Posted on

PCAOB shares its playbook for 2016 audit inspections

Last month the Public Company Accounting Oversight Board (PCAOB) issued its staff inspection brief detailing the scope, focus, and objectives of its ongoing 2016 inspections of auditors of public companies and other issuers.  This brief is helpful for those who may be seeking better understanding of the PCAOB’s inspection process as well as identifying potential trends to take note of.

PCAOB’s Role

As a background, Mark Olson, former Chairman of the PCAOB, explained in 2007 that the Sarbanes-Oxley Act of 2002 (SOX) established the PCAOB as the independent auditor oversight body in the United States.  “The PCAOB’s mission,” he stated, “is to oversee the auditors of public companies, protect the interests of investors, and further the public interest in the preparation of informative, accurate, and independent audit reports.”  The PCAOB seeks to accomplish its goals through its standards setting, inspections, enforcement, and outreach programs.

Today, the PCAOB oversees over 2,100 registered firms that audit issuers.  Among these registered firms are the following 10 audit firms, which the PCAOB inspects annually:

  • Global network firm inspection program –  There are six firms in this program.  They include BDO International Limited, Deloitte Touche Tohmatsu Limited, Ernst & Young Global Limited, Grant Thornton International Limited, KPMG International Cooperative, and PricewaterhouseCoopers International Limited.
  • Non-affiliate firm inspection program – The PCAOB’s inspection program encompasses inspections of registered firms that are not covered by its global network firm program.  Many of the firms in this program are members of other international networks, alliances or affiliations.  Four of these non-affiliate firms, Crowe Horwath LLP, MaloneBailey, LLP, Marcum LLP, and RSM US LLP, are inspected annually by the PCAOB because they have historically, including in 2015, issued audit reports for more than 100 issuers.

Inspections

The PCAOB inspects these 10 firms and approximately 550 other registered public accounting firms to assess compliance with SOX, the rules of the PCAOB, the rules of the SEC, and professional standards, in connection with the firm’s performance of audits, issuance of audit reports, and related matters involving issuers.

When conducting inspections, the PCAOB inspects specific portions of a firm’s audits or aspects of a firm’s audits on a sample basis.  In addition, the PCAOB posts statistics of financial statement areas of focus in its inspections of audit firms.  To illustrate, in its most recent 2015 inspection cycle the PCAOB’s top five financial statement reporting areas of focus included the following:

Financial statement reporting area

Global network firms

(as % of total audits inspected in 2015)

Non-affiliate firms

(as % of total audits inspected in 2015)
Revenue and receivables

79%

58%
Non-financial assets

58%

30%
Inventory

36%

28%
Income taxes

20%

17%
Financial instruments

17%

15%

The PCAOB’s emphasis on revenue and receivables as the top financial statement reporting area is consistent with the level of risk typically inherent in revenue recognition.

First, Auditing Standard (AS) 12, Identifying and Assessing Risks of Material Misstatement, states that the auditor should presume that improper revenue recognition is a fraud risk (at ¶ 68).  The word “should” is deliberately used in this auditing standard to signify a presumptively mandatory responsibility.  In essence, a risk of fraud in revenue recognition is presumed to exist and the auditor must comply with requirements of this type specified in the PCAOB’s standards unless the auditor demonstrates that alternative actions he or she followed in the circumstances were sufficient to achieve the objectives of the standard.

Second, a key consideration with respect to audit risks in revenue recognition is the fact that revenue recognition has historically been key area for financial statement restatements.

To add to the table above, the PCAOB’s other commonly inspected financial reporting areas in the recent past have included:  allowance for loan losses, other liabilities (e.g., accounts payable and accrued liabilities), debt, other investments (e.g., equity method, joint ventures, variable interest entities, etc.) and others (e.g., discontinued operations, various income statement items, other assets, etc.).

2016 inspection cycle

With regard to its recently issued staff inspection brief, Helen Munter, PCAOB Director of Registration and Inspections, stated that the information in the brief “may help audit firms, investors, and others better understand the risk-based factors that the PCAOB considers when inspecting audits.”

Following are six key areas of focus by the PCAOB in its current inspection cycle:

  1. Audit areas where deficiencies have been identified in previous inspection cycles, including internal control over financial reporting, assessing and responding to risks of material misstatement, and accounting estimates, including fair value measurements.  Recurring audit deficiencies continue to be identified in the most frequently selected financial reporting areas, such as revenue, non-financial assets, inventory, financial instruments and other areas.
  2. Audit areas affected by economic trends, including the effect of the strengthening U.S. dollar, the increasing merger and acquisition activity, the search for higher-yielding investment returns in a low interest rate environment, and the effect of the fluctuations in oil and natural gas prices.
  3. Audits of certain areas that may involve significant judgment from management and/or auditors, including the auditor’s evaluation of segment identification and disclosures, the auditor’s consideration of an entity’s ability to continue as a going concern, and evaluation of income tax accounting and disclosures.
  4. The implementation of AS 2410, Related Parties (also known as AS 18).  This auditing standard was effective for audits of fiscal years beginning on or after December 15, 2014.
  5. Audit procedures involving IT, particularly auditors’ use of software tools, and procedures to assess and address risks of material misstatement posed by cyber security.
  6. An audit firm’s system of quality control, including its policies and procedures for (i) identifying the “root causes” of audit deficiencies and positive quality events, (ii) complying with required audit committee communications, including those communications related to independence, (iii) monitoring and maintaining independence, (iv) performing engagement quality reviews with due professional care, and (v) applying professional skepticism throughout the audit.

Historical inspection trends

According to its statistics, the PCAOB’s sweet spot for inspections of global network firm audits is companies with a market capitalization between $1 billion and $5 billion.  In contrast, more so than any other market capitalization, the PCAOB has historically inspected audits conducted by non-affiliate firms of companies with market capitalization up to $100 million.

As it relates to industry sector, the PCAOB’s inspections of global network firm audits have covered a variety of industries more evenly than its inspections of non-affiliate firm audits.  To illustrate, since 2013, approximately 80% of its inspections of global network firm audits have included four industry sectors:  (1) industrials and materials; (2) financial services, benefit plans, and miscellaneous; (3) IT and telecom; and (4) consumer discretionary and staples.  The remaining approximately 20% of its inspections of global network firm audits have included two other industry sectors (energy and utilities; healthcare).  This should come as no surprise as the S&P 500 sector weightings, which represent the distribution among industries of the 500 largest publicly-traded U.S. firms, most of which are audited by the Big 4, are consistent with the PCAOB’s emphasis on these four industry sectors.

On the other hand, since 2013, approximately one-third of the PCAOB’s inspections of non-affiliate firm audits have been in the financial services, benefit plans, and miscellaneous industry sector.  The remaining approximately two-thirds of inspections of non-affiliate firm audits have been evenly distributed among five other industry sectors.

Emphasis on quality

In summary, even though the PCAOB’s inspection program has evolved over time, we have experienced a declining historical trend of financial statement reissuance restatements.  This decline can be attributed to improvement in the quality of financial reporting and, at least in part, to the PCAOB’s focus on audit quality and compliance with auditing standards.

Photo credit

Posted on

Payout trends in the SEC’s whistleblower program

In July 2010, the U.S. Congress enacted and President Obama signed into law the Dodd-Frank Wall Street Reform and Consumer Protection Act.   In connection with reform on investment protection, the Dodd-Frank Act provided for the establishment of a new whistleblower program.  The program provides for financial incentives for individuals to report potential federal securities laws violations to the SEC and provides for protection from employment retaliation.

Adoption of whistleblower rules

On May 25, 2011, the SEC adopted the new whistleblower rules, codified as Section 21F of the Securities Exchange Act of 1934, entitled “Securities Whistleblower Incentives and Protection.”  Pursuant to these rules, the SEC has ability to provide monetary awards to eligible individuals who come forward with high-quality original information that leads to an SEC enforcement action in which over $1 million in sanctions is ordered.  The range for awards is between 10% and 30% of the money collected.

The rules clarify that “original information” must be:

(i) Derived from your independent knowledge or independent analysis;

(ii) Not already known to the Commission from any other source, unless you are the original source of the information;

(iii) Not exclusively derived from an allegation made in a judicial or administrative hearing, in a governmental report, hearing, audit, or investigation, or from the news media, unless you are a source of the information; and

(iv) Provided to the Commission for the first time after July 21, 2010 (the date of enactment of the Dodd-Frank Wall Street Reform and Consumer Protection Act).  See Rule 21F-4(b)(1)

Furthermore, the rules state that information submitted to the SEC is provided “voluntarily” if:

…you provide your submission before a request, inquiry, or demand that relates to the subject matter of your submission is directed to you or anyone representing you (such as an attorney):

(i) By the Commission;

(ii) In connection with an investigation, inspection, or examination by the Public Company Accounting Oversight Board, or any self-regulatory organization; or

(iii) In connection with an investigation by the Congress, any other authority of the federal government, or a state Attorney General or securities regulatory authority.  See Rule 21F-4(a).

Discretionary payouts

As mentioned previously, the range of awards that the SEC will pay out is between 10% and 30% of the money collected, not of the monetary sanctions ordered.  With this in mind, the SEC considers the following factors to determine the size of the award:

  1. The significance of the information
  2. The assistance provided by the whistleblower
  3. Law enforcement interest that might be advanced by a higher award
  4. Whistleblower’s participation in internal compliance systems

In addition, the SEC considers the following factors to decrease the payout percentage of the award:

  1. Culpability
  2. An unreasonable reporting delay by the whistleblower
  3. Interference with internal compliance and reporting systems

SEC’s payout trends

From its inception through July 2016, the SEC’s whistleblower program has issued 24 final award orders and 51 final denial orders.  Of these 24 final award orders, the largest award amount disclosed was over $30 million (announced September 22, 2014) and the smallest award amount disclosed was $125 thousand (announced August 30, 2013).

Of the 19 disclosed award amounts, the median payout is approximately $700 thousand.

Furthermore, of the nine awards disclosing the payout as a percentage of the monetary sanctions collected, the SEC has ordered payouts of 30% on five occasions, a payout of 28% once, payouts of 20% twice, and one payout of 15%.  It should be noted that these figures represent the total payout percentages for each matter (regardless of the number of claimants).

Seven of the 24 final award orders mentioned more than one claimant for payout, with three of these awards naming two claimants and four naming three claimants.  The distribution of the payout to each of these claimants varied from equal proportion of the award among the claimants (33% or 50% to each claimant in final award orders naming three and two claimants, respectively) to as dispersed as 50% of the award to one claimant, 33% to another, and 17% to the third claimant within the same final award order.

Another interesting observation is that, of the 24 final award orders, the SEC disclosed the whistleblower profiles for 11 of them.  Of these 11 awards, two were in the compliance function, one was an officer, seven were non-descriptive insiders/employees, and one was an outsider.  There does not appear to be any correlation between the whistleblower profile and the payout percentage or amount of the award.

I have prepared a schedule that summarizes key information for each final award order.  This schedule includes all final orders through July 2016.

Photo credit

Posted on

Potentially costly accounting standards on the horizon

For a number of years we experienced a “lull” in significant accounting standards issued by the FASB.  However, just within the last two years, the FASB has issued two significant, complicated accounting standards that will have far-reaching implications for companies.

These two accounting standards affect how companies recognize revenues and recognize leases.  Based on my experience, I expect that just about every company whose financial reporting framework is U.S. GAAP will be affected by at least one, if not both, of these standards.  As such, today’s post will focus on what these two standards are and how they will affect companies.

Revenue recognition

In May 2014, the FASB issued Accounting Standards Update (ASU) No. 2014-09, Revenue from Contracts with Customers (Topic 606).  This standard is designed to achieve a number of goals.  First, the standard removes inconsistencies and weaknesses in revenue requirements and provides a more robust framework for addressing revenue issues.  Second, the standard improves comparability of revenue recognition practices across entities, industries, jurisdictions, and capital markets (particularly companies that have adopted IFRS).  Third, it provides more useful information to users of financial statements through improved disclosure requirements.  Finally, the standard simplifies the preparation of financial statements by reducing the number of requirements to which an entity must refer.

The core principle of the guidance in Topic 606 is that an entity should recognize revenue to depict the transfer of promised goods or services to customers in an amount that reflects the consideration to which the entity expects to be entitled in exchange for those goods or services.  With a move away from industry and more prescriptive guidance on recognizing revenue, this standard uses the following five-step model:

  1. Identify the contract(s) with a customer
  2. Identify the performance obligations in the contract
  3. Determine the transaction price
  4. Allocate the transaction price to the performance obligations in the contract
  5. Recognize revenue when (or as) the entity satisfies a performance obligation

The desired goals of this standard seem nice on paper and I believe they are a significant step toward improved financial reporting.  However, what this means for companies is that they will need to apply a significant amount of resources and thought to achieving the objectives set forth in the standard.

ASU No. 2014-09 has been subsequently amended as follows:

Accounting for leases

Earlier this year the FASB issued ASU No. 2016-02, Leases (Topic 842).  The key change from the existing leasing accounting standard (Topic 840) is that, under the new standard, lessees will need to recognize lease assets and lease liabilities for leases classified as operating leases.  For leases with a term of 12 months or less, a lessee is permitted to make an accounting policy election by class of underlying asset not to recognize lease assets and lease liabilities.  If a lessee makes this election, it should recognize lease expense for such leases generally on a straight-line basis over the lease term.

This standard is effective for fiscal years beginning after December 15, 2018 for publicly traded companies.  Although 2019 seems like a long way into the future, many companies will need to make significant endeavors to effectively implement this accounting standard.

Internal coordination a must

It goes without saying that departmental decisions within a company tend to have an effect on accounting and financial reporting.  With this in mind, in implementing these new accounting standards companies will need to coordinate internally to ensure that all of the relevant facts and circumstances are gathered for accounting and financial reporting consideration.

In the spirit of coordinating between the accounting function and other departments to ensure that business operations are not adversely affected by adoption of these new accounting standards, following are things to consider:

  • Legal – In implementing the new lease standard, leases with terms greater than 12 months will be included in the balance sheet.  Companies will need to revisit their contractual terms, particularly with lenders, to ensure that the accounting changes on the balance sheet do not adversely affect compliance with debt covenants.  Further, companies will need to consider implications of adopting these two standards on securing financing.  Finally, companies may wish to revisit the terms and conditions, including pricing structure, in customer contracts and consider how adoption of the new revenue recognition standard may affect the timing of revenue recognition.
  • Financial planning and analysis – Companies will need to consider the timing of revenue recognition for internal budgeting and forecasts.
  • Information technology – Companies will need to revisit their accounting and operational systems and processes.  Specifically, systems and processes will likely need to be reconfigured and/or reports may need to be modified or created to obtain relevant data for appropriate accounting and more extensive accounting disclosures.
  • Human resources – Often times variable compensation is based on key financial metrics, such as revenues, earnings, and EBITDA.  With the adoption of the new accounting standards, because the timing of revenue recognition may change, companies will need to revisit their variable compensation arrangements with employees to ensure that targets are reasonable and achievable.  Moreover, companies will need to ensure there is adequate staffing with the right level of experience and technical skills to implement these standards.
  • Tax – With expected changes in the recognition of revenue, for example, companies will need to consider the impact on income taxes.
  • Investor relations – Companies will need to consider changes to guidance provided to the street on revenues, EPS, and non-GAAP measures (such as EBITDA) as these metrics will be affected by adoption of these new accounting standards.  Furthermore, companies will need to consider the nature and extent of communications with users of their financial statements regarding expected changes to business practices from adopting these standards.

As I indicated in a previous post, just like individuals, companies can procrastinate decision-making until it becomes costly.  Of particular concern in light of these two significant accounting standards is that companies may lack sufficient resources to effectively adopt them, either in terms of quantity or quality of headcount.

Likewise, companies may not provide adequate budgeting for additional resources needed to effectively adopt these standards.  Many companies, whether by choice or out of necessity, may find themselves hiring consultants carrying price tags higher than internal resources to accomplish the following two objectives.  First, they will need to meet the adoption requirements in the accounting standards.  Second, they will need to satisfy their external auditor of compliance with these accounting standards.

Potentially costly audits

In my line of business, hiring outside assistance to pass financial statement audits can become costly in a relatively short period of time.  With this in mind, in connection with an audit of financial statements, public companies should be mindful of the implications that the adoption of these standards will have on internal controls over financial reporting.

In essence, there are multiple “types” of internal controls:  IT general, application, automated, manual, and IT-dependent manual controls.  As is typical of significant changes in accounting and disclosure, the adoption of these new standards will likely require more manual-type controls to verify that financial reporting is reliable.

In light of this, companies will need to consider the increased risk of material misstatement that manual controls introduce to an audit.

Next steps

For these reasons companies should begin now planning for these scenarios.  In reality, these new accounting standards are a significant undertaking and companies should approach implementation of these standards with a high degree of determination.

Photo credit

Posted on

SEC settles charges with publicly-traded company for internal controls violations

Earlier this year the SEC announced that it had brought charges against a publicly traded company, Magnum Hunter Resources Corporation (MHR), a diversified natural gas, natural gas liquids and crude oil exploration and production company based in Texas.

The SEC’s charges are not based on material misstatements in MHR’s 2011 financial statements on Form 10-K. Rather, because of high growth arising from multiple business acquisitions, the company’s accounting staff could not keep up with the ever-increasing demands to maintain effective internal controls over financial reporting (ICFR).  As a result, the SEC claims there existed a material weakness in MHR’s ICFR and that MHR did not adequately disclose this in its 2011 SEC filing.

The SEC imposed a Cease-and-Desist Order on MHR in March 2016, which states in part:

This proceeding concerns failures by MHR and its management to properly implement, maintain, and evaluate [ICFR] for the fiscal year-ended December 31, 2011 and to maintain ICFR sufficient to keep pace with MHR’s growth from at least the fiscal year-ended December 31, 2011 through the quarter-ended September 30, 2013.

The SEC Order also states that this failure was, in part due to improper evaluations of the severity of internal control deficiencies by both MHR’s SOX consultant and external auditor.

Material Weakness

To put all of this into context, SEC Regulation S-X defines a material weakness as:

…a deficiency, or a combination of deficiencies, in [ICFR] such that there is a reasonable possibility that a material misstatement of the registrant’s annual or interim financial statements will not be prevented or detected on a timely basis. [Rule 1-02(a)(4)]

This is consistent with the definition of a material weakness in U.S. auditing standards, which is:

a deficiency, or a combination of deficiencies, in [ICFR], such that there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be prevented or detected on a timely basis. [PCAOB AU 325, par 3]

Note these definitions use the term “reasonable possibility” to describe the likelihood of a material misstatement occurring.  This term carries the same meaning as in ASC 450 (formerly SFAS No. 5), which I discussed in a previous post.

Charges by the SEC

In essence, the SEC’s charges hinge on the premise that, even though it did not find any material misstatement in MHR’s financial statements, because a material misstatement could have occurred, MHR should have made appropriate disclosures in its 2011 financial statements. Of interest is that MHR’s assessment of the effectiveness of ICFR concluded that a significant deficiency existed, not a material weakness.

In its audit work papers MHR’s external auditor documented that the control weaknesses arising from inadequate accounting staff did not rise to the level of a material weakness for the following key reasons: (1) the audit work did not identify material errors for the reporting period and (2) the auditor understood that MHR had recently hired additional accounting staff and that the existing staff, while overworked, was competent.

Despite the auditor’s documentation for its conclusion, the guidance in PCAOB AS No. 5 states that “[t]he severity of a deficiency does not depend on whether a misstatement actually has occurred but rather on whether there is a reasonable possibility that the company’s controls will fail to prevent or detect a misstatement.” (see par. 64)

Take-aways

Companies required to comply with SEC regulations should take note of these charges brought by the SEC. Further, companies should take seriously the requirements to maintain effective ICFR and disclose information that is pertinent to users of their financial statements.

In the end, it is the responsibility of the company’s management to not only prepare its financial statements, but to also maintain a system of ICFR sufficient to provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in conformity with GAAP (see SEC Exchange Rule 13(b)(2)(B) at 124).

Photo credit

Posted on

The proliferation of forensic accounting

I had the pleasure of being a guest speaker last week at a university in Denver.  I presented to students enrolled in a forensic accounting course on the topic of litigation services and expert testimony.  The audience, consisting mostly of graduate students, was highly engaged during the presentation.

Certainly, I see a strong level of interest in the field of forensic accounting, not just within the professional world, but also within colleges and universities.  Contrast this with when I was in school.  Although it doesn’t feel like a long time, when I finished my university studies in 2005 there seemed to be less talk within the business school of forensic accounting careers.

Today, forensic accounting is a multi-billion dollar industry and its growth is expected to continue for the foreseeable future.

Where to begin

During my presentation, I could sense the eagerness of the students to find their career fit within forensic accounting.  At the completion of the discussion they asked me how I would recommend they tap into the field.  Of course, I was happy to respond because I was in their shoes at one point in my career and I’ve always appreciated meaningful career counsel.

First, I believe those interested in this field should find out what type of industry or practice-area they are most interested in.  It could be financial services, manufacturing, technology, communications, etc.  Next, I recommend they build a strong foundation in whatever industry or practice-area they choose by gaining at least a few years of diverse experience.

If they still desire to be a forensic accountant once they establish a strong foundation, then I recommended they search for the right fit with patience, relying as much as possible on their network of contacts.

Experience is critical

Unfortunately, too often I think college graduates do themselves a disservice when they seek to jump right into forensic accounting without any real-world experience.  Of course, this isn’t always the case, but I have worked with enough junior professionals within the industry to make this observation.

I make the following case to illustrate my point.  Auditors are trained to approach their work with “materiality” in mind.  Those in criminal justice approach their work with “beyond a reasonable doubt” in mind.  Statisticians often approach their work with “statistical significance” in mind.  Forensic accountants, on the other hand, may or may not approach their work with these concepts in mind.  Truly, the application of concepts or principles depends on the facts and circumstances of a case.

For this reason, I believe a forensic accountant should have sufficient experience so that he or she can appropriately apply professional judgment, no matter the circumstance.

With ever-changing regulations and increasing complexity of the world we live in, I believe the role we forensic accountants provide will become increasingly valuable.