If California Government, Nonprofits, And Education Are Leaders In ERM, Governance, And ESG, Others Will Follow

I ask, what would happen if California government, nonprofits, and education adopted, implemented, and embraced in their operations ERM (enterprise risk management), governance, and ESG (environment, social, and governance) practices, and openly discussed and disclosed their practices? People would notice and follow. For the purpose of this discussion I have noted California government, nonprofits, and education because it seems that at times or for certain issues people who are involved in these activities or positions already are concerned about or are interested in ERM, governance, and ESG. Waiting for public and private businesses, and possibly their auditors, to be induced or possibly compelled into these practices by statute, regulation, or rule is not the only option. Lead and others will follow. For example, we already have criteria or standards for:

– Risk management and ERM (consider as guidance, e.g., materials from COSO (the Committee of Sponsoring Organizations of the Treadway Commission); ISO (the International Organization for Standardization); and other guidance, etc.);

– ESG (consider as guidance, e.g., materials from the SASB (Sustainability Accounting Standards Board); and other guidance, etc.); and

– Governance (consider as guidance, e.g., the above guidance; applicable statutes, regulations and rules; court case precedence; the business judgment rule; and materials from the SEC and the stock exchanges; and other guidance, etc.).

The opportunities and the solutions to move these practices forward already currently are and have been at-hand – California (elected offices and representatives, and departments), nonprofits, and education can lead by example, and others will follow. See also below re ERM and COSO, audit committees, and investigations. Dave Tate, Esq. (and California CPA, inactive). San Francisco and California.

—————————————————-

Remember, every case and situation is different. It is important to obtain and evaluate all of the evidence that is available, and to apply that evidence to the applicable standards and laws. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this website. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

I am also the new Chair of the Business Law Section of the Bar Association of San Francisco.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

The following are copies of the tables of contents of three of the more formal materials that I have written over the years about accounting/auditing, audit committees, and related legal topics – Accounting and Its Legal Implications was my first formal effort, which resulted in a published book that had more of an accounting and auditing focus; Chapter 5A, Audit Committee Functions and Responsibilities, for the California Continuing Education of the Bar has a more legal focus; and the most recent Tate’s Excellent Audit Committee Guide (February 2017) also has a more legal focus:

Accounting and Its Legal Implications

Chapter 5A, Audit Committee Functions and Responsibilities, CEB Advising and Defending Corporate Directors and Officers

Tate’s Excellent Audit Committee Guide

The following are other summary materials that you might find useful:

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

From a prior blog post which you can find at https://wp.me/p75iWX-dk if the below scan is too difficult to read:

* * * * *

MITSloan online tool to measure and compare company cultures – you should be aware – comments and screenshot FYI

This came to my attention – MITSloan online tool to measure and compare company cultures. I have previously written about culture, which, for example, is also an element of the COSO ERM framework, and was considerably in the news in 2018, including at the board level. But as I noted: will culture continue to be in the news, and will executive management and boards really take active interest? Culture also is, or could be a component of ESG.

Now apparently, and coming soon I suspect, proposals for different ways to measure culture. One or possibly two standards that are widely accepted would be helpful. Too many possible standards are not helpful, except to argue that there is no recognized standard. Business leaders, executive management, HR, directors, audit and risk committees, internal and outside auditors, in-house counsel, etc., should take note and be aware.

Regarding internal and outside audit, I have thought for a long time that they could (if they wanted to) become involved in auditing, or in auditing certain aspects or components of or processes relating to culture, governance, risk management, fraud risk, etc. I could argue that the value of internal audit and of outside audit are being passed by others who are taking the lead.

And if you are on a board, or on an audit or risk committee, where you are significantly reliant on other people to report to you, might this type of information be helpful to you in your oversight capacity? I have no explicit knowledge about how MITSloan goes about measuring and comparing company cultures, and I don’t know whether I would consider the criteria and processes that they use to be reliable and helpful; however, might it be interesting to search to see if your company is listed and evaluated? Dave Tate, Esq., San Francisco/California

Every case and situation is different. It is important to obtain and evaluate all of the evidence that is available, and to apply that evidence to the applicable standards and laws. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this website. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

I am also the new Chair of the Business Law Section of the Bar Association of San Francisco.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

The following are copies of the tables of contents of three of the more formal materials that I have written over the years about accounting/auditing, audit committees, and related legal topics – Accounting and Its Legal Implications was my first formal effort, which resulted in a published book that had more of an accounting and auditing focus; Chapter 5A, Audit Committee Functions and Responsibilities, for the California Continuing Education of the Bar has a more legal focus; and the most recent Tate’s Excellent Audit Committee Guide (February 2017) also has a more legal focus:

Accounting and Its Legal Implications

Chapter 5A, Audit Committee Functions and Responsibilities, CEB Advising and Defending Corporate Directors and Officers

Tate’s Excellent Audit Committee Guide

The following are other summary materials that you might find useful:

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

From a prior blog post which you can find at https://wp.me/p75iWX-dk if the below scan is too difficult to read:

* * * * *

 

 

 

What Do You Do About The Cease And Desist Order With KPMG As Your Auditor?

On June 17, the SEC issued a cease and desist order against KPMG. You can find the order at https://www.sec.gov/litigation/admin/2019/34-86118.pdf.

The order is pretty detailed. Respondent KPMG admits to the facts set forth in Section III, and to certain violations. What do you do about the order if KPMG is your company’s auditor and you are on the audit committee, or if you don’t have an audit committee and you are responsible, or one of the people who is responsible for engaging the auditor for your business?

Everyone would acknowledge that the order discusses truly unfortunate and regrettable past events and actions by the people who were involved, which then reflects poorly upon and can negatively impact KPMG. Other than KPMG, five “Other Relevant Persons” are named or identified in the order. Three of the “Other Relevant Persons” previously worked for the PCAOB. The four “Other Relevant Persons” who worked at KPMG were all separated from the firm in 2017. The order is 21 pages in length, so this is a summary discussion. The order recognizes KPMG for self-reporting the situation, initiating an investigation under the oversight of a Special Committee of the Board, cooperating with the SEC, and undertaking remedial actions. Thus, although the cease and desist order is new, remedial actions started in 2017.

Presumably every audit engagement partner has been prepared to discuss the cease and desist order with audit clients and prospective audit clients. And if I was on the audit committee or was responsible for engaging the services of the auditor, I would raise, and to the extent possible, discuss the issue of the order with the engagement partner, in addition to any other questions that I might have about KPMG as the business’s auditor. Keep in mind that the engagement partner might well have some legal and privacy limitations about what she or he can say about the cease and desist situation and order. If KPMG has already been engaged as the auditor, I would still have those discussions with the engagement partner. Depending on the situation, I would also consider updating and requesting comments from the full board about the order and my discussions with the engagement partner. And to the extent possible, as additional information I would consider having developments and social and business media pertaining to this situation monitored, for example, to know how it is being viewed, and to monitor developments and that this situation involving KPMG doesn’t turn more negative for some unknown reason.

Some of the comments that I have read are already extremely negative toward KPMG as an entity. In that regard, I first view the people who were directly involved including their specific actions or inactions and the titles and authorities that they held within KPMG, while I separately view the actions or inactions of KPMG as an organization including the possible actions or inactions of executive officers, directors and managing agents or representatives, governance, culture and ethics, oversight, risk management, tone at the top, self-reporting and transparency, prompt and active remedial actions, and related processes and procedures.

If you are an audit committee member, or if you are responsible for engaging the outside auditor, you might also want to consider my June 9, post discussing the new PCAOB guidance pertaining to auditor communications with audit committees concerning auditor independence. Although that guidance is on an issue that is different than the KPMG cease and desist order, I believe you might find that guidance helpful during discussions with the engagement partner about the cease and desist order – for example, the guidance might provide some insight or feel as to the detail in which you might expect the engagement partner to be willing or able to discuss the cease and desist order and perhaps actions being taken by KPMG as a result. You can find my June 9, post and discussion at https://wp.me/p75iWX-ge.

The cease and desist order does not state or mean that KPMG cannot be or is prevented from being the auditor of your business. Indeed, pursuant to the order, KPMG self-reported and began remedial actions back in 2017. However, obviously the actions of the people who were directly involved do reflect poorly upon the organization, and some of the people who were involved held important or high or relatively high positions. The order, to which KPMG has agreed, requires the firm to implement significant remedial actions, training and oversight, all of which would be prudent. Obviously, it is important for every auditor, and, similarly, every business and organization including public and private businesses, nonprofits and governmental entities, to prevent judgment and ethical improprieties and shortcomings, and to promptly and appropriately address and remedy any such situation if it does occur.

Every case and situation is different. It is important to obtain and evaluate all of the evidence that is available, and to apply that evidence to the applicable standards and laws. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this website. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

I am also the new Chair of the Business Law Section of the Bar Association of San Francisco.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

The following are copies of the tables of contents of three of the more formal materials that I have written over the years about accounting/auditing, audit committees, and related legal topics – Accounting and Its Legal Implications was my first formal effort, which resulted in a published book that had more of an accounting and auditing focus; Chapter 5A, Audit Committee Functions and Responsibilities, for the California Continuing Education of the Bar has a more legal focus; and the most recent Tate’s Excellent Audit Committee Guide (February 2017) also has a more legal focus:

Accounting and Its Legal Implications

Chapter 5A, Audit Committee Functions and Responsibilities, CEB Advising and Defending Corporate Directors and Officers

Tate’s Excellent Audit Committee Guide

 

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

* * * * *

 

Beautiful Yosemite – Pictures From A Recent Trip – And Risk Management Re Traffic

Below are some pictures that I took a couple of weeks ago during a few days camping in Yosemite Valley. Yes, camping in a tent. I took the pictures with my Samsung Galaxy 6 and its four year old technology. So . . . obviously the view through my eye even more stunning.

Even so, risk management or enterprise risk management can be applied to everything. I’m just using this as a learning lesson. The traffic in the Valley was noticeable, and on one occasion the jam was very bad and delayed (a couple of us got out of the car and walked faster than the line of traffic). However, I saw very few of the great people mover buses that I used to see and use. I’m just wondering, where were the buses? I did not have the feeling that the problem was the numbers of people or the numbers of cars that were in the Valley – instead, I am thinking that the issue was something else. By the way, so as to not get slammed over this, I am not being critical of anyone, nor would I know who to be critical of, I am also not anti-car, and I do value a clean environment.

Enjoy the pictures.

Every case and situation is different. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this website. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

I am also the new Chair of the Business Law Section of the Bar Association of San Francisco.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

 

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

* * * * *

 

PCAOB – Implementation of Critical Audit Matters Deeper Dive

As I discussed in a prior post re critical audit matters (Click Here), external auditors are required to include a discussion of critical audit matters in their audit opinion reports for large accelerated filers for audits of fiscal years ending on or after June 30, 2019, and for other public companies for audits of fiscal years ending on or after December 31, 2020. I expect that CAMs and the wording of CAMs will in some instances present or cause contentions between the external auditor on the one hand, and the audit committee, board, and executive officers on the other hand.

A Critical Audit Matter or CAM is defined as:

Any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee: and that:

  1. Relates to accounts or disclosures that are material to the financial statements; and
  2. Involved especially challenging, subjective, or complex auditor judgment.

Thus, based on the above definition, simply determining whether a matter is a CAM could be a challenging issue.

For example, in any given audit situation consider:

-What matters were communicated, or were required to be communicated to the audit committee;

-Relating to accounts or disclosures that are material to the financial statements; and

-Involved especially challenging, subjective, or complex auditor judgment?

The PCAOB has issued a more detailed and worthwhile discussion about critical audit matters and the reporting requirements that is entitled Implementation of Critical Audit Matters Deeper Dive. To view the paper, Click Here

In some circumstances critical audit matters will now become important topics for discussion. The Implementation of Critical Audit Matters Deeper Dive paper also identifies many uncertainties that are yet to be resolved relating to CAMs. Indeed, CAMs are principles based, and likely will vary from auditor to auditor based in part on the auditor’s objective, or subjective, evaluation and judgment. I note that the PCAOB’s paper provides a worthwhile discussion and many examples that should be studied. And the PCAOB also notes twice in the paper that they expect that most audits will include at least one or more CAM. And it should also be noted that the existence of a CAM should not automatically be thought of as a negative or detrimental item – it all depends on the nature of the CAM and how it is worded, as not all CAMs are equal.

Every case and situation is different. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this website. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

 

OVERVIEW OF A RISK MANAGEMENT PROCESS THAT YOU CAN USE 03162018

Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

* * * * *

New Musk / SEC Agreement – Will It Work? – Red Flags – If I Were The Judge

At this point most reasonable people would not dispute that Mr. Musk has difficulty wording his communications (tweets) in a manner that is acceptable or more likely to be acceptable under the securities laws. Greatly summarizing the law, ask yourself if the wording and information that Mr. Musk has communicated or is proposing to communicate is or would be (1) viewed as being material to the average investor, (2) vague puffery, (3) a statement or assertion of current fact, (4) a statement or assertion of forward-looking wording and information, or (5) a mixed combination of any of (1)-(4)?

Vague puffery should not be actionable. Information that is not “material” also should not be actionable; however, whether information is material (quantitatively or qualitatively) can be a slippery slope question of fact, and you might ask why Mr. Musk would be communicating the information if he did not consider the information to be important as to Tesla? Regarding (3), well . . . is the statement or assertion of current fact true and accurate as expressed? Regarding (4), well . . . even if the statement or assertion includes forward-looking warnings or disclaimers (which it should/must), is there a reasonable factual basis for making and believing the truth and accuracy of the forward-looking statement or assertion?

The players involved at least include Mr. Musk, the SEC, the Board, the Audit Committee, the Disclosure Controls Committee, and the new experienced securities attorney who is supposed to review, fix/modify, and authorize Mr. Musk’s communications before Mr. Musk makes them. Obviously, this has been, and will be a challenge for Ms. Musk. Presumably, he views Tesla and Tesla’s further future success, or not, as his creation, and rightly so. Mr. Musk has accomplished an amazing task thus far. But public companies have rules of communication that must be followed. And it is arguable that at this point his manner of communications might be hurting Tesla as much as they help. Assertions of current fact, and assertions of forward-looking statements certainly can be made, and it is arguable that they are supposed to be or at times must be made or disclosed, but they need to be made in an appropriate manner.

Where has the Board been in all of this? We don’t know, because the Board has not said. The Board is overall responsible for risk management.

These certainly are risk management, governance, and internal controls issues.

Where has the Audit Committee been in all of this? We don’t know, because the Audit Committee has not said. The Audit Committee Charter in part states that the Audit Committee assists the Board with oversight of the Company’s compliance with legal and regulatory requirements, and also assists the Board with oversight of the Company’s risk management. The Charter further states that the Audit Committee also is involved in the oversight of internal controls and at least some of Tesla’s corporate communications.

Tesla also has a Disclosure Controls Committee. Where has the Disclosure Controls Committee been in all of this? We don’t know because the Disclosure Controls Committee has not said.

And, assuming that the Court approves the new Musk / SEC agreement, going forward where will then be the experienced securities attorney who is supposed to review, fix/modify, and authorize Mr. Musk’s communications before Mr. Musk makes them?

Thus far, oversight has not worked. And, there are red flags all over the place. Although Boards, and Board Committees (e.g., the Audit Committee), and in-house legal and compliance professionals usually are not personally liable for unlawful activities of the company or its officers, that is a changing environment, and cases also do hold that liability can attach when red flags are ignored or not remedied.

This is really easy to resolve if Mr. Musk wants to modify how he does his communications, as frustrating as that might be for him.

What will/should the Judge do? I would approve the new agreement, perhaps with a few minor changes. I would put in place a process for meet and confer between the parties, and then also quick Court involvement if there is a perceived new violation of the new agreement, and I would schedule a new status hearing in the not-to-distant future, such as 30 days.

Every case and situation is different. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this website. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

* * * * *

Auditor Inclusion of Critical Audit Matters in Audit Opinion – Center for Audit Quality Release to Help Understanding

You might be aware that external auditors are required to include a discussion of critical audit matters in their audit opinion reports for large accelerated filers for audits of fiscal years ending on or after June 30, 2019, and for other public companies for audits of fiscal years ending on or after December 31, 2020. I expect that CAMs will in some instances present or cause contentions between the external auditor on the one hand, and the audit committee, board, and executive officers on the other hand.

A Critical Audit Matter or CAM is defined as:

Any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee: and that:

  1. Relates to accounts or disclosures that are material to the financial statements; and
  2. Involved especially challenging, subjective, or complex auditor judgment.

Thus, based on the above definition, simply determining whether a matter is a CAM could be a challenging issue.

For example, in any given audit situation consider:

-What matters were communicated, or were required to be communicated to the audit committee;

-Relating to accounts or disclosures that are material to the financial statements; and

-Involved especially challenging, subjective, or complex auditor judgment?

I will be discussing the good, the bad, the ugly, and the confusing as this upcoming new area of audit opinion report continues to develop. Auditors and audit committees will need to carefully evaluate what to communicate and what is required to be communicated, materiality (qualitative and quantitative), and whether a matter involves especially challenging, subjective, or complex audit judgment.

For additional help with these issues, the following is a link to a June 24, 2018, release by the Center for Audit Quality entitled Critical Audit Matters: Key Concepts and FAQs for Audit Committees, Investors, and other Users of Financial Statements – click on the following link https://www.thecaq.org/critical-audit-matters-key-concepts-and-faqs-audit-committees-investors-and-other-users-financial

Best to you, David Tate, Esq. (and California inactive CPA)