Category: Accounting and Auditing
CAQ releases 2018 audit committee transparency barometer
The Center for Audit Quality, working with Audit Analytics, has just released a new edition of its annual Audit Committee Transparency Barometer, which, over the past five years, has measured the robustness of audit committee disclosures in proxy statements among companies in the S&P Composite 1500. The bottom line, according to the CAQ, is that the level of voluntary transparency has continued to steadily increase in most areas. The report includes several useful examples of the types of disclosure discussed.
EY offers new analysis of cybersecurity disclosures
In this report, EY discusses an analysis it conducted of voluntary cybersecurity-related disclosures in the 10-Ks and proxy statements of Fortune 100 companies (79 companies that had filed as of September 1, 2018). The analysis notes that, not only are regulators focused on cybersecurity risk management and disclosure, but investors consider cybersecurity risk management as critical to the board’s risk oversight responsibilities and boards are increasingly engaged on the topic. The analysis found a wide variation in the depth and nature of the disclosures.
Do we still need to post XBRL data files on our website?
Now that it’s time for 10-Q filings, questions have been raised about the timing of some of the Inline XBRL-related changes. (See this Cooley Alert and this PubCo post.)
SEC issues Section 21(a) investigative report regarding the implications of cyberscams for internal controls
Today, the SEC issued an investigative report under Section 21(a) that advises public companies subject to the internal accounting controls requirements of Exchange Act Section 13(b)(2)(B) of the need to consider cyber threats when implementing internal accounting controls. The report investigated whether a number of defrauded public companies “may have violated the federal securities laws by failing to have a sufficient system of internal accounting controls.” Although the SEC decided not to take any enforcement action against the nine companies investigated, the SEC determined to issue the report “to make issuers and other market participants aware that these cyber-related threats of spoofed or manipulated electronic communications exist and should be considered when devising and maintaining a system of internal accounting controls as required by the federal securities laws. Having sufficient internal accounting controls plays an important role in an issuer’s risk management approach to external cyber-related threats, and, ultimately, in the protection of investors.”
Trends in SOX 404 reporting on ICFR
You probably recall that, under SOX 404(b), all public reporting companies, other than non-accelerated filers and EGCs, are required to obtain an auditor attestation regarding the effectiveness of their internal control over financial reporting. SOX 404(a) requires all public reporting companies, including non-accelerated filers, to provide an assessment of ICFR by management. An analysis by Audit Analytics of SOX 404 reporting on ICFR over 14 years showed that the number of adverse auditor attestations—auditor attestations indicating ineffective ICFR— followed different trend lines than management-only assessments.
Why do auditors so rarely find fraud?
Are we just reading the wrong newspapers and reports or does it seem that auditors—although they spend hours and hours performing audits—rarely identify instances of fraud? Most companies rely on their auditors to uncover irregularities and breathe a sigh of relief when the audit comes up “clean.” Is that reliance misplaced? Probably so, according to this article from CFO.com. “Audits almost never find fraud,” the author writes; the data shows that “external audits find it 4% of the time, and internal 15%.” Instead, the author suggests, to detect fraud, management should look in a different direction.
Staff provides a bit of relief regarding compliance with Disclosure Update and Simplification
You may have noticed that there’s still no effective date for the new Disclosure Update and Simplification, which was adopted in August. (See this Cooley Alert.) The new amendments are scheduled to become effective 30 days after publication in the Federal Register, but at this point, the release has not been published. The reason for the delay is anyone’s guess. In the meantime, however, questions have arisen about when filers may be expected to comply with certain financial statement requirements in the new amendments for purposes of upcoming Forms 10-Q.
Reminder: interim financial statements must be “reviewed”
Here’s a reminder from the SEC: interim financial statements included in Forms 10-Q are required to be “reviewed” by outside auditors. On Friday, in a first enforcement proceeding of its kind, the SEC announced charges against five companies that had filed their 10-Qs with their quarterly financial statements prior to review by their independent external auditors.
Would a shift to semiannual reporting really affect short-termism?
You remember, of course, that last month, the president, on his way out of town for the weekend, tossed out to reporters the idea of eliminating quarterly reporting. (See this PubCo post.) The president said that, in his discussions with leaders of the business community regarding ways to improve the business environment, Indra Nooyi, the outgoing CEO of Pepsico, had suggested that one way to help business would be to trim the periodic reporting requirements from quarterly to semiannually. The argument is that the change would not only save time and money, but would also help to deter “short-termism,” as companies would not need to focus on meeting analysts’ expectations on a quarterly basis at the expense of longer term thinking. “We are not thinking far enough out,” he added. (For more on saving time and money through semiannual reporting, see this PubCo post.) But how much impact would a shift to semiannual reporting really have on short-termism?
SEC staff comment letters regarding non-GAAP financial measures
You might recall that, in 2016 and early 2017, the SEC made a big push—through a series of staff oral admonitions and written guidance, as well as an enforcement action—to require issuers to be more transparent and more consistent in the use of non-GAAP financial measures and to avoid altogether non-GAAP measures that were misleading. For example, companies were advised that they needed to present GAAP measures with equal or greater prominence relative to the non-GAAP measures. (See, e.g., this PubCo post.) By early 2017, the SEC staff were apparently sufficiently satisfied (see this PubCo post) with the responses to their campaign that the pendulum swung back, and the relentless finger-wagging by the staff about non-GAAP financial measures appeared to have tailed off. (See this PubCo post.) But, according to this analysis from Audit Analytics, it wasn’t until this year that the SEC staff’s comments regarding non-GAAP financial measures actually began to decline.