Posted on

Responding to accounting restatement risk

A fundamental tenet of financial reporting is that a company’s internal controls over financial reporting (ICFR) are sufficiently robust to ensure transactions are properly recognized and disclosed in its financial statements.  The appropriateness of financial statements hinges on the fair presentation in conformity with GAAP.  Furthermore, the concept of materiality is the deciding factor of what is “fair” and what is not.

However, at times companies misstate their financial statements.  In some situations these misstatements are simple, unintentional errors; whereas, in other cases they may be intentional.  When misstatements occur, companies must determine whether or not these misstatements result in materially misleading financial statements.  For purposes of clarity, an error is defined in ASC 250, Accounting Changes and Error Corrections as “[a]n error in recognition, measurement, presentation, or disclosure in financial statements resulting from mathematical mistakes, mistakes in the application of [GAAP], or oversight or misuse of facts that existed at the time the financial statements were prepared.”

Because identified misstatements that relate to the current period can be addressed by management without any required restatements, today’s post will address certain risk areas and requirements that companies will want to address in assessing misstatements in prior periods.

Materiality

In a previous post I wrote about materiality considerations, which should be considered in assessing whether or not the prior period financial statements are materially misstated.  Indeed, it is well established that calculating a quantitative threshold of materiality is an important step in a materiality assessment (such as 5-10% of pre-tax income).  However, companies should give consideration to qualitative factors as well.  The SEC’s staff issued SAB No. 99 to provide some guidance to considering qualitative factors.  Notwithstanding its guidance, SAB No. 99 does not address what might be considered not material.

Types of restatement

Depending on the outcome of a materiality assessment, companies may find themselves in one of two categories:

  1. Reissuance restatement – referred to as “Big R” restatement because this means the previously issued financial statements were materially incorrect and, therefore, are unreliable and must be reissued/restated.  In these cases, the prior period financial statements must be amended.
  2. Revision restatement – referred to as “Little r” restatement because, although there are errors in the previously issued financial statements, they were not material to the prior periods.  A company may choose to either make the error correction in the current period or it may recast its prior period financial results in connection with issuing its current period financial statements.  When a company elects to recast its prior period financial statements in connection with issuing its current period financial statements, it revises its financial statements.  In these circumstances, the prior period financial statements do not need to be amended.

Sarbanes-Oxley Act certification requirements

In the context of restatements, SEC registrants must be aware of risk exposure related to Sarbanes-Oxley Act (SOX) certification requirements.  As a refresher, as early as 2004 SEC registrants were required to implement certain provisions of SOX.  These provisions address requirements that the principal executive officer or officers (CEO or equivalent) and the principal financial officer or officers (CFO or equivalent) must certify.  The first requirement, Section 302, is found in SOX’s Title III – Corporate Responsibility.  The second requirement, Section 906, is found in SOX’s Title IX – White-Collar Crime Penalty Enhancements.

  • SOX Section 302 – In connection with filing of periodic financial reports with the SEC, the CEO and CFO (as signing officers) are required to certify in each quarterly and annual report:
    • the signing officer has reviewed the report;
    • based on the signing officer’s knowledge, the report doesn’t contain any untrue statement of a material fact or omit to state a material fact necessary in order to make the statements made, in light of the circumstances under which such statements were made, not misleading;
    • based on the signing officer’s knowledge, the financial statements, and other financial information included in the report, fairly present in all material respects the financial condition and results of operations of the issuer as of, and for, the periods presented in the report;
    • the signing officers:
      • are responsible for establishing and maintaining internal controls
      • have designed such internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared;
      • have evaluated the effectiveness of the issuer’s internal controls as of a date within 90 days prior to the report; and
      • have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date;
    • the signing officers have disclosed to the issuer’s auditors and the audit committee of the board of directors (or persons fulfilling the equivalent function):
      • all significant deficiencies in the design or operation of internal controls which could adversely affect the issuer’s ability to record, process, summarize, and report financial data and have identified for the issuer’s auditors any material weaknesses in internal controls; and
      • any fraud, whether or not material, that involves management or other employees who have a significant role in the issuer’s internal controls; and
    • the signing officers have indicated in the report whether or not there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses.
  • SOX Section 906 – In connection with filing of periodic financial reports with the SEC, the CEO and CFO (as signing officers) are required to certify in each quarterly and annual report:
    • the periodic financial report containing the financial statements fully complies with the requirements of section 13(a) or 15(d) of the Securities Exchange Act of 1934 and that information contained in the periodic report fairly presents, in all material respects, the financial condition and results of operations of the issuer.

Section 906 provides for criminal penalties if the CEO and/or CFO:

  • certifies any statement within Section 906 knowing that the periodic report accompanying the statement does not comport with all the requirements set forth in Section 906 shall be fined not more than $1,000,000 or imprisoned not more than 10 years, or both; or
  • willfully certifies any statement as set forth in Section 906 knowing that the periodic report accompanying the statement does not comport with all the requirements set forth in Section 906 shall be fined not more than $5,000,000, or imprisoned not more than 20 years, or both.

In light of these certification requirements and the potential criminal penalties, signing officers must be confident that their financial reporting controls are reliable.  With this in mind, when Big R restatement risk is heightened, companies should be cognizant of the regulatory and legal exposure associated with potential non-compliance.

Furthermore, when it comes to material misstatements in the company’s prior period financial statements, there is a rebuttable presumption that a material weakness in ICFR exists.  Another thing to keep in mind is that even though a Little r restatement may end up being the correct solution to addressing misstatements, the SEC registrant may end up concluding that a material weakness still exists in ICFR.  This gets at the concept of the “could” factor in assessing deficiencies in ICFR, which I previously wrote about.

Tips for companies

I recently listened to a webcast discussing 10 pitfalls to avoid when navigating a Big R restatement (replay link).  For convenience, I’ve listed these 10 pitfalls:

  1. Engaging inexperienced counsel and advisors for the investigation
  2. Forming a special committee when the audit committee might suffice
  3. The run-away or open-ended investigation
  4. Failing to keep auditors apprised of the investigation and errors found
  5. Indecisiveness and inability to reach conclusions
  6. Waiting too long to deal with wrongdoers
  7. Not self-reporting findings to the SEC
  8. Audit committee micromanagement of the restatement
  9. Failing to remediate
  10. Creating an unnecessarily detailed SAB 99 materiality analysis

In addition to these tips, companies should ensure they follow the standards governing accounting restatements in ASC 250 and that they assess misstatements for each reporting period.  Although certain misstatements may be insignificant in any given reporting period, they could aggregate to a material amount over time (such as the impact to the balance sheet).

When restatements arise, SEC registrants will need to disclose relevant information on SEC Forms 10-K/A and 8-K (for Big R) and SEC Form 10-K (for Little r).

Influencing the narrative

I’m going to fast forward the process of restating financial statements to communicating with outsiders what the facts are.  When management becomes aware of material misstatements in prior periods, the company should be clear and assertive with users of its financial statements about the nature and extent of the misstatements identified.  In connection with its assessment, management should be able to, at a minimum, address the following concerns:

  • explain the magnitude of the misstatement;
  • identify which accounts were affected;
  • describe what was done to remediate the misstatement (both in the financial statements and in ICFR);
  • explain what programs and controls have been put in place to avoid misstatements from occurring in the future; and
  • explain the implications of misstatements on the company’s future financial reporting and forecasts

It goes without saying that if companies do not take active measures to effectively management the risks I’ve discussed, users of their financial statements may call into question whether or not the root-causes in the company have been addressed.

Photo credit

Posted on

A Look-back: 12 years of SOX Section 404

Many companies became subject to the provisions of Section 404 of the Sarbanes-Oxley Act of 2002 (SOX) beginning for fiscal years ending on or after November 15, 2004.  Specifically, Section 404(a) requires public companies’ annual reports to include the company’s own assessment of internal control over financial reporting (ICFR).  Section 404(b) requires an independent auditor’s report on the effectiveness of the company’s ICFR.

Since the implementation of SOX 12 years ago, we have seen some interesting trends in financial restatement statistics and SEC enforcement trends, which I have written about recently (here and here).  In fact, a recent Audit Analytics report has highlighted some key take-aways related to Section 404 disclosures.

Effectiveness of ICFR requiring auditor attestation

SOX Section 404(b) states that accelerated filers (including large accelerated filers) must provide an independent auditor’s report on the effectiveness of the filer’s ICFR.  The following chart shows adverse auditor reports as a percentage of total auditor reports on ICFR on an annual basis within the last 12 years.

% Adverse Auditor Attestations

For clarification, according to PCAOB Auditing Standard No. 5 (AS 5), An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements, an adverse opinion signifies that at least one material weakness exists within a company’s ICFR.

Naturally, one would expect the first year of implementation, 2004, to yield the least favorable results.  To also note is that because the SOX Section 404 requirements went into effect in late 2004, only a portion of companies whose fiscal years ended in 2004 were required to implement these requirements (i.e., those whose fiscal years ended on or after November 15, 2004).  This means that a smaller number of companies filed auditor attestations related to fiscal 2004 when compared to fiscal 2005.

What I find interesting about the above chart, and the Audit Analytics report discusses, is the historical “low” in the rate in 2010.  In 2010, the PCAOB inspection program began determining if audit firms had obtained adequate evidence to substantiate the auditor’s attestation of management’s assessment regarding the effectiveness of ICFR.  The impetus for this was the implementation of AS 5, which became effective in late 2007.

After initially reviewing audit firms’ implementation of AS 5 in 2008 and 2009, the PCAOB’s inspections began in 2010 to focus on inspecting for and reporting on whether firms obtained sufficient evidence to support their audit opinions on the effectiveness of ICFR.  Although somewhat unclear, we might gather from the above chart that the PCAOB’s scrutiny of audit firm compliance with AS 5 in 2010 may have re-focused the emphasis of audit firms on improving audit quality in 2011 (when compared to 2010).

Key areas of adverse auditor reports

Among those auditor reports with an adverse audit opinion on ICFR, the Audit Analytics report identifies the following internal controls issues with the highest frequency in 2015:

Ineffective ICFR issues

Total number of attestations

As % of total attestations citing ineffective ICFR
Material and/or numerous auditor and/or management adjustments

118

58%
Inadequate accounting personnel resources, competency, and/or training

105

52%
IT, software, security, and access controls

60

30%
Segregation of duties and/or design of controls

50

25%
Controls related to non-routine transactions

39

19%

As illustrated in the table above, the top reason for ineffective ICFR in 2015 was due to accounting issues which were known to materially misstate the financial statements.  Said differently, without recording the necessary adjustments, the financial statements taken as a whole would have been materially misstated.  The remaining top five reasons for ineffective ICFR in 2015 were due to internal controls issues (which either did or “could have” contributed to material errors in the financial statements).

Moreover, the Audit Analytics report lists the following accounting-related ICFR issues as most commonly cited in adverse audit reports in 2015:

Ineffective ICFR issues related to accounting

 Total number of attestations

As % of total attestations citing ineffective ICFR
Revenue recognition 47

23%
Income taxes

36

18%
A/R, notes receivable, investments, and cash

34

17%
Fixed assets and/or intangible assets

29

14%
Related parties and/or affiliates/subsidiaries

27

13%

Effectiveness of ICFR not requiring auditor attestation

In contrast to the requirements in Section 404(b) for accelerated filers, non-accelerated filers and smaller reporting companies need not comply with this provision, thanks to the Dodd-Frank Act of 2010, but they must comply with Section 404(a).  Furthermore, non-accelerated filers were not required to implement Section 404 until late 2007.

For clarification, a non-accelerated filer, as defined by SEC Rule 12b-2, is public company whose public float (as opposed to market capitalization) does not exceed $75 million as of the last business day of the company’s most recently completed fiscal Q2.  Furthermore, smaller reporting companies are those companies that meet the definition of a non-accelerated filer and had annual revenues of less than $50 million during the most recently completed fiscal year for which audited financial statements are available.

Having said that, the following chart shows the percentage of adverse management-only assessments relative to total management-only assessments on an annual basis in the last 12 years.

% Mgmt-Only Reports

Interestingly, this chart shows a negative trend over the years, with a drop in 2015.

Key areas of adverse management-only assessments

The Audit Analytics report identifies the following internal controls issues with the highest frequency in 2015 in management-only assessments:

Ineffective ICFR issues

 Total number of assessments

As % of total assessments citing ineffective ICFR
Inadequate accounting personnel resources, competency, and/or training

985

79%
Segregation of duties and/or design of controls

893

72%
Ineffective, non-existent, or understaffed audit committee

388

31%
Inadequate accounting disclosure controls

246

20%
Material and/or numerous auditor and/or management adjustments

204

16%

To note is that two of the five top ICFR issues in the table above are also among the top five ICFR issues in adverse auditor attestations.  A key reason for the provision in the 2010 Dodd-Frank Act eliminating the requirement for non-accelerated filers and smaller reporting companies to comply with SOX Section 404(b) was due to cost of compliance.  Since we can see from the table above that overwhelmingly the two most common ICFR issues were inadequate accounting resources and segregation of duties/design of controls, it certainly seems reasonable to conclude that the cost of accounting resources is a relatively big factor for smaller public companies.  While understanding that these statistics describe ICFR issues for public companies, to my surprise is that the third most common issue deals with inadequacies of the audit committee.

With respect to accounting-related ICFR issues noted in management-only assessments, the Audit Analytics report lists the following most commonly cited in 2015:

Ineffective ICFR issues related to accounting

 Total number of assessments

As % of total assessments citing ineffective ICFR
A/R, notes receivable, investments, and cash

95

8%
Debt, quasi-debt, warrants and equity-related (beneficial conversion features)

53

4%
Income taxes

48

4%
Revenue recognition

38

3%
Related parties and/or affiliates/subsidiaries

24

2%

The above table demonstrates that the most frequently cited accounting-related issues in ICFR was similar between accelerated and non-accelerated filers and smaller reporting companies.  Furthermore, the Audit Analytics report indicates the top five accounting-related issues represented approximately two-thirds of the total accounting-related issues in 2015, both for adverse auditor reports and management-only assessments.

Summary

To put these findings into context for 2015, of those accelerated filers whose auditors issued an adverse SOX report, there was a pull toward ICFR failures due to accounting-related issues.  On the other hand, companies that issued management-only assessments citing ICFR failures experienced significantly higher rates of ICFR failures due to internal controls issues as opposed to accounting-related issues.

In addition, the ICFR failure rates reported by companies with management-only assessments were significantly higher than the ICFR failure rates reported by accelerated filers.  By applying a simple average over the last 12 years for accelerated filers and nine years for non-accelerated filers, the ICFR failure rates were 6.9% and 35.4%, respectively.

Finally, for additional context, I noted per review of the Audit Analytics report that in 2015 there were approximately 3,800 auditor attestations on SOX effectiveness filed with the SEC.  With regard to management-only assessments, there were approximately 3,500 management reports filed in 2015 with the SEC.  Therefore, the quantity of filings with the SEC between these two groups was comparable.

Source for charts:  Audit Analytics August 2016 report, SOX 404 Disclosures, a Twelve Year Review.

Photo credit

Posted on

Materiality — consolidated level vs. segment level

I often work on litigation consulting engagements where the concept of materiality is front and center.  A key question that I have encountered is, for a consolidated entity, whether or not materiality is to be assessed at the consolidated level or at the segment level from a financial reporting disclosure perspective.

Materiality

The guidance is clear that materiality is supposed to be assessed in the context of the “financial statements taken as a whole”, or at whatever level the issuer is reporting its financial statements.  However, there are some items for consideration that can provide some color to this discussion and that can assist those involved with these types of decisions to understand the implications of making materiality decisions at a level lower than the consolidated level.

Auditor Considerations

When the external auditor opines, the auditor refers to the highest level of financial statements, typically the “consolidated” financial statements, presenting fairly, in all material respects, the financial position/results of operations/cash flows, etc.  When the auditor plans and performs an audit, the auditor considers “materiality”, which, according to auditing standards, is also based on the “financial statements taken as a whole” concept.

Auditing Standard (AU) No. 312 titled “Audit Risk and Materiality in Conducting
an Audit” addresses materiality for particular items of lesser amounts than the materiality level determined for the financial statements taken as a whole.  Paragraph 31 states:

When establishing the overall strategy for the audit, the auditor should consider whether, in the specific circumstances of the entity, misstatements of particular items of lesser amounts than the materiality level determined for the financial statements taken as a whole, if any, could, in the auditor’s judgment, reasonably be expected to influence economic decisions of users taken on the basis of the financial statements. Any such amounts determined represent lower materiality levels to be considered in relation to the particular items in the financial statements.

Paragraph 32 provides some items for consideration by the auditor.  However, at the end of the audit, as I’ve explained previously, the auditor generally opines on the financial statements taken as a whole.  This is important to remember.

Issuer Guidance

SFAS 131, Disclosures about Segments of an Enterprise and Related Information, discusses disclosure requirements for segments of a filer.  Within par. 78, it states:

Paragraph 125 of Concepts Statement 2 states that “. . . magnitude by itself, without regard to the nature of the item and the circumstances in which the judgment has to be made, will not generally be a sufficient basis for a materiality judgment.” That guidance applies to segment information. An understanding of the material segments of an enterprise is important for understanding the enterprise as a whole, and individual items of segment information are important for understanding the segments. Thus, an item of segment information that, if omitted, would change a user’s decision about that segment so significantly that it would change the user’s decision about the enterprise as a whole is material even though an item of a similar magnitude might not be considered material if it were omitted from the consolidated financial statements. Therefore, enterprises are encouraged to report information about segments that do not meet the quantitative thresholds if management believes that it is material. Those who are familiar with the particular circumstances of each enterprise must decide what constitutes material.  (emphasis added)

It seems the FASB intentionally made the requirement to disclose something at the segment level a higher standard than the requirement to disclose something at the consolidated/enterprise level, for the reason that the focus should be on the “financial statements taken as a whole” and not at the level of a segment.

Interpretation

In the end, the question as to whether materiality is to be assessed at the consolidated level or at the segment level from a financial reporting disclosure perspective more clear.  Decisions regarding materiality at a lower level than at the consolidated level, barring an exceptions (as described in SFAS 131), tend to get swallowed up in materiality at the reporting, or consolidated, level.  Users of financial statements, including forensic accountants, should keep these concepts in mind.

Applicability

When a dispute or allegation comes forth that accuses an entity of not disclosing something that perhaps it should have, these concepts should be reviewed.  SAB No. 99 also provides some color and should be consulted.  I assist clients with these complex issues on a regular basis and often the answer is not black or white.  The specific facts and circumstances should be understood, particularly the more macro factors (such as industry peer disclosures).  In the end, professional judgment should be applied in a manner that is well-thought out, documented, and defensible.

Photo credit

Posted on

Materiality in financial statements

All too often the concept of materiality in the context of financial statements is not black and white, as some like to think.  Over and over again my experience has been that materiality is commonly misunderstood and misapplied.  Those dealing with disputes who don’t have a solid understanding of materiality can find themselves fighting a tough uphill battle.

Definition

So, to begin, what is “materiality”?

When I was a financial statement auditor, my engagement team would compute a quantitative threshold and call it overall materiality.  This was typically 5% of the audit client’s pre-tax income from continuing operations for profit-oriented entities, or, if pre-tax income from continuing operations was volatile or perhaps a loss was realized in one year and a gain in another year, we would sometimes compute an alternative materiality, taking into account other financial statement metrics (such as revenues, assets, equity, etc.) and apply judgment in deciding on a quantitative threshold (SAS No. 107 at ¶ 4).  This overall materiality calculation was the starting point in planning the audit, assessing risk, and performing audit testing.  Although qualitative factors are considered in audits, the quantitative threshold is often the primary tool to measure the significance of misstatements.

However, in the context of a litigation, contractual dispute, or other matter, materiality is more broad than a simple quantitative threshold.  The SEC Staff elaborated (in 1999) on this concept of materiality in Staff Accounting Bulletin No. 99, Materiality, stating:

The omission or misstatement of an item in a financial report is material if, in the light of surrounding circumstances, the magnitude of the item is such that it is probable that the judgment of a reasonable person relying upon the report would have been changed or influenced by the inclusion or correction of the item.

This formulation in the accounting literature is in substance identical to the formulation used by the courts in interpreting the federal securities laws. The Supreme Court has held that a fact is material if there is –

a substantial likelihood that the . . . fact would have been viewed by the reasonable investor as having significantly altered the “total mix” of information made available.

Under the governing principles, an assessment of materiality requires that one views the facts in the context of the “surrounding circumstances,” as the accounting literature puts it, or the “total mix” of information, in the words of the Supreme Court. In the context of a misstatement of a financial statement item, while the “total mix” includes the size in numerical or percentage terms of the misstatement, it also includes the factual context in which the user of financial statements would view the financial statement item…

The FASB has long emphasized that materiality cannot be reduced to a numerical formula.

Rules of Thumb

The SEC Staff also weighed in on the common 5% threshold that many market participants applied in the past.  Although this SEC Staff guidance has been publicly known and relied upon for over 16 years, I still find this mentality:

The staff is aware that certain registrants, over time, have developed quantitative thresholds as “rules of thumb” to assist in the preparation of their financial statements, and that auditors also have used these thresholds in their evaluation of whether items might be considered material to users of a registrant’s financial statements. One rule of thumb in particular suggests that the misstatement or omission of an item that falls under a 5% threshold is not material in the absence of particularly egregious circumstances, such as self-dealing or misappropriation by senior management. The staff reminds registrants and the auditors of their financial statements that exclusive reliance on this or any percentage or numerical threshold has no basis in the accounting literature or the law.

The SEC also acknowledged widespread use of a 5% – 10% threshold range, which was referenced to FASB’s Concepts Statement No. 2, Qualitative Characteristics of Accounting Information, at paragraph 167.

Deeper Understanding

There are some key phrases in SAB No. 99, namely “surrounding circumstances” and “total mix of information.”  I’d like to touch upon these key phrases next.

Although something may be perceived as immaterial on the surface, particularly quantitatively small misstatements, the following, at a minimum, should be considered:

  • whether the misstatement arises from an item capable of precise measurement or whether it arises from an estimate and, if so, the degree of imprecision inherent in the estimate
  • whether the misstatement masks a change in earnings or other trends
  • whether the misstatement hides a failure to meet analysts’ consensus expectations for the enterprise
  • whether the misstatement changes a loss into income or vice versa
  • whether the misstatement concerns a segment or other portion of the registrant’s business that has been identified as playing a significant role in the registrant’s operations or profitability
  • whether the misstatement affects the registrant’s compliance with regulatory requirements
  • whether the misstatement affects the registrant’s compliance with loan covenants or other contractual requirements
  • whether the misstatement has the effect of increasing management’s compensation – for example, by satisfying requirements for the award of bonuses or other forms of incentive compensation
  • whether the misstatement involves concealment of an unlawful transaction.

The Staff made sure that users of this guidance understood that this above list “is not an exhaustive list…”  All relevant facts and circumstances should be considered.  By the way, I want to mention that a key criticism of SAB No. 99 is that it does not clearly define what is not considered to be material.  This “gap,” of course, can be an area of frustration for registrants.

Applicability

Another thing I want to make clear is that all of this talk about materiality is, unless specific contractual terms dictate otherwise, in the context of “the financial statements taken as a whole.”  Further, the same context applies to auditors when they plan and perform audits (SAS No. 107 at ¶ 7 and 11d).  For those who like to refer to the “old school” auditing standards, SAS No. 47, which was superseded by SAS No. 107, has similar language (see ¶ 3, 8).

Recently I assisted an expert take a firm, reliable position that materiality must be considered in the context of the financial statements taken as a whole and not on a subset of a subset of the financial statements.   The litigation I refer to involved allegations that the defendant client materially misstated its financial statements such that one of its primary users relied on allegedly materially misstated information.  Having a strong grasp of materiality and how to assess specific transactions, disclosures, or business segments for materiality is a game changer for clients involved in disputes or investigations.  Attorneys should seek out practitioners that have a solid understanding of these materiality concepts.

Photo credit