Disclosure Effectiveness

The FASB and the SEC each have projects underway to look at and understand how to increase the effectiveness of disclosure. While most preparers hope these projects will reduce the volume of disclosures, I think recent comments make it clear that the ability to do that is really in the hands of preparers themselves already.

GAAP already includes a requirement that the codification, including disclosures, does not apply to immaterial items. And, the SEC is clear that they allow cross-reference to other disclosures and do not want, or expect, the repetition of the same language from section to section in the 10-K. For example, the critical accounting estimates section is not supposed to be a repeat of accounting policies from footnote 1. Instead, this section of MD&A is supposed to have information about the assumptions and process of developing critical estimates, rather than the policy statement.

The issue with reducing disclosure is twofold. First, there is no penalty for over disclosure, but there is risk related to under disclosure in the form of comment letters and lawsuits. When asked at the AICPA SEC and PCAOB Developments Conference if the SEC would ever provide a comment on a company including excessive disclosures which might therefore make it harder to determine the relevant, important information, the answer was a quick no. So the legal situation is there is no penalty for over disclosure and there is a possibly significant penalty for under disclosure. Given that dynamic, is it any surprise that we are being overwhelmed in disclosure.

A statement was also made at the AICPA conference that what it really takes to eliminate disclosure is courage by the preparer to hold their ground with the auditor, and audit committee, that certain disclosures are not material. The reality is that even if a disclosure is not material today, you have to set up the infrastructure to monitor every year in the future to continue to conclude it is immaterial. So you are essentially asking a preparer to save no time and resources, and have a discussion every year about why something should not be disclosed. That may actually take more time for the preparer than just simply providing the unnecessary disclosure. As the saying goes, “I apologize for the length of this letter, but I didn’t have the time to make it short.”

Given the risk math discussed above and the lack of savings from the preparer perspective, is it any surprise we are disclosing more than ever? I say no, and until these root causes are addressed, we won’t ever be able to reduce the volume of disclosures.

SEC Statements and the New Revenue Recognition Standard

At the recent AICPA SEC and PCAOB Developments Conference, James Shnurr, SEC Chief Accountant, noted that preparers have lots of questions about accounting for transactions under the new standard and they need answers in order to implement the standard. If those answers require additional rule making this might cause a delay in the effective date of the standard. He also pointed out that comparability was a hallmark of the standard setting process. You can find more on his comments this Journal of Accountancy article.

In addition to the FASB/IASB Transition Resource Group which is looking at 28 issues and counting, the AICPA is trying to aid comparability through 16 industry focused task forces to assist in understanding the standard and provide examples. These task forces have been hard at work, but are just now coming to the point of sending information up to the AICPA Finance Reporting Executive Committee for review with publication of results not expected to happen any time soon. If comparability is a real key, I think it behooves the FASB to consider a delay to allow these groups to positively impact comparability within each industry as a result of their work.

The FASB is in the middle of outreach to understand where preparers are in implementing the standard and the issues they are encountering. They are considering a possible delay in the standard based on what they find during the research. The FASB has been clear that simply not getting around to the work is not a reason for a delay. Instead, they are looking for real substantive issues preparers are having with implementing the standard in time for a retrospective application. Either way, we should hear from the FASB in the first half of 2015 about a potential delay. Interestingly the IASB is saying they are not hearing any requests for a delay in the standard, but this is probably greatly influenced by the fact that under IFRS you only have to provide two years of income statements rather than three as required by the SEC. If US preparers only had to provide restated income statements for 2016 and 2017 and not 2015, I think you would be hearing a lot less about the need for a delay.

There is so much going on with the revenue standard I can’t possibly cover it all here. Bottom line is that the issuance of the final standard wasn’t the end, but really was only the end of the beginning of the process of changing the accounting for what is the most important number in the financial statements.

Reflections on the AICPA SEC and PCAOB Developments Conference

I attended the AICPA SEC and PCAOB Developments conference last week. For those CPAs in the public company or prospective public company accounting, reporting and auditing area, this is a must-follow conference. You can attend the conference in person or online, but even if you don’t do that, you can follow the conference via news releases, press stories, twitter feeds and lots of other ways on the internet. If you don’t follow the conference, you do so at the peril of your career because you need to understand what has happened in the past year and what will happen in the future in order to keep your knowledge current and relevant. With that in mind, I wanted to share my overall thoughts on the conference in this blog and then follow up with specific issues in subsequent blogs.

The theme of this year’s conference seemed to be Transparency. This term was used by the SEC Office of Chief Accountant (OCA) and Division of Corporate Finance (Corp Fin) extensively to explain why they publish speeches and why they are communicating the messages they communicate. This is to differentiate it from “rule-making” by speech. The point they tried to make is that speeches are not making the rules; they are explaining the process behind the SEC use of the rules. Another example is the 5 year shelf life on speeches expounded on by Dan Murdock, Deputy Chief Accountant, saying that as a speech gets old, you should put less and less credence behind what was said as the rules may have changed or the SEC staff’s thoughts may have evolved. It is clear the SEC is sensitive to the charge that they are making rules by speech which avoids rule setting requirements.

Segment reporting was again a focus of comments from the SEC. The OCA staff pointed out that reports provided to the Chief Operating Decision Maker (CODM), while an important factor in understanding segments, was not solely determinative of the segments of a business. They mentioned that just changing the report to not include a separate segment doesn’t mean that the segment doesn’t exist. The OCA also pointed out that the CEO is not automatically the CODM. In organizations where the CEO deals with strategy and a COO or an operating board makes decisions on current day-to-day operations, the CODM may be the COO or the operating board. Corp Fin brought up the point that preparers need to disclose their basis for determining their segments.

The final development I want to address in this blog is the potential for adoption of IFRS in the US for domestic filers. Keep in mind that the SEC already allows over 500 foreign issuers to file IFRS based financial statements without reconciliation to US GAAP. James Schnurr provided more insight on a potential new path forward on IFRS in the US. The idea is to allow US domestic filers to include as a non-GAAP disclosure IFRS based financial statements. This would be a voluntary disclosure and would have no impact on US GAAP, but it would allow the market to essentially decide if and when IFRS based financial statements are desired. It’s an interesting idea that will need to be fully fleshed out, but expect to see more from the SEC on IFRS in the coming year.

There was so much more talked about at the three day conference, but I can’t possibly include it all here. Check out future blogs and other resources you use for more discussion of the scores of issues discussed at the conference.

SEC PCAOB Developments

Last week I attended and presented at the AICPA SEC & PCAOB Developments Conference in Washington DC.  At least I attended the second and presented on the third day in DC.  Due to weather problems in both Dallas and Washington, my Sunday flight was cancelled and the earliest flight available was Monday evening.  So instead of trying to figure out a way to get there for Monday I decided to spend a night in my own warm bed and attend the first day of the conference virtually on the internet.  From what I heard from the speakers and the chats on the internet, I was one of many that had trouble getting to Washington from all over the country.  Attending virtually was great.  While you don’t have the networking opportunities of being there in person, the chat kept me interested and I was able to get a great feel for the tone of the conference.

While my opinion is biased (I served on a panel discussing the revised COSO Internal Control Integrated Framework), the theme of the conference this year was internal control over financial reporting.  It wasn’t that the AICPA picked this theme.  The speakers did it by mentioning internal control in presentation after presentation and panel after panel.  I am not overstating fact when I say ever single SEC and PCAOB panel talked about internal control.  From asking why companies don’t disclose internal control failures until after a restatement to questioning management’s positive assertions about internal control when the auditors are found not to have performed an appropriate audit over that assertion, the SEC is clearly looking to renew its interest in internal control reporting for the first time since in several years.  Meanwhile the PCAOB’s recent report questions whether auditors are consistently complying with AS 5.  Even without a revised internal control framework to deal with preparers should be spending more time documenting, testing and evaluating their internal controls over financial reporting.

I will spend more time talking about internal controls in my next blog.  Meanwhile, here is a list of other quotes and notes from the three day conference:

  1. Keynote speaker David Walker – we’ve tripled the national debt to over $17 Trillion in 13 years, but that is only what is on the balance sheet; what is not on the balance sheet  makes the debt number over $70 Trillion from “only” $20 Trillion 13 years ago.
  2. Paul Beswick, SEC Chief Accountant – IFRS took a back seat to the rule making requirement so Dodd-Frank and the JOBS Act; it was not a matter of lack of importance of IFRS, but simply a rule-making bandwidth issue that has kept IFRS on the back burner of the SEC for the last couple of years.
  3. OCA Panel/FASB-IASB Panel – the Chief Operating Decision Maker reporting package is increasingly irrelevant in determining which segments to report when CODM’s have drill down access to details that didn’t exist when the standard was written – this needs to be addressed when the FASB relooks at segment reporting.
  4. Enforcement Division Panel – Whistleblowers are increasingly important to the enforcement division; many of their cases are now starting from whistleblower action and the use of whistleblowers is changing the willingness of companies to self-report issues as well as increasing their willingness to cooperate with the SEC

If you want to  know more check out the many articles and press releases that come out in conjunction with the conference

SEC Conference – What is an audit failure?

One of the topics mentioned a number of times at the recent SEC/PCAOB developments conference by representatives from the PCAOB was the “alarming” increase in the number of audit failures that were being detected in their review process.  If the number of audit failures they were referring to actually led to misstated financial statements then I would think we would being seeing a dramatic increase in the number of restatements required by the SEC, but that simply isn’t supported by the facts.  The facts are that the number of restatements has been declining in recent years not increasing.

So that got me thinking, what really is an audit failure?  Misstated financial statements are a clear indication of an audit failure, but I think most would agree just as it is possible to have a perfect audit and a misstatement goes undetected, it is even more possible to have a problem in the audit, but the financial statements are perfectly good.  That is, there wasn’t a problem, but even if there had been one, the deficient audit would not have detected it.

On the other hand maybe the term audit failure is being used to broadly.  Just because an audit deficiency occurred, does not necessarily mean an audit failure occurred.  Maybe there was some problem in how the work was documented.  That is, the right procedures and judgments were performed, but somehow it was not adequately documented in the workpapers.  Auditing standards require documentation so the lack of documentation is a deficiency, but if the work was adequately done, can it really be considered an “audit failure.”

That leads me to the conclusion that an audit failure is somewhere between the publication of materially misstated financial statements and a minor error in the audit.  That sounds simple, but it gets even more complicated when you consider the position of James Doty, PCAOB Chairman, on what are and are not misleading financial statements.  He stated that “just because you comply with GAAP does not mean financial statements are not misleading.”  I really don’t know where to go with that statement.  One of the cornerstones of the audit opinion is that the financial statements “present fairly the financial position of the company in conformity with U.S. GAAP.”  If auditors are being held to a standard higher than that, then no wonder we have so many audit failures that are not leading to restatements.

That leads me to one of three conclusions:

  1. The number of audit failures is being grossly overstated by the PCAOB (for some reason).
  2. We have an alarming number of audit failures, but it is the integrity, ethics, and objectivity of the professional accountants who prepare the financial statements that are keeping the financial statements from being misstated.
  3. The PCAOB is using the wrong measuring stick to determine an audit failure and they need to go back to the basics of the audit opinion to determine what an audit is intended to accomplish before proposing rules to fix a problem that may not exist.

SEC Conference – Five Components of Internal Controls

Another area of coverage at the AIPCA SEC and PCAOB Developments Conference in December that surprised me was the focus on internal control.  I knew the last session of the conference was going to be on the forthcoming update to the COSO Internal Control Integrated Framework, but I did not expect other presentations to hit on the topic as well.

Paul Beswick, Acting SEC Chief Accountant, got the ball rolling by reminding everyone that internal control has five components, not just control activities.  The implication is that the SEC is seeing too much focus on the Control Activities component when it asks questions about Sox 404 compliance.  As a reminder the five components of internal control are:

  1. Control Environment
  2. Risk Assessment
  3. Control Activities
  4. Information and Communication
  5. Monitoring Activities

The COSO framework, which is used by 85% of the companies complying with section 404, requires all five components to be present, functioning and operating together in an integrated manner to have an effective system of internal control.  While many companies do address all five components, the weighting of the work is often tilted toward control activities and monitoring activities when it comes to documenting and testing of key controls. These are only 2 of 5 components (and 5 of 17 control principles in the proposed update to the framework).

And it was not just the SEC that discussed internal controls.  James Doty, Chairman of the PCAOB also brought up the issue when discussing auditors work on internal controls.  While he did not specifically get into the component issue, he questioned the adequacy of the documentation to reach a conclusion about the effectiveness of internal control.  Putting two and two together, it seemed clear he was also talking about the need to properly emphasize all five components

The new framework, scheduled to be released on March 31, 2013 is going to provide a renewed emphasis on all of the components of internal control as well as the 12 principles of control in the control environment, risk assessment and information and communication components. This really provides a great opportunity to revisit your control documentation and make sure you have everything you need to prove your assertion that you have an effective system of internal control with all five components present, functioning and operating together.

…or you can wait for that SEC comment letter.

SEC Conference – SOX 404(b)

I recently attended the AICPA SEC and PCAOB Developments Conference in Washington DC.  This three day conference is so full of information that I will spend more than one blog talking about my perspectives on the topics covered.  Today I want to discuss the Sarbanes-Oxley Act.  This conference marked the tenth anniversary of the SOX Act and while there are many provisions that have deeply changed the CPA profession, one of the most significant to preparers of financial statements was section 404.  This section required all companies to report on and have an audit of their internal controls.

Anyone who went through the implementation of Sox 404(a) reporting from management and 404(b) reporting from auditors knows how overwhelming an endeavor it was. It took several years and two audit standards (AS 2 and AS 5) before we all figured out how to really focus on the internal control process around external financial reporting.  There have been numerous studies of the impact of section 404 – in terms of cost and in terms of benefits – and SEC Commissioner Luis Aguilar shared his conclusions from those studies.

He believes the studies show conclusively that section 404 works.  It has lowered the cost of capital and, now with mature processes in place, the cost of compliance has come down significantly.  But he went further and made the point that it is really section 404(b) that deserves the credit.  Companies that have 404(b) reports have less misstatements and an even lower cost of capital than those companies that only do a section 404(a) report.

It was clear that Commissions Aguilar as well as James Doty, Chairman of the PCAOB and other regulators believe the delays and now permanent injunction on extending the 404(b) requirements to smaller public companies puts investors at needless risk that the SOX Act was intended to prevent.

Personally I have always found it disingenuous to exclude smaller public companies from the requirement.  Even before the SOX Act was passed, there was substantial data that showed smaller companies were more likely to have misstated financial statements, in part due to weak internal controls.  If the intent was to protect investors, then smaller companies should have been the first to comply with 404(b), not the last.  I understand the cost argument but that is, or should be, a cost of being a public company. If it is too costly for small companies, then maybe those companies are too small to be publically traded.

I am sure there are some, if not many, of you that will disagree with me, but my position is that if you buy into the need for section 404 to apply to any company because it benefits investors, then it should focus first and foremost on reducing the risk from the riskiest of the investments available to those investors.  That is, investor protection requirements should be based on risk, not size.