The GSCPA House of Blogs

For the members. By the members

The Ramifications of IT Oversight

Written by: Bill Schneider

I recently saw the results of a PwC survey on where IT oversight resides at the board of directors’ level.  In more than 50% of the companies it was with the audit committee, while 25% had it with the entire board and 8% had no oversight at the board level at all.  It’s hard to imagine a business that does not use IT today.  We may laugh at the commercials, but even the neighborhood kids’ lemonade stand is often publicized on Facebook (even if it is on Mom’s page). So, putting the 8% who live in the dark ages aside (and the 17% who didn’t even know what IT stood for?) I wondered about the implications of having IT oversight with the audit committee by 2/3’s of the companies who had board level oversight.

Using the audit committee seems to be a natural outgrowth from the way IT has been handled historically.  CFO’s were often the officer that IT reported to before CIO’s started proliferating.  In addition, boards often first deal with IT when something goes wrong – either with an access breach or a system failure which then impacts the financial results.  Either way, the knee jerk reaction is IT is a “control problem” and that is what audit committees are supposed to handle.  And of course, as is their nature, audit committees will treat IT as a control and compliance issue.  Do our general IT controls work well enough for pass muster for the audit of our controls?  Do we have the right protocols in place to comply with the HIPPA regulations over access?  Are we doing enough to prevent breaches of our systems and the unauthorized release of sensitive customer information in order to prevent reputational damage from the next hacking attack?

These are all very important issues, but the problem is that in today’s world where business models can be disrupted by the next drunk college student writing code in his or her dorm room at two in the morning, IT can’t be viewed solely or even predominantly as a “control issue” (or is that an issue to be controlled).   The use of IT is, or should be, a critical strategic issue for every company, and critical strategic issues should be the domain of the entire board of directors.

Am I saying that the entire board should be dealing with the minute details of IT?  Of course not.  In fact, that is what management is supposed to do, but the entire board should be very interested in any organization’s IT strategy, plans, risks and opportunities.  The problem with sending IT oversight to the audit committee is that the risks will get a lot of attention while the other three areas will get less then they deserve or need.  The solution for the twenty-first century company is to rethink who has responsibility for IT oversight at the board level.  Maybe this is a case where the majority has it wrong.

 

UK strikes on auditor reports – Can US be far behind?

The Financial Reporting Council (FRC) in the U.K. (think of the PCAOB/SEC in the U.S.) has proposed rules that will require auditors to provide commentary on the “risks of material misstatement” as well as how they applied the concept of materiality in the audit and how the audit scope responded to company risks.  These new requirements would be a huge departure from the current pass/fail auditor report model used by much of the world.

The PCAOB has also been looking at potential audit report modifications and had previously released a request for comments on potential changes to the report ranging from more information on how the audit was conducted to an auditor’s discussion and analysis.  The FRC proposal seems to be somewhere between these two extremes, but it would definitely seem to not be in alignment with the comments from most preparers in U.S. that said information about the company should come from the preparers not the auditors.

Written by: Bill Schneider

If the PCAOB decides to go down this path as well, I can see several significant issues from a preparer perspective.  First, in the U.S. management is required to provide an assessment of its system of internal controls to prevent material misstatements of the financial statements and the auditor then provides its opinion on that assessment.  If the auditor were then required to also comment on specific risks and what they did about them in the audit would this lead to either (1) questioning of managements assessment about the effectiveness of its internal controls or (2) management feeling compelled to specifically address their response to those risks as well in their report on internal controls.  And this doesn’t even address what might happen if management and the auditor have serious differences in opinion about what the risks really are in the first place.

I am also very concerned about the impact the required disclosure on how the concept of materiality was applied would have on the auditor’s evaluation of materiality.  Will auditors feel compelled to use lower than necessary materiality levels to prevent lawsuits that say if they had only used a slightly lower level of materiality problems that lead to the investor losses in the stock market would have been discovered?  If you don’t believe that would happen, then let me tell you about a recent development.

Previous to this audit cycle, most audit firms used a different dollar threshold of materiality for the income statement and the balance sheet.  I can hear the purest out there saying materiality is a qualitative measure, not a quantitative measure and they are correct, but when it comes down to it we have to measure whether potential misstatements are material so we have to quantify materiality in order to measure. The PCAOB decided that the auditing literature did not support separate materialities for the balance sheet and income statement so all of the auditing firms started using the lower of the two materiality measures for their evaluations.  This meant that many preparers had to change their controls to support a more precise measurement requirement – probably beyond the true cost-benefit trade off if materiality had been appropriately defined.

The point is that as firms lower materiality levels in defensive response to perceived threats, then the whole concept of materiality will be distorted as preparers find they must pay for more precise systems and controls then are necessary hurting the whole economy in the process.  So let’s hope cooler heads prevail in the U.S. and we don’t follow the U.K. lead in this case.

Quit Whining

Written By: Bill Schneider

I read a great blog on AICPA Insights about giving tax season a different perspective (it can be found at http://blog.aicpa.org/2013/01/tax-season-our-time-to-shine.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+AicpaInsights+%28AICPA+Insights%29#tp )

The blog takes the position that instead of whining about the long hours and other problems of tax season, maybe we should view it as a time to shine – a time when we can really show everyone what we can do and show how valuable we are to our employers and clients. I think the attitude this blog suggests applies to more than tax season.  I think it applies to any other “busy season” by CPAs – be that annual reporting, the budget cycle, periodic forecasts, or any of the myriad of other things we CPAs spend considerable time doing very well.

I for one have felt for a long time that we CPAs spend too much time grossing about the problems of our job rather than highlighting the benefits.  I don’t see lawyers wearing all of the hours they have to put in as young associates out of law school as some sort of red badge of courage.  Instead they see that as a time to show everyone what they can do so then can move up the ladder and get recognized for the value they provide.  The same could be said about doctors doing their residency.

Face it, if you want to be a valuable professional it is going to take some extra effort on your part on a recurring basis.  Instead of complaining about it and turning off the best and brightest we need to celebrate how the busy seasons provide great opportunities time and again to show off our talents.  One of the highest rated (non-compensation related) reasons people stay, or leave jobs is the feeling of doing something that matters and is valued.   We CPAs do many things that matter and are valued by many people.  Why don’t you take the time to point that out instead of the number of hours you worked last week?

Phantom AMT Accounting

Written by: Bill Schneider

A lot has been written about the (not quite so) final agreement to avert the fiscal cliff and extend existing income tax rates for most citizens of the United States.  Lost in most of the media coverage, mainstream of otherwise, was a significant development regarding the Alternative Minimum Tax (AMT).  Congress finally “permanently fixed” the AMT by upping the exemption amount and then indexing it for inflation.  At least it is as permanent as anything done in Washington these days.

The most important feature of the AMT change is that it will end the ongoing joke of extending the AMT for 1 year each year-end.  I say joke because the way the Federal Government budget (and accounting) rules worked, they only had to count the reduction in AMT revenue for the one year they extended the higher exemptions.   They were able to assume that in future years AMT revenue would be back and this would make projections of budget deficits smaller.

Let’s compare this to a couple of accounting standards those of us in the corporate world have to deal with.  The first is around accruals for vacation pay.  The standard starts off simply enough with the concept that if your vacation plan results in people earning vacation in one year that will be paid (either in the form of time or dollars if the employee leaves the company) in the next year, then you have to accrue for the vacation earned as of the end of year 1.  But the standard does not stop there.  In this case if there is no plan or even if there is, but the company makes a practice of doing something different that results in payment for unused vacation , then the company has to accrue the “substantive” practice rather than whatever the policy says in writing. A second standard that has the same concept is accounting for pensions.  In that standard, if you have a practice of giving increases in the pension benefit periodically, then the standard requires you recognize that “substantive” plan even if it is not part of the official written plan.

So, in the corporate world, if you have a practice of doing something you have to recognize the results of that recurring practice.  In Washington that rule does not apply.  There, you can ignore something everyone knows you are going to do as long as you haven’t actually put it into law. I guess we can’t call it a lie, but it certainly was misleading.  At least from now on deficit projections will be closer to reality and isn’t that the first step in dealing with a problem – recognizing what the actual problem is.

Lies, ____ Lies and Statistics

Written by: Bill Schneider

The on again off again battle on the potential U.S. adoption of IFRS took a couple of interesting turns last week. The first interesting turn was the nomination of a former prosecutor to head the SEC.  All the stories talk about how the appointment  of Mary Jo White is sending a clear signal about bolstering the SEC reputation for enforcement.  I’m not here to dispute that, but if the focus is going to be on enforcement then I am guessing IFRS will continue to be down the list of SEC priorities for at least a while which means we will continue down the path of U.S. GAAP for U.S. public companies, IFRS for Foreign Issuers filing with the SEC and lots of continuing rhetoric about the U.S. not adopting IFRS from everybody.

The second interesting turn was a study released by the U.K. that showed how IFRS Impairment rules were being used inconsistently across Europe.  This supported a similar SEC finding in its work plan report.  The lack of consistency puts a major dent in the argument that the U.S. needs to adopt IFRS so that everyone will be reporting results the same way.  If IFRS is not being used consistently then what difference does it make if there are also a few differences between U.S. GAAP and IFRS, or so the anti-IFRS argument goes.

But that wasn’t what really bugged me about the whole issue.  The part that bugged me was what Hans Hoogervorst, Chairman of the IASB said in defense of IFRS.  I agreed with his statement ”that even an unevenly applied global standard provides much more global comparability than an equally unevenly applied multitude of diverging national standards,” but I disagreed with his next statement strongly.  He went on to say 735 restatements required by the SEC in 2010 show that even U.S. GAAP has issues with consistent application of standards.  I say that statistic is at best totally irrelevant to the issue of comparability and at worst, might prove just the opposite of what Mr. Hoogervorst was trying to say.  By requiring restatements the SEC was, in fact, forcing consistency in the application of the standards.  What the U.K. and SEC studies found were inconsistent application of standards that were apparently perfectly acceptable to the various regulatory organizations responsible for enforcing consistency in IFRS.

So, a statistic is used to purported prove that application of U.S. GAAP is just as inconsistent as the application of IFRS, but it actually may prove just the opposite if you are really informed about the subject.  It certainly brings to mind that old saying about statistics being the biggest lies of all.

No Wonder We Can’t Keep Up

Written by: Bill Schneider

I was reading a publication produced by our auditor, Ernst & Young on all of the standard setting activity for 2012 and I realized I have good reason to feel like I can’t keep up with everything going on.

The FASB only issued 3 final standards (now called ASUs for all of us who grew up with FAS’s for all those years).  Of course, maybe it’s really 4 because they issued separate ASUs for technical corrections to the ASC in general and technical corrections to the SEC portion of the ASC, but who am I to quibble with my auditor on such things. Either way, not too bad so far, but the FASB also issued or worked actively on 12 exposure documents.  Now were starting to get up in the numbers.  Of course 12 documents would not be so bad if they covered specific topics related to different industries so everyone is not impacted by all 12, but that is not the case here.  We’re talking about messing with revenue leases and impairment of customer receivable which means just about every business that exists will be impacted by many of these proposed standards.  Of course it doesn’t stop there, the FASB launched the PCC to look into private company accounting issues and started two other projects on disclosures and going concern.  The EITF was also busy reaching 3 consensus opinions and exposing documents on 4 other issues.

Not to be outdone, the SEC issued 3 final rules including rules on reporting on conflict minerals (if you think you are not impacted, you may need to think again as some reports expect that thousands of companies – public and private – will be impacted by the reporting requirements).  The SEC also issued 16 proposed rules and other releases in 2012 and that doesn’t include any of the work on IFRS, XBRL or work to be done under the JOBS act.  The PCAOB also started to get busy again and issued one final auditing standard as well as one audit practice alert document.  The PCAOB also released 9 other documents outlining proposed rules or asking for input on concept releases.  These include the now infamous release on mandatory auditor rotation as well as an equally important release on potentially significant changes to the auditor report.

Of course the ASB also issued a new standard as well as several other documents and the GASB issued 4 new standards, 2 exposure drafts and at least 3 other significant documents.  The AICPA also issues its proposed framework for private company reporting and COSO issued 2 exposure drafts to revise its Internal Control framework which is the de facto internal control standard for 85% of public companies that have to comply with Sox section 404.

And that’s just the U.S. accounting and auditing standards.  It doesn’t include all of the IRS changes, the new developments in the valuation world (didn’t you know the SEC expects all of you public company preparers to be valuation experts now), and international standards for accounting from the IASB and auditing from the IAASB.  I must admit I have to laugh when people tell me they can’t get enough CPE done to maintain their license.  You could spend 140 hours on CPE and not keep up let alone only the 40 required in most jurisdictions. I want to look at them and ask, then how do you plan to keep your job because you are expected to know about all of these changes and more!

Phantom AMT Accounting

Written by: Bill Schneider

A lot has been written about the (not quite so) final agreement to avert the fiscal cliff and extend existing income tax rates for most citizens of the United States.  Lost in most of the media coverage, mainstream of otherwise, was a significant development regarding the Alternative Minimum Tax (AMT).  Congress finally “permanently fixed” the AMT by upping the exemption amount and then indexing it for inflation.  At least it is as permanent as anything done in Washington these days.

The most important feature of the AMT change is that it will end the ongoing joke of extending the AMT for 1 year each year-end.  I say joke because the way the Federal Government budget (and accounting) rules worked, they only had to count the reduction in AMT revenue for the one year they extended the higher exemptions.   They were able to assume that in future years AMT revenue would be back and this would make projections of budget deficits smaller.

Let’s compare this to a couple of accounting standards those of us in the corporate world have to deal with.  The first is around accruals for vacation pay.  The standard starts off simply enough with the concept that if your vacation plan results in people earning vacation in one year that will be paid (either in the form of time or dollars if the employee leaves the company) in the next year, then you have to accrue for the vacation earned as of the end of year 1.  But the standard does not stop there.  In this case if there is no plan or even if there is, but the company makes a practice of doing something different that results in payment for unused vacation , then the company has to accrue the “substantive” practice rather than whatever the policy says in writing. A second standard that has the same concept is accounting for pensions.  In that standard, if you have a practice of giving increases in the pension benefit periodically, then the standard requires you recognize that “substantive” plan even if it is not part of the official written plan.

So, in the corporate world, if you have a practice of doing something you have to recognize the results of that recurring practice.  In Washington that rule does not apply.  There, you can ignore something everyone knows you are going to do as long as you haven’t actually put it into law. I guess we can’t call it a lie, but it certainly was misleading.  At least from now on deficit projections will be closer to reality and isn’t that the first step in dealing with a problem – recognizing what the actual problem is.

Follow

Get every new post delivered to your Inbox.

Join 58 other followers