Accounting and Disclosure, Internal Controls

Adopting the new revenue recognition standard…are you ready?

As we move closer to 2018, more and more companies are facing challenges in adopting the new revenue recognition accounting standard, codified as ASC 606, Revenue from Contracts with Customers.  As a refresher, the adoption date of ASC 606 for publicly traded companies is for annual reporting periods beginning after December 15, 2017, including interim periods within that reporting period.  The effective date for all other entities is for annual reporting periods beginning after December 15, 2018, and interim periods within annual periods beginning after December 15, 2019.

As the deadline to adopt ASC 606 approaches, in accordance with SEC SAB Topic 11-M, Disclosure Of The Impact That Recently Issued Accounting Standards Will Have On The Financial Statements Of The Registrant When Adopted In A Future Period, the SEC expects to see disclosures regarding both qualitative and quantitative information.  Following are examples of disclosure items to consider:

  • What is the potential impact of adopting the new standard?
  • Is adoption of the new standard expected to result in a material change or not to the financial statements?
  • What are the expected changes to existing accounting policies?
  • Where is the registrant in the implementation process?
  • Are there any significant issues not yet addressed by the registrant?
  • If it can be reasonably estimated, disclose the potential quantitative impact on the registrant’s financial statements.

Many companies may not be able to intelligently answer these questions and, for this reason, they will need to accelerate their preparations for adopting the new standard.

As I explained in a previous post, internal coordination among the various departments is a must in order to effectively assess the impact that ASC 606 will have on a registrant’s financial reporting.

 

Auditing, Internal Controls

Researching the future of public company audits — part two

Last week I discussed interesting research papers presented at the PCAOB’s Center for Economic Analysis third annual Economic Conference on Auditing and Capital Markets.  In order to make this topic a little more enjoyable, I have divided up the presented papers into two posts.  Today’s post, part two, will focus on the remaining three research papers presented at the conference.

Research presented

Following is the abstract from each research paper:

1. Assessing Initiatives to Improve the Quality of Group Audits Involving Other Auditors

One of the major current concerns of regulators internationally is the quality of the auditing of multinational groups, particularly those involving the coordination by the principal auditor of other auditors.  These concerns resulted in changes to the international auditing standard on group audits, International Standards on Auditing (ISA) No. 600, which are consistent with current initiatives being considered by the PCAOB.  The researchers examined audit quality pre and post-ISA 600 to help inform the International Auditing and Assurance Standards Board (IAASB) as to the efficacy of the ISA 600 amendments and inform the PCAOB with regard their similar initiatives under consideration.  The researchers made use of unique Australian disclosures which allowed them to identify the nature and extent of involvement of other auditors in group audits.  They found that the revisions to ISA 600 have contributed to an improvement in audit quality, specifically for clients of non-Big N (e.g., Big 4) auditors.  Further, they found that the quality of multi-national enterprise (MNE) group audits involving other auditors from the same network is lower, and this appears not to be affected by the ISA 600 revisions.  Consistent with regulatory concerns, the researchers also examined whether there are any incremental costs for group audits involving other auditors.  While the researchers found that group audits involving other auditors are more costly, they did not find evidence of an increase in audit fees associated with these regulatory initiatives.

2. The benefits and costs of Sarbanes-Oxley Section 404(b) exemption: Evidence from small firms’ internal control disclosures

The authors investigated the benefits and costs of exempting firms from auditor oversight of internal control effectiveness disclosures (Section 404(b) of the Sarbanes-Oxley Act of 2002), which I touched on in a previous post.  They measured the benefit of exemption with audit fee savings, which the authors estimated to be an aggregate $388 million from 2007 to 2014 for their sample of exempt firms.  The key concern of exemption is internal control misreporting (i.e., firms with ineffective internal controls disclose effective internal controls).  Misreporting imposes at least two measurable costs on current and prospective shareholders: lower operating performance due to non-remediation, and market values that fail to reflect a firm’s underlying internal control status.  The authors calculated the cost of 404(b) exemption from 2007 to 2014 to be an aggregate $856 million in lower future earnings due to non-remediation, and a $935 million delay in aggregate market value decline due to untimely internal control disclosure. Although the aggregate costs of exemption exceed the benefits, the costs are borne by shareholders of only a fraction of exempt firms, whereas the audit fee savings are shared by all.

In addition to yielding evidence on the benefits and costs of internal control disclosure regulation, their study provides a prediction model for identifying the firms most at risk of inaccurately disclosing internal controls.  The prediction model predicts that approximately 20.2% of exempt firms should disclose ineffective internal controls, whereas only 10.9% do so.  Thus, the authors infer that 46% of exempt firms that maintain ineffective internal controls fail to discover or disclose it.

3. Tell Me More: A Content Analysis of Expanded Auditor Reporting in the United Kingdom

This study examined the effect of expanded audit disclosures required by ISA 700 (UK and Ireland), The Independent Auditor’s Report on Financial Statements, on the communication value of the audit report.  Using content analysis measures, readability and tone, as proxies for communication value, the author found that in the post-ISA 700 period: 1) audit report readability improves and 2) audit report tone changes with a higher occurrence of negative and uncertain words.  The author also evaluated analyst behavior in response to the ISA 700 audit report and found that analyst forecast dispersion decreased in the post-ISA 700 period.  In additional analyses, the author showed that Big N and industry expert auditors wrote audit reports that are more readable.  The author also found that domain-specific word dictionaries, generated from SEC Form-10K’s and earnings press releases, have a lower frequency in audit reports in both the pre and post-ISA 700 period.

With the heightened global interest in improving the historical pass/fail audit report, these results show that expanded audit disclosures can be communicated in a manner that is accessible and meaningful to the financial statement user.

In summary

Again, we find similar take-aways from these academic papers, which shed light on the impact that professional standards have on audit firms and their clients.

Photo credit

Auditing, Internal Controls

Researching the future of public company audits

A few weeks ago the PCAOB’s Center for Economic Analysis (CEA) held its third annual Economic Conference on Auditing and Capital Markets.  Some readers may be yawning by now.  In reality, this conference is an important way that the PCAOB brings together academic researchers and audit policymakers to look at the effectiveness of audit standards and practices.  Moreover, the academic research prepared for and presented at this conference helps to identify the economic impact of auditing on the capital markets.

Of interest is that there were six research papers presented at the conference, selected from a total of 83 papers submitted.  These six papers were selected for presentation following a review by a committee of leading academics assembled by the editorial board of the Journal of Accounting Research and Luigi Zingales, the Center’s Founding Director and the Robert C. McCormack Professor of Entrepreneurship and Finance and the David G. Booth Faculty Fellow at the University of Chicago Booth School of Business.

Today’s post will discuss some interesting research findings from three of these six research papers along with what this research might mean for the future auditing and audit standards.  In a future post I will discuss interesting findings from the remaining three research papers presented to make it a little more palatable.

Research presented

The authors of the following research papers include university professors both within and outside of the United States.  Following is the abstract from each research paper:

1. Is Audit Behavior Contagious? Teamwork Experience and Audit Quality by Individual Auditors

This paper discussed how bad audit behavior is transmitted through the teamwork experience of individual auditors.  The researchers found that auditors who have previously worked in a team (team auditors) with those who are sanctioned by the regulators for audit failure (contagious auditors) are more likely to issue lenient audit opinions, and their audited accounting numbers are more likely to be downward restated in the future, compared to those who have no overlap with contagious auditors in their teamwork experience.  This contagion effect is, however, absent among auditors who previously worked in the same audit firm but not in the same team (colleague auditors) as contagious auditors.  The researchers’ findings highlight the importance of analyzing social learning via teamwork experience in understanding how audit quality at the individual level is shaped.  To note is that the research populations were associated with Chinese individuals and businesses, including stock market activity of publicly traded firms listed in the Shanghai or Shenzhen Stock Exchanges and sanctions imposed by the China Securities Regulatory Commission.

Certainly, this research puts back in the spotlight the recently adopted PCAOB rule requiring audit firms to disclose the name of the engagement partner, among other things.  This PCAOB rule takes effect in 2017.

2. Do Auditors Correctly Identify and Assess Internal Control Deficiencies? Evidence from the PCAOB Data

The researchers found that auditors routinely fail to disclose material weaknesses prior to a material error (i.e., restatements).  One potential reason is that auditors misclassify the severity of identified internal control deficiencies due to complexity in judging the materiality and likelihood of potential related errors.  Another reason is that auditors face disincentives to report a material weakness without a clear indication of an existing error.  The paper evaluated these possibilities using a proprietary database on auditor-identified control deficiencies that are not deemed material weaknesses, hence not publicly disclosed.  The authors then compared the severity of the control deficiency with the severity of ex-post reporting errors.  Even though the authors found some evidence consistent with auditor and management incentives to misclassify material weaknesses as less serious deficiencies, the authors generally found that 1) the severity of identified control deficiencies is properly assessed and 2) the auditor is able to provide reasonable assurance about whether financial statements are materially misstated in the presence of identified deficiencies.  Their evidence indicates that the inability of auditors to properly identify relevant internal controls is a contributing reason why material weaknesses are not discovered and disclosed prior to material error restatements.

With this in mind, readers may find of interest a former blog post wherein I discussed the SEC cracking down on a publicly-traded company for ineffective ICFR, even though there were no material misstatements in its financial statements at the time.

To sum up a critical finding from this research, Martin Baumann, Chief Auditor at the PCAOB, stated in a 2010 speech:

It has been observed that disclosures of material weaknesses, which should be a leading indicator of potential financial reporting problems, have instead become a lagging indicator.  That is, Material Weaknesses seem to be reported, generally, only in connection with a restatement – where the material weakness is often obvious.  In many cases a material weakness likely existed before the restatement as well, but unfortunately the ICFR audits are often not identifying them.

3. Auditors With or Without Styles? Evidence from Unexpected Auditor Turnovers

Using unexpected auditor turnovers as a quasi-experiment, in this study the authors examined whether individual auditors exhibit a significant impact on audit quality.  More specifically, focusing on auditor turnovers precipitated by the incumbent auditor’s sudden death or by resignation due to health issues or a career change, they investigated audit quality changes surrounding these unexpected events.  While the authors found some evidences that unexpected auditor turnovers are associated with significant audit quality changes for non-Big 4 audit firms, this is not the case for auditor turnovers at Big 4 firms even though there are greater differences in personal characteristics between outgoing and successor auditors in Big 4 firms. This finding suggests that notwithstanding differences in auditors’ personal characteristics, standardized audit procedures and strong internal controls can constrain individual auditors in large audit firms from impacting audit quality.

Because data on disclosures of signing audit partners does exist in Taiwan, the authors relied on financial data and the names of signing audit partners for all public firms from the Taiwan Economic Journal.  In my view it will be interesting to research this topic using U.S. data once the PCAOB’s rule on audit firm disclosures is in full effect.

In summary

The take-aways from these academic papers impact a number of areas for auditors (including their audit clients).  These include, among other things, the timely identification and assessment of risks of material misstatement, internal control deficiencies, and audit team culture and influence.  Stay tuned for a future post wherein I will discuss interesting take-aways from the remaining three research papers.

Photo credit

Forensic Accounting, Fraud, Investigations

Securities and Exchange Commission’s voting record on legal actions

Since tomorrow is election day in America I thought it would be appropriate to talk about the Securities and Exchange Commission’s voting record with respect to legal actions.

As a background, there are five Commissioners who are appointed by the President with the advice and consent of the Senate.  Terms of these Commissioners last five years and are staggered so that one Commissioner’s term ends on June 5 of each year.  The Chair and Commissioners may continue to serve approximately 18 months after terms expire if they are not replaced before then.  What’s interesting is that to ensure the Commission remains non-partisan, no more than three Commissioners may belong to the same political party.  The President also designates one of the Commissioners as Chair.  As of the time of this blog post there are three Commissioners, Mary Jo White, Chair, Kara M. Stein, and Michael S. Piwowar.  Two vacancies currently exist on the Commission.

The Division of Enforcement, whose activities are overseen by the Commission, has had a milestone year in terms of both enforcement actions and whistleblower awards.  Before the SEC staff brings enforcement actions the Commission must vote and approve the staff to take action.  To provide insight into this process the SEC posts voting results of the Commission on its website.

In analyzing these voting results following are some interesting trends:

  • Since January 2016, the Commission voted on 804 proceedings
  • Between January 1, 2016 and the date of today’s post, the Commissioners have nearly a 98% “Approved” voting record on these proceedings
  • In only 20 of the 804 proceedings did any Commissioner vote “Not Approved”
  • In every proceeding when a “Not Approved” vote was cast, a majority of the Commission voted “Approved”
  • In only 20 of the 804 proceedings did a Commissioner vote “Approved with Exception” (reasons for the exception included the amount of corporate penalty or the bar sanctions, for example)
  • When a Commissioner voted “Not Approved,” it was generally Commissioner Piwowar

With this in mind, there are multiple ways of thinking about potential explanations for the high rate of conformity in voting, such as large caseload juxtaposed against a lack of sufficient time to truly vet cases to bring or political pressure to increase actions.  Although interested parties may make different conclusions about these findings, they are, nonetheless, important to take note of.

Photo credit

Forensic Accounting, Information Gathering

How forensic accountants can help fight discovery abuse

Not long ago I supported an expert witness in a civil dispute.  My team was hired by the defense.  Throughout the course of our engagement I saw first-hand some of the tactics that plaintiff’s counsel employed to portray the defendant in a manner that was inconsistent with the evidence my team reviewed.  Furthermore, I observed on numerous occasions the plaintiff counsel’s “abusive” tactics during the discovery phase.

Depending on one’s exposure to dispute matters, the spectrum of discovery abuse can range from “never seen it” to “seen it a lot.”  Due to the realities of discovery abuse and its implications for practitioners, today’s post will discuss some of the strategies that practitioners can assist counsel in responding to what I call “risk of discovery abuse,” or the risk that opposing counsel may employ abusive discovery tactics.

Establishing objectives

As a general matter, practitioners should quickly establish with counsel an agreed-upon objective for discovery.  Of course, the objectives may differ depending on the nature of the engagement (e.g., consultant vs. expert witness).  In any case, practitioners should obtain sufficient relevant data, including documents and other evidence already in the client’s possession.  On the surface this may seem straightforward, but in practice it can be difficult to do this, particularly in cases where the documents produced are voluminous or relevant documents may not yet have been produced.

Once sufficient relevant data is obtained, practitioners can then work with counsel to collect relevant information regarding opposing counsel’s work habits, style, and practices.  This step may or may not be cost-effective.  Recognizing this, at a minimum, it can inform both the practitioner and counsel of the risk of discovery abuse by opposing counsel.

Meaningful steps

There are a number of valuable resources on this topic, such as a 2013 publication by the Defense Research Institute and a December 2014 article published by Hopwood, Pacini & Young in the Journal of Forensic & Investigative Accounting entitled “Fighting Discovery Abuse in Litigation“, to name a few.  A condensed version of this 2014 article can be found in Essentials of Forensic Accounting, published by Crain, Hopwood, Pacini & Young, 2015.  This publication identifies number of ways in which practitioners and counsel may obtain relevant data to assess the likelihood and extent of potential risk of discovery abuse by opposing counsel.  Indeed, there are multiple ways to understand opposing counsel’s litigation techniques and practices.  Examples include:

  • Observation of opposing counsel performing direct and cross-examinations, lodging objections, and engaging in opening and closing arguments at trial.
  • Inquiry of lawyers who have litigated against opposing counsel.
  • Inspection of trial court files for cases handled by opposing counsel.

Based on findings from this research, both practitioners and counsel can gather answers to questions, such as:

  • What types of objections, if any, did counsel raise to various interrogatories?
  • Did counsel file any motions for a protective order?
  • Did counsel do a document dump or engage in otherwise abusive discovery practices?
  • Did counsel ever refuse to comply with a court order?
  • How did counsel respond to requests for admission?
  • Did counsel often have motions to compel filed against him or her?
  • Does counsel respond to discovery?
  • Has counsel been sanctioned for misconduct?

Answers to these and other questions can assist practitioners and counsel in obtaining valuable information to assess the risk of discovery abuse.

Using precision when appropriate

In the discovery phase, depending on the nature of the information being sought, requests for evidence should be tailored sufficiently accurately and precisely so as to provide the highest likelihood of obtaining the information requested.  For this purpose practitioners can provide counsel meaningful input in the preparation of discovery requests (such as financial-related or technical evidence).

When using precision, the legitimacy of opposing counsel’s objection can be diminished.  Furthermore, this puts pressure on opposing counsel to offer precise or specific objections if the objections are to withstand judicial scrutiny.  As one would expect, precision in discovery requests tends to have a higher likelihood of surviving a motion for a protective order from the opposing side.

Courses of action

There are, of course, various means of addressing the risk of discovery abuse.  These can include keeping detailed records of requests, motions, and status, insisting that the counter-party provide a privilege log, seeking a protective order from the court, thereby placing limitations and conditions for violations, and seeking sanctions under the Federal Rules of Civil Procedure, Rule 37 for failure to cooperate in discovery.

As the saying goes, “an ounce of prevention is worth a pound of cure.”  With this in mind, to the extent that practitioners and counsel believe, in consultation with the client, that the potential benefits of conducting such research on opposing counsel may exceed the costs, practitioners can offer valuable assistance to counsel and their clients to effectively address discovery-related abuses.

Photo credit

Accounting and Disclosure

Improving the statement of cash flows financial reporting standards

In August 2016 the FASB issued ASU 2016-15, Statement of Cash Flows (Topic 230): Classification of Certain Cash Receipts and Cash Payments (a consensus of the Emerging Issues Task Force), which goes into effect for public business entities whose fiscal years begin after December 15, 2017.  The goal of ASU 2016-15 is to reduce diversity in practice in how certain cash receipts and cash payments are presented and classified in the statement of cash flows under Topic 230, Statement of Cash Flows, and other Topics.

With this goal in mind, this ASU addresses eight specific statement of cash flows (SCF) classification issues.  They include:

  1. Debt Prepayment or Debt Extinguishment Costs – Cash payments for debt prepayment or debt extinguishment costs should be classified as cash outflows for financing activities.
  2. Settlement of Zero-Coupon Debt Instruments or Other Debt Instruments with Coupon Interest Rates That Are Insignificant in Relation to the Effective Interest Rate of the Borrowing – At the settlement of zero-coupon debt instruments or other debt instruments with coupon interest rates that are insignificant in relation to the effective interest rate of the borrowing, the issuer should classify the portion of the cash payment attributable to the accreted interest related to the debt discount as cash outflows for operating activities, and the portion of the cash payment attributable to the principal as cash outflows for financing activities.
  3. Contingent Consideration Payments Made after a Business Combination – Cash payments not made soon after the acquisition date of a business combination by an acquirer to settle a contingent consideration liability should be separated and classified as cash outflows for financing activities and operating activities.  Cash payments up to the amount of the contingent consideration liability recognized at the acquisition date (including measurement-period adjustments) should be classified as financing activities; any excess should be classified as operating activities.  Cash payments made soon after the acquisition date of a business combination by an acquirer to settle a contingent consideration liability should be classified as cash outflows for investing activities.
  4. Proceeds from the Settlement of Insurance Claims – Cash proceeds received from the settlement of insurance claims should be classified on the basis of the related insurance coverage (that is, the nature of the loss).  For insurance proceeds that are received in a lumpsum settlement, an entity should determine the classification on the basis of the nature of each loss included in the settlement.
  5. Proceeds from the Settlement of Corporate-Owned Life Insurance Policies, including Bank-Owned Life Insurance Policies – Cash proceeds received from the settlement of corporate-owned life insurance policies should be classified as cash inflows from investing activities.  The cash payments for premiums on corporate-owned policies may be classified as cash outflows for investing activities, operating activities, or a combination of investing and operating activities.
  6. Distributions Received from Equity Method Investees – When a reporting entity applies the equity method, it should make an accounting policy election to classify distributions received from equity method investees using one of two approaches: (1) cumulative earnings approach or (2) nature of the distribution approach.  These two approaches are further described within this ASU.  Disclosures related to changes in accounting principle may be required depending on an entity’s elections.
  7. Beneficial Interests in Securitization Transactions – A transferor’s beneficial interest obtained in a securitization of financial assets should be disclosed as a non-cash activity, and cash receipts from payments on a transferor’s beneficial interests in securitized trade receivables should be classified as cash inflows from investing activities.
  8. Separately Identifiable Cash Flows and Application of the Predominance Principle – The classification of cash receipts and payments that have aspects of more than one class of cash flows should be determined first by applying specific guidance in GAAP.  In the absence of specific guidance, an entity should determine each separately identifiable source or use within the cash receipts and cash payments on the basis of the nature of the underlying cash flows.  An entity should then classify each separately identifiable source or use within the cash receipts and payments on the basis of their nature in financing, investing, or operating activities.  In situations in which cash receipts and payments have aspects of more than one class of cash flows and cannot be separated by source or use, the appropriate classification should depend on the activity that is likely to be the predominant source or use of cash flows for the item.

Current GAAP is either unclear or does not include specific guidance on these eight SCF classification issues included in the amendments in this ASU.  With this in mind, the ASU is an improvement to GAAP because it provides guidance for each of these eight issues, thereby reducing the current and potential future diversity in practice.

Errors in the statement of cash flows

An interesting data point in the context of the SCF is that in the last five years the second most common issue cited in financial statement restatements related to errors in the SCF.  The following chart depicts SCF errors compared to six other common restatement issues between 2001 and 2015:

scf-restatements

As one can gather, these eight SCF classification issues may be perceived as addressing non-routine transactions.  According to the Audit Analytics August 2016 report on SOX 404 Disclosures, which I wrote about in a previous post, in 2015 approximately 5% of auditor attestations cited ineffective internal controls over financial reporting (ICFR) due, at least in part, to SCF classification issues.  Although this is a relatively small percentage compared to the total number of ICFR failures in 2015, these SCF classification issues typically related to non-routine transactions.

With the new guidance in ASU 2016-15, we can expect improvements in the disclosures related to the SCF; however, it’s unclear at this juncture what extent of influence the adoption of the ASU will have on mitigating ICFR failures going forward.

Photo credit

Accounting and Disclosure, Internal Controls, Investigations, Materiality

Responding to accounting restatement risk

A fundamental tenet of financial reporting is that a company’s internal controls over financial reporting (ICFR) are sufficiently robust to ensure transactions are properly recognized and disclosed in its financial statements.  The appropriateness of financial statements hinges on the fair presentation in conformity with GAAP.  Furthermore, the concept of materiality is the deciding factor of what is “fair” and what is not.

However, at times companies misstate their financial statements.  In some situations these misstatements are simple, unintentional errors; whereas, in other cases they may be intentional.  When misstatements occur, companies must determine whether or not these misstatements result in materially misleading financial statements.  For purposes of clarity, an error is defined in ASC 250, Accounting Changes and Error Corrections as “[a]n error in recognition, measurement, presentation, or disclosure in financial statements resulting from mathematical mistakes, mistakes in the application of [GAAP], or oversight or misuse of facts that existed at the time the financial statements were prepared.”

Because identified misstatements that relate to the current period can be addressed by management without any required restatements, today’s post will address certain risk areas and requirements that companies will want to address in assessing misstatements in prior periods.

Materiality

In a previous post I wrote about materiality considerations, which should be considered in assessing whether or not the prior period financial statements are materially misstated.  Indeed, it is well established that calculating a quantitative threshold of materiality is an important step in a materiality assessment (such as 5-10% of pre-tax income).  However, companies should give consideration to qualitative factors as well.  The SEC’s staff issued SAB No. 99 to provide some guidance to considering qualitative factors.  Notwithstanding its guidance, SAB No. 99 does not address what might be considered not material.

Types of restatement

Depending on the outcome of a materiality assessment, companies may find themselves in one of two categories:

  1. Reissuance restatement – referred to as “Big R” restatement because this means the previously issued financial statements were materially incorrect and, therefore, are unreliable and must be reissued/restated.  In these cases, the prior period financial statements must be amended.
  2. Revision restatement – referred to as “Little r” restatement because, although there are errors in the previously issued financial statements, they were not material to the prior periods.  A company may choose to either make the error correction in the current period or it may recast its prior period financial results in connection with issuing its current period financial statements.  When a company elects to recast its prior period financial statements in connection with issuing its current period financial statements, it revises its financial statements.  In these circumstances, the prior period financial statements do not need to be amended.

Sarbanes-Oxley Act certification requirements

In the context of restatements, SEC registrants must be aware of risk exposure related to Sarbanes-Oxley Act (SOX) certification requirements.  As a refresher, as early as 2004 SEC registrants were required to implement certain provisions of SOX.  These provisions address requirements that the principal executive officer or officers (CEO or equivalent) and the principal financial officer or officers (CFO or equivalent) must certify.  The first requirement, Section 302, is found in SOX’s Title III – Corporate Responsibility.  The second requirement, Section 906, is found in SOX’s Title IX – White-Collar Crime Penalty Enhancements.

  • SOX Section 302 – In connection with filing of periodic financial reports with the SEC, the CEO and CFO (as signing officers) are required to certify in each quarterly and annual report:
    • the signing officer has reviewed the report;
    • based on the signing officer’s knowledge, the report doesn’t contain any untrue statement of a material fact or omit to state a material fact necessary in order to make the statements made, in light of the circumstances under which such statements were made, not misleading;
    • based on the signing officer’s knowledge, the financial statements, and other financial information included in the report, fairly present in all material respects the financial condition and results of operations of the issuer as of, and for, the periods presented in the report;
    • the signing officers:
      • are responsible for establishing and maintaining internal controls
      • have designed such internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared;
      • have evaluated the effectiveness of the issuer’s internal controls as of a date within 90 days prior to the report; and
      • have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date;
    • the signing officers have disclosed to the issuer’s auditors and the audit committee of the board of directors (or persons fulfilling the equivalent function):
      • all significant deficiencies in the design or operation of internal controls which could adversely affect the issuer’s ability to record, process, summarize, and report financial data and have identified for the issuer’s auditors any material weaknesses in internal controls; and
      • any fraud, whether or not material, that involves management or other employees who have a significant role in the issuer’s internal controls; and
    • the signing officers have indicated in the report whether or not there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses.
  • SOX Section 906 – In connection with filing of periodic financial reports with the SEC, the CEO and CFO (as signing officers) are required to certify in each quarterly and annual report:
    • the periodic financial report containing the financial statements fully complies with the requirements of section 13(a) or 15(d) of the Securities Exchange Act of 1934 and that information contained in the periodic report fairly presents, in all material respects, the financial condition and results of operations of the issuer.

Section 906 provides for criminal penalties if the CEO and/or CFO:

  • certifies any statement within Section 906 knowing that the periodic report accompanying the statement does not comport with all the requirements set forth in Section 906 shall be fined not more than $1,000,000 or imprisoned not more than 10 years, or both; or
  • willfully certifies any statement as set forth in Section 906 knowing that the periodic report accompanying the statement does not comport with all the requirements set forth in Section 906 shall be fined not more than $5,000,000, or imprisoned not more than 20 years, or both.

In light of these certification requirements and the potential criminal penalties, signing officers must be confident that their financial reporting controls are reliable.  With this in mind, when Big R restatement risk is heightened, companies should be cognizant of the regulatory and legal exposure associated with potential non-compliance.

Furthermore, when it comes to material misstatements in the company’s prior period financial statements, there is a rebuttable presumption that a material weakness in ICFR exists.  Another thing to keep in mind is that even though a Little r restatement may end up being the correct solution to addressing misstatements, the SEC registrant may end up concluding that a material weakness still exists in ICFR.  This gets at the concept of the “could” factor in assessing deficiencies in ICFR, which I previously wrote about.

Tips for companies

I recently listened to a webcast discussing 10 pitfalls to avoid when navigating a Big R restatement (replay link).  For convenience, I’ve listed these 10 pitfalls:

  1. Engaging inexperienced counsel and advisors for the investigation
  2. Forming a special committee when the audit committee might suffice
  3. The run-away or open-ended investigation
  4. Failing to keep auditors apprised of the investigation and errors found
  5. Indecisiveness and inability to reach conclusions
  6. Waiting too long to deal with wrongdoers
  7. Not self-reporting findings to the SEC
  8. Audit committee micromanagement of the restatement
  9. Failing to remediate
  10. Creating an unnecessarily detailed SAB 99 materiality analysis

In addition to these tips, companies should ensure they follow the standards governing accounting restatements in ASC 250 and that they assess misstatements for each reporting period.  Although certain misstatements may be insignificant in any given reporting period, they could aggregate to a material amount over time (such as the impact to the balance sheet).

When restatements arise, SEC registrants will need to disclose relevant information on SEC Forms 10-K/A and 8-K (for Big R) and SEC Form 10-K (for Little r).

Influencing the narrative

I’m going to fast forward the process of restating financial statements to communicating with outsiders what the facts are.  When management becomes aware of material misstatements in prior periods, the company should be clear and assertive with users of its financial statements about the nature and extent of the misstatements identified.  In connection with its assessment, management should be able to, at a minimum, address the following concerns:

  • explain the magnitude of the misstatement;
  • identify which accounts were affected;
  • describe what was done to remediate the misstatement (both in the financial statements and in ICFR);
  • explain what programs and controls have been put in place to avoid misstatements from occurring in the future; and
  • explain the implications of misstatements on the company’s future financial reporting and forecasts

It goes without saying that if companies do not take active measures to effectively management the risks I’ve discussed, users of their financial statements may call into question whether or not the root-causes in the company have been addressed.

Photo credit

Accounting and Disclosure, Auditing, Internal Controls

A Look-back: 12 years of SOX Section 404

Many companies became subject to the provisions of Section 404 of the Sarbanes-Oxley Act of 2002 (SOX) beginning for fiscal years ending on or after November 15, 2004.  Specifically, Section 404(a) requires public companies’ annual reports to include the company’s own assessment of internal control over financial reporting (ICFR).  Section 404(b) requires an independent auditor’s report on the effectiveness of the company’s ICFR.

Since the implementation of SOX 12 years ago, we have seen some interesting trends in financial restatement statistics and SEC enforcement trends, which I have written about recently (here and here).  In fact, a recent Audit Analytics report has highlighted some key take-aways related to Section 404 disclosures.

Effectiveness of ICFR requiring auditor attestation

SOX Section 404(b) states that accelerated filers (including large accelerated filers) must provide an independent auditor’s report on the effectiveness of the filer’s ICFR.  The following chart shows adverse auditor reports as a percentage of total auditor reports on ICFR on an annual basis within the last 12 years.

% Adverse Auditor Attestations

For clarification, according to PCAOB Auditing Standard No. 5 (AS 5), An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements, an adverse opinion signifies that at least one material weakness exists within a company’s ICFR.

Naturally, one would expect the first year of implementation, 2004, to yield the least favorable results.  To also note is that because the SOX Section 404 requirements went into effect in late 2004, only a portion of companies whose fiscal years ended in 2004 were required to implement these requirements (i.e., those whose fiscal years ended on or after November 15, 2004).  This means that a smaller number of companies filed auditor attestations related to fiscal 2004 when compared to fiscal 2005.

What I find interesting about the above chart, and the Audit Analytics report discusses, is the historical “low” in the rate in 2010.  In 2010, the PCAOB inspection program began determining if audit firms had obtained adequate evidence to substantiate the auditor’s attestation of management’s assessment regarding the effectiveness of ICFR.  The impetus for this was the implementation of AS 5, which became effective in late 2007.

After initially reviewing audit firms’ implementation of AS 5 in 2008 and 2009, the PCAOB’s inspections began in 2010 to focus on inspecting for and reporting on whether firms obtained sufficient evidence to support their audit opinions on the effectiveness of ICFR.  Although somewhat unclear, we might gather from the above chart that the PCAOB’s scrutiny of audit firm compliance with AS 5 in 2010 may have re-focused the emphasis of audit firms on improving audit quality in 2011 (when compared to 2010).

Key areas of adverse auditor reports

Among those auditor reports with an adverse audit opinion on ICFR, the Audit Analytics report identifies the following internal controls issues with the highest frequency in 2015:

Ineffective ICFR issues

Total number of attestations

As % of total attestations citing ineffective ICFR
Material and/or numerous auditor and/or management adjustments

118

58%
Inadequate accounting personnel resources, competency, and/or training

105

52%
IT, software, security, and access controls

60

30%
Segregation of duties and/or design of controls

50

25%
Controls related to non-routine transactions

39

19%

As illustrated in the table above, the top reason for ineffective ICFR in 2015 was due to accounting issues which were known to materially misstate the financial statements.  Said differently, without recording the necessary adjustments, the financial statements taken as a whole would have been materially misstated.  The remaining top five reasons for ineffective ICFR in 2015 were due to internal controls issues (which either did or “could have” contributed to material errors in the financial statements).

Moreover, the Audit Analytics report lists the following accounting-related ICFR issues as most commonly cited in adverse audit reports in 2015:

Ineffective ICFR issues related to accounting

 Total number of attestations

As % of total attestations citing ineffective ICFR
Revenue recognition 47

23%
Income taxes

36

18%
A/R, notes receivable, investments, and cash

34

17%
Fixed assets and/or intangible assets

29

14%
Related parties and/or affiliates/subsidiaries

27

13%

Effectiveness of ICFR not requiring auditor attestation

In contrast to the requirements in Section 404(b) for accelerated filers, non-accelerated filers and smaller reporting companies need not comply with this provision, thanks to the Dodd-Frank Act of 2010, but they must comply with Section 404(a).  Furthermore, non-accelerated filers were not required to implement Section 404 until late 2007.

For clarification, a non-accelerated filer, as defined by SEC Rule 12b-2, is public company whose public float (as opposed to market capitalization) does not exceed $75 million as of the last business day of the company’s most recently completed fiscal Q2.  Furthermore, smaller reporting companies are those companies that meet the definition of a non-accelerated filer and had annual revenues of less than $50 million during the most recently completed fiscal year for which audited financial statements are available.

Having said that, the following chart shows the percentage of adverse management-only assessments relative to total management-only assessments on an annual basis in the last 12 years.

% Mgmt-Only Reports

Interestingly, this chart shows a negative trend over the years, with a drop in 2015.

Key areas of adverse management-only assessments

The Audit Analytics report identifies the following internal controls issues with the highest frequency in 2015 in management-only assessments:

Ineffective ICFR issues

 Total number of assessments

As % of total assessments citing ineffective ICFR
Inadequate accounting personnel resources, competency, and/or training

985

79%
Segregation of duties and/or design of controls

893

72%
Ineffective, non-existent, or understaffed audit committee

388

31%
Inadequate accounting disclosure controls

246

20%
Material and/or numerous auditor and/or management adjustments

204

16%

To note is that two of the five top ICFR issues in the table above are also among the top five ICFR issues in adverse auditor attestations.  A key reason for the provision in the 2010 Dodd-Frank Act eliminating the requirement for non-accelerated filers and smaller reporting companies to comply with SOX Section 404(b) was due to cost of compliance.  Since we can see from the table above that overwhelmingly the two most common ICFR issues were inadequate accounting resources and segregation of duties/design of controls, it certainly seems reasonable to conclude that the cost of accounting resources is a relatively big factor for smaller public companies.  While understanding that these statistics describe ICFR issues for public companies, to my surprise is that the third most common issue deals with inadequacies of the audit committee.

With respect to accounting-related ICFR issues noted in management-only assessments, the Audit Analytics report lists the following most commonly cited in 2015:

Ineffective ICFR issues related to accounting

 Total number of assessments

As % of total assessments citing ineffective ICFR
A/R, notes receivable, investments, and cash

95

8%
Debt, quasi-debt, warrants and equity-related (beneficial conversion features)

53

4%
Income taxes

48

4%
Revenue recognition

38

3%
Related parties and/or affiliates/subsidiaries

24

2%

The above table demonstrates that the most frequently cited accounting-related issues in ICFR was similar between accelerated and non-accelerated filers and smaller reporting companies.  Furthermore, the Audit Analytics report indicates the top five accounting-related issues represented approximately two-thirds of the total accounting-related issues in 2015, both for adverse auditor reports and management-only assessments.

Summary

To put these findings into context for 2015, of those accelerated filers whose auditors issued an adverse SOX report, there was a pull toward ICFR failures due to accounting-related issues.  On the other hand, companies that issued management-only assessments citing ICFR failures experienced significantly higher rates of ICFR failures due to internal controls issues as opposed to accounting-related issues.

In addition, the ICFR failure rates reported by companies with management-only assessments were significantly higher than the ICFR failure rates reported by accelerated filers.  By applying a simple average over the last 12 years for accelerated filers and nine years for non-accelerated filers, the ICFR failure rates were 6.9% and 35.4%, respectively.

Finally, for additional context, I noted per review of the Audit Analytics report that in 2015 there were approximately 3,800 auditor attestations on SOX effectiveness filed with the SEC.  With regard to management-only assessments, there were approximately 3,500 management reports filed in 2015 with the SEC.  Therefore, the quantity of filings with the SEC between these two groups was comparable.

Source for charts:  Audit Analytics August 2016 report, SOX 404 Disclosures, a Twelve Year Review.

Photo credit

Auditing, Professional Skepticism

PCAOB shares its playbook for 2016 audit inspections

Last month the Public Company Accounting Oversight Board (PCAOB) issued its staff inspection brief detailing the scope, focus, and objectives of its ongoing 2016 inspections of auditors of public companies and other issuers.  This brief is helpful for those who may be seeking better understanding of the PCAOB’s inspection process as well as identifying potential trends to take note of.

PCAOB’s Role

As a background, Mark Olson, former Chairman of the PCAOB, explained in 2007 that the Sarbanes-Oxley Act of 2002 (SOX) established the PCAOB as the independent auditor oversight body in the United States.  “The PCAOB’s mission,” he stated, “is to oversee the auditors of public companies, protect the interests of investors, and further the public interest in the preparation of informative, accurate, and independent audit reports.”  The PCAOB seeks to accomplish its goals through its standards setting, inspections, enforcement, and outreach programs.

Today, the PCAOB oversees over 2,100 registered firms that audit issuers.  Among these registered firms are the following 10 audit firms, which the PCAOB inspects annually:

  • Global network firm inspection program –  There are six firms in this program.  They include BDO International Limited, Deloitte Touche Tohmatsu Limited, Ernst & Young Global Limited, Grant Thornton International Limited, KPMG International Cooperative, and PricewaterhouseCoopers International Limited.
  • Non-affiliate firm inspection program – The PCAOB’s inspection program encompasses inspections of registered firms that are not covered by its global network firm program.  Many of the firms in this program are members of other international networks, alliances or affiliations.  Four of these non-affiliate firms, Crowe Horwath LLP, MaloneBailey, LLP, Marcum LLP, and RSM US LLP, are inspected annually by the PCAOB because they have historically, including in 2015, issued audit reports for more than 100 issuers.

Inspections

The PCAOB inspects these 10 firms and approximately 550 other registered public accounting firms to assess compliance with SOX, the rules of the PCAOB, the rules of the SEC, and professional standards, in connection with the firm’s performance of audits, issuance of audit reports, and related matters involving issuers.

When conducting inspections, the PCAOB inspects specific portions of a firm’s audits or aspects of a firm’s audits on a sample basis.  In addition, the PCAOB posts statistics of financial statement areas of focus in its inspections of audit firms.  To illustrate, in its most recent 2015 inspection cycle the PCAOB’s top five financial statement reporting areas of focus included the following:

Financial statement reporting area

Global network firms

(as % of total audits inspected in 2015)

Non-affiliate firms

(as % of total audits inspected in 2015)
Revenue and receivables

79%

58%
Non-financial assets

58%

30%
Inventory

36%

28%
Income taxes

20%

17%
Financial instruments

17%

15%

The PCAOB’s emphasis on revenue and receivables as the top financial statement reporting area is consistent with the level of risk typically inherent in revenue recognition.

First, Auditing Standard (AS) 12, Identifying and Assessing Risks of Material Misstatement, states that the auditor should presume that improper revenue recognition is a fraud risk (at ¶ 68).  The word “should” is deliberately used in this auditing standard to signify a presumptively mandatory responsibility.  In essence, a risk of fraud in revenue recognition is presumed to exist and the auditor must comply with requirements of this type specified in the PCAOB’s standards unless the auditor demonstrates that alternative actions he or she followed in the circumstances were sufficient to achieve the objectives of the standard.

Second, a key consideration with respect to audit risks in revenue recognition is the fact that revenue recognition has historically been key area for financial statement restatements.

To add to the table above, the PCAOB’s other commonly inspected financial reporting areas in the recent past have included:  allowance for loan losses, other liabilities (e.g., accounts payable and accrued liabilities), debt, other investments (e.g., equity method, joint ventures, variable interest entities, etc.) and others (e.g., discontinued operations, various income statement items, other assets, etc.).

2016 inspection cycle

With regard to its recently issued staff inspection brief, Helen Munter, PCAOB Director of Registration and Inspections, stated that the information in the brief “may help audit firms, investors, and others better understand the risk-based factors that the PCAOB considers when inspecting audits.”

Following are six key areas of focus by the PCAOB in its current inspection cycle:

  1. Audit areas where deficiencies have been identified in previous inspection cycles, including internal control over financial reporting, assessing and responding to risks of material misstatement, and accounting estimates, including fair value measurements.  Recurring audit deficiencies continue to be identified in the most frequently selected financial reporting areas, such as revenue, non-financial assets, inventory, financial instruments and other areas.
  2. Audit areas affected by economic trends, including the effect of the strengthening U.S. dollar, the increasing merger and acquisition activity, the search for higher-yielding investment returns in a low interest rate environment, and the effect of the fluctuations in oil and natural gas prices.
  3. Audits of certain areas that may involve significant judgment from management and/or auditors, including the auditor’s evaluation of segment identification and disclosures, the auditor’s consideration of an entity’s ability to continue as a going concern, and evaluation of income tax accounting and disclosures.
  4. The implementation of AS 2410, Related Parties (also known as AS 18).  This auditing standard was effective for audits of fiscal years beginning on or after December 15, 2014.
  5. Audit procedures involving IT, particularly auditors’ use of software tools, and procedures to assess and address risks of material misstatement posed by cyber security.
  6. An audit firm’s system of quality control, including its policies and procedures for (i) identifying the “root causes” of audit deficiencies and positive quality events, (ii) complying with required audit committee communications, including those communications related to independence, (iii) monitoring and maintaining independence, (iv) performing engagement quality reviews with due professional care, and (v) applying professional skepticism throughout the audit.

Historical inspection trends

According to its statistics, the PCAOB’s sweet spot for inspections of global network firm audits is companies with a market capitalization between $1 billion and $5 billion.  In contrast, more so than any other market capitalization, the PCAOB has historically inspected audits conducted by non-affiliate firms of companies with market capitalization up to $100 million.

As it relates to industry sector, the PCAOB’s inspections of global network firm audits have covered a variety of industries more evenly than its inspections of non-affiliate firm audits.  To illustrate, since 2013, approximately 80% of its inspections of global network firm audits have included four industry sectors:  (1) industrials and materials; (2) financial services, benefit plans, and miscellaneous; (3) IT and telecom; and (4) consumer discretionary and staples.  The remaining approximately 20% of its inspections of global network firm audits have included two other industry sectors (energy and utilities; healthcare).  This should come as no surprise as the S&P 500 sector weightings, which represent the distribution among industries of the 500 largest publicly-traded U.S. firms, most of which are audited by the Big 4, are consistent with the PCAOB’s emphasis on these four industry sectors.

On the other hand, since 2013, approximately one-third of the PCAOB’s inspections of non-affiliate firm audits have been in the financial services, benefit plans, and miscellaneous industry sector.  The remaining approximately two-thirds of inspections of non-affiliate firm audits have been evenly distributed among five other industry sectors.

Emphasis on quality

In summary, even though the PCAOB’s inspection program has evolved over time, we have experienced a declining historical trend of financial statement reissuance restatements.  This decline can be attributed to improvement in the quality of financial reporting and, at least in part, to the PCAOB’s focus on audit quality and compliance with auditing standards.

Photo credit

Forensic Accounting, Fraud, Internal Controls, Investigations

Payout trends in the SEC’s whistleblower program

In July 2010, the U.S. Congress enacted and President Obama signed into law the Dodd-Frank Wall Street Reform and Consumer Protection Act.   In connection with reform on investment protection, the Dodd-Frank Act provided for the establishment of a new whistleblower program.  The program provides for financial incentives for individuals to report potential federal securities laws violations to the SEC and provides for protection from employment retaliation.

Adoption of whistleblower rules

On May 25, 2011, the SEC adopted the new whistleblower rules, codified as Section 21F of the Securities Exchange Act of 1934, entitled “Securities Whistleblower Incentives and Protection.”  Pursuant to these rules, the SEC has ability to provide monetary awards to eligible individuals who come forward with high-quality original information that leads to an SEC enforcement action in which over $1 million in sanctions is ordered.  The range for awards is between 10% and 30% of the money collected.

The rules clarify that “original information” must be:

(i) Derived from your independent knowledge or independent analysis;

(ii) Not already known to the Commission from any other source, unless you are the original source of the information;

(iii) Not exclusively derived from an allegation made in a judicial or administrative hearing, in a governmental report, hearing, audit, or investigation, or from the news media, unless you are a source of the information; and

(iv) Provided to the Commission for the first time after July 21, 2010 (the date of enactment of the Dodd-Frank Wall Street Reform and Consumer Protection Act).  See Rule 21F-4(b)(1)

Furthermore, the rules state that information submitted to the SEC is provided “voluntarily” if:

…you provide your submission before a request, inquiry, or demand that relates to the subject matter of your submission is directed to you or anyone representing you (such as an attorney):

(i) By the Commission;

(ii) In connection with an investigation, inspection, or examination by the Public Company Accounting Oversight Board, or any self-regulatory organization; or

(iii) In connection with an investigation by the Congress, any other authority of the federal government, or a state Attorney General or securities regulatory authority.  See Rule 21F-4(a).

Discretionary payouts

As mentioned previously, the range of awards that the SEC will pay out is between 10% and 30% of the money collected, not of the monetary sanctions ordered.  With this in mind, the SEC considers the following factors to determine the size of the award:

  1. The significance of the information
  2. The assistance provided by the whistleblower
  3. Law enforcement interest that might be advanced by a higher award
  4. Whistleblower’s participation in internal compliance systems

In addition, the SEC considers the following factors to decrease the payout percentage of the award:

  1. Culpability
  2. An unreasonable reporting delay by the whistleblower
  3. Interference with internal compliance and reporting systems

SEC’s payout trends

From its inception through July 2016, the SEC’s whistleblower program has issued 24 final award orders and 51 final denial orders.  Of these 24 final award orders, the largest award amount disclosed was over $30 million (announced September 22, 2014) and the smallest award amount disclosed was $125 thousand (announced August 30, 2013).

Of the 19 disclosed award amounts, the median payout is approximately $700 thousand.

Furthermore, of the nine awards disclosing the payout as a percentage of the monetary sanctions collected, the SEC has ordered payouts of 30% on five occasions, a payout of 28% once, payouts of 20% twice, and one payout of 15%.  It should be noted that these figures represent the total payout percentages for each matter (regardless of the number of claimants).

Seven of the 24 final award orders mentioned more than one claimant for payout, with three of these awards naming two claimants and four naming three claimants.  The distribution of the payout to each of these claimants varied from equal proportion of the award among the claimants (33% or 50% to each claimant in final award orders naming three and two claimants, respectively) to as dispersed as 50% of the award to one claimant, 33% to another, and 17% to the third claimant within the same final award order.

Another interesting observation is that, of the 24 final award orders, the SEC disclosed the whistleblower profiles for 11 of them.  Of these 11 awards, two were in the compliance function, one was an officer, seven were non-descriptive insiders/employees, and one was an outsider.  There does not appear to be any correlation between the whistleblower profile and the payout percentage or amount of the award.

I have prepared a schedule that summarizes key information for each final award order.  This schedule includes all final orders through July 2016.

Photo credit