me/p75iWX-dk if the below scan is too difficult to read (and you will also find other posts about investigations on my blog):

 

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

 

AUDIT COMMITTEE SELF-EVALUATION

David W. Tate

Attorney at Law

Certified Public Accountant (inactive California)

Copyright 2019 David W. Tate (however, you are authorized to download and print these materials for your use, and to also pass them to other people who would be interested)

BLOGS

D&O, Audit Committees, Risk Management, Compliance, Investigations & Governance: http://auditcommitteeupdate.com

Trust, Estate, Conservatorship & Elder Abuse Litigation: http://californiaestatetrust.com

Linkedin: http://www.linkedin.com/in/davetateesq

Twitter: http://twitter.com/davidtateesq

Self-evaluation is an important board and committee activity, and can be very helpful if done properly.

A.  Introduction and Overview

The following discussion covers audit committee self-evaluation and provides processes that you can use. As noted elsewhere in these materials, although many board and audit committee functions, responsibilities and tasks are specified by statute, regulation, rule or pronouncement, board and audit committee member standards of care remain significantly dependent on due diligence and prudent judgment.

Boards and audit committees of various entities are required by law, regulation or rule to conduct annual committee self-evaluations; however, it is worthwhile for boards and audit committees of all public and private companies and nonprofit entities to conduct self-evaluations. Board and audit committee jobs are challenging, ongoing, and technical in nature, and require the members to significantly interact with many people in different capacities within and outside of the entity. It only makes sense that both boards and audit committees should at least once each year take time to step back and review, evaluate and make improvements to their manners of operation, and also consider helpful actions that can be taken by other people with whom the boards and audit committees interact. Self-evaluation will be worthwhile even if it results in improving only one area of operation.

Board and audit committee responsibilities originate from several different sources at least including (1) activities and responsibilities that boards or audit committees voluntarily undertake or that are delegated to them; (2) the business judgment rule; (3) the specific laws, regulations and rules that are applicable to the entity’s directors and audit committee members; (4) the wording of the board and audit committee charters, if there are charters; (5) shareholder and stakeholder expectations, and (6) for audit committees, accounting and auditing pronouncements relating to the outside auditor’s activities.

Prudent board and audit committee processes and diligence are also important to reduce member and entity liability and reputation risk. An increasing number of cases hold that board and audit committee members can be liable for failure to exercise sufficient diligence, failure to spot and respond to red flags, and failure to take action. Active board, committee and corporate diligence tend to demonstrate prudent business judgment and negate allegations of recklessness, improper intent, intentional wrongdoing, or “scienter” such as in the context of securities litigation, thus reducing the risk of securities liability and damages. In the context of audit committee activities, potential entity, board, and audit committee member liability typically arises in the context of alleged improper accounting practices, written and oral public misrepresentations (such as with respect to financial matters), and improper employment practices.

Although not required, there can be advantages to having a facilitator conduct an interactive interview approach to the self-evaluation process, but without performance grading or rating: it can be difficult to construct a questionnaire with standardized questions that would be similarly understood by each of the participants in the self-evaluation process; different people use different rating scales; different people express responses in different manners; and certain important issues will change from year to year. A facilitated approach may encourage better discussion and comment, compilation, continuity, explanation, and follow-up. Contact me if you are interested in committee self-evaluation assistance at a reasonable fixed fee.

Issues and topic areas to consider during the self-evaluation process will naturally vary from entity to entity, and from board and audit committee to board and audit committee. Thus, to stimulate discussion, below for both boards and audit committees I have provided lists of potential broad issues or topic areas to consider for discussion and evaluation, including both successes and possible improvements; and I have also outlined processes to assist your board and audit committee self-evaluation processes.

B.  Audit Committee Self-Evaluation

1.  Sample List of Issues and Topics to Consider for Audit Committee Self-Evaluation

The following is a list of issues and topic areas to consider for discussion and evaluation. The list is intended to help trigger thought processes, but, of course, is not exhaustive as areas of discussion and evaluation will vary from entity to entity, and from committee to committee. The following list is not intended to and does not suggest that each or any of the below issues and topics must be considered or covered and is not a checklist – instead, if your audit committee is required to conduct a specific evaluation process or to cover certain specific issues and topics, you will need to separately consider the specific requirements, if any, for your audit committee and its evaluation process pursuant to law, regulation or rule. In that regard, please also see the disclaimer and limitations at the beginning of these materials.

-Audit committee meeting agenda preparation and dissemination process.

-Committee member independence and situational independence, financial literacy, experience and expertise.

-Committee member access to information and/or education pertinent to the functions and responsibilities of the audit committee. Are the needs of the committee members being met, so that they are sufficiently knowledgeable and educated about the company or nonprofit and its industry; relevant significant accounting and auditing issues; relevant legal matters; internal controls, risk assessment and management; governance; and new developments in those and other areas?

-Committee and committee member interactions, including interaction between committee members, and between the committee and the board, the CEO, the CFO, the outside auditor, the internal auditor, legal counsel, compliance and ethics, HR, consultants, and other people.

-The committee’s processes for identifying and spotting issues, evaluation and decision making.

-The contents of the audit committee charter, and a mutual understanding of the audit committee’s responsibilities and tasks. The charter is a requirement for public companies, and is a good idea for many private companies and nonprofit entities. The charter is a prudent document to identify and clarify the audit committee’s responsibilities. In addition to the committee itself, it is important for the board, the executive officers, and other stakeholders to have a correct understanding about the committee’s responsibilities and limitations, and the extent to which state or local jurisdiction, U.S. and international requirements and responsibilities apply or may apply to your audit committee.

-Selection of the outside auditor; audit planning; review of the performance of the outside auditor; and review of the quarterly review and annual audit report and process (or compilation if appropriate).

-Review of recent developments relating to the business judgment rule, standard of care and acceptable reliance on other people.

-Review of accounting and financial internal and fraud/embezzlement related controls and processes, risk assessment and management, possible entity and individual liability and reputation risk exposure; and compliance assessment and management relating to laws, regulations, and rules that are within the scope of the audit committee’s functions and responsibilities including issues relating to the Foreign Corrupt Practices Act.

– Review of the accounting department, and accounting and financial reporting for transactions including all of the subcomponents such as principles and policies applied (quality not just acceptability); judgments, estimates and reserves; timing and cutoff procedures; off balance sheet transactions; related party transactions; contingencies and liabilities; revenue recognition; expenses; inventories; goodwill; insider trading; and other matters relating to accounting and financial statement reports.

-Implementing revenue recognition rules, and other important, new or changing accounting principles.

-Review of internal investigation processes, procedures and needs.

-Review of the financial and internal audit functions, and how they can be helpful to the audit committee in the performance of its responsibilities and tasks.

-Review of risk management and uncertainty issues, practices and processes that are within the scope of the audit committee’s function and responsibilities.

-Implementing COSO 2013 or other appropriate processes.

-Documenting and reporting the audit committee’s activities and minutes.

-The audit committee’s use of attorneys and consultants.

-The company’s investor communication processes.

-Whistleblower, ethics, anonymous reporting and complaint handling processes to the extent that the reporting is within the scope of the audit committee’s function and responsibilities.

-Document retention policies.

-Review of the compliance and ethics function and processes that are within the scope of the audit committee’s responsibilities, and how they can be helpful to the audit committee in the performance of its responsibilities and tasks.

-Governance, including tone at the top, financial leadership, transparency and appearance.

-Review of employer, employee and workplace processes, culture, safety, and disciplinary practices that are within the scope of the audit committee’s function and responsibilities.

-Review of tax compliance and reporting issues that are within the scope of the audit committee’s function and responsibilities.

-Review of cybersecurity and internet security issues that are within the scope of the audit committee’s function and responsibilities.

-Insurance.

-Review of pension and health plan related issues that are within the scope of the audit committee’s function and responsibilities.

-Review of information privacy issues, practices and processes that are within the scope of the audit committee’s function and responsibilities.

-Review of asset protection, IP, trade secret, etc. practices to the extent that they are within the audit committee’s function and responsibilities.

-Review of environmental issues and safety that are within the scope of the audit committee’s function and responsibilities.

-Review of product and consumer safety issues, practices and processes that are within the scope of the audit committee’s function and responsibilities.

-Review of ESG, ESG processes, and ESG discussions and disclosures.

-Review of billing and accounting relating to the receipt of funds or revenue from governmental sources such as Medicare and Medicaid; compliance with applicable laws, regulations, rules and other requirements; and oversight of expenses relating to these areas.

-Review of the acceptance, receipt, allocation, expenditure or distribution, and accounting for all charitable and donor funds, grants, contributions, pledges and other resources, including compliance with all requirements, restrictions and special uses.

-Review of accounting for collaboration and joint venture arrangements, including the allocation of receipts/income and distributions/expenses between the entities.

-And, in this economic environment, review of the fair value of funds and investments, including loss of value; liquidity concerns; possible going concern issues; estimates for uncollectibles and related reserves; debt/loan covenants; and funding source uncertainties including those that relate to collaboration and joint venture arrangements.

-It is also important for the audit committee to clarify with the board what responsibilities it has, if any, for oversight of the numerous and various areas of taxation and compliance; ERISA, pension and health and welfare plans; investments; tax exempt status including fund raising, dues, solicitation, and political, campaign and lobby activities; and other areas significant to the entity.

-Discussion about audit committee membership and recruitment needs.

-Additional significant topics or issues that should be discussed.

2.  A Self-Evaluation Process and Format for Audit Committees

The following eight primary steps outline a proposed audit committee self-evaluation process that is workable for audit committees of public companies, private companies and nonprofit entities, whether using or not using, an outside facilitator.

 

Step 1. Determine the people who will be participating in the evaluation process, including the audit committee members, and other people, if any, to interview for comment.

Provide the names of the people who will participate in the evaluation process.

 

 

Step 2. Determine how the participant interviews will be conducted, individually or in a group, in person or by telephone, skype or some other means.

Provide comments or information about how the interviews will be handled with the various different people who will participate in the evaluation.

 

 

Step 3. Arrange participant individual or group interview dates and times.

Provide participant individual or group interview date and time information.

 

 

Step 4. Provide the participants with pre-interview materials and a list of possible issue or topic areas (broad and specific) for consideration and discussion. Of course, the participants can add additional issues or topics. Use this paper for that purpose.

Provide information regarding the status of disseminating the pre-interview materials.

 

 

Step 5. Have each participant provide a list of one to five, or more, issues or topic areas that the participant would specifically like to discuss during the evaluation process.

Provide comments and information regarding receipt of issues or topic areas from the self-evaluation process participants, and the respective issues or topic areas listed.

 

 

Step 6. Conduct information intake or interviews with participants individually or as a group.

Provide comments and information from the participants or the status of such – the input can be made by the participants themselves or by a facilitator during self-evaluation interviews.

 

 

Step 7. Summarize in a report format the issues and topic areas, information received, and suggestions made during the self-evaluation process.

Provide a summary in a report format.

 

 

Step 8. Provide a report back to the audit committee, and possibly conduct a committee group review of the self-evaluation process, information obtained, and suggestions made, and possible future actions or follow-up.

Provide additional comments and information about the self-evaluation process or results.

 

 

Concluding comments. I hope you have found this discussion helpful and at least a good starting point for your audit committee self-evaluation. Feel free to contact me if you are interested in discussing the audit committee self-evaluation process, or if you would like help with facilitation of committee self-evaluation at a reasonable fixed fee.

Best to you,

David Tate, Esq.

* * * * *

 

 

 

Forwarding and Discussing – IIA, Richard Chambers’: From the Epicenter of Corporate Governance, Internal Audit Exposes Weaknesses

Posted on by

I have provided immediately below the link to a blog post by Richard Chambers, CEO of the Institute of Internal Auditors, in which Mr. Chambers provides comments about the new American Corporate Governance Index. Below the link to Mr. Chambers’ post, I have provided snapshots of three comments by Mr. Chambers in his post, a link that you can use to download a free copy of the American Corporate Governance Index, and a listing of the eight Principles on which the Index is based.

Here is the link to Richard Chambers’ blog post:

https://iaonline.theiia.org/blogs/chambers/2019/Pages/From-the-Epicenter-of-Corporate-Governance-Internal-Audit-Exposes-Weaknesses.aspx

Below are snapshots of the three of Mr. Chambers’ blog comments that I found most significantly interesting. The discussion in the third snapshot would raise additional issues including, for example, how does or how would internal audit actually go about auditing governance and using what criteria, who would need to be convinced to have internal audit perform a governance audit (the board, the audit committee, the CEO, etc.?), does your internal audit function currently have the expertise to audit governance, if internal audit does audit governance, what will be done with the resulting report and findings, should governance and governance criteria be identified and evaluated different depending on the size and type of the entity (such as large-cap, mid-cap, small-cap, micro-cap, public, private, nonprofit, governmental, etc.), etc.?

Snapshot 1: Board members unwilling to offer opinions contrary to the CEO – well . . . this certainly is an issue that would need to be further explored on a case by case basis.

Snapshot 2: Board members not verifying the accuracy of information they receive – again, this would need to be evaluated on a case by case basis – note, however, that the business judgment rule allows for some reasonable, trustworthy reliance.

Snapshot 3: Evaluation of governance by internal audit – see my comments above, and I have long advocated for boards and audit committees to make the best possible use of internal audit, to help the board and audit committee perform and satisfy their oversight responsibilities. Obviously the board and audit committee need to communicate their needs to internal audit, and internal audit needs to communicate its abilities, and have the experience and abilities to perform the agreed upon tasks.

The following is a link that you can use to download a free copy of the American Corporate Governance Index, followed by a listing of the eight Principles as defined by the Index. Whereas I don’t necessarily agree with each of the Principles listed or as they are described, and we definitely can discuss how the survey is performed and evaluated, whether comparisons and generalities can be made, and that governance will or can reasonably and logically vary from entity to entity, I do encourage the effort that has been made and I do hope that it is useful to promote discussions about and developments in governance and the evaluation of governance.

https://na.theiia.org/about-us/Pages/American-Corporate-Governance-Index.aspx

AMERICAN CORPORATE GOVERNANCE INDEX – EIGHT PRINCIPLES

DEFINITION

Corporate governance is the overarching set of policies, procedures, and relationships that enables an organization to establish objectives, set ethical boundaries to the acceptable means with which those objectives will be met, monitor the achievement of objectives, reward successful achievements, and discipline unsuccessful or inappropriate attempts to meet objectives, in order to keep the organization aligned with the needs and interests of its primary stakeholders.

Principle 1

Effective corporate governance requires regular and constructive interaction among key stakeholders, the board, management, internal audit, legal counsel, and external audit and other advisors.

Principle 2

The board should ensure that key stakeholders are identified and, where appropriate, stakeholder feedback is regularly solicited to evaluate whether corporate policies meet key stakeholders’ needs and expectations.

  • Key stakeholders can change over time, and as such, boards should ensure processes are in place to regularly monitor the identification of key stakeholders.
  • Key stakeholders are those who have a material impact on corporate operations, or on whom the corporate operations have a material impact.
  • Stakeholders can be external or internal and include communities affected by the company’s operations, creditors, customers, employees, regulators, shareholders, suppliers, etc.
  • When evaluating business success, the company should also evaluate its social and environmental impact and determine whether it aligns with corporate objectives and the interests of key stakeholders.

Principle 3

Board members should act in the best interest of the company and the shareholders while balancing the interests of other key external and internal stakeholders.

  • The board should exhibit sufficient independence and objectivity in fact and appearance. There should be a clear form of leadership for the board that is distinct from management. Each board member should employ healthy skepticism in meeting

his or her responsibilities and be willing to challenge the CEO and other board members constructively.

  • Board members should exhibit high integrity and competence, and provide diverse perspectives in terms of industry expertise, technical expertise, culture, and thought.
  • Board members should exhibit a commitment of time and active involvement, including preparation for and direct participation in appropriate board, committee, and shareholder meetings. They should be informed on relevant issues, particularly those involving potential or existing crises, and be available to consult with management, as needed.
  • Board members should receive ongoing education and training to perform their responsibilities, including areas of emerging risk to the company.
  • Board members should be compensated in a way that encourages alignment with key stakeholder interests.
  • Executive sessions should be held regularly and often, as they are critical in establishing an appropriate environment of objectivity and candor. These sessions should include independent directors and those outside directors who do not qualify as independent, but exclude members of management.
  • The board should undergo regular, robust evaluations and, as needed, members should be rotated (including leadership positions within the board) to ensure a balance of company-specific knowledge and new perspectives. Effective board evaluations should lead to improved governance and corporate outcomes.
  • Shareholders should have fair opportunities to nominate and regularly vote on the retention of board members.

Principle 4

The board should ensure that the company maintains a sustainable strategy focused on long-term performance and value. This includes:

  • Defining corporate objectives and approving long-term strategic goals.
  • Evaluating risks, including reputational risks, and seeking to balance risk and reward after considering all relevant stakeholders.
  • Designing management compensation to align with long-term strategic goals, regularly evaluating performance of the CEO, and overseeing management succession planning.
  • Ensuring that all employees receive adequate training and are compensated in a way that encourages achievement of corporate objectives.

Principle 5

The board should ensure that the culture of the company is healthy, regularly monitor and evaluate the company’s core culture and values, assess the integrity and ethics of senior management, and, as needed, intervene to correct misaligned corporate objectives and culture.

Principle 6

The board should ensure that structures and practices exist and are well-governed so that it receives timely, complete, relevant, accurate, and reliable information to perform its oversight effectively.

  • Each board member should have unrestricted access to management, as needed, to fulfill their responsibilities.
  • Board members have a responsibility to protect the confidentiality of non-public information.

Principle 7

The board should ensure corporate disclosures are consistently transparent and accurate, and in compliance with legal requirements, regulatory expectations, and ethical norms.

  • The board should ensure that an independent committee (an Audit Committee or equivalent) with appropriate expertise is responsible for oversight of both internal and external auditors. Internal audit should have direct and unfiltered access to this committee; it should be adequately resourced; and its purpose, authority, and responsibility should be formally defined and consistent with the International Standards for the Professional Practice of Internal Auditing.
  • The board should oversee the company’s assessment of the risk of fraud specifically and ensure that adequate controls are in place to detect and deter fraud.
  • The board should have in place processes for employees or other stakeholders to report suspected fraud or misconduct to independent members of the board without fear of retaliation.

Principle 8

Companies should be purposeful and transparent in choosing and describing their key policies and procedures related to corporate governance to allow key stakeholders an opportunity to evaluate whether the chosen policies and procedures are optimal for the specific company.

  • The board should ensure that the company regularly evaluates the full system of corporate governance to ensure that individual components are operating as expected, and that all components operate in a cohesive manner to achieve corporate objectives.
  • The board should ensure that corporate governance evaluations encourage the reporting of potential deficiencies at all levels, including within the board, without fear of retaliation.
  • The board should ensure that the company addresses any deficiencies in a timely manner.

—————————————————————

Remember, every case and situation is different. It is important to obtain and evaluate all of the evidence that is available, and to apply that evidence to the applicable standards and laws. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this post. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly. And please also subscribe to this blog and my other blog (see below), and connect with me on LinkedIn and Twitter.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

I am also the Chair of the Business Law Section of the Bar Association of San Francisco.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

My law practice primarily involves the following areas and issues:

Probate Court Disputes and Litigation

  • Trust and estate disputes and litigation, and contentious administrations representing fiduciaries and beneficiaries; elder abuse; power of attorney disputes; elder care and nursing home abuse; conservatorships; claims to real and personal property; and other related disputes and litigation.

Business and Business-Related Disputes and Litigation: Private, Closely Held, and Family Businesses; Public Companies; and Nonprofit Entities

  • Business v. business disputes including breach of contract; unlawful, unfair and fraudulent business practices; fraud, deceit and misrepresentation; unfair competition; licensing agreements, breach of the covenant of good faith and fair dealing; etc.
  • Misappropriation of trade secrets
  • M&A disputes
  • Founder, officer, director and board, investor, shareholder, creditor, VC, control, governance, decision making, fiduciary duty, conflict of interest, independence, voting, etc., disputes
  • Buy-sell disputes
  • Funding and share dilution disputes
  • Accounting, lost profits, and royalty disputes and damages
  • Access to corporate and business records disputes
  • Employee, employer and workplace disputes and processes, discrimination, whistleblower and retaliation, harassment, defamation, etc.

Investigations and Governance

  • Corporate and business internal investigations
  • Board, audit committee and special committee governance and processes, disputes, conflicts of interest, independence, culture, ethics, etc.

The following are copies of the tables of contents of three of the more formal materials that I have written over the years about accounting/auditing, audit committees, and related legal topics – Accounting and Its Legal Implications was my first formal effort, which resulted in a published book that had more of an accounting and auditing focus; Chapter 5A, Audit Committee Functions and Responsibilities, for the California Continuing Education of the Bar has a more legal focus; and the most recent Tate’s Excellent Audit Committee Guide (February 2017) also has a more legal focus:

Accounting and Its Legal Implications

Chapter 5A, Audit Committee Functions and Responsibilities, CEB Advising and Defending Corporate Directors and Officers

Tate’s Excellent Audit Committee Guide

The following are other summary materials that you might find useful:

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

From a prior blog post which you can find at https://wp.me/p75iWX-dk if the below scan is too difficult to read:

* * * * *

AUDIT COMMITTEE SELF-EVALUATION

David W. Tate

Attorney at Law

Certified Public Accountant (inactive California)

Copyright 2019 David W. Tate (however, you are authorized to download and print these materials for your use, and to also pass them to other people who would be interested)

BLOGS

D&O, Audit Committees, Risk Management, Compliance, Investigations & Governance: http://auditcommitteeupdate.com

Trust, Estate, Conservatorship & Elder Abuse Litigation: http://californiaestatetrust.com

Linkedin: http://www.linkedin.com/in/davetateesq

Twitter: http://twitter.com/davidtateesq

 

Self-evaluation is an important board and committee activity, and can be very helpful if done properly.

A.  Introduction and Overview

The following discussion covers audit committee self-evaluation and provides processes that you can use. As noted elsewhere in these materials, although many board and audit committee functions, responsibilities and tasks are specified by statute, regulation, rule or pronouncement, board and audit committee member standards of care remain significantly dependent on due diligence and prudent judgment.

Boards and audit committees of various entities are required by law, regulation or rule to conduct annual committee self-evaluations; however, it is worthwhile for boards and audit committees of all public and private companies and nonprofit entities to conduct self-evaluations. Board and audit committee jobs are challenging, ongoing, and technical in nature, and require the members to significantly interact with many people in different capacities within and outside of the entity. It only makes sense that both boards and audit committees should at least once each year take time to step back and review, evaluate and make improvements to their manners of operation, and also consider helpful actions that can be taken by other people with whom the boards and audit committees interact. Self-evaluation will be worthwhile even if it results in improving only one area of operation.

Board and audit committee responsibilities originate from several different sources at least including (1) activities and responsibilities that boards or audit committees voluntarily undertake or that are delegated to them; (2) the business judgment rule; (3) the specific laws, regulations and rules that are applicable to the entity’s directors and audit committee members; (4) the wording of the board and audit committee charters, if there are charters; (5) shareholder and stakeholder expectations, and (6) for audit committees, accounting and auditing pronouncements relating to the outside auditor’s activities.

Prudent board and audit committee processes and diligence are also important to reduce member and entity liability and reputation risk. An increasing number of cases hold that board and audit committee members can be liable for failure to exercise sufficient diligence, failure to spot and respond to red flags, and failure to take action. Active board, committee and corporate diligence tend to demonstrate prudent business judgment and negate allegations of recklessness, improper intent, intentional wrongdoing, or “scienter” such as in the context of securities litigation, thus reducing the risk of securities liability and damages. In the context of audit committee activities, potential entity, board, and audit committee member liability typically arises in the context of alleged improper accounting practices, written and oral public misrepresentations (such as with respect to financial matters), and improper employment practices.

Although not required, there can be advantages to having a facilitator conduct an interactive interview approach to the self-evaluation process, but without performance grading or rating: it can be difficult to construct a questionnaire with standardized questions that would be similarly understood by each of the participants in the self-evaluation process; different people use different rating scales; different people express responses in different manners; and certain important issues will change from year to year. A facilitated approach may encourage better discussion and comment, compilation, continuity, explanation, and follow-up. Contact me if you are interested in committee self-evaluation assistance at a reasonable fixed fee.

Issues and topic areas to consider during the self-evaluation process will naturally vary from entity to entity, and from board and audit committee to board and audit committee. Thus, to stimulate discussion, below for both boards and audit committees I have provided lists of potential broad issues or topic areas to consider for discussion and evaluation, including both successes and possible improvements; and I have also outlined processes to assist your board and audit committee self-evaluation processes.

B.  Audit Committee Self-Evaluation

1.  Sample List of Issues and Topics to Consider for Audit Committee Self-Evaluation

The following is a list of issues and topic areas to consider for discussion and evaluation. The list is intended to help trigger thought processes, but, of course, is not exhaustive as areas of discussion and evaluation will vary from entity to entity, and from committee to committee. The following list is not intended to and does not suggest that each or any of the below issues and topics must be considered or covered and is not a checklist – instead, if your audit committee is required to conduct a specific evaluation process or to cover certain specific issues and topics, you will need to separately consider the specific requirements, if any, for your audit committee and its evaluation process pursuant to law, regulation or rule. In that regard, please also see the disclaimer and limitations at the beginning of these materials.

-Audit committee meeting agenda preparation and dissemination process.

-Committee member independence and situational independence, financial literacy, experience and expertise.

-Committee member access to information and/or education pertinent to the functions and responsibilities of the audit committee. Are the needs of the committee members being met, so that they are sufficiently knowledgeable and educated about the company or nonprofit and its industry; relevant significant accounting and auditing issues; relevant legal matters; internal controls, risk assessment and management; governance; and new developments in those and other areas?

-Committee and committee member interactions, including interaction between committee members, and between the committee and the board, the CEO, the CFO, the outside auditor, the internal auditor, legal counsel, compliance and ethics, HR, consultants, and other people.

-The committee’s processes for identifying and spotting issues, evaluation and decision making.

-The contents of the audit committee charter, and a mutual understanding of the audit committee’s responsibilities and tasks. The charter is a requirement for public companies, and is a good idea for many private companies and nonprofit entities. The charter is a prudent document to identify and clarify the audit committee’s responsibilities. In addition to the committee itself, it is important for the board, the executive officers, and other stakeholders to have a correct understanding about the committee’s responsibilities and limitations, and the extent to which state or local jurisdiction, U.S. and international requirements and responsibilities apply or may apply to your audit committee.

-Selection of the outside auditor; audit planning; review of the performance of the outside auditor; and review of the quarterly review and annual audit report and process (or compilation if appropriate).

-Review of recent developments relating to the business judgment rule, standard of care and acceptable reliance on other people.

-Review of accounting and financial internal and fraud/embezzlement related controls and processes, risk assessment and management, possible entity and individual liability and reputation risk exposure; and compliance assessment and management relating to laws, regulations, and rules that are within the scope of the audit committee’s functions and responsibilities including issues relating to the Foreign Corrupt Practices Act.

– Review of the accounting department, and accounting and financial reporting for transactions including all of the subcomponents such as principles and policies applied (quality not just acceptability); judgments, estimates and reserves; timing and cutoff procedures; off balance sheet transactions; related party transactions; contingencies and liabilities; revenue recognition; expenses; inventories; goodwill; insider trading; and other matters relating to accounting and financial statement reports.

-Implementing revenue recognition rules, and other important, new or changing accounting principles.

-Review of internal investigation processes, procedures and needs.

-Review of the financial and internal audit functions, and how they can be helpful to the audit committee in the performance of its responsibilities and tasks.

-Review of risk management and uncertainty issues, practices and processes that are within the scope of the audit committee’s function and responsibilities.

-Implementing COSO 2013 or other appropriate processes.

-Documenting and reporting the audit committee’s activities and minutes.

-The audit committee’s use of attorneys and consultants.

-The company’s investor communication processes.

-Whistleblower, ethics, anonymous reporting and complaint handling processes to the extent that the reporting is within the scope of the audit committee’s function and responsibilities.

-Document retention policies.

-Review of the compliance and ethics function and processes that are within the scope of the audit committee’s responsibilities, and how they can be helpful to the audit committee in the performance of its responsibilities and tasks.

-Governance, including tone at the top, financial leadership, transparency and appearance.

-Review of employer, employee and workplace processes, culture, safety, and disciplinary practices that are within the scope of the audit committee’s function and responsibilities.

-Review of tax compliance and reporting issues that are within the scope of the audit committee’s function and responsibilities.

-Review of cybersecurity and internet security issues that are within the scope of the audit committee’s function and responsibilities.

-Insurance.

-Review of pension and health plan related issues that are within the scope of the audit committee’s function and responsibilities.

-Review of information privacy issues, practices and processes that are within the scope of the audit committee’s function and responsibilities.

-Review of asset protection, IP, trade secret, etc. practices to the extent that they are within the audit committee’s function and responsibilities.

-Review of environmental issues and safety that are within the scope of the audit committee’s function and responsibilities.

-Review of product and consumer safety issues, practices and processes that are within the scope of the audit committee’s function and responsibilities.

-Review of billing and accounting relating to the receipt of funds or revenue from governmental sources such as Medicare and Medicaid; compliance with applicable laws, regulations, rules and other requirements; and oversight of expenses relating to these areas.

-Review of the acceptance, receipt, allocation, expenditure or distribution, and accounting for all charitable and donor funds, grants, contributions, pledges and other resources, including compliance with all requirements, restrictions and special uses.

-Review of accounting for collaboration and joint venture arrangements, including the allocation of receipts/income and distributions/expenses between the entities.

-And, in this economic environment, review of the fair value of funds and investments, including loss of value; liquidity concerns; possible going concern issues; estimates for uncollectibles and related reserves; debt/loan covenants; and funding source uncertainties including those that relate to collaboration and joint venture arrangements.

-It is also important for the audit committee to clarify with the board what responsibilities it has, if any, for oversight of the numerous and various areas of taxation and compliance; ERISA, pension and health and welfare plans; investments; tax exempt status including fund raising, dues, solicitation, and political, campaign and lobby activities; and other areas significant to the entity.

-Discussion about audit committee membership and recruitment needs.

-Additional significant topics or issues that should be discussed.

2.  A Self-Evaluation Process and Format for Audit Committees

The following eight primary steps outline a proposed audit committee self-evaluation process that is workable for audit committees of public companies, private companies and nonprofit entities, whether using or not using, an outside facilitator.

 

Step 1. Determine the people who will be participating in the evaluation process, including the audit committee members, and other people, if any, to interview for comment.

Provide the names of the people who will participate in the evaluation process.

 

 

Step 2. Determine how the participant interviews will be conducted, individually or in a group, in person or by telephone, skype or some other means.

Provide comments or information about how the interviews will be handled with the various different people who will participate in the evaluation.

 

 

Step 3. Arrange participant individual or group interview dates and times.

Provide participant individual or group interview date and time information.

 

 

Step 4. Provide the participants with pre-interview materials and a list of possible issue or topic areas (broad and specific) for consideration and discussion. Of course, the participants can add additional issues or topics. Use this paper for that purpose.

Provide information regarding the status of disseminating the pre-interview materials.

 

 

Step 5. Have each participant provide a list of one to five, or more, issues or topic areas that the participant would specifically like to discuss during the evaluation process.

Provide comments and information regarding receipt of issues or topic areas from the self-evaluation process participants, and the respective issues or topic areas listed.

 

 

Step 6. Conduct information intake or interviews with participants individually or as a group.

Provide comments and information from the participants or the status of such – the input can be made by the participants themselves or by a facilitator during self-evaluation interviews.

 

 

Step 7. Summarize in a report format the issues and topic areas, information received, and suggestions made during the self-evaluation process.

Provide a summary in a report format.

 

 

Step 8. Provide a report back to the audit committee, and possibly conduct a committee group review of the self-evaluation process, information obtained, and suggestions made, and possible future actions or follow-up.

Provide additional comments and information about the self-evaluation process or results.

 

 

Concluding comments. I hope you have found this discussion helpful and at least a good starting point for your audit committee self-evaluation. Feel free to contact me if you are interested in discussing the audit committee self-evaluation process, or if you would like help with facilitation of committee self-evaluation at a reasonable fixed fee.

Best to you,

David Tate, Esq.

* * * * *

Evaluating Director Independence – Zynga Shareholder Derivative Suit

Posted on by

Thomas Sandys Derivatively on Behalf of Zynga, Inc. v. Pincus, et al., Delaware Supreme Court, Case No. 157,2016, December 5, 2016, highlights the sometimes difficulty, and the importance of evaluating director independence in the circumstance of a shareholder derivative suit.

In Zynga the plaintiff filed his shareholder derivative suit without first making a demand upon the board that the Company sue Company insiders that were alleged to have improperly sold Company stock. Instead of first making the demand upon the board, plaintiff argued that such a demand would have been futile because a majority of the nine person board members lacked independence.

In summary, the plaintiff alleged two derivative claims based on allegations that certain top managers and directors at Zynga were given an exemption to the Company’s standing rule preventing sales of stock by insiders until three days after an earnings announcement, and that the insiders who participated in the sale breached their fiduciary duties by misusing confidential information when they sold their shares while in possession of adverse, material non-public information. And plaintiff also asserted a duty of loyalty claim against the directors who approved the sale.

The holding in Zynga is that at the pleading stage there was sufficient evidence to suggest that a majority of the board did lack independence so as to excuse not making the demand upon the board. The holding is primarily interesting for the Court’s discussion about three particular board members, and the reasons why the Court determined that there was evidence to sufficiently suggest that those three directors did in fact lack independence to impartially consider a demand that the Company bring suit against the selling insiders, which resulted in a majority of the board also lacking independence, so as to excuse making the pre-suit demand upon the board.

To plead demand excusal the plaintiff must plead particularized factual allegations that create a reasonable doubt that, as of the time the complaint was filed, the board of directors could have properly exercised its independent and disinterested business judgment in responding to a demand. At the pleading stage, a lack of independence turns on whether the plaintiff has pleaded facts from which the director‘s ability to act impartially on a matter important to the interested party can be doubted because that director may feel subject to the interested party‘s dominion or beholden to that interested party.
With respect to one of the directors in question, the Court found troubling for the purpose of independence or lack thereof that the particular board member and her husband co-owned an unusual asset, an airplane, with Zynga’s former CEO and controlling stockholder, which the Court found was suggestive of an “extremely intimate personal friendship between their families.”

And with respect to the other two directors, the Court found troubling for the purpose of independence or lack thereof that the directors are partners at a prominent venture capital firm and that they and their firm not only controlled 9.2% of Zynga‘s equity as a result of being early-stage investors, but have other interlocking relationships with the controller and another selling stockholder outside of Zynga. More specifically the Court stated “Although it is true that entrepreneurs like the controller need access to venture capital, it is also true that venture capitalists compete to fund the best entrepreneurs and that these relationships can generate ongoing economic opportunities. There is nothing wrong with that, as that is how commerce often proceeds, but these relationships can give rise to human motivations compromising the participants’ ability to act impartially toward each other on a matter of material importance. Perhaps for that reason, the Zynga board itself determined that these two directors did not qualify as independent under the NASDAQ rules, which have a bottom line standard that a director is not independent if she has ―a relationship which, in the opinion of the Company‘s board of directors, would interfere with the exercise of independent judgment . . . .[Footnote #1: NASDAQ Marketplace Rule 5605(a)(2)] Although the plaintiff’s lack of diligence made the determination as to these directors perhaps closer than necessary, in our view, the combination of these facts creates a pleading stage reasonable doubt as to the ability of these directors to act independently on a demand adverse to the controller‘s interests. When these three directors are considered incapable of impartially considering a demand, a majority of the nine member Zynga board is compromised for Rule 23.1 purposes and demand is excused. Thus, the dismissal of the complaint is reversed.”

As you might correctly assume, board member independence can arise as an issue in several different corporate and governance related circumstances.

* * * * *

Who Evaluates the Chief Audit Executive (CAE)?

Posted on by

At the bottom of this post is a screen shot from the new publication Ethics and Pressure, Balancing the Internal Audit Profession, published primarily from the 2015 global practitioner survey of internal auditors worldwide. This is a really big survey. What do you think of the screen shot? Is it appropriate for management to evaluate the chief audit executive (“CAE”)? I say “yes,” of course.

I note however, that the writer also says “Exhibit 9 indicates that this responsibility [i.e., the responsibility for evaluating the performance of the CAE] is generally split evenly between management and the board. The big exception is in North America, where 61% of CAE’s are formally evaluated by management. Often however, these evaluations are reviewed by an audit committee.”

Let me just say, and I read a fair amount of materials from or relating to the internal audit profession, these sentences from the writer probably speak volumes. Do you mean to say that the audit committee isn’t always also doing its own evaluation of internal audit? I really hope that’s not what the writer is saying.

If you are on an audit committee, do you evaluate the performance of the CAE and of the internal audit function (if you have an internal audit function)? I certainly hope so. I mean, regardless of how internal audit operates with management, as an audit committee member aren’t you interacting with internal audit also, and isn’t internal audit helping you to satisfy your due diligence responsibilities? If not, you really need to sit down and think about how the audit committee is using internal audit.

And, if you are an internal audit CAE or member, if the audit committee isn’t sufficiently interested in you to evaluate your performance and how you help or don’t help the audit committee, then you are really missing the boat with a significant entity (i.e., the audit committee) that you should be helping.

In fact, most of the materials that I read from internal audit miss the boat, in my opinion. Yes, management’s use and interaction with internal audit is very important, but the audit committee really should value and make use of the availability of internal audit to help the audit committee satisfy it’s duties. If this isn’t happening, both the audit committee and internal audit are missing out on a tremendous opportunity. It might also be argued that both are failing to satisfy their responsibilities.

Here’s the screen shot from the survey and discussion:

who-evaluates-the-cae

Sustainability Disclosures – From PWC – Audit Committee Need to Know?

Posted on by

I’m forwarding this along – sustainability disclosure guidance from PWC – click on the following link for the materials and the discussion, CLICK HERE

And I am thinking that there could be a need for increasing audit committee member expertise in the sustainability disclosure area.

Below is a snapshot from the PWC website, followed by a link to Tate’s Excellent Audit Committee Guide (updated January 2016), followed by the Audit Committee 5 Lines of Diligence and Defense. Thank you. Dave Tate, Esq., San Francisco and California.

PWC Sustainability Disclosure Guidance

 

See also my Tate’s Excellent Audit Committee Guide, updated January 2016, Tate’s Excellent Audit Committee Guide 01032016 with Appendix A Final

Audit Committee 5 Lines of Defense 07182016

DTatePicture_Square