The IASB/FASB Transition Resource Group for Revenue Recognition is going to meet again on October 31, 2014. (Seems like a fitting day for this meeting!) In case you have not followed the TRG, this group will not issue guidance. Their mission is to identify issues, discuss them, and share their thoughts on each issue. The FASB and IASB will then decide what action, if any, will be taken on each issue.

The agenda for the meeting includes:

• Customer options for additional goods and services and nonrefundable upfront fees
• Presentation of a contract as a contract asset or a contract liability
• Determining the nature of a license of intellectual property
• Distinct in the context of the contract
• Contract enforceability and termination clauses

As you may know the new standard requires a significant amount of judgment (as well as disclosure of significant judgments!) Each of these areas are complex and will require interpretation and judgment under the new revenue recognition model. This should be a very interesting discussion.

Coordinating the meeting between the IASB group in England and the FASB group in the US presents some interesting logistical challenges, and the meeting will actually begin at 7:00 AM EDT. It is scheduled to run until 2:00 EDT, so the time allocated will allow deep discussion of each issue!

The full agenda, the related Memos discussing each issue, information from the TRG’s first meeting and a description of the TRG’s processes can be found at:

www.fasb.org/cs/ContentServer?c=Page&pagename=FASB%2FPage%2FSectionPage&cid=1176164066683

As always, your thoughts and comments are welcome!

Cybersecurity risk is again in the news. It seems like each cybersecurity incident is bigger and scarier than the breaches before. Clearly, the financial, reputational and other costs associated with these crimes are growing. Perhaps more importantly the efforts and costs associated with the prevention of these events are becoming more significant.

As we approach year end giving appropriate thought to cybersecurity disclosures will be an important discussion for most companies. As a reminder, the SEC’s existing guidance for cybersecurity disclosures is in Corp Fin’s Disclosure Guidance Topic 2, which you can find at:

www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm

The drive for more substantive disclosure, including information about the actual costs of cybersecurity breaches to a specific company and cybersecurity prevention costs are themes in the Corp Fin guidance, and these comments help emphasize the important issues in disclosures about cybersecurity risks.

In this comment the staff reminds the registrant about Disclosure Guidance Topic 2:

Technology security risks and environmental and pollution risks could potentially impact our financial results, page 11

6. It appears that this risk factor addresses two separate risks: (1) technology security risks and (2) environmental risks. In future filings, please revise your risk factor disclosure to address these risks under separate headings. Also, with respect to the technology security risks, to the extent that these risks may relate to cybersecurity threats, in future filings please clarify your disclosure accordingly as well as consider the Division of Corporation Finance’s Disclosure Guidance Topic No 2, which is available on our website at http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.

Notice the focus on qualitative and quantitative disclosure in this comment:

3. Your risk factor disclosure should provide sufficient qualitative and quantitative disclosure to enable a reader to assess the impact that these risks may have on your results of operations. In this regard, we note the following:

Your risk factor “Our business could be adversely affected by incidents…” on page 9 does not provide sufficient qualitative disclosure for one to understand which aspects of your business operations may expose you to these risks nor does it identify the actual risks or provide examples of past system failures or accidents;

Your risk factor “Technology security risks and environmental and pollution risks could potentially impact our financial results” on page 11 does not specify to what “certain information and technology security risks” you may be exposed.

This comment shows how details should be included to help readers understand the nature and magnitude of the risk:

Our business could be negatively impacted by security threats, including cybersecurity threats…

31. We note your disclosure that an unauthorized party was able to gain access to your computer network “in a prior fiscal year.” So that an investor is better able to understand the materiality of this cybersecurity incident, please revise your disclosure to identify when the cyber incident occurred and describe any material costs or consequences to you as a result of the incident. Please also further describe your cyber security insurance policy, including any material limits on coverage.

And this comment emphasizes the need for MD&A discussion if related costs are material:

Item 1A. Risk Factors “Security breaches and other disruptions or misuse of our network and information systems could affect our ability to conduct our business effectively,” page 12

1. We note your disclosure that during 2012 the ******* computer network was the target of a cyber-attack that you believe was sponsored by a foreign government, designed to interfere with your journalism and undermine your reporting. We also note your disclosure that you have implemented controls and taken other preventative actions to further strengthen your systems against future attacks. If the amount of the increased expenditures in cybersecurity protection measures was or is expected to be material to your financial statements, please revise your discussion in MD&A to discuss these increased expenditures. Also, if material, please revise the notes to your financial statements to disclose how you are accounting for these expenditures, including the capitalization of any costs related to internal use software.

Hope all this helps, and as usual your comments and thoughts are welcome!

As many of us discovered in the run-up to the first Form SD for reporting about conflict minerals (which was due June 2 of this year), there was substantial uncertainty about how to fulfill this Dodd-Frank created reporting obligation. Uncertainty about what sort of procedures should support the report, how to draft the report and late-breaking legal wrangling about the rule were only a few of the challenges in the first compliance cycle.

Hopefully the second year of this requirement will be a bit less chaotic. To help reduce the chaos and hopefully bring some order to the process we are presenting a one-hour briefing on October 24, 2014 entitled:

SEC’s Conflict Minerals Rules: What We Learned from 2013 and What Happens Next

Here is a summary of the briefing:

So what did we learn from the filings? For the 1300+ public companies and over 250,000 private companies that sought to trace the use of 3TG, the Form SDs and CMRs (Conflict Mineral Reports) provide insights into the struggles that companies have within their supply chains to identify sources and manage data, and to report their compliance efforts and results to customers, the SEC and other constituencies. Public company compliance efforts also impact non-reporting suppliers and will impact interactions with supply chains as the next round of due diligence and reporting gets underway.

Hope this helps, and you can learn more at:

www.pli.edu/Content/Seminar/SECs_Conflict_Minerals_Rules_What_We_Learned/_/N-4kZ1z127tk?fromsearch=false&ID=234693

As always, your thoughts and comments are welcome!

(Our apologies, the post is longer than usual, but it’s an important one)

Pumpkins, glorious foliage, and frost signal the arrival of Fall in NH, as well as hunting season.  Alas for many accountants, Fall signals the beginning of the assessment of internal control over financial reporting as calendar-year companies and their auditors start their interim testing and hunt for material weaknesses.  This year will likely be especially challenging due to recent PCAOB inspection report ICFR findings and guidance such as Staff Audit Practice Alert No. 11: Considerations for Audits of Internal Control over Financial Reporting, issued in October 2013.  The SEC has weighed in over the last year as well.  So, we thought it might be helpful as we start the ICFR season to increase your awareness of the PCAOB and SEC concerns over ICFR assessments and audits and point you to some resources worth reading.

Let’s start with the PCAOB.  It is no secret that the PCAOB inspection staff has focused on ICFR audits and has not been happy with a lot of them.  If this is news to you, just take a look at the inspection reports issued to the Big 4 over the last few years. The inspections staff expects the firms to show progress in addressing inspection findings in the next audit cycle, so the pressure is on.  As a result, it is very likely that your auditors will be changing their audit methodology in some way this year, which will ultimately trickle down to what you do.  So our recommendation to registrants is to be pro-active: read the last 2 inspection reports your auditor received (you can find them at http://pcaobus.org/Inspections/Pages/PublicReports.aspx), read Staff Alert No. 11 (find it at http://pcaobus.org/Standards/QandA/10-24-2013_SAPA_11.pdf), and talk to your auditors about anticipated changes in your audit and their expectations.  And if you have an appetite for more, see an interesting speech by Board Member Jeanette Franzel at http://pcaobus.org/News/Speech/Pages/03262014_IIA.aspx.

The SEC has also expressed concern that some of the PCAOB’s inspection findings “are likely indicators of similar problems with management’s evaluation” (see Deputy Chief Accountant Brian Croteau’s speech last December at www.sec.gov/News/Speech/Detail/Speech/1370540472057#.VC6uXEuppZg)

For years, the SEC has voiced its concern that material weakness findings are lagging indicators, discovered as a result of a restatement, and not a leading indicator discovered in the ICFR assessment in time to prevent a restatement.  Case in point is the recent SEC Enforcement case against JDA Software Group.  The SEC investigation found that the company had inadequate internal controls over financial reporting, specifically in the area of revenue recognition, resulting in a multi year restatement.  And from Mr, Croteau’s remarks cited above there are more ICFR enforcement cases in the pipeline…

We hope this helps – happy hunting!

As always, we would love to hear your comments!