All posts by George Wilson

Chief Accountant Statement on Risk Assessment

On August 25, 2023, Chief Accountant Dr. Paul Munter issued a Statement titled “The Importance of a Comprehensive Risk Assessment by Auditors and Management.”  The Statement begins:

“Management’s and auditors’ risk assessment processes are critical to the decisions regarding financial reporting and the effectiveness of internal control over financial reporting (ICFR). Accordingly, we are troubled by instances in which management and auditors appear too narrowly focused on information and risks that directly impact financial reporting, while disregarding broader, entity-level issues that may also impact financial reporting and internal controls.”

Dr. Munter’s Statement addresses several risk assessment issues, including changing business risks, the importance of professional skepticism for auditors, and internal control issues that may be outside of direct financial reporting objectives.  These issues in many ways involve entity-level controls and dovetail nicely with a culture assessment tool from the Anti-Fraud Collaboration titled “Assessing Corporate Culture: A Proactive Approach to Deter Misconduct.”  The Anti-Fraud Collaboration is comprised of The Center for Audit Quality, Financial Executives International, The Institute of Internal Auditors, and the National Association of Corporate Directors.

In the executive summary of the assessment tool, the group makes this important point:

“When a corporate scandal occurs and stakeholders seek reasons and root causes, the trail often leads back to problems with the organization’s culture. Financial statement fraud is one extreme example of a consequence of a weak ethical culture, while a strong ethical culture can mitigate the risks of fraud…”

When a material financial reporting fraud occurs, very rarely is it the result of only a process level control problem.  More often it is the result of material weaknesses in entity-level controls within the control environment that allow process level and other controls to be overridden or otherwise circumvented by persons who can abuse authority within a culture.

A real-world example of this type of weakness is discussed in Roadrunner Transportation Systems’ Form 10-K for 2017, which was issued shortly after a material restatement.  These excerpts from Roadrunner’s ICFR report focus on entity-level control weaknesses:

Management’s Report on Internal Control Over Financial Reporting

Management, including our CEO and CFO, is responsible for establishing and maintaining adequate internal control over financial reporting (as defined in Rules 13a-15(f) and 15d-15(f) under the Exchange Act and based upon the criteria established in Internal Control-Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission (the “COSO framework”)). Our internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of our financial reporting and the preparation of our financial statements for external purposes in accordance with GAAP.

……..

Based on evaluation under these criteria, management determined, based upon the existence of the material weaknesses described below, that we did not maintain effective internal control over financial reporting as of the Evaluation Date.

Control Environment

We did not maintain an effective control environment based on the criteria established in the COSO framework. We have identified deficiencies in the principles associated with the control environment of the COSO framework. Specifically, these control deficiencies constitute material weaknesses, either individually or in the aggregate, relating to: (i) our commitment to integrity and ethical values, (ii) the ability of our board of directors to effectively exercise oversight of the development and performance of internal control, as a result of failure to communicate relevant information within our organization and, in some cases, withholding information, (iii) appropriate organizational structure, reporting lines, and authority and responsibilities in pursuit of objectives, (iv) our commitment to attract, develop, and retain competent individuals, and (v) holding individuals accountable for their internal control related responsibilities.

We did not maintain an effective control environment to enable the identification and mitigation of risks of material accounting errors as result of the contributing factors to the material weaknesses in the control environment, including:

The tone from former executive management was insufficient to create the proper environment for effective internal control over financial reporting and to ensure that (i) there were adequate processes for oversight, (ii) there was accountability for the performance of internal control over financial reporting responsibilities, (iii) identified issues and concerns were raised to appropriate levels within our organization, (iv) corrective activities were appropriately applied, prioritized, and implemented in a timely manner, and (v) relevant information was communicated within our organization and not withheld from our independent directors, our Audit Committee, and our independent auditors.
Our oversight processes and procedures that guide individuals in applying internal control over financial reporting were not adequate in preventing or detecting material accounting errors, or omissions due to inadequate information and, in certain instances, management override of internal controls, including recording improper accounting entries, recording accounting entries that were inconsistent with information known by management at the time, not communicating relevant information within our organization and, in some cases, withholding information from our independent directors, our Audit Committee, and our independent auditors.

Risk Assessment

We did not design and implement an effective risk assessment based on the criteria established in the COSO framework. We have identified deficiencies in the principles associated with the risk assessment component of the COSO framework. Specifically, these control deficiencies constitute material weaknesses, either individually or in the aggregate, relating to: (i) identifying, assessing, and communicating appropriate objectives, (ii) identifying and analyzing risks to achieve these objectives, (iii) contemplating fraud risks, and (iv) identifying and assessing changes in the business that could impact our system of internal controls.

For auditors, it is particularly important to remember that evaluating entity-level controls is required as part of an audit of ICFR.  AS 2201 paragraph 25 states:

 Control Environment. Because of its importance to effective internal control over financial reporting, the auditor must evaluate the control environment at the company. As part of evaluating the control environment, the auditor should assess –

      • Whether management’s philosophy and operating style promote effective internal control over financial reporting;
      • Whether sound integrity and ethical values, particularly of top management, are developed and understood; and
      • Whether the Board or audit committee understands and exercises oversight responsibility over financial reporting and internal control.

The points made in the Anti-Fraud Collaboration document, the example above from Roadrunner Transportation and the guidance from AS 2201 dovetail with the points made in Dr. Munter’s Statement.  In his conclusion, he makes this point:

“When business risks change, a robust, iterative risk assessment process and strong entity and process-level controls are essential to transparent and high-quality financial reporting. Auditors in their public gatekeeper role serve as an independent check on management’s performance of these critical functions and should transparently communicate with investors in accordance with PCAOB standards.”

As always, your thoughts and comments are welcome.

CorpFin Issues Compliance and Disclosure Interpretations for Pay versus Performance and Executive Compensation Questions

On September 27, 2023, CorpFin issued ten new Compliance and Disclosure Interpretations (C&DIs) addressing questions about Pay versus Performance (PvP) disclosures and the use of non-GAAP measures in executive compensation disclosures.

The nine new PvP C&DIs address a number of technical issues such as the treatment of pre-IPO equity awards in periods after a company’s IPO, vesting considerations for awards with market conditions, and how to treat awards that vest because the holder becomes retirement eligible.

The one new executive compensation C&DI addresses an exception to non-GAAP measure disclosure requirements when a non-GAAP measure is included as a target in S-K Item 402 disclosures.  It clarifies that a non-GAAP measure disclosed in executive compensation disclosures that does not relate to target levels is subject to the non-GAAP disclosure requirements in Regulation G and S-K Item 10(e).

As always, your thoughts and comments are welcome.

Yet One More Violation of Whistleblower Protection Rules

In two recent posts we discussed enforcement actions against Monolith Resources and CBRE, Inc. for violating the SEC’s whistleblower protection rules.  On September 29, 2023, the SEC announced its latest such case, this one against D.E.Shaw and Co. L.P., for using employment agreements that violated the whistleblower protection rules.  This violation resulted in a $10,000,000 civil penalty along with a cease-and-desist order.

You can read more details in the related Order.

All these cases send direct and clear reminders to proactively review employment, termination and similar agreements to assure they do not run afoul of the whistleblower protection rules.

As always, your thoughts and comments are welcome!

Enforcement Sends an Emphatic Section 16 Reporting Reminder

On September 27, 2023, the Enforcement Division announced settled enforcement orders against six individuals and five companies based on Section 16 and Forms 13D and 13G reporting failures.  The individuals and  companies paid fines ranging from $115,000 to $200,000.  Sanja Wadhwa, Deputy Director of the SEC’s Division of Enforcement, said:

“Today’s enforcement action should serve to remind SEC filers that reporting obligations under the securities laws are not optional, and there are consequences for failing to file required forms in a timely manner.”

This enforcement sweep is very similar to a September 2014 sweep.  You can read more in this Press Release, where you can find links to the individual orders.

As always, your thoughts and comments are welcome!

Yes, Violating Whistleblower Protection Rules Is an Enforcement Hot Topic!

In a prior blog post, we reviewed a September 8, 2023, Enforcement Order against Monolith Resources, LLC based on the company violating the SEC’s whistleblower protection rules.

Less than two weeks later, on September 19, 2023, the Enforcement Division added to the growing list of these cases with an announcement that CBRE, Inc., a wholly-owned subsidiary of NYSE-listed CBRE Group, Inc., had also violated the whistleblower protection rules.   In its separation agreements CBRE Inc. had included language requiring employees to attest “that they had not filed a complaint against CBRE with any federal agency.”  After the SEC commenced its investigation, the company took strong remedial steps.  In settling the case CBRE, Inc. paid a civil penalty of $375,000.

You can read more in the related SEC Order.

As always, your thoughts and comments are welcome!

Another 12b-25 Enforcement Sweep

We’d like to again remind our readers that Form 12b-25 is not an automatic extension for quarterly and annual reports.  In a prior blog post, we discussed an enforcement sweep in which eight companies paid fines for failing to disclose “anticipated restatements” in Form 12b-25.

On August 22, 2023, the SEC announced another sweep that caught five companies for exactly the same issue, failing to disclose “anticipated restatements.”  These companies restated their financial statements within three to twenty-one days after filing Form 12b-25.

As a reminder, Part III of Form 12b-25 includes this instruction:

State below in reasonable detail why Forms 10-K, 20-F, 11-K, 10-Q, 10-D, N-CEN, N-CSR, or the transition report or portion thereof, could not be filed within the prescribed time period.

(Attach extra Sheets if Needed)

As always, your thoughts and comments are welcome!

Another Violation of Whistleblower Protection Rules

The SEC has enforced against several companies for including clauses in separation or employment agreements that violate whistleblower protection laws.  You can read more in these releases about settled actions with KBR, Inc. and Brink’s Company.

In a settled enforcement announced on September 8, 2023, Monolith Resources, LLC entered into a cease-and-desist order and paid a civil money penalty of $225,000 because the company included provisions in separation agreements that required certain departing employees to waive rights to whistleblower awards.  What makes this case different, is that Monolith Resources, LLC is a privately held company.

You can read more in the related Press Release and SEC Order.

As always, your thoughts and comments are welcome!

Another 12b-25 Enforcement Sweep

We’d like to again remind our readers that Form 12b-25 is not an automatic extension for quarterly and annual reports.  In a prior blog post, we discussed an enforcement sweep in which eight companies paid fines for failing to disclose “anticipated restatements” in Form 12b-25.

On August 22, 2023, the SEC announced another sweep that caught five companies for exactly the same issue, failing to disclose “anticipated restatements.”  These companies restated their financial statements within three to twenty-one days after filing Form 12b-25.

As a reminder, Part III of Form 12b-25 includes this instruction:

State below in reasonable detail why Forms 10-K, 20-F, 11-K, 10-Q, 10-D, N-CEN, N-CSR, or the transition report or portion thereof, could not be filed within the prescribed time period.

(Attach extra Sheets if Needed)

As always, your thoughts and comments are welcome!

Chair Gensler Climate Disclosure Testimony Before the Senate Committee on Banking, Housing, and Urban Affairs

On September 12, 2023, SEC Chair Gary Gensler testified before the Senate Committee on Banking, Housing, and Urban Affairs.  His testimony touched on a wide range of issues including new rules affecting private funds, new cybersecurity disclosures and these comments about climate risk disclosures:

Climate Risk Disclosure

The SEC has no role as to climate risk itself. We, however, do have an important role in helping to ensure that public companies make full, fair, and truthful disclosure about the material risks they face.

Our federal securities laws lay out a basic bargain in our markets. Investors get to decide which risks to take, so long as public companies raising money from the public make what President Franklin Roosevelt called “complete and truthful disclosure.”

Under the securities laws, the SEC is merit neutral. Investors get to decide what investments they make and risks they take based upon those disclosures. The SEC focuses on the disclosures about, not the merits of, the investment.

Already today, issuers are making climate risk disclosures, and investors are making investment decisions based on those disclosures. Indeed, a majority of the top thousand issuers by market cap already make such disclosures, including what’s known as Scope 1 and Scope 2 greenhouse gas emissions.  Further, investors representing tens of trillions of dollars in assets are making decisions relying on those disclosures.

Thus, in fulfilling the Commission’s important role, we put out for comment a proposal about climate-related disclosure to bring consistency and comparability to such disclosures.

We are considering carefully the more than 15,000 comments we’ve received on the proposal. We greatly benefit from public input and, given the economics and the law, will consider adjustments to the proposed rule that the staff, and ultimately the Commission, think are appropriate in light of those comments.

As always, your thoughts and comments are welcome!

CorpFin Issues Sample Letter to Companies Focused on XBRL Disclosures

On September 7, 2023, CorpFin issued a Sample Letter to Companies addressing several XBRL issues.  In the letter the staff states:

“The Commission has noted that investors and market participants have gained experience with XBRL and Inline XBRL and that there is increased evidence that data in these formats is useful to investors.”

The example comments in the letter address a broad variety of issues, including failing to include inline XBRL, inconsistencies in the common shares outstanding numbers between the cover page and balance sheet, and using inconsistent tags for particular financial statement line items from period to period.

You can review all the example comments in the Sample Letter.

As a reminder, you can find all the sample letters issued by CorpFin, along with other important disclosure guidance, here.

As always, your thoughts and comments are welcome!