(The news featured below is a selection from the news covered in SEC Today, which is distributed to subscribers of SEC Today.)

Olson Provides Keynote Address at NACD Conference

PCAOB Chairman Mark Olson, in a keynote address to the National Association of Corporate Directors, said the Board is coordinating its initiative to revise Auditing Standard No. 2 with the SEC's planned guidance for management, given the value of the two initiatives being available for public consideration at the same time. The PCAOB plans to issue its proposal later this fall and the SEC has announced that it will address the management guidance initiative at a December 13 open meeting.

Olson said the PCAOB is also working with practitioners to develop implementation guidance for internal control audits for smaller public companies. Based on the experiences of the accelerated filers over the past two years, Olson said the most frequently reported weaknesses in internal controls over financial reporting relate to staffing and training.

Olson said that the tone at the top may be the single most important role of corporate directors. Regulators are hard at work to balance the cost/value of the internal control requirements, he said. There are still a number of major organizations that are paying a severe price because their internal controls did not match their risk exposure, according to Olson. Companies need access to people who are capable of providing that risk assessment, he said, and then they must listen to them.

Olson took questions at the conclusion of his prepared remarks and addressed the pending lawsuit challenging the constitutionality of the PCAOB. Olson said that both internal and external counsel had advised that the PCAOB is on very solid ground. All preliminary motions in the case have been filed and answered. Olson added that seven of the former chairs of the SEC have filed an amicus brief in support of the PCAOB. He believes the challenge will not prevail.

Olson was asked whether the PCAOB would increase the fees companies pay to complete its staffing. Olson said the fee that corporations pay is relatively small, but that the Board must be a good steward of the funding it receives. He pointed out that the SEC approves the PCAOB's budget, but added that the Board is close to being fully staffed as needed to achieve its mandate.

In response to whether WorldCom, Enron and Global Crossing would have occurred if the Sarbanes-Oxley Act was passed in 1990, Olson said it was hard to go back and "unscramble the eggs," but he believes that the relationship between external auditors and management has fundamentally changed since its passage. Extraordinary growth in the market always leads to an adjustment, he said. The problems are revealed during the downturn. The most important changes to take place have been in the board room with the recognition of the importance of internal controls, he said.

Another questioner referred to recent papers by IFAC and the FEA that were critical of the Sarbanes-Oxley approach to internal controls and cited their preference for a more risk-based approach, which they believe will reap more benefits. Olson said the SEC and the PCAOB believe their rules were more principles based, but they did not get interpreted that way. Their rules are very much risk-focused, in his view.

Audit Committee Panel

Ken Daly, the executive director of KPMG's Audit Committee Institute, moderated a panel discussion at the National Association of Corporate Directors' annual conference on corporate governance on the challenges facing audit committees. Among the highest priorities for audit committees in 2006 are risk management and director education, according to the panelists.

Charles Noski, the audit committee chairman at Microsoft and Morgan Stanley, said that one of the challenges in setting the audit committee's agenda is the allocation of time. There is never enough time, so Noski suggested the selective use of subcommittees. He noted that at Morgan Stanley, the audit committee designated a two-member subcommittee to meet with the internal auditor. He urged committees to think about where their companies' risks are. The big frauds involved senior management overrides of internal control, he said.

Barbara Gaines, a director at Office Depot Inc., said the agenda for each audit committee meeting includes yellow-lined items that are to be read ahead of time. The committee will only address those issues if there are questions or comments. The committee also sets aside time for education, she said. David Richards, president of the Institute of Internal Auditors, said he likes to put time limits on the agenda items and a statement of purpose for each item. He agreed that yellow-lining items was a good idea. There is no need to go over what has already been read, he said.

Daly asked the panel to talk about financial restatement trends. He noted that 2005 was a bumper year for restatements, with the biggest issue involving expense recognition, including lease accounting. Daly said that in 2006, options back-dating may play a greater role in restatements. Gaines said that once a problem is found at one company, there is a ripple effect. She added that companies are choosing to err on the side of full disclosure for gray areas. Directors are also digging deeper and asking more accounting questions, in her view.

Noski believes that audit committees' tolerance for accounting problems has gone down to zero. In addition, select audits are being examined by the PCAOB. The concept of materiality has shrunk down, he said, and pointed to the SEC's recent staff accounting bulletin on "how to account for immaterial matters" (Staff Accounting Bulletin No. 108 on the process of quantifying financial statement misstatements).

Daly added that SAB 108 provides a safe harbor this year, so it might be a good time to think about these "immaterial matters." In SAB 108, the staff advised that it would not object if a registrant does not restate its financial statements in response to the guidance for fiscal years ending on or before November 15, 2006 where management applied the iron curtain or rollover approach, as long as all relevant qualitative factors were considered.

Noski said that at one of the companies at which he serves on the audit committee, management assists with the committee's education on such issues as critical accounting policies and revenue recognition about three times a year. He believes it is important to have an active dialogue with the outside auditor, the internal auditor and management about how they can help the audit committee do its job. Daly noted that the SEC's comment letters and company's responses are now posted on the SEC's Web site and suggested that they might be a good resource for audit committees.

Richards said that the audit committee's charter should serve as the roadmap for fulfilling its responsibilities. Gaines agreed. The committee may add items during the year, but the charter is the perfect roadmap.

Daly said that financial reporting risk belongs in the "audit committee room," but all other risks, including regulatory matters, information security, employment and marketing practices, are subject to board or board committee oversight responsibilities --until the risk poses financial reporting implications. Noski said that companies should identify the matrix of risks and which committee most appropriately has responsibility for each in its charter. Risk management is the responsibility of the full board, in his view.

Richards said that risk management comes down to resources. Companies should focus on fraud awareness --detection, prevention and mitigation. He also emphasized the importance of ethics programs since most problems are caused by people. Build a culture where it is acceptable for people to step forward if there is a problem, he said. Richards cited surveys that found most people do not come forward because they do not believe management will do anything, rather than out of fear of retaliation. Compliance programs are a huge area that are largely untouched until there is a problem, he said.

Noski said he fears that risk management may become this year's "Y2K" or "404." You must push management to think the unthinkable, he said, such as the crisis in Bhopal, India that put Union Carbide out of business. Noski cited a Booz Allen report which found that 13% of shareholder value was destroyed as a result of compliance failure. The other 87% was caused by strategic and operational blunders.