Tag Archives: INTERNAL AUDITING

Whistleblower Reminders

Hot Topic, , , , , , , , , , , , , , , , , , ,

By: George M. Wilson & Carol A. Stacey

 

On December 19 and 20, 2016, as a year-end reminder, the SEC’s Enforcement Division announced two more cases to emphasize that companies MUST NOT do anything to impede employees from blowing the whistle.

You can find a lot more background about this issue in this post.

In the first case NeuStar Inc. paid a fine of $180,000 for putting restrictive language in severance agreements.

The SEC found that NeuStar was “routinely entering into severance agreements that contained a broad non-disparagement clause forbidding former employees from engaging with the SEC and other regulators ‘in any communication that disparages, denigrates, maligns or impugns’ the company.” The agreements were structured harshly. Departed employees would lose all but $100 of their severance pay if they violated the agreement. This language impeded at least one former employee from contacting the SEC.

In the second case Oklahoma City-based SandRidge Energy Inc. agreed to pay a fine of $1.4 million. Even though the company reviewed their severance arrangements several times after new Dodd/Frank rules were put in place, they continued to include language “restricting” former employees from blowing the whistle to regulators.

The SEC found that “SandRidge fired an internal whistleblower who kept raising concerns about the process used by SandRidge to calculate its publicly reported oil-and-gas reserves.”

The message is clear – Don’t try to limit a former employee’s ability to blow the whistle! Instead, take steps to investigate the matter!

As always, your thoughts and comments are welcome!

Why, Oh Why, Is It Always Segments?

Hot Topic, , , , , , , , , , , , , , , , , , , , ,

By: George M. Wilson & Carol A. Stacey

If you have been involved with SEC reporting for more than say, five minutes, you have heard about or discussed with someone the SEC’s focus on operating segments. Segment related disclosures are included in several Form 10-K Items, including:

Item 1 – Description of the business,

Item 2 – Properties,

Item 7 – MD&A, and of course

Item 8 – Financial Statements.

Almost every SEC conference or workshop addresses the importance of segment disclosures.

The latest segment “message” from the SEC is in the November 7, 2016 Accounting and Auditing Enforcement Release dealing with PowerSecure.

It is the same familiar message we heard in the Sony case in 1998 and the PACCAR case in 2013. When companies avoid making proper GAAP disclosures for operating segments to try and bury problems in one part of a business with profits from another part of their business, trouble will result.

In the “classic” Sony case the company used profits from its music business to mask problems in its movie business. This case also has a great known trend disclosure problem and becomes an almost scary “double trouble” example. To escalate this case to “triple trouble” the SEC also made it clear that Sony’s assignment of MD&A to the IR manager was not appropriate by naming that person in the case and forcing Sony to reassign this responsibility to the CFO. With all that was going on with Sony the SEC went so far as to require the company to engage its auditors to “examine” MD&A. Surprisingly, under the attest standards, auditors can issue a full opinion report on MD&A!

In the PACCAR case problems in new truck sales were hidden with profits from truck parts sales. This SEC Complaint includes a very detailed summary of the operating segment disclosure requirements, discussing in detail how PACCAR’s management viewed the business and how, in the SEC’s judgement, PACCAR was not following the GAAP requirements. It includes this language:

“However, in reporting its truck and parts results as a single segment, PACCAR did not provide investors with the same insight into the Company as PACCAR’s executives.”

This story line repeats in PowerSecure. For the periods in question PowerSecure reported one segment when that was not how management actually viewed the business:

“PowerSecure also misapplied ASC 280 by concluding that its CODM – who was determined to be the Chief Executive Officer (“CEO”) – did not regularly review operating results below the consolidated level to make decisions about resource allocations and to assess performance. This was inconsistent with the way in which the CEO regularly received, reviewed, and reported on the results of the business and how the company was structured. On a monthly basis, the CEO received financial results that reflected a measure of profitability on a more disaggregated level than the consolidated entity. Further, on a quarterly basis, the CEO met with each business unit some of the business unit leaders had business unit level budgets and forecasts and received incentive compensation based, at least in part, upon the results of their business unit.“

The message is clear, don’t use segments to try and hide problems! As a last reminder, don’t forget that these disclosure requirements may go to an even lower level than operating segments in MD&A. Regulation S-K Item 303 makes this clear:

“Where in the registrant’s judgment a discussion of segment information or of other subdivisions of the registrant’s business would be appropriate to an understanding of such business, the discussion shall focus on each relevant, reportable segment or other subdivision of the business and on the registrant as a whole.”

As always, your thoughts and comments are welcome!

 

Revenue Recognition –Some Example Implementation Judgements and an Update on the AICPA’s Industry Task Forces

Hot Topic, , , , , , , , , , , , , , , , , , , , ,

By: George M. Wilson & Carol A. Stacey

Some of the New Revenue Recognition Judgments

If you have begun your implementation work for the new revenue recognition standard you know that this one-size-fits-all, principles based model will require many new judgments for most of us. Among the challenging questions are:

  1. When does an agreement with a customer become legally enforceable and include the five elements that bring it in scope for revenue recognition?
  2. How do we properly account on the balance sheet for transactions with customers before there is an in-scope, legally enforceable contract?
  3. When does a product or service we deliver to a customer meet the new criteria of “distinct” and become a performance obligation, the unit of account for revenue recognition?
  4. How do we make the now required estimate of variable consideration and apply the new constraint?
  5. What will be the best method to make the required estimate of stand-alone selling price when it is not directly observable?
  6. When does control transfer to a customer now that delivery, ownership and risk of loss are no longer the points in time when revenue is recognized?

 

This list is, of course, in no way complete. Individual companies may find their judgments more or less extensive and complex.

While the FASB has produced all of these new principles and the related judgments, it has also included a fair amount of implementation guidance in the new standard and clarified several issues in updates to the ASU. There are a few more soon to be final technical corrections in another ASU that you can read about here.

 

AICPA Help for Specialized Industries

 

Since this new standard is a “one-size-fits-all” approach to revenue recognition and it supersedes all industry specific guidance we have today, industries like oil and gas, airlines and others face unique challenges. In addition to the FASB’s efforts to assist us in this process you may have heard that the AICPA has also formed special task forces to deal with industry specific challenges in implementing the new standard.

You can learn about the AICPA’s efforts surrounding the new revenue recognition task force here.

The industry groups are:

 

There are over 100 specific position papers that have been put in process for the working groups and task forces which will ultimately be reviewed by FINREC. If you work in one of these industries, the links above will help you find the related working papers and their status.

 

As always, your thoughts and comments are welcome!

A Control Environment and History Follow-Up

Hot Topic, , , , , , , , , , , , , , , , , , , , ,

By: George M. Wilson & Carol A. Stacey

 

This famous quote has been in our thoughts over the last several months:
“Those who cannot remember the past are condemned to repeat it.”

George Santayana, the poet and essayist, wrote these famous words in his book The Life of Reason. Many other people including Winston Churchill have thoughtfully incorporated this fundamental principle of life in speeches and remarks.

Another favorite variation of the idea comes from Mark Twain:
“History doesn’t repeat itself, but it does rhyme.”

The lesson here is that if we learn history we can hopefully avoid making the same or similar mistakes in the future. As we discussed a couple of posts back, recent public company news shows that many organizations have not been learning from the past.

 

One person who can help us learn about history we do not want to repeat is Cynthia Cooper. She was the WorldCom head of internal audit who built and lead the team that worked almost “under cover” to find the largest fraud ever discovered. This was a tone at the top fraud, involving the CEO, CFO and CAO. Her book is a sometimes-chilling story of how bad tone at the top results in fraud.

 

Sharron Watkins is another person who can help us learn how to not repeat history. She was the Enron Vice President, a direct report to Andy Fastow, who blew the whistle about Enron’s accounting irregularities. And we all know perhaps too much about that fraud which was even the subject of a book and related movie “Enron: The Smartest Guys in the Room”.

 

Corporate ethics will never be easy, but as history and current events show, it does matter. If leadership of an organization sends the message that making money is the most important thing an organization does, if it sends the message that if you don’t make money you will be fired, if it sends the message that other values can be sacrificed if you make money, the ultimate result is inevitable. In countless frauds over centuries, from Ivar Kreuger, the match king in the early 1900s, to Equity Funding in the 1970s, to Madoff, to Enron, to the companies we are talking about today, this lesson has been proven time and time again.

 

These stories can help us learn and avoid the mistakes others have made. They can be the focus of training and learning. They can be the foundation for building awareness and support for these issues in organizations large and small.

 

As always, your thoughts and comments are welcome.

Disclosure Effectiveness – The Saga Continues

Hot Topic, , , , , , , , , , , , , , , , , , , , , , ,

By: George M. Wilson & Carol A. Stacey

A not so long, long time ago (OK, sorry Arlo Guthrie), and over a very reasonable period, the SEC began its Disclosure Effectiveness initiative. As you have likely heard (and can read about here), the Staff has sought comment and feedback about a variety of issues, including a lengthy release dealing with Regulation S-K and another dealing with various “financial statements of others” requirements in Regulation S-X.

The latest disclosure simplification development is a 26-page Staff report required by the FAST Act titled “Report on Modernization and Simplification of Regulation S-K”. It addresses a variety of areas ranging from properties to risk factors. Included are several interesting ideas such as requiring year-to-year comparisons in MD&A for only the current year and prior year and including hyperlinks to prior filings for prior comparisons.

The report is a thoughtful and interesting step in this challenging process.

As always, your thoughts and comments are welcome!

Tone at the Top, History and COSO

Hot Topic, , , , , , , , , , , , , , , , , ,

By: George M. Wilson & Carol A. Stacey

 

First, a quick warning before you read this post. One of the authors of this post spent nine years teaching at a university which had one of the few undergraduate business programs in the country with a required course in business ethics. This post is perhaps a bit preachy!

We have seen some distressing examples in the news lately of organizations acting unethically. If you were around during the early 2000s these events evoke a strong feeling of déjà vu. The similarities in the “tone at the top” of the organizations in the news today compared to the tone at the top in the companies involved in the pre-SOX waves of fraud (such as WorldCom and Enron) is eerie!

In all of these frauds, the roots of unethical conduct which harmed shareholders were at the top of the organizations.

History, as it always seems to do, is repeating itself. Eventually defective tone at the top will always result in trouble and distress for the organization and investors. (Yes, that was one of the preachy parts!)

All this makes it seem like a great time to review a key element in the foundations of internal control, the control environment. Here is an excerpt from the Executive Summary of the 2013 COSO Framework:

 

“Control Environment

The control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. The board of directors and senior management establish the tone at the top regarding the importance of internal control including expected standards of conduct. Management reinforces expectations at the various levels of the organization. The control environment comprises the integrity and ethical values of the organization; the parameters enabling the board of directors to carry out its governance oversight responsibilities; the organizational structure and assignment of authority and responsibility; the process for attracting, developing, and retaining competent individuals; and the rigor around performance measures, incentives, and rewards to drive accountability for performance. The resulting control environment has a pervasive impact on the overall system of internal control. “

Building an effective control environment starts at the top of an organization with the executive leadership, board and Audit Committee. If the people in these roles place financial performance before integrity, if their attitude is about accomplishing objectives at whatever the cost, that is poison in the control environment.

Understanding, assessing and evaluating tone at the top and the other elements of the control environment is not easy.

In a telecom company where the message from the CEO is to make the numbers at any cost is there any surprise that the end result is one of the largest financial reporting frauds ever? Or that the fraud was carefully crafted to avoid detection by the auditors? And, when the perpetrators of the fraud are the leaders of the organization, who have the power to punish anyone who might call out the tone at the top issues, is it any wonder that it is easy for them to conceal the corruption in the control environment? Is it any surprise that the courageous internal auditors who eventually called out the fraud actually had to conduct their investigation in secret and at times wondered if they should be afraid for their lives?

 

In an energy trading company where the CFO was behind hidden issues involving off-balance sheet arrangements that were not on the up-and-up, is it any wonder that the first person to really escalate the issue did so in an anonymous letter?

 

In a bank where not making sales goals resulted in your termination, is there any surprise when rules are bent? Is there any surprise when people are fired when they attempt to raise the issue to their managers?

 

As another example, check out this 10-K for Hertz which includes a major restatement. In the “Explanatory Note” at the beginning of the document you will find this language:

 

As of December 31, 2014, we did not maintain an effective control environment primarily attributable to the following identified material weaknesses:

Our investigation found that an inconsistent and sometimes inappropriate tone at the top was present under the then existing senior management that did not in certain instances result in adherence to accounting principles generally accepted in the United States of America (“GAAP”) and Company accounting policies and procedures. In particular, our former Chief Executive Officer’s management style and temperament created a pressurized operating environment at the Company, where challenging targets were set and achieving those targets was a key performance expectation. There was in certain instances an inappropriate emphasis on meeting internal budgets, business plans, and current estimates. Our former Chief Executive Officer further encouraged employees to focus on potential business risks and opportunities, and on potential financial or operating performance gaps, as well as ways of ameliorating potential risks or gaps, including through accounting reviews. This resulted in an environment which in some instances may have led to inappropriate accounting decisions and the failure to disclose information critical to an effective review of transactions and accounting entries, such as certain changes in accounting methodologies, to the appropriate finance and accounting personnel or our Board, Audit Committee, or independent registered public accounting firm.

 

This is another example of a fraud with its roots in tone at the top.

When frauds escalate to a material level there is a reasonable likelihood that it started with a problem with tone at the top, with the control environment.

So, where does all this lead? Assessing tone at the top is not easy. And a poisoned control environment will do everything it can to protect itself. The leaders of an organization with a defective control environment will use the power they wield to keep others from exposing the problem. Perhaps more protections for whistleblowers are a good thing in this regard. Tools to measure ethical behavior in an organization are difficult to find, subjective and imprecise. Enron in fact had a model code of ethics, but having something on paper does not mean that people will live by the code of ethics. The one thing that is clear is that this continues to be a complex area and continues to be at the root of many financial reporting frauds. We all need to focus on this area and work to develop a better understanding and better tools to assess the control environment.

We all need to focus on tone at the top and ethical behavior. Yes, it is not easy to measure, it is not easy for an outsider to observe, but it is clearly crucial to effective ICFR!

 

As always, your thoughts and comments are welcome!

 

 

Year-End Planning – More or Less Concluded – Keeping Up with SEC Focus Areas

Year-End Planning, , , , , , , , , , , , , , , , , , , , ,

By George M. Wilson & Carol A. Stacey

In recent weeks we have been posting about areas to deal with in advance of year-end. So far we have addressed:

Issues in the Statement of Cash Flows

Evaluating and Auditing ICFR

The New Item 16 Form 10-K Summary

Recently Issued Accounting Standards and a Few Example Comments

SAB 74/Topic 11-M – News from the SEC at the September EITF Meeting

Disclosure Effectiveness

Should You Consider Any Issues for OCA Consultation?

A Year End Planning Detail – No More Mailing the ARS to the SEC!

Three Years of Fun – Planning the “Big Three” New FASB Statement Transitions

 

As we are getting ever closer to year-end this is also a good time to proactively review areas where financial reporting problems frequently occur and take steps to assure we have all the “i’s” dotted and “t’s” crossed in these areas.

Unusually complex accounting issues, difficult estimates and sensitive disclosures all become the focus of SEC comments. This is not because the Staff thinks they are important in and of themselves, but rather because these are areas where the Staff frequently uncovers problems in the comment process. Clearly if we do not deal with them appropriately, they involve risk of restatement and amendment.

There are a variety of ways you can keep up with the CorpFin Staff’s frequent comment areas. Every year at our Annual Reporting Forums in November and December, our Conference for Mid-Size and Smaller Companies in September and our Mid-Year Programs in May and June current and former Staffers discuss the areas where they have concerns.

Here is the list from our most recent programs:

  • Segments
  • Statement of Cash Flows
  • Income Taxes
  • Consolidation
  • Business Combinations
  • Fair Value
  • Goodwill
  • Revenue Recognition
  • Non-GAAP Measures & Metrics
  • Internal Control over Financial Reporting

Beyond hearing from the Staff and those in the know, many organizations research comment letters and summarize the areas and frequency of comments within these areas.   You can find these summaries on the web pages for most of the national CPA firms. Here are links to some of them:

EY SEC Comments and Trends

Deloitte’s SEC Comment Letter Series

PWC’s SEC Comment Letter Trends

Other companies build databases of comments which can be researched by comment area, CorpFin Office and even by reviewer. Two companies who sell these kinds of tools are Audit Analytics and Intelligize. However, remember the Staff’s caution that their comments are fact-specific to each registrant and you should never cut and paste from another letter.

If you have any other good sources of information about these issues, please leave them in a comment to this post, and, as usual, your thoughts and comments are welcome!

 

 

 

More Transitions at the SEC

Hot Topic, , , , , , , , , , , , , , , ,

 

By: George M. Wilson & Carol A. Stacey

As you have most likely heard, Chair White recently announced that she will leave the Commission at the end of the Obama administration. As usual, whenever there is a change in administration the senior leadership at the commission leaves and their successors are appointed by the new President. Yesterday Chief Accountant Jim Schnurr announced that he will be retiring from the Commission. You can read the details here. Wes Bricker has been named the new Chief Accountant.

 

If you want to follow along and see SEC news as it happens, you can find all the SEC’s current press releases here.

 

As always, your thoughts and comments are welcome!

A Very Picky Reminder – ICFR and Accounting Standard Implementation Reporting

Hot Topic, , , , , , , , , , , , , , , , , , , , ,

By: George M. Wilson & Carol A. Stacey

SAB 74 (SAB Codification 11-M) disclosures surrounding the new revenue recognition, leasing and financial instrument impairment standards have been receiving a lot of attention lately, especially with the SEC Staff announcement about them at the September EITF meeting.

This is not the only reporting that a new accounting standard might involve. Since these new standards could have an impact on ICFR, this is a good time to remember the requirements to report material changes in ICFR. These requirements apply to both Item 9A in Form 10-K and Part I Item 4 in Form 10-Q. They begin with S-K Item 308(c):

(c) Changes in internal control over financial reporting. Disclose any change in the registrant’s internal control over financial reporting identified in connection with the evaluation required by paragraph (d) of §240.13a-15 or 240.15d-15 of this chapter that occurred during the registrant’s last fiscal quarter (the registrant’s fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant’s internal control over financial reporting.

With changes to ICFR for revenue recognition for information about contracts and estimates, like stand-alone selling price and when control transfers, and changes to ICFR for capitalization of all leases, these new standards could require material changes to ICFR. Is this the type of change included in the S-K 308(c) disclosure requirement?

This is an excerpt from the ICFR C&DI’s, number 7, about SOX reporting which you can find here:

After the registrant’s first management report on internal control over financial reporting, pursuant to Item 308 of Regulations S-K or S-B, the registrant is required to identify and disclose any material changes in the registrant’s internal control over financial reporting in each quarterly and annual report. This would encompass disclosing a change (including an improvement) to internal control over financial reporting that was not necessarily in response to an identified material weakness (i.e. the implementation of a new information system) if it materially affected the registrant’s internal control over financial reporting. Materiality, as with all materiality judgments in this area, would be determined upon the basis of the impact on internal control over financial reporting and the materiality standard articulated in TSC Industries, Inc. v. Northway, Inc. 426 U.S. 438 (1976) and Basic Inc. v. Levinson, 485 U.S. 224 (1988). This would also include disclosing a change to internal control over financial reporting related to a business combination for which the acquired entity that has been or will be excluded from an annual management report on internal control over financial reporting as contemplated in Question 3 above. As an alternative to ongoing disclosure for such changes in internal control over financial reporting, a registrant may choose to disclose all such changes to internal control over financial reporting in the annual report in which its assessment that encompasses the acquired business is included.

The SEC Regulations Committee of the CAQ has also discussed a particularly intricate issue in this transition. What if you change your ICFR this year, but the change is for future reporting when you begin to report under the new standard next year? This issue is still in play, as this excerpt from the minutes discusses:

  1. Changes in ICFR in preparation for the adoption of a new accounting standard

Item 308(c) of Regulation S-K requires disclosure of changes in internal control over financial reporting (“ICFR”) during the most recent quarter that have materially affected or are reasonably likely to materially affect the registrant’s ICFR. The Committee and the staff discussed how this requirement applies to changes in ICFR that are made in preparation for the adoption of a new accounting standard when those changes are in periods that precede the date of adoption and do not impact the preparation of the financial statements until the new standard is adopted.

The staff indicated that they are evaluating whether additional guidance is necessary for applying the requirements of Item 308(c) in connection with the transition to the new revenue standard.

So, as you begin implementing systems and processes for these new standards, don’t forget this part of the reporting!

As always, your thoughts and comments are welcome!

Three Years of Fun – Planning the “Big Three” New FASB Statement Transitions

Hot Topic, , , , , , , , , , , , , , , , , , , , , , , , ,

by: George M. Wilson & Carol A. Stacey, SEC Institute

We have all heard about the major projects the FASB has completed in recent years. Together with their implementation dates for public companies and allowed transition methods they are:

Revenue recognition: January 1, 2018. (F/Y’s beginning after December 15, 2017)

Early adoption is allowed to the original effective date, F/Y’s beginning after 12/15/16). Either a retrospective or modified retrospective with a cumulative effect adjustment transition may be used.
Leases: January 1, 2019. (F/Y’s beginning after December 15, 2018)

Early adoption is allowed. A retrospective transition must be used. The retrospective approach includes several practical accommodations.

Financial Instrument Impairment: January 1, 2020 (F/Y’s beginning after December 15, 2019)

Early adoption to years beginning after December 15, 2018 is allowed. The transition method is essentially a “modified retrospective approach with a cumulative effect adjustment” with adjustments for certain types of financial instruments.
The revenue recognition and lease changes have been widely discussed, but the financial instruments impairment change has not been as “hot” a topic. It could be problematic for some companies as it will apply to all financial instruments, including accounts receivable. Many companies could face significant challenges gathering the information to move from the current incurred loss model to the new expected loss model.
While the impact of each new standard will vary from company to company, every company needs to think about how to manage these three transitions. Will it be best for your company to adopt all three at once, or will it be best to adopt them sequentially? Or perhaps mix and match a bit?
There are several considerations in these implementation date decisions. How they will affect investor relations is a major issue. The time and other resources required, systems issues and ICFR impact are among the other inputs to this decision. Each company has to evaluate these considerations based on their own circumstances.
Given the potential magnitude of these changes and their widespread discussion in the reporting environment, disclosures about these changes have become more and more important to users. With the recent SEC Staff Announcement at the September EITF meeting about SAB 74 (SAB Codification Topic 11-M) disclosures, disclosing where you are in this process has become almost required. The more or less simple “standard” disclosures about “we have not selected a transition method” and “we do not yet know the impact” may not be enough. Qualitative information about where you are in the process may be a required disclosure.

There are strong incentives to move diligently on these transitions and to tell investors where you are in the process. And, anyway, who really wants to look unprepared?
Three years of sequential fun or big change? Spread it out or rip off the Band-Aid? Slow burn or big bang? We all get to decide what will be best for our company and our investors, the key issue is to make this decision on a timely basis!

 

As always, your thoughts and comments are welcome!