Monthly Archives: May 2016

Cybersecurity’s “Evilution”

In our tech involved world the risk of cyber attack is constantly transmogrifying into ever more complex and evil modes. From phishing to ransomware to who knows what next, this risk is constantly changing.


To help you keep up-to-date with regulatory issues concerning this risk and to help make appropriate disclosures PLI is presenting a new One-Hour Briefing: Cybersecurity in the Age Of Regulators Gone Wild


You can read all about the briefing at:



As always, your thoughts and comments are welcome!


Jeepers, You Say There is More Non-GAAP News?

In the latest step in the SEC’s continuing efforts to, in the words of Corp Fin Chief Accountant Mark Kronforst, “crack down” on the inappropriate use of non-GAAP measures, on May 17, 2016 the SEC updated their Compliance and Disclosure Interpretations about the use of non-GAAP measures.

(At this point we almost want to apologize for how many recent posts we have done about non-GAAP measures, but this new guidance is important.)

You will find them at:

If you use non-GAAP measures anywhere, earnings releases, MD&A, wherever, read them!

To help you get started, here are a couple of highlights.

This first question is a broad theme in current SEC public remarks, as we have discussed them in recent posts:

Question 100.01

Question: Can certain adjustments, although not explicitly prohibited, result in a non-GAAP measure that is misleading?

Answer: Yes. Certain adjustments may violate Rule 100(b) of Regulation G because they cause the presentation of the non-GAAP measure to be misleading. For example, presenting a performance measure that excludes normal, recurring, cash operating expenses necessary to operate a registrant’s business could be misleading. [May 17, 2016]

This C&DI clarifies issues about per-share presentations:


Question 102.05

Question: While Item 10(e)(1)(ii) of Regulation S-K does not prohibit the use of per share non-GAAP financial measures, the adopting release for Item 10(e), Exchange Act Release No. 47226, states that “per share measures that are prohibited specifically under GAAP or Commission rules continue to be prohibited in materials filed with or furnished to the Commission.” In light of Commission guidance, specifically Accounting Series Release No. 142, Reporting Cash Flow and Other Related Data, and Accounting Standards Codification 230, are non-GAAP earnings per share numbers prohibited in documents filed or furnished with the Commission?


Answer: No. Item 10(e) recognizes that certain non-GAAP per share performance measures may be meaningful from an operating standpoint. Non-GAAP per share performance measures should be reconciled to GAAP earnings per share. On the other hand, non-GAAP liquidity measures that measure cash generated must not be presented on a per share basis in documents filed or furnished with the Commission, consistent with Accounting Series Release No. 142. Whether per share data is prohibited depends on whether the non-GAAP measure can be used as a liquidity measure, even if management presents it solely as a performance measure.  When analyzing these questions, the staff will focus on the substance of the non-GAAP measure and not management’s characterization of the measure. [May 17, 2016]


As always, your thoughts and comments are welcome.

Lots Happening at the PCAOB!

Since its inception with the Sarbanes-Oxley Act the PCAOB has faced many challenges in fulfilling its responsibilities to establish GAAS for public company audits, inspect audit firms and enforce when auditors do not fulfill their responsibilities. As the PCAOB has evolved one important lesson we have all learned is that their activities and agenda do not affect just auditors. All public company reporting participants have a stake in what they do. For example, the recent audit standard about related party issues was important not just for auditors, but companies needed to assure they would have the information the new standard required auditors to obtain. Some companies even modified their D and O questionnaires in this process.

To help us be aware of where the PCAOB’s activities could impact us all, here are a few items of note going on at the PCAOB right now.

  1. Auditor’s Involvement in non-GAAP Measures

If you use non-GAAP measures in an earnings release, MD&A or other communication vehicles you will want to follow the events of the May 18-19, 2016 meeting of the PCAOB’s Standing Advisory Group. A significant part of the first day’s agenda is a discussion of “Company Performance Measures and the Role of the Auditor”. The meeting will include breakout discussion sessions and a report of the breakout discussions on day two of the meeting. You can find the agenda and how to access a webcast at:\

  1. Anticipating and Avoiding Accounting and Auditing Problems

The PCAOB inspections staff has published a “Staff Inspections Brief” which provides a preview of their observations from 2015 inspections. Interestingly the number of audit deficiencies identified for annually inspected firms, those with over 100 public clients, has decreased. For firms with less than 100 public clients, who are inspected every three years, the inspection staff found “an overall high number of audit deficiencies”. Areas with frequent deficiencies were:

Auditing internal control over financial reporting

Assessing and responding to the risk of material misstatement

Auditing accounting estimates, including fair value

Audit areas affected by economic risks, including factors such as oil prices


The report also discussed several financial reporting issues including business combination accounting, the statement of cash flows, revenue recognition and income taxes.


Auditor independence continued to be a problem area, particularly for triennially inspected firms.

You can read the whole Staff Inspection Brief at:


  1. A Board Member’s Perspective on Inspections, Enforcement and Standard Setting

This speech, delivered by Board Member Jeanette Franzel, is a wide ranging summary of “progress in audit oversite” and has some interesting perspectives on changes that could be in store for the inspection process. She comments that inspections of large firms are showing fewer audit deficiencies but that at smaller firms there are still some that “just don’t get it”. She also provides summaries of the enforcement program and standard setting at the PCAOB.

You can read the speech at:


  1. A “Darker” Staff Practice Alert

The PCAOB inspectors continue to see enough instances of auditors making changes after audit workpapers are supposed to be “locked down” that they have issued a Staff Practice Alert to remind, or perhaps warn, auditors not to make changes inappropriately in advance of an inspection. You can read the Alert at:

Interestingly, the last section of the new release has a link to the PCAOB’s tip line……


  1. Re-proposed Changes to the Auditor’s Report?

The Board met on May 11, 2016 to consider re-proposing changes to the standard auditor’s report. The current pass/fail model would be retained, but the original proposal and the potentially revised proposal hope to provide additional information to make the report more relevant and informative. Stay tuned for updates on the results of the meeting; in the meantime you can read about the meeting, the revised proposal and related original proposal at:


  1. Naming the Audit Partner is a Done Deal and the PCAOB’s Standard Setting Agenda


Last, as you may have heard, the SEC has approved the PCAOB’s new Auditing Standard requiring disclosure of the names of audit partners and information about other firms involved in an audit beyond the principal auditor. To learn about that change and to see what else is on the horizon, here is a link to the PCAOB’s current rulemaking agenda:

Clearly, the PCAOB is busy!

As always, your thoughts and comments are welcome!

SEC Non-GAAP Concerns Ratchet Up

We discuss non-GAAP measures frequently in our blog. We also did a One-Hour Briefing “Non-GAAP Measures and Metrics: Getting it Right” on April 1 which you can find at:


While we try to avoid being “preachy” we do see some real problems in how companies are using non-GAAP measures. Our most recent blog post about these non-GAAP measure problems is at:


To reinforce these issues from the SEC’s perspective Deputy Chief Accountant Wesley Bricker and OCA Chief Accountant Mark Kronforst both addressed the use of non-GAAP measures at a recent conference.


You can read Mr. Bricker’s speech at:


In his speech he outlines four major areas where the SEC believes that companies may not be using non-GAAP measures appropriately. He even makes the comment that if a company uses a non-GAAP revenue measure they can expect a comment from the staff.

While Mr. Kronforst’s speech is not on the SEC web page, he reportedly used the words “crack down” when talking about how the SEC will be reviewing the use of non-GAAP measures.

The message is clear, be thoughtful and careful with non-GAAP measures!


As always, your thoughts and comments are welcome!

Due Care and Good Faith with Accounting Judgments – More Enforcement News!

On April 19th the SEC Enforcement Division announced two financial fraud enforcement cases in which companies, officers and in one of the cases the company’s auditors were named and barred or paid fines. Financial fraud enforcement cases are on the rise, but the interesting issue in these cases is that both centered on the challenging, grey area judgements that we make in the accounting process.

In the release Enforcement Division Director Andrew Ceresney said:

“We are intensely focused on whether companies and their officers evaluate judgmental accounting issues in good faith and based on GAAP.”

The most unsettling implication of these two cases is that while we make these judgements with uncertain and sometimes incomplete information, the people who pass judgment on them after the fact always operate with 20-20 hindsight.

The areas involved in these two cases are classic accounting estimate areas. One of the named companies/executives used a warranty accrual, failure to appropriately amortize intangibles and failure to appropriately write down inventory to lower of cost or market to be able to meet earnings targets.

In the other case, company executives failed to appropriately value accounts receivable from and impair investments in an electric car manufacturer that was a major customer. In addition, the audit engagement partner was suspended from appearing before the SEC.

You can read the release at:

This message is more than unsettling, it’s downright scary. It almost starts to feel that someone is watching over our shoulder as we make difficult judgment calls. And we know that when we make these kinds of accounting judgments and estimates there is usually no “right answer”. In fact, different professionals may arrive at different conclusions when making these kinds of judgements, but there is usually a range of reasonable estimates.


That said, the message is clear, be sure to exercise due care and follow GAAP when making subjective accounting judgments, because if things go wrong, enforcement may be asking questions! And, as we said above, when they ask questions, they will have the benefit of 20-20 hindsight.


How do we assure that when someone with hindsight evaluates our decisions we have as strong a position as possible? Here are a few reminders about your process for making and documenting these judgments:

  1. Always create your documentation contemporaneously. If you wait to document a decision until you are asked about it by someone like the SEC, you will never remember all the issues and considerations in your decision. And, it will be easy to see that you created the documentation after the fact.


  1. In your documentation be sure to thoroughly evaluate all the different alternatives in the decision process. Lay out in clear language each alternative and the pros and cons of each alternative. Include all relevant factors on all sides of the decision. If someone wants to second guess your decisions and you have not addressed all the issues, it will be more likely that you will be second guessed.


  1. Support your discussion with appropriate references to the Accounting Standards Codification. Explain what GAAP you think is relevant and how the guidance applies in your situation. Most importantly, document and be faithful to the principles underneath the GAAP you are using.


  1. As part of ICFR, have a documented review process. All appropriate levels of involvement in the decision should be documented, and if your company has a policy about reviewing accounting decisions it should be documented that that policy was followed. If you know there is a material intentional error, such as occurred in these cases, use the appropriate channels within your company to rectify it.


If you would like some background about writing these kinds of white papers you could check our One-Hour Briefing about drafting accounting white papers at:

And lastly, if you are thinking about how the issues in this enforcement relate to issues that could be critical accounting estimates, you could also review the requirements for these disclosures in FR 72. You can find them at the end of the FR at:


As always, your thoughts and comments are welcome!

Procrastinating about Rev Rec?

Let’s face it, almost all of us procrastinate! And when there is a good reason to procrastinate, well, that is all the better! One of the big rationales for procrastinating dealing with the new revenue recognition standard was that the FASB was definitely going to make changes to the original ASU (ASU 2014-09). As the Transition Resource Group identified and discussed issues in the new standard it became clear that the FASB would clarify certain issues and improve the standard in other areas. In fact the FASB started four discrete projects to make changes.

Yesterday that rationale came to an end.   The FASB released the fourth of the four ASU’s. They are:


  1. ASU 2015-14 – Revenue from Contracts with Customers (Topic 606): Deferral of the Effective Date – Issued August 2015


  1. ASU 2016-8 – Revenue Recognition — Principal Versus Agent Considerations (Reporting Revenue Gross Versus Net) – Issued March 2016


  1. ASU 2016-10 – Revenue Recognition — Identifying Performance Obligations and Licenses – Final Standard Issued in April 2016


  1. ASU 2016-12 – Revenue Recognition — Narrow-Scope Improvements and Practical Expedients – Issued May 2016


All the core issues are now in the standard as amended! And yes, the TRG and the AICPA’s Industry Task Forces will continue to work on specific issues. You can read about the TRG’s issues at:


And you can follow-up on the AICPA’s task forces at:


And, even with the TRG and AICPA still at work, the core is there. It is time to get busy!


As always, your thoughts and comments are welcome!

A Few Disclosure Control Reminders

In our Workshops, participants almost always have a reasonable understanding of Internal Control Over Financial Reporting (or ICFR).   And this makes sense; the concept of internal control in the financial reporting process has existed for decades. When SOX required all companies to evaluate their ICFR, the way banks had been evaluating ICFR since the FDICIA Act of 1991, it was not a brand new idea.


But what about controls over the preparation of information which is outside of the financial statements? Prior to SOX there was no “control” process for non-financial information. Recognizing that the non-financial information in a filing can be as important if not more important than the financial statements, SOX created a new category of controls, disclosure controls and procedures (DCP for short).


This post reviews some background about DCP and then we dive more deeply into four common DCP problem areas and include some example SEC comments. (If you are comfortable with the concept of DCP, you can skip to the comments at the end.)


The technical definition of DCP is in Exchange Act Rule 13a-15:


(e) For purposes of this section, the term disclosure controls and procedures means controls and other procedures of an issuer that are designed to ensure that information required to be disclosed by the issuer in the reports that it files or submits under the Act (15 U.S.C. 78a et seq.) is recorded, processed, summarized and reported, within the time periods specified in the Commission’s rules and forms. Disclosure controls and procedures include, without limitation, controls and procedures designed to ensure that information required to be disclosed by an issuer in the reports that it files or submits under the Act is accumulated and communicated to the issuer’s management, including its principal executive and principal financial officers, or persons performing similar functions, as appropriate to allow timely decisions regarding required disclosure.


From this definition it is clear that DCP applies to the entire report. So, for example, in a Form 10-K, while ICFR applies to the financial statements in Item 8, DCP applies to the whole report, Items 1 through 15, including MD&A, includes a substantive portion of ICFR in the financial statements.


When SOX created a requirement to evaluate ICFR, it also created a requirement to evaluate DCP. Again, from Rule 13a-15:


(b) Each such issuer’s management must evaluate, with the participation of the issuer’s principal executive and principal financial officers, or persons performing similar functions, the effectiveness of the issuer’s disclosure controls and procedures, as of the end of each fiscal quarter, except that management must perform this evaluation:

(1) In the case of a foreign private issuer (as defined in §240.3b-4) as of the end of each fiscal year….


Both Form 10-K in Item 9A and Form 10-Q in Part I Item 4 refer to S-K Item 307:



  • 229.307   (Item 307) Disclosure controls and procedures.

Disclose the conclusions of the registrant’s principal executive and principal financial officers, or persons performing similar functions, regarding the effectiveness of the registrant’s disclosure controls and procedures (as defined in §240.13a-15(e) or §240.15d-15(e) of this chapter) as of the end of the period covered by the report, based on the evaluation of these controls and procedures required by paragraph (b) of §240.13a-15 or §240.15d-15 of this chapter.

[68 FR 36663, June 18, 2003]


One important difference between ICFR and DCP is that a newly public company does not have to report on the effectiveness of its ICFR in its first 10-K and in fact an Emerging Growth Company does not have to report on the effectiveness of its ICFR while it is an emerging growth company. But DCP must be evaluated immediately in the company’s first 10-Q or 10-K. And this evaluation must be performed each quarter.


DCP Problem Areas


Here are four common issues with some example comments about the DCP reporting process:


Have you documented your evaluation of DCP?

Have you said DCP are or are not effective?

Have you considered the impact of ICFR issues on DCP?

When you remediate, remember to disclose what you did.


Have you documented your evaluation of DCP?


One challenging issue in the evaluation of DCP is how much documentation is required? As a brand new concept with SOX, DCP does not have the history that ICFR has. Companies may have a Disclosure Committee, use sub-certifications, or have CEO and CFO meetings with operations managers, all of which would be part of DCP. But there is no formal “framework” for DCP and much more judgment is required. The same is true of the evaluation process. That said, it is clear it is required:

Controls and Procedures, page 105

  1. We note the disclosures under subsections (a) and (b) under this heading refer to management’s evaluations and conclusions of the effectiveness of disclosure controls and procedures and internal control over financial reporting as of and for the year December 31, 2013. In your response please confirm, if true, that company’s management performed the annual assessments as of the end of the period covered by this report, December 31, 2014. Please also provide us with the revised disclosures, with the applicable period, that includes the following:
  • the evaluations and conclusions of the principal executive and principal financial officers, regarding the effectiveness of the company’s disclosure controls and procedures as of the end of the period covered by the report, as prescribed by Item 307 of Regulation S-K; and
  • a report from management on the company’s internal control over financial reporting with the elements prescribed in Item 308(a) of Regulation S-K.


Have you said DCP are or are not effective?

Just as with ICFR a conclusion that DCP are or are not effective is required when they are evaluated. Note that in both the following comments the SEC is requiring the company to amend their filing:

Item 4. Controls and Procedures, page 35

  1. Based on the evaluation of disclosure controls and procedures as of June 30, 2014, your chief executive officer and chief financial officer concluded that your disclosure controls and procedures were effective as of June 30, 2014, except for the impact of material weaknesses in your internal control over financial reporting. We believe that Item 307 of Regulation S-K requires your officers to conclude if your disclosure controls and procedures are “effective.” We do not believe it is appropriate for your officers to conclude that your disclosure controls and procedures are effective “except for” certain identified problems. Your officers must definitively conclude whether your disclosure controls and procedures are effective or ineffective. Your officers should consider the identified problems in determining if your disclosure controls and procedures are effective. If your officers conclude your disclosure controls and procedures are effective, please disclose the basis for their conclusion in light of these material weaknesses. If you determine that your disclosure controls and procedures were ineffective as of June 30, 2014 when considering these identified problems, please amend your Form 10-Q for the period ended June 30, 2014 to include your revised assessment of your disclosure controls and procedures.


  1. In the first paragraph of this section, you disclose that your disclosure controls and procedures were adequate. Meanwhile, in the second paragraph of this section, you disclose that your disclosure controls and procedures were not effective. In an amendment to your Form 10-K, please revise to disclose your conclusion that your disclosure controls and procedures are effective or ineffective, whichever the case may be. Refer to Item 307 of Regulation S-K.


Have you considered the impact of ICFR issues on DCP?


As described above DCP includes ICFR as a subset of DCP.   This means that if a company has a material weakness in ICFR it likely also impacts on DCP.

Item 4. Controls and Procedures, page 21

  1. As reported in your Form 10-K for the year ended July 31, 2015, management identified material weaknesses in internal controls over financial reporting, and you disclose that your remediation of the material weaknesses in your internal control over financial reporting is ongoing. Given this, please tell us the factors that management considered in concluding that disclosure controls and procedures were effective for the period.

When you remediate, remember to disclose what you did.

Lastly, just as with ICFR, when you remediate a problem area, be sure to appropriately disclose what you did to fix a control problem

Evaluation of Disclosure Controls and Procedures, page 7

  1. We note that you conclude that your disclosure controls and procedures were not effective on June 30, 2015. Please expand your disclosures to clearly discuss the material weakness identified, when it was discovered and your plans to remediate it.
  2. We note your conclusion indicating that your disclosure controls and procedures were not effective as of your June 30, 2015 fiscal year end due. Further, we note your management concluded that disclosure controls and procedures in your Form 10-Q filed on November 16, 2015 were effective and there were no changes in your internal control over financial reporting during the quarter ended September 30, 2015. Please revise to expand your disclosures to explain how management determined that its disclosure controls and procedures were effective at September 30, 2015 given that the company concluded that they were ineffective at year end. In this regard, tell us and disclose how you remediated the material weakness that caused you to conclude that your disclosure controls and procedures were not effective at June 30, 2015. Also, please revise your disclosures to comply with Item 308(c) of Regulation S-K to include details of any changes that may have materially affected or are reasonably likely to materially affect the company ́s internal control over financial reporting.


As always, your thoughts and comments are welcome!

Message From Enforcement: Metrics Matter!

Metrics, measures of performance drivers outside the financial statements, have become a larger part of how companies communicate with investors in recent years. As with all communication tools, a carefully planned, balanced presentation is important. Well-designed metrics can provide greater insight into the fundamentals of a company’s operations.

As with other elements of financial reporting, metrics can be misused. A metric could be poorly designed and not really correlate with financial performance. A metric could also be misstated or manipulated.

Poorly Designed Metrics

Many tech companies have complex and hard to understand revenue models. Measures such as “daily active users” and “monthly active users” can help users understand a company’s performance. That said, the link between the metric and performance needs to be clear. The CorpFin Staff has written many comments about this issue. Here are a couple of examples:

  1. In your various quarterly earnings calls, we note your discussion of the performance of your business in terms of the “add/quit metric” and “uniform wearer losses” (based upon changes in the number of uniform wearers within particular sectors of your customer base). We further note this is your fourth consecutive quarter of negative uniform wearer losses. Please expand your MD&A to include this information as well as a discussion of any trends or uncertainties. Additionally, the add/stop metric appears to have a meaningful impact on operating margins and growth rate. Please expand your disclosure to provide a complete picture of the relationship between the add/quit metric, operating margins, and growth rate for each material sector of your customer base. Please refer to Item 303(a)(3) of Regulation S-K and Section III.B.1. of SEC Release 33-8350.


  1. We note your statement that your results are highly dependent on comparable store sales. We further note that your comparable store sales have declined over the last three years and within each year have generally declined each quarter. We also note your statements that your comparable store sales are difficult to predict in the current competitive landscape and may get marginally worse before they get better. Given the importance of this metric to your results and its significant decline over the last three fiscal years, please tell us and disclose in more detail the factors that contributed to this decline, such as any significant declines in prices, including significant increases in your promotional activity, any significant declines in the volume of items sold, any change in the mix of products being sold or any other material factors that had a significant impact on the decline in your comparable store sales. While this decline in comparable store sales may ultimately be driven by your competitive environment, we believe a more detailed discussion of changes in intermediate factors such as price and volume will provide more transparency to your investors as to how you are affected by this competition, any steps management has taken to mitigate the impact of this competition and the success of management’s strategies. Refer to Item 303(a)(3)(iii) of Regulation S-K and SEC Release No. 33-8350.


Misstated Metrics and Enforcement

When companies present metrics, they should be very careful to use a balanced approach to the information and use the metric consistently to avoid presenting potentially misleading information. We discussed many of these issues in our One-Hour Briefing about Non-GAAP Measures and Metrics. You can find the briefing at:


One really “old school” example metric would be the financial ratio gross margin. It is not a non-GAAP measure so long as it is computed using the revenues, cost of sales and gross margin lines on a company’s income statement. For retailers, it is a crucial measure of performance. Gross margin trend over time can have a significant impact on how investors view a retailer.

In a recent enforcement case the SEC fined a large outdoor products retailer and its CFO for manipulating their gross margin and then misstating why gross margin changed. The source of the issue was a fee the company charged to its wholly owned banking subsidiary. In the retailer’s financial statements the fee was used to reduce cost of sales and thus increase gross margin. Such a fee would normally be eliminated in consolidation. Here though, the company failed to eliminate this intercompany transaction. As a result, in the consolidated financial statements the net income of the financing part of the business was understated and the gross margin of the retailing part of the business was overstated. Additionally, the company did not disclose that this intercompany fee had increased their gross margin and actually attributed the increase to other causes.


Here is a quote from the enforcement order:

This in turn increased ——– merchandise gross margin percentage, a key company-specific financial metric that signaled the profitability of the company and was referenced by the company in earnings releases and analysts calls.


The end result: Enforcement!

And, a clear message, manipulating metrics can get a company into just as much trouble as manipulating the financial statements!

You can read the enforcement release at:


As always, your thoughts and comments are welcome!