Some Cybersecurity Risk-Management Support

Cybersecurity Risk continues to be a huge and problematic issue. Processes and tools to respond to Cybersecurity incidents are constantly evolving. To help you keep up to date with these issues our “Cybersecurity 2016: Managing Cybersecurity Incidents” program will be offered on September 20 live in NY and via webcast.

 

Topics to be addressed will include:

 

Overview of the cyber insurance market and what to look for when purchasing

Cybersecurity provisions to include in vendor and business partner agreements

Managing a forensic investigation

Threat landscape: how can companies protect themselves?

Cybersecurity Act of 2015 and its ramifications for the private sector, plus SEC activity

EU developments on breach notification in the GDPR and NIS Directive

 

The program will also include these special features:

 

Cyberattack simulation

Hacker’s perspective: what are they seeking?

CISO and Regulators panel: strategies for global companies and guidance on sharing information with the government

 

You can learn more here.

 

As always, your thoughts and comments are welcome!

Year End Planning Topic 3 – The New Item 16 Form 10-K Summary (and Disclosure Philosophy!)

Everyone who works with SEC periodic reports knows that making changes to disclosure is not a simple process. Reporting involves so many stakeholders and so many approval points that without an early start it is almost impossible to make improvements (or even simple changes such as formatting!).

This post is about one possible change that will need some time for consideration, adding the new Item 16 summary. With this reminder hopefully you will have enough time to consider whether this optional item makes sense for you.

This kind of summary has always been permitted, or at least never prohibited. However, in the process of making periodic reports more about communication than compliance, the FAST Act required the SEC to formally put a summary into Form 10-K, hence new Item 16. You can read the text of Item 16 in this post.

Your Communication Philosophy

If you read a lot of Form 10-K’s (and what is more fun than that?) you will see a variety of communication styles. We discuss different communication styles or “philosophies” in our workshops. We encourage companies to articulate their “philosophy” of disclosure.

To simplify a bit, some companies adopt a very “compliance” based philosophy for disclosure. In this model companies disclose what the SEC requires to be disclosed and essentially nothing more. This can be done in a fairly mechanical fashion and is usually very simple and direct, if not almost terse.

At the other end of a disclosure spectrum some companies adopt a more “communications” based philosophy where they disclose more than the bare bones requirements in an effort to tell a more complete “story” of how their company operates.

A simple example of this difference can be found in Form 10-K Item 1. This is the description of the business and the required disclosures are in Regulation S-K Item 101. Nowhere in Item 101 is there any requirement to disclose a company’s business strategy. And many companies do not say anything about the strategic orientation of their business. And yet, many companies discuss their strategy at length. Check out the differences in these two companies:

Here is a very well done example for an SRC (Golden Enterprises) of the compliance approach. Golden makes snack foods and does a simple, direct presentation. (Also, best potato chips ever!)

Here is another well-done example of a company (Square) that uses a more communications oriented approach. Square is a payment processor and supports businesses in many ways.

To be clear, there is no right or wrong way in this discussion; we are talking about a judgment you need to make. So, why do some companies disclose more than the S-K requirement?   These companies are considering disclosure as more than a compliance process. They are using the reporting process as a communications tool.

If you are going to focus more on communication the SEC’s Interim Final Rule about a Form 10-K summary could be a new element in your communication strategy. Almost every business writer will suggest that an executive level overview for a long document is a good communication strategy.

FR 72 suggested this for MD&A way back in 2003:

Many companies’ MD&A could benefit from adding an introductory section or overview that would facilitate a reader’s understanding. As with all disclosure, what companies would appropriately include in an introduction or overview will depend on the circumstances of the particular company. As a general matter, an introduction or overview should include the most important matters on which a company’s executives focus in evaluating financial condition and operating performance and provide the context for the discussion and analysis of the financial statements. Therefore, an introduction or overview should not be a duplicative layer of disclosure that merely repeats the more detailed discussion and analysis that follows.

In recent remarks the SEC staff has said they are seeing more companies using their filings as communication documents and this trend certainly fits into the SEC’s disclosure effectiveness program.

So, as you get into your annual reporting process, be sure you articulate this overall strategy for disclosure, and if you think it appropriate, put consideration of the new Item 16 summary into your thought process.

As always, your thoughts and comments are welcome!

Summertime Planning Topic Two – Evaluating and Auditing ICFR

As we blogged about (or perhaps nagged about), in our last post it is never too soon to start planning for year-end. That post suggested some proactive steps to avoiding some commonly occurring problems in the statement of cash flows. In this post we will discuss another frequently problematic issue, the annual management’s assessment and external audit of ICFR. It is likely an understatement to say that in recent years there has been substantial change in how management assesses and auditor’s audit ICFR. Areas such as management review controls, how to use system generated information, what are appropriate scopes for testing and how to evaluate whether a control deficiency is a material weakness are all in play.

 

In our annual reporting process it makes sense to get out in front of these issues!

 

Here are two resources that we hope can help in your ICFR evaluation and auditing process.

 

  1. In our August 5, 2016 PLI Smartbrief (you can learn more and sign-up to receive the SmartBrief here) we referenced an Accounting Web article about a Protiviti SOX Compliance survey. The findings can help inform your own SOX planning and the evolution of your ICFR. According to the survey SOX related audit costs are generally increasing. Here is a telling quote from the executive summary:

 

“Sarbanes-Oxley compliance once was thought to be a relatively stable, predictable process that organizations could rely on to be routine and, for the most part, static. Yet market and regulatory changes continue to make this a more dynamic process, with costs and hours continuing to rise for many organizations. The good news is that more organizations are recognizing the benefits of their compliance efforts through improved internal control structures and business processes.”

 

 

  1. The PCAOB has published a helpful resource in planning your SOX ICFR evaluation and audit. In their most recent Staff Inspection Brief they discuss the plan, scope and objectives for the coming cycle of inspections. As expected ICFR is one of the points of focus:

 

“During the 2016 inspection cycle, Inspections staff will, among other things, consider the sufficiency of auditors’ procedures performed to identify, test and evaluate controls that address the auditors’ assessed risk of material misstatement, and auditors’ testing of controls that contain a review element. “

 

As always, your thoughts and comments are welcome!

Cash Flows Topic One – Comment of the Week and EITF Fun!

High risk accounting and reporting areas, those most prone to problems and the risk of amendment or restatement, are discussed in all our conferences and workshops. We always encourage folks to be aware of these risks and to address them in their reporting processes.

 

Now that we are into August, is it fair to put some of these issues on the planning calendar for year-end? Yes, because many of them require significant amounts of time and work to address. (For example, have you ever tried to make improvements in your MD&A?) So, even though it is only August, we are going to start a series of posts with some considerations for year-end planning! We will also bring all of them together later in the fall.

 

Perhaps surprisingly, one of these frequent problem areas is preparation of the statement of cash flows. For a variety of reasons the statement of cash flows is the source of many SEC comments and even restatements. Perhaps this is because the statement of cash flows is usually prepared late in the reporting process, perhaps because it is sometimes viewed as a mechanical process, perhaps because it is sometimes prepared by less experienced professionals and/or perhaps controls are not effective in this area. There are likely many underlying causes for the statement of cash flows being a frequent problem area, but if we are forewarned there is no reason that we should have problems here.

 

As a starting point, here are some example SEC comments.

 

Statement of Cash Flows

We note your presentation on the statement of cash flows of sales and maturities of short- term investments as one combined line item. In light of the fact that short term investments represent a significant part of your balance sheet, please revise to present sales and maturities of these investments as separate line items within the investing section in accordance with ASC 320-10-45-11.

The comment above is a great example of where a seemingly logical combination of similar cash flows runs afoul of the codification guidance. The referenced paragraph is not even in the ASC section about the statement of cash flows! What it says is:

Cash flows from purchases, sales, and maturities of available-for-sale securities and held-to-maturity securities shall be classified as cash flows from investing activities and reported gross for each security classification in the statement of cash flows. Cash flows from purchases, sales, and maturities of trading securities shall be classified based on the nature and purpose for which the securities were acquired.

Here is another example:

Please tell us how you determined it was appropriate to classify restricted cash collateralizing your outstanding letter of credit and cash secured loans as investing activities in the statement of cash flows. Please reference the authoritative accounting literature management relied upon.

This is an area where there may be no clear guidance. The distinction between operating and investing seems like an easy question to ask here. And, as you will see below, this is a question that was taken to the EITF.

 

Here are a few more comments with similar issues. This first one is pretty darn long!

Consolidated Statements of Cash Flows, page F-8

Please tell us your basis for recording the deposit related to the acquisition of land use right as operating activities as opposed to investing activities. Refer to ASC 230.

We note your line item, advances to suppliers, in your balance sheets and other trade receivables included in Note 4 on page F-30 related to your lending provided to some of your suppliers. Please tell us the nature of your lending activities to your suppliers and the difference in amounts included in the two accounts. Additionally, please tell us your basis for recording amounts in operating activities as opposed to investing activities in your statements of cash flows. Refer to ASC 230.

Please reconcile for us the purchase of property and equipment for 2014 in the amount of $256,027,300 to the change of $301,716,262 derived from your disclosure in Note 7.

 

This one seems fairly straightforward:

We note cash flows from financing activities include non-cash transactions consisting of common shares issued for debt conversions and as compensation for services as well as losses on settlement of debt through equity issuances. Please refer to ASC 230 and revise to separately disclose non-cash financing transactions in supplemental disclosure of noncash investing and financing activities and to disclose losses on debt settlements in cash flows from operating activities. Please note that this comment also applies to Form 10-Q filed February 2, 2016.

 

The Need For Clarification – The EITF to the Rescue!

 

Because of the frequent nature of these issues and diversity in practice surrounding many of them the EITF has two projects that are at the Exposure Draft stage and should finish before year end:

 

EITF Issue 16-A: Restricted Cash would require the statement of cash flows to reconcile the total change in cash including restricted cash.

 

EITF Issue 15-F: Statement of Cash Flows: Classification of certain cash receipts and cash payments deals with a variety of issues in the cash flow statement, including:

 

Issue 1—Debt Prepayment or Debt Extinguishment Costs

Issue 2—Settlement of Zero-Coupon Bonds

Issue 3—Contingent Consideration Payments Made after a Business Combination

Issue 4—Proceeds from the Settlement of Insurance Claims

Issue 5—Proceeds from the Settlement of Corporate-Owned Life Insurance Policies, including

Bank-Owned Life Insurance Policies

Issue 6—Distributions Received from Equity Method Investees

Issue 7—Beneficial Interests in Securitization Transactions

Issue 8—Predominant Cash Receipts and Cash Payments

 

 

With all of this comment activity and related standard setting going on, it is advisable to “scrub” your process for preparing the statement of cash flows in your upcoming periodic filings.

 

As always your thoughts and comments are welcome!

A Busy Summer for the SEC!

The SEC has been busy on many fronts this summer. If you review the summary of proposed rules here on their web site you will see they have proposed five rules so far this summer and the summary of final rules here has another six rules issued in final form.

 

That is a busy summer!

 

The proposed rules contain some of the first concrete, early steps in the SEC’s disclosure effectiveness project. The proposal will “clean-up” some areas where the SEC’s rules overlap or are redundant with GAAP, IFRS or other guidelines. They also include a proposal to change the threshold to use the Smaller Reporting Company system to $250,000,000 in public float.

 

You can see the details of each proposal below:

 

Disclosure Update and Simplification

 

Amendments to Smaller Reporting Company Definition

 

Modernization of Property Disclosures for Mining Registrants

 

 

The final rules range from the final resource extraction payment rules required by Dodd/Frank, which replace the earlier version overturned in the courts, to the FAST Act 10-K summary.

 

You can see the details of each final rule below:

 

Disclosure of Payments by Resource Extraction Issuers

 

Adoption of Updated EDGAR Filer Manual

 

Form 10-K Summary

 

 

As always, your thoughts and comments are welcome!

Another Reason to do the Right Thing – Litigation is on the Rise!

Our last post was about the on-going messaging from the SEC’s Enforcement Division to all of us to “do the right thing” for investors. Of course, another reason to do the right thing is the risk of litigation. And this risk, according to a report from the Stanford Law School Securities Class Action Clearinghouse and Cornerstone Research, shows that securities class action litigation is up substantially. According to the report filings are “up 36.7% from the first half of last year and up 16.6% from the second half of last year.”

 

In a startling statistic the report shows that on an annualized basis 6.4% of the S and P 500 were subject to class action filings.

 

Interestingly, the report indicates a substantial part of the increase relates to filings concerning merger and acquisition activity.

 

You can find a press release and the report here.

 

The Stanford Law School Securities Class Action Clearing house is a pretty scary website. If you would like to review it you can find it here.

 

Lastly, a great way to supplement what you read here on our blog and keep up with developments like this is to subscribe to the PLI Smart Brief, a periodic e-newsletter with lots of great information.

 

You can sign-up to receive the Smart Brief here.

 

As always, your thoughts and comments are welcome!

Do the Right Thing! – SEC Reminders for Auditors and Companies

As they occasionally, (and at times frequently), do, the SEC has sent us a reminder to do the right thing.

 

This most recent reminder actually started with an action announced last September against a company that involved one of the classic financial fraud reporting areas, inappropriate revenue recognition. The complaint alleges significant self-dealing by officers and a variety of other inappropriate actions to fabricate financial results. The case was serious enough that the company’s registration was revoked. You can read the press release and find related documents here.

 

Whenever an action like this is announced, one of the questions we all ask is “where were the auditors?”

 

Usually an action against auditors happens separately from the related action against a company. Many times the two are hard to correlate. In this case the action against the auditor took almost nine months longer. It was formally announced on July 22, 2016. The SEC’s order against the auditor found that the auditor

 

“failed to perform sufficient procedures to detect the fraudulent sales in the company’s financial statements. (The Audit Firm) also failed to obtain sufficient audit evidence over revenue recognition and accounts receivable, identify related party transactions, investigate management representations that contradicted other audit evidence, perform procedures to resolve and properly document inconsistencies, and exercise due professional care.”

 

In the action the partner for this engagement paid a fine of $25,000 and was permanently suspended from practice before the SEC. This includes both auditing and working as a company accountant. The firm paid a $100,000 penalty and it can only begin accepting new public company clients again next year after an independent consultant certifies that the firm has corrected the causes of its audit failures. You can read the release and find related documents here.

 

As a final reminder about accountant’s and auditor’s role as gatekeepers the enforcement staff said:

 

“Auditors are supposed to act as gatekeepers to protect the integrity of our markets, but (The Audit Firm) failed to live up to their professional obligations”.

 

As always, your thoughts and comments are welcome!

More About S-3 and the Transition to the New Revenue Recognition Standard

In a recent post we explored a very complex securities registration issue within retrospective application of the new revenue recognition standard. (The issue arises with any retrospective application, so it will also arise in the new leasing standard.) In a nutshell the registration issue comes up when you:

 

(1) Adopt the new revenue recognition standard as of January 1, 2018 (assume a December 31 year-end), then

(2) File your March 31, 2018 10-Q and then

(3) File an S-3 to register to sell securities.

 

The S-3 incorporates your 2017 Form 10-K by reference which includes 2015 financial statements. The 2015 financial statements would not normally be retrospectively adjusted for the new revenue recognition standard. In this case though that could be necessary. You can read all the technical details here.

 

This first post led to a really interesting question from a reader. What happens if you file the S-3 before you file your March 31, 2018 10-Q? We explored the issue in this post.

 

This then led to a really great comment from another reader. In our workshops we always emphasize building research skills and using all the relevant SEC resources, especially the CorpFin Financial Reporting Manual (FRM). This really astute reader found this section in Topic 13 of the FRM:

 

13110.2  In the case of a registration statement on Form S-3, Item 11(b)(ii) of that form would specifically require retrospective revision of the pre-event audited financial statements that were incorporated by reference to reflect a subsequent change in accounting principle (or consistent with staff practice, discontinued operations and changes in segment presentation) if the Form S-3 also incorporates by reference post-event interim financial statements. If post-event financial statements have not been filed, the registrant would not revise the pre- event financial statements in connection with the Form S-3, however, pro forma financial statements in accordance with Article 11 of Regulation S-X may, in certain circumstances, be required. In contrast, a prospectus supplement used to update a delayed or continuous offering registered on Form S-3 (e.g., a shelf takedown) is not subject to the Item 11(b)(ii) updating requirements. Rather, registrants must update the prospectus in accordance with S-K 512(a) with respect to any fundamental change. It is the responsibility of management to determine what constitutes a fundamental change.

 

 

Here there is at least some relief for the S-3 filed after year-end but before the Form 10-Q is filed! As a reminder S-X Article 11 contains this requirement:

 

  • 210.11-01   Presentation requirements.

(a) Pro forma financial information shall be furnished when any of the following conditions exist:

………………….

(Note: (1) to (7) omitted)

(8) Consummation of other events or transactions has occurred or is probable for which disclosure of pro forma financial information would be material to investors.

 

Some judgment will be required to make that decision! If the effect of the new revenue recognition standard is large enough, it could well be material to investors.

 

Similarly, for the S-3 shelf takedown S-K 512(a) includes this requirement (in bullet ii):

 

(ii) To reflect in the prospectus any facts or events arising after the effective date of the registration statement (or the most recent post-effective amendment thereof) which, individually or in the aggregate, represent a fundamental change in the information set forth in the registration statement.

 

Again, some judgment will be required to make that decision!

 

Thanks to both the readers who contributed to this discussion, and as always your thoughts and comments are welcome!

 

Disaggregation – Comment Letters and the New Revenue Recognition Standard

How often do you think of disaggregation in your financial statements? Generally, companies don’t present a lot of line-item details in their financial statements. Recently this issue has come up for us in two separate places.

 

If you have attended one of our large Midyear or Annual Forums you have had the fun of listening to Carol do an in-depth analysis of the comment letter process. She usually picks an interesting letter for a specific company and reviews both the overall process as well as the specific comments in the company’s letter.

 

In this year’s May and June Midyear Forms, Carol’s example letter included this interesting and “deep in the weeds” comment:

Consolidated Balance Sheets, page 33

  1. Please tell us how you have complied with Rule 5-02.20 of Regulation S-X. In this regard, we note your quantified disclosure of insurance liabilities and construction accruals. Please tell us whether there are any additional items included in other current liabilities that exceed five percent of total current liabilities.

The big theme here is of course disaggregation. Regulation S-X Article 5 has requirements about disaggregation for areas such as other current assets, other assets, other current liabilities and other liabilities. Generally, the requirements are that any individual account over 5% of the relevant total must be separately disclosed. Here is one example:

  • 210.5-02   Balance sheets.
  1. Other current assets. State separately, in the balance sheet or in a note thereto, any amounts in excess of five percent of total current assets.

There is also a similar requirement for components of revenue over 10% of total revenues:

  • 210.5-03   Income statements.

…………

(b) If income is derived from more than one of the subcaptions described under §210.5-03.1, each class which is not more than 10 percent of the sum of the items may be combined with another class. If these items are combined, related costs and expenses as described under §210.5-03.2 shall be combined in the same manner.

As you can see, the consistent theme is to provide appropriate detail so readers can understand appropriate issues in the F/S.

 

This theme of disaggregation is a topic of discussion in the FASB’s financial statement presentation project and also is an important issue in the disclosure requirements in the new revenue recognition standard:

Disaggregation of Revenue

ASC 606-10-50-5

An entity shall disaggregate revenue recognized from contracts with customers into categories that depict how the nature, amount, timing, and uncertainty of revenue and cash flows are affected by economic factors. An entity shall apply the guidance in paragraphs 606-10-55-89 through 55-91 when selecting the categories to use to disaggregate revenue.

This new revenue recognition disclosure requirement will require substantial judgment to determine how much detail a reader will need to understand how the “nature, amount, timing and uncertainty of revenue and cash flows are affected by economic factors”. This is really the opposite of the S-X disclosure requirements above based on mechanical, quantitative 5% and 10% thresholds. The overall theme is the same though, be sure to consider how much detail readers really need to understand your financial condition, results of operations and cash flows.

 

As always, your thoughts and comments are welcome!

A Really Good Question – Form S-3 and the New Revenue Recognition Standard

In a recent post we discussed a potential complication in the registration process and Form S-3 in particular if you retrospectively implement the new revenue recognition standard. You can review the post here. The issue arises if you file an S-3 in 2018 after you adopt the new revenue recognition standard but before your 10-K for 2018 is filed. The 2018 Form 10-K will have annual financial statements for 2018, 2017 and 2016 retrospectively applying the new standard. However, if you file an S-3, or have an S-3 shelf registration in place, before you file the 2018 Form 10-K, your S-3 would be required to have three fiscal years, now 2017, 2016 and 2015 that apply the new standard.

Thus, you could be required to report an extra year, 2015, on the new revenue recognition standard if you want to access the capital markets with an S-3, or an S-3 shelf registration, during 2018.

Whether or not the SEC can or will have any relief from this issue is not finalized. So stay tuned!

In our post we set up the example with an S-3 filed after the first-quarter 2018 form 10-Q is filed.

This all lead to a really great question from a reader:

 

In the hypothetical, if an issuer were to file an S-3 in the first quarter of 2018 (before its 3Q financials go stale and before the 2018 10-Q is filed), does Item 11 of Form S-3 require the company to file an 8-K with its recast 2015 financials reflecting the full retrospective adoption of the new standard before the issuer may take-down securities?

The answer to this question? Well, there is not a detailed rule anywhere that deals with the issue.

We researched the question and the closest guidance we could find was in the CorpFin Financial Reporting Manual Topic 11:

“Companies may transition to ASU No. 2014-09 and IFRS 15 (collectively, the “new revenue standard”) using one of two methods:

Retrospectively to each prior period presented, subject to the election of certain practical expedients (“full retrospective method”). A calendar year-end company that adopts the new revenue standard using this method must begin recording revenue using the new standard on January 1, 2018. In its 2018 annual report, the company would revise its 2016 and 2017 financial statements and record the cumulative effect of the change recognized in opening retained earnings as of January 1, 2016.

Retrospectively with the cumulative effect of initially applying the new revenue standard recognized at the date of adoption (“modified retrospective method”). A calendar year-end company that adopts the new revenue standard using this method must begin recording revenue using the new standard on January 1, 2018. At that time, the company must record the cumulative effect of the change recognized in opening retained earnings and financial statements for 2016 and 2017 would remain unchanged. The standard also sets forth additional disclosures required by companies that adopt the new standard using this method.

That language sure sounds like if you file after January 1, 2018, you need three years, 2015, 2016 and 2017 based on the new standard.

That said, stay tuned, we will all continue our research! And what is more fun than a really deep SEC research question?

As always, and especially with this one, your thoughts and comments are welcome!