The Center for Audit Quality has just issued Cybersecurity Risk Management Oversight: A Tool for Board Members. The tool offers questions that directors can ask of management and the auditors as part of their oversight of cybersecurity risks and disclosures. The questions are designed to initiate dialogue to clarify the role of the auditor in connection with cybersecurity risk assessment in the context of the audit of the financial statements and internal control over financial reporting (ICFR), and to help the board understand how the company is managing its cybersecurity risks.
It’s certainly a rare event, but both ISS and Glass Lewis have recommended voting against a proposal to ratify the appointment of GE’s auditor, KPMG, at the GE annual shareholders meeting. Most often, the issue of auditor ratification is not very controversial—in fact, it’s usually so tame that it’s one of the few matters at annual shareholders meetings considered “routine” (for purposes of allowing brokers to vote without instructions from the beneficial owners of the shares). Are we witnessing the beginning of a new trend?
This article in Bloomberg BNA reports that FASB is expected to issue new rules this year that will require public companies to disclose the amount of their government subsidies. Government support would include, for example, cash and non-cash economic incentives such as grants to assist in buying a building, land grants, low-interest loans, interest expense subsidies, tax abatements providing relief from property tax, sales and use tax or payroll tax, and other legally enforceable government incentives. It remains to be seen whether—and how—the public might react to this information.
The Center for Audit Quality has issued a new guide for audit committees related to non-GAAP financial measures. Based on information gained from a series of roundtables held in 2017, Non-GAAP Measures: A Roadmap for Audit Committees identifies common themes and key considerations for audit committees, including leading practices to help assess whether a company’s non-GAAP measures present “high-quality non-GAAP measures.” And what exactly is a “high-quality non-GAAP measure”? According to the CAQ, a non-GAAP measure is high-quality if it provides a “balanced representation of the company’s performance.”
This study conducted by the Association of Chartered Certified Accountants reports on the results of a year of international reporting of “key audit matters,” the International Auditing and Assurance Standards Board’s analog to “critical audit matters” in the U.S. The study looked at 560 audit reports across 11 countries. These types of studies may provide some useful insights for companies in the U.S.: disclosure of “critical audit matters” will be required as part of the auditor’s report in the U.S. for audits of fiscal years ending on or after June 30, 2019 (for large accelerated filers) and December 15, 2020 (for all other companies to which the requirements apply). According to the study, financial reporting improved following the adoption of KAMs in 2016. Not only did the disclosures themselves provide better information, but the study saw improvements in governance, audit quality and corporate reporting.
In light of the recent fraud charges against audit firm partners and the PCAOB, what questions should audit committees ask their outside auditors?
Recent civil and criminal fraud charges against partners at KPMG and staffers at the PCAOB, arising out of “their participation in a scheme to misappropriate and use confidential information relating to the PCAOB’s planned inspections of KPMG,” have led some managements and audit committee members to consider whether there is more they should be doing to ensure that their outside audit firms are not plagued by similar concerns. This article from Compliance Week sifts through a speech by Helen Munter, PCAOB director of inspections and registration, to assemble a series of questions that, in light of these recent charges, may be appropriate for audit committee members to pose to their outside audit firms.