Assessing the effectiveness of internal controls

 

Strong internal controls can help prevent and detect fraud. That’s why Section 404(a) of the Sarbanes-Oxley Act (SOX) requires a public company’s management to annually assess the effectiveness of internal controls over financial reporting. And Sec. 404(b) requires the company’s independent auditors to provide an attestation report on management’s assessment of internal controls. Some smaller entities may be exempt from the latter requirement — but not the former one.

Burdensome for smaller entities

When the SEC published the regulations, smaller public companies told the SEC that the costs of complying with Sec. 404(b) would outweigh the benefits for investors. While the SEC explored ways to ease the compliance burden, the compliance deadline for Sec. 404(b) was repeatedly delayed for nonaccelerated filers — companies with a public float of less than $75 million on the last business day of their most recent second fiscal quarter.

In 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act instructed the SEC to permanently exempt nonaccelerated filers from SOX Sec. 404(b). Absent this exemption, nonaccelerated filers would have been required to comply with Sec. 404(b) beginning with fiscal years ending on or after June 15, 2010.

New definition provides no new Sec. 404(b) relief

Earlier this year, the SEC expanded its definition of “smaller reporting companies” from companies with a public float of less than $75 million to those with a public float of less than $250 million. This change will allow nearly 1,000 more companies to qualify for a lighter set of disclosure rules available to smaller reporting companies. However, the SEC did not raise the public float thresholds for when a company qualifies as an accelerated filer. This means the $75 million threshold still applies in relation to the Sec. 404(b) exemption.

SEC Commissioners Michael Piwowar and Hester Peirce favored raising the accelerated filer threshold to $250 million to expand the number of companies that would be exempt from Sec. 404(b). But, based on feedback from auditors and investor advocate groups, SEC Chairman Jay Clayton decided to keep the current threshold at $75 million — at least for now.

It’s also important to note that not all companies with a public float of less than $75 million are considered nonaccelerated filers. If a company’s public float drops below $75 million, it continues to be an accelerated filer until it drops below $50 million, and thereby “exits” accelerated status.

Still on the hook

Even if your company is exempt from Sec.404(b), you’re still responsible for assessing the effectiveness of internal controls over financial reporting pursuant to Sec. 404(a). Contact us for any questions about complying with the SOX rules or for information regarding best practices in internal controls.

© 2018

Identifying and reporting critical audit matters

 

For over 40 years, the Securities and Exchange Commission (SEC) has required only a simple pass-fail statement in public companies’ audit reports. But the deadline for mandatory reporting of critical audit matters (CAMs) in audit reports is fast approaching. The revised model will provide insight to help investors and other stakeholders better understand a public company’s financial reporting practices — and help management reduce potential risks.

Deadlines

Under existing SEC standards, auditor communication of CAMs is permissible on a voluntary basis. However, disclosure of CAMs in audit reports will be required for audits of fiscal years ending on or after June 30, 2019, for large accelerated filers; and for fiscal years ending on or after December 15, 2020, for all other companies to which the requirement applies.

The new rule doesn’t apply to audits of emerging growth companies (EGCs), which are companies that have less than $1 billion in revenue and meet certain other requirements. This class of companies gets a host of regulatory breaks for five years after becoming public, under the Jumpstart Our Business Startups (JOBS) Act.

Criteria

In 2017, the Public Company Accounting Oversight Board (PCAOB) published Release No. 2017-001, The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion and Related Amendments to PCAOB Standards. The main provision of the rule requires auditors to describe CAMs in their audit reports. These are issues that:

  • Have been communicated to the audit committee,
  • Are related to accounts or disclosures that are material to the financial statements, and
  • Involve especially challenging, subjective or complex judgments from the auditor.

By highlighting a CAM, an auditor is essentially saying that the matter requires closer attention. Examples might include complex valuations of indefinite-lived intangible assets, uncertain tax positions, goodwill impairment, and manual accounting processes that rely on spreadsheets, rather than automated accounting software.

New guidance

In July 2018, the Center for Audit Quality issued a 12-page guide on implementing the revised model of the auditor’s report. The guide instructs auditors to select CAMs based on:

  • The risks of material misstatement,
  • The degree of auditor judgment for areas such as management estimates,
  • Significant unusual transactions,
  • The degree of subjectivity for a certain matter, and
  • The evidence the auditor gathered during the review of the financial statements.

The guide doesn’t say how many CAMs are required in an audit report or provide a checklist of potential issues. Instead, CAMs will be determined on a case-by-case basis.

Coming soon

PCAOB Chairman James Doty has promised that CAMs will “breathe life into the audit report and give investors the information they’ve been asking for from auditors.” By identifying CAMs on the face of the audit report, auditors highlight challenging, subjective or complex matters that also may warrant closer attention from management. For more information about CAMs, contact us.

© 2018

Use pay-ratio disclosures with caution

 

Starting in 2018, certain public companies must disclose the ratio of their CEO’s annual compensation to that of its “median employee.” The rule allows for significant flexibility in calculating these ratios, leading to widely divergent ratios within the same industry. Therefore, public companies and their investors should tread carefully before they rely on these metrics.

Complying with the rule

The pay-ratio disclosure rule applies to all U.S. public companies required to provide Summary Compensation Table disclosures. With limited exceptions, covered companies must disclose pay ratios in annual reports, on Form 10-K, in proxy and information statements, and in registration statements — if these filings require executive compensation disclosures.

The rule doesn’t apply to the following companies:

Smaller reporting companies (SRCs). The Securities and Exchange Commission (SEC) voted unanimously in June 2018 to increase the public float threshold for SRCs to $250 million.

Emerging growth companies (EGCs). This term generally refers to new public companies with gross revenues under $1 billion in the most recent fiscal year. (The SEC allows a transition period for newly public companies.)

The rule also exempts registered investment companies, foreign private issuers and Canadian companies filing in the United States pursuant to the Multijurisdictional Disclosure System.

Calculating pay ratios

The SEC allows significant leeway in calculating pay ratios to ease the burden of complying with the rule. Companies may choose a process that fits their structure and compensation programs. But they must disclose the methodology used to determine the median employee pay and the estimates used in calculating the pay ratio.

For example, a company could use a statistically representative sample of its workforce rather than the entire population. Or they could compare only base salary or W-2 wages, excluding from their computations bonuses, overtime, stock options and other forms of compensation.

Companies also aren’t required to calculate the exact compensation when identifying the median. Rather, the SEC lets them use “reasonable estimates.” In addition, the rule allows companies to exclude up to 5% of their non-U.S. workers and to adjust foreign pay to account for differences in the cost of living between regions.

As a result, the initial round of pay-ratio disclosures published in early 2018 vary widely. For example, a recent study found that ratios disclosed by companies in the financial services industry ranged from 1:1 to 1:429.

Comparing apples to oranges

Before relying on pay-ratio disclosures to evaluate compensation practices or cost efficiency, it’s important to compare a company’s process for calculating pay ratios to others used in the same industry. Contact us for more information about pay-ratio disclosures and how a company’s compensation practices measure up.

© 2018

It’s important to monitor your SEC filing status

 

As public companies grow, they may move from one filing status or issuer category to another. Recent and proposed changes to the Securities and Exchange Commission (SEC) rules for some categories could affect your company’s financial reporting and audit procedures.

Categories of public companies

Under existing rules, public companies fall into different filing categories, based on their public “float” (the amount of shares available to the public for trading):

  • Smaller reporting companies (SRCs) are nonaccelerated filers that meet certain other requirements, including annual revenues under $50 million if their public float is zero.
  • Nonaccelerated filers have a public float of less than $75 million and aren’t otherwise required to accelerate their filing deadlines.
  • Accelerated filers have a public float between $75 million and $700 million and meet other requirements.
  • Large accelerated filers have a public float of more than $700 million and meet certain other requirements.

Finally, there’s the emerging growth company (EGC). Generally, an EGC is a new public company that has gross revenues under $1 billion in its most recent fiscal year and meets certain other requirements. EGCs enjoy a variety of benefits during their first five years of existence, including scaled-back disclosures and exemption from the auditor attestation of a company’s internal control over financial reporting as required by Section 404(b) of the Sarbanes-Oxley Act.

A company that ceases to be an EGC must begin complying with Sec. 404(b), except for nonaccelerated filers, which are exempt from that requirement unless they become accelerated or large accelerated filers. (Congress currently is considering legislation that would extend the exemption for certain companies, however.)

Changes to public float thresholds

On June 28, 2018, the SEC voted unanimously to issue the final rule in Release No. 33-10513, Amendments to Smaller Reporting Company Definition. The rule increases the public float threshold for SRCs to $100 million and nonaccelerated filers to $250 million.

To complicate matters, the SEC did not make conforming changes to the definition of an accelerated filer. Rather, it eliminated the automatic exclusion of SRCs in the definitions of accelerated and large accelerated filers. As a result, a registrant could be both an SRC and an accelerated filer. As an accelerated filer, a company would still be required to comply with Sec. 404(b).

The new SEC rule will be effective 60 days after publication in the Federal Register, which normally occurs a few weeks after a rule is posted on the SEC’s website. The SEC said 966 additional companies will be eligible for smaller company status in the first year of the new threshold.

Annual assessment

Changes in filing status affect the form, content and timing of financial reports, as well as the extent of external audit procedures. So, it’s a good idea to re-evaluate your company’s status well before the end of each fiscal year. We can help you evaluate your filing status based on the SEC’s evolving guidelines. If a change is anticipated, we can help you prepare for new filing, disclosure and audit requirements.

© 2018

Consider these financial reporting issues before going private

 

Issuing stock on the public markets isn’t right for every business. Some public companies decide to delist — or “go private” — often due to the high costs of complying with the requirements of the Securities and Exchange Commission (SEC). But going private can be nearly as complex as going public, so it’s important to dot your i’s and cross your t’s.

SEC requirements

The SEC scrutinizes going-private transactions to ensure that unaffiliated shareholders are treated fairly. A company that’s going private — together with its controlling shareholders and other affiliates — must, among other requirements, file detailed disclosures pursuant to SEC Rule 13e-3.

The SEC allows a public company to deregister its equity securities when they’re held by fewer than 300 shareholders of record, or fewer than 500 shareholders of record if the company doesn’t have significant assets. Depending on the facts and circumstances, a company may no longer be required to file periodic reports with the SEC once the number of shareholders of record drops below the above thresholds.

Detailed disclosures

To comply with SEC Rule 13e-3 and Schedule 13E-3, companies executing a going-private transaction must disclose:

  • The purposes of the transaction, including any alternatives considered and the reasons they were rejected,
  • The fairness of the transaction, both substantive (price) and procedural, and
  • Any reports, opinions and appraisals “materially related” to the transaction.

The SEC’s rules are intended to protect shareholders, and some states even have takeover statutes to provide shareholders with dissenters’ rights. Such a transition results in a limited trading market to be able to sell the stock.

Failure to act with the utmost fairness and transparency can bring harsh consequences. SEC scrutiny can lead to costly damages awards and penalties if your company is guilty of treating minority shareholders unfairly or making misleading disclosures.

Handle with care

Companies that pursue going-private transactions should exercise extreme caution. To withstand SEC scrutiny and avoid lawsuits, it’s critical to structure these transactions in a manner that ensures transparency, procedural fairness and a fair price.

In addition to helping you comply with the SEC rules, we can evaluate whether going private can help your company reduce its compliance costs or allow it to focus on long-term goals rather than satisfying Wall Street’s demand for short-term profits.

© 2018

Audit Committee Standards

While there are many requirements and expectations of an issuer’s audit committee, the 1934 Exchange Act under rule 10A(3) mandates five specific standards in order for a company to be listed.

1.  Independence – each member of the audit committee must be a member of the Board of Directors of the listed issuer, and must otherwise be independent:

–  there can be no consulting, advisory or compensatory relationship, outside of that as a member

–  members of the AC can not be affiliated persons as defined of the issuer or any subsidiary.

2.  Responsibility – the audit committee, as a sub-committee of the Board of Directors must be directly responsible for the appointment, consultation with, and retention of the registered independent accounting firm, while including oversight including problem resolution between management and the auditor.

3.  Complaint Resolution – the AC must establish procedures for addressing complaints received by the issuer including anonymous submission by employees.

4.  Advisers – the AC must have the authority to engage advisers, including accountants, auditors, attorneys and consultants they feel are reasonable and necessary to carry out the duties of the committee.

5.  Funding –  the issuer must provide appropriate funding to allow the AC to carry out their duties as a committee of the Board of Directors.

Our experience has been that if there is a failure in meeting the requirements for an audit committee established by the ’34 Act it typically is for one of two reasons:  first, and most common there is often confusion as to who the auditor should be responsible to – the AC or management.  All too frequently, the unofficial role that management can play in the selection of the auditor becomes significant.  Second, is the ‘step-child’ status many audit committees relegate complaint resolution too.  this absolutely can not be the case if the issuer is going to minimize exposure, considering our litigious society.

 

MD & A Are You Blowing an Opportunity?

As a service to our public company clients we routinely perform an extensive review of the other information included in their annual report.  While  completing a large number of such reviews recently for our clients with December 31 year-ends we became aware of opportunities that are regularly over-looked by issuers.  In preparing Management’s Discussion and Analysis there are some critical elements that will make them more effective.

Attitude – your MD & A is an opportunity to tell the story of the company in a positive way.    As is your web page, your SEC filings are the ‘face’ of the company to potential shareholders, investors and others considering doing business with you.  Do not minimize this opportunity by viewing it primarily as an obligation.  We all have a tendency to spend less time on things we view as ‘necessary evils’ as opposed to ‘opportunities’.

Approach – the primary purpose of the MD & A is to allow the reader to “look at the company through the eyes of management by providing both a short and long-term analysis of the business of the company” (SEC Financial Reporting Policies sec. 501).    The MD & A is intended to be entirely prospective, not historical.  Too frequently we see comments like “As of 12/31/x1 revenues declined $xxx,xxx which was a reduction of x% over revenues of $xxx,xxx as of 12/31/x0”.  That’s historical, not prospective, and anyone could calculate it from the financials.  It provides no additional information of any value to the reader.

 Executive Level Overview – Sec. 501.12 is a gift from the SEC that most issuers don’t open.  This is a chance to tell your story.  Because many companies have become larger, global and more complex, and the disclosure rules correspondingly so,  MD & A has  become lengthy and complex and correspondingly, boring and so not read as thoroughly as it should be.   In an effort to improve clarity and understandability many company’s are incorporating an Executive Level Overview (ELO) as an introductory section  summarizing the most significant areas of the MD & A that management wants to emphasize.  Typically this includes:  economic or industry wide factors; how the company earns revenues and generates cash; lines of business, locations, principle products, services; and provide insight into material opportunities, challenges and risks which management is most focused on.

It is a ‘highlight’ of those things that are important to the company, reported elsewhere as well (e.g. Risk Factors, or Business Description).

Liquidity, Capital Resources, Results of Operations – You must address each of these areas specifically.   When drafting these comments keep in mind that you should address three questions for the reader: (1) What happened? (2) Why did it happen? and most importantly (3) Is it expected to continue?  That last one is the crux of the MD & A.  Remember – the reader is entitled to assume that “past performance is indicative of future performance” unless you tell him different.

Other Tips – (1) If you’ve previously discussed it in your Form 10k you don’t need to keep beating it to death unless it applies to new information in the current interim filing .  Most companies over disclose information that they’ve previously discussed numerous times.  The unwelcome result is that the points you want to make get buried in the irrelevant.  (2)  Discussion for interim reports should be limited to material changes occurring subsequent to the last annual report.  Over disclosure, again,  can result in burying relevant information in the minutiae.  (3) The SEC requires that it be “presented in clear and understandable language”.  That means you need to lose the ‘legalese’.   (4)   In the words of an internationally recognized securities attorney with whom we’ve worked – “Disclosure is too important to leave up to only the attorneys”.  While their focus is compliance, as it should be, this is more than a compliance document.  It is  the public face of your company.  Remember it is an opportunity to ‘sell’ to investors, financiers and those people you want to do business with.  (5)  Finally, sentence structure,  grammar and spelling are critical.  If your MD & A is sloppy, those reading it will assume the company is run the same way.

You have a great company with a great business plan and outlook for the future.  Tell the world in your MD & A.

 

Would SOX 404(b) Have Protected Koss?

Koss Business Fraud & EmbezzlementLast week Koss, the manufacturer of high quality head phones, disclosed that their principal accounting officer had embezzled between $4.5 million and $31 million between 2005 and December, 2009. The advocates of requiring small issuers  to annually file integrated audit reports on their respective internal control systems immediatley pointed  at Koss as justification for requiring the  implementation of 404(b) beginning in June, 2010. Is this adequate justification?  For several reasons, I don’t believe it is.

This was an intentional fraud. Neither financial statement nor internal control audits are designed to guarantee the detection of fraud.  Yes, an internal control audit would have disclosed the existence of significant deficiencies and material weaknesses. An expanded internal control review might have even stumbled across the defalcation. More likely it would have only resulted in an adverse opinion on the internal control systems by the company’s auditor. This could have been an alert to investors, but more likely it would have been ignored as the SEC’s own studies have indicated. Integrated audits have not resulted in a higher level of confidence by investors. Fraud audits for all issuers require a lower level of materiality that can not be justified economically.

If in this particular case the amount embezzled was material for any of the five years effected it would seem that it should have been detected under normal financial statement audit procedures in at least one year. A failure by the audit firm  to properly complete an audit is not justification for adding another layer of regulation on small issuers under SOX.

The company had retained the same national audit firm for the past five years. Based on the professional fees disclosed in the proxy statement it is possible that Koss was a small fish in the big pond of this national firm and may or may not have gotten the service it needed and deserved. Some large national firms have been known to ‘rank’ their clients. If you are not the big dog on the porch you are not likely to get the same level of expertise, experience and service as the bigger clients.

Cost. Certainly for Koss  the cost of an ICFR program – including both the external audit fees and the internal program costs –  would have been less expensive than the amount embezzled, but requiring all firms to bear a cost to ‘potentially’ prevent an occasional fraud loss of this type is ridiculous. Theoretically, 404(b) would cost a firm similar in size to Koss, $250,000 annually (ballpark WAG).  One-third to one-half of that being for the external auditors. So the investors in Koss would have been out something in excess of a million dollars. The cost/benefit equation for requiring this universally just wouldn’t seem to balance, unless you subscribe to the premise that something graeter than 10% of all statements are fraudulent.

There are already criminal and civil penalties in place to protect the investor from this type of malfeasance as we’ve discussed in our prior posts. Another in the form of 404(b)  is not needed. The responsibility to the shareholders rightfully lies with the Audit Committe of the Board, the Board of Directors and management. If more company oversight is needed and beneficial those charged with governance are ostensibly sophisticated enough and in the best analytical position to know and provide it.

I still view the cost of 404(b) as an ineffective unsupportable dissipation of investors equity. We’ve had some great dialog on this topic in the past.  Did I change anyone’s mind?

IFRS – Time to Panic?

IFRS is a ticking time bomb!In recent months the focus of discussions related to adoption of the International  Financial Reporting Standards have centered on differences with US GAAP (such as LIFO inventory), timing and implementation. I don’t want to debate the necessity of adopting a world standard given our weakening  influence over the world economy, or the esoteric benefits or detriments.  My concerns are much more basic. Without tort reform in the United States, IFRS is a time bomb with a very short fuse resulting in a cataclysmic disaster waiting to happen.

Currently, US GAAP is a rules based set of standards. While the end result of their application frequently results in worthless unsupportable financial reporting, the issuer and their auditor have but to point to the ‘rules’ in defense. On the other hand, IFRS is principles based, and simpler to apply.  But it can and frequently does require the issuer and his auditor to exercise judgment.  Judgment that can be questioned, criticized and  litigated.

Please don’t misunderstand.  Professionally in my opinion the quality of financial reporting will be significantly improved by the application of sound principles. IFRS is long overdue. Without liability reform, however, I fear financial reporting and assurance services will quickly follow the health care industry in terms of cost to the providers.

Maybe I’m just paranoid in my advancing years.

Oil and Gas Accounting – SEC Issues SAB 113

Oil & Gas IndustryThe Office of the Chief Accountant through Corp Fin recently published Staff Accounting Bulletin 113.  There are four main areas of focus within this SAB which will likely affect everyone to some degree:  valuation methodology of oil and gas reserves; clarification of methodology related to write-offs of excess capitalized costs under the full cost method; extending appliability of guidance to include unconventional methods of extracting oil and gas from sand and shale;  and removing information from the guidance which is no longer necessary.

For the most part SAB 113 is pretty straight forward, however, as is the case with many of the SABs, hidden in the minutiae are land mines for the unwary or uninformed.  Correspondingly you would be well served to skim through it for any matters that might affect your company, and then discuss them with your audit firm.

Additionally, on October 26, 2009 additional Oil and Gas Rules were released.  These compliance and disclosure interpretations (C & DIs) relate to Regs S-X and S-K.  There is some important information here which is very relevant and brief!