(The news featured
below is a selection from the news covered in SEC Today, which is distributed to
subscribers of SEC
Today.)
Olson Provides Keynote Address at NACD Conference
PCAOB Chairman Mark Olson, in a keynote address to the
National Association of Corporate Directors, said the Board is coordinating its
initiative to revise Auditing Standard No. 2 with the SEC's planned guidance for
management, given the value of the two initiatives being available for public
consideration at the same time. The PCAOB plans to issue its proposal later this
fall and the SEC has announced that it will address the management guidance
initiative at a December 13 open meeting.
Olson said the PCAOB is also working with practitioners to
develop implementation guidance for internal control audits for smaller public
companies. Based on the experiences of the accelerated filers over the past two
years, Olson said the most frequently reported weaknesses in internal controls
over financial reporting relate to staffing and training.
Olson said that the tone at the top may be the single most
important role of corporate directors. Regulators are hard at work to balance
the cost/value of the internal control requirements, he said. There are still a
number of major organizations that are paying a severe price because their
internal controls did not match their risk exposure, according to Olson.
Companies need access to people who are capable of providing that risk
assessment, he said, and then they must listen to them.
Olson took questions at the conclusion of his prepared
remarks and addressed the pending lawsuit challenging the constitutionality of
the PCAOB. Olson said that both internal and external counsel had advised that
the PCAOB is on very solid ground. All preliminary motions in the case have been
filed and answered. Olson added that seven of the former chairs of the SEC have
filed an amicus brief in support of the PCAOB. He believes the challenge will
not prevail.
Olson was asked whether the PCAOB would increase the fees
companies pay to complete its staffing. Olson said the fee that corporations pay
is relatively small, but that the Board must be a good steward of the funding it
receives. He pointed out that the SEC approves the PCAOB's budget, but added
that the Board is close to being fully staffed as needed to achieve its mandate.
In response to whether WorldCom, Enron and Global Crossing
would have occurred if the Sarbanes-Oxley Act was passed in 1990, Olson said it
was hard to go back and "unscramble the eggs," but he believes that
the relationship between external auditors and management has fundamentally
changed since its passage. Extraordinary growth in the market always leads to an
adjustment, he said. The problems are revealed during the downturn. The most
important changes to take place have been in the board room with the recognition
of the importance of internal controls, he said.
Another questioner referred to recent papers by IFAC and
the FEA that were critical of the Sarbanes-Oxley approach to internal controls
and cited their preference for a more risk-based approach, which they believe
will reap more benefits. Olson said the SEC and the PCAOB believe their rules
were more principles based, but they did not get interpreted that way. Their
rules are very much risk-focused, in his view.
Audit Committee Panel
Ken Daly, the executive director of KPMG's Audit Committee
Institute, moderated a panel discussion at the National Association of Corporate
Directors' annual conference on corporate governance on the challenges facing
audit committees. Among the highest priorities for audit committees in 2006 are
risk management and director education, according to the panelists.
Charles Noski, the audit committee chairman at Microsoft
and Morgan Stanley, said that one of the challenges in setting the audit
committee's agenda is the allocation of time. There is never enough time, so
Noski suggested the selective use of subcommittees. He noted that at Morgan
Stanley, the audit committee designated a two-member subcommittee to meet with
the internal auditor. He urged committees to think about where their companies'
risks are. The big frauds involved senior management overrides of internal
control, he said.
Barbara Gaines, a director at Office Depot Inc., said the
agenda for each audit committee meeting includes yellow-lined items that are to
be read ahead of time. The committee will only address those issues if there are
questions or comments. The committee also sets aside time for education, she
said. David Richards, president of the Institute of Internal Auditors, said he
likes to put time limits on the agenda items and a statement of purpose for each
item. He agreed that yellow-lining items was a good idea. There is no need to go
over what has already been read, he said.
Daly asked the panel to talk about financial restatement
trends. He noted that 2005 was a bumper year for restatements, with the biggest
issue involving expense recognition, including lease accounting. Daly said that
in 2006, options back-dating may play a greater role in restatements. Gaines
said that once a problem is found at one company, there is a ripple effect. She
added that companies are choosing to err on the side of full disclosure for gray
areas. Directors are also digging deeper and asking more accounting questions,
in her view.
Noski believes that audit committees' tolerance for
accounting problems has gone down to zero. In addition, select audits are being
examined by the PCAOB. The concept of materiality has shrunk down, he said, and
pointed to the SEC's recent staff accounting bulletin on "how to account
for immaterial matters" (Staff Accounting Bulletin No. 108 on the process
of quantifying financial statement misstatements).
Daly added that SAB 108 provides a safe harbor this year,
so it might be a good time to think about these "immaterial matters."
In SAB 108, the staff advised that it would not object if a registrant does not
restate its financial statements in response to the guidance for fiscal years
ending on or before November 15, 2006 where management applied the iron curtain
or rollover approach, as long as all relevant qualitative factors were
considered.
Noski said that at one of the companies at which he serves
on the audit committee, management assists with the committee's education on
such issues as critical accounting policies and revenue recognition about three
times a year. He believes it is important to have an active dialogue with the
outside auditor, the internal auditor and management about how they can help the
audit committee do its job. Daly noted that the SEC's comment letters and
company's responses are now posted on the SEC's Web site and suggested that they
might be a good resource for audit committees.
Richards said that the audit committee's charter should
serve as the roadmap for fulfilling its responsibilities. Gaines agreed. The
committee may add items during the year, but the charter is the perfect roadmap.
Daly said that financial reporting risk belongs in the
"audit committee room," but all other risks, including regulatory
matters, information security, employment and marketing practices, are subject
to board or board committee oversight responsibilities --until the risk poses
financial reporting implications. Noski said that companies should identify the
matrix of risks and which committee most appropriately has responsibility for
each in its charter. Risk management is the responsibility of the full board, in
his view.
Richards said that risk management comes down to resources.
Companies should focus on fraud awareness --detection, prevention and
mitigation. He also emphasized the importance of ethics programs since most
problems are caused by people. Build a culture where it is acceptable for people
to step forward if there is a problem, he said. Richards cited surveys that
found most people do not come forward because they do not believe management
will do anything, rather than out of fear of retaliation. Compliance programs
are a huge area that are largely untouched until there is a problem, he said.
Noski said he fears that risk management may become
this year's "Y2K" or "404." You must push management to
think the unthinkable, he said, such as the crisis in Bhopal, India that put
Union Carbide out of business. Noski cited a Booz Allen report which found that
13% of shareholder value was destroyed as a result of compliance failure. The
other 87% was caused by strategic and operational blunders.
|