Audit Committee Insights | April 2022

March comes in like a lion and out like a… well the lion still seems to be roaring. The regulators have been busy this past month! Read on to read the latest developments to keep current.

We welcome input; please let us know what you think. Subscribe here so that you never miss an update from the CAQ.

The SEC’s Climate-Related Proposed Rule: 5 Things Boards Can Do Now

At this point, not having heard about the SEC’s proposed rule on climate-related disclosures is like not having heard about the engagement of Bennifer 2.0. The proposal is extensive and there is a lot of energy among stakeholders – strong support, strong opposition, and everything between. Comments are due May 20, 2022 and it will take time for the SEC Staff to evaluate an expected onslaught of public comment letters (you can find them here; nearly 6,000 to-date and counting; yes, nearly six THOUSAND). Some stakeholders have threatened a lawsuit to halt implementation of a final rule, but businesses strategy should not be to hope for a stay. Preparation and planning should be ongoing. Even a final rule that is less than what is currently proposed will likely significantly impact current reporting and governance.

Here’s 5 things boards can do now:

1. Understand what is being proposed

The proposed disclosures are similar to those that many companies already provide based on broadly accepted disclosure frameworks, such as the Task Force on Climate-Related Financial Disclosures and the Greenhouse Gas Protocol.

There is no shortage of fantastic summaries out there from various sources including accounting and law firms; for example – from KPMG and Gibson Dunn.

2. Provide your views to the SEC

You can submit a comment letter directly to the SEC or share your views with a trade organization.

3. Understand your company’s existing climate-related disclosure

The CAQ looked at the publicly available ESG data for S&P 500 companies last year (as of June 18, 2021) and found that 95% of S&P 500 companies had detailed ESG information publicly available primarily outside of an SEC submission in a standalone ESG, sustainability, corporate responsibility, or similar report.

Therefore, the question for boards is – do you know where and what climate-related information your company reports?

4. Preparing for compliance

The key here is tone at the top. Whether you agree with the proposed disclosures or not, many believe the tide has turned and public companies should prepare for more stringent requirements on climate-related disclosure. Finance teams will need support to evaluate and take inventory of current data and disclosures and internal controls over such information. Collaboration with other teams such as Sustainability, if applicable, and Investor Relations is important.

5. Talk to your external auditor

Is your auditor getting ready to provide the proposed assurance? Begin having this conversation now. Many accounting firms have the expertise and resources  in this area and are on the forefront of this evolving topic.

Not Just Climate…the SEC’s Proposed Rule on Cybersecurity

Like climate, the SEC issued a significant proposed rule related to disclosure of cybersecurity risk management, strategy, governance, and material incidents. Comment letters are due May 9, 2022. Again, accounting firms have amazing summaries; here is a good one from PwC.

There are many significant elements to the proposed cybersecurity rule, and a few that we think audit committees should be thinking about now relate to board expertise and reporting of material incidents.

Is the proposed rule requiring cyber expertise on the board? No. But expanded disclosures are proposed related to:

• The board’s oversight of cybersecurity risk;
• Management’s role and expertise in assessing and managing cybersecurity risk and implementing cybersecurity policies, procedures and strategies; and
• Any member of the board of directors who has expertise in cybersecurity, including the name(s) of any such director(s) and any detail necessary to fully describe the nature of the expertise.

The CAQ’s 2021 Audit Committee Transparency Barometer found that 34% of S&P 500 companies disclose that they have a cybersecurity expert on the board of directors. In general, we advocate for transparency. Does this mean a board would be required to have a cyber expert if rules are finalized as proposed? Should they? Not necessarily. One size rarely fits all. Stay tuned for developments related to this rule to determine how your board can best comply.

Under the proposed rule, registrants would be required to disclose cybersecurity incidents (e.g., hacks, unauthorized access, etc.) on current reports within four days of an incident being determined material, along with periodic updates related to those incidents. Based on the proposed rule’s language, there will likely be additional clarification needed for companies to better understand when a cyber incident meets the materiality threshold. Audit committees should be alert to developments related to this rule as more disclosure seems the likely result.

PCAOB Talks to Audit Committee Chairs

 The PCAOB published its Spotlight, 2021 Conversations with Audit Committee Chairs. There were over 200 conversations. The conversations were in the year 2021. You get it. Lots of good intel. Here are a few highlights:

1. Perform an annual assessment of your external auditor. Here’s our 2021 External Auditor Assessment Tool you can use.
2. Make the most of communicating with your external auditor by having thorough and well-prepped meetings, but also impromptu phone calls or meals, and prioritize topics that matter.
3. Don’t lose sight of the big picture – your external auditor can provide views on what might be “around the corner.”
4. Ask your external auditor how management is doing. Audit committee chairs viewed the auditor as a resource in gauging the strength of key management positions and departments, notably in accounting and finance.
5. Look for pitfalls and areas of improvement. Audit committee chairs suggested the external auditor adjust workflows and avoid last-minute pileups, particularly at year-end.

ICYMI: CAQ Public Policy and Technical Alert (PPTA), February/March 2022

Each month, the PPTA highlights and examines the regulatory, standard-setting, legislative, and broader financial reporting developments impacting the public company audit profession. The CAQ’s February and March Alerts included these featured articles. Let’s get technical.

Statement from the Acting Chief Accountant: Assessing materiality: Focusing on the reasonable investor when evaluating errors
SEC Acting Chief Accountant Paul Munter issued a statement on assessing materiality, including the importance of considering the “reasonable investor.” Munter urged “those who assess the materiality of errors, including registrants, auditors, audit committees, and others,” to “do so through the lens of the reasonable investor.” He asserted that “registrants, auditors, and audit committees need to thoroughly and objectively evaluate the total mix of information,” taking into consideration “all relevant facts and circumstances surrounding the error, including both quantitative and qualitative factors, to determine whether an error is material to investors.”

SEC proposes rules to enhance disclosure and investor protection relating to special purpose acquisition companies, shell companies, and projections
The SEC proposed new rules and amendments to enhance disclosure and investor protection in initial public offerings by special purpose acquisition companies (SPACs) and in business combination transactions involving shell companies, such as SPACs, and private operating companies. The proposed new rules and amendments would require, among other things, additional disclosures about SPAC sponsors, conflicts of interest, and sources of dilution. They also would require additional disclosures regarding business combination transactions between SPACs and private operating companies, including disclosures relating to the fairness of these transactions.

SEC publishes Staff Accounting Bulletin No. 121 related to crypto-assets
The SEC published Staff Accounting Bulletin No. 121. The bulletin expresses the views of staff in the Division of Corporation Finance and the Office of the Chief Accountant regarding the accounting for obligations to safeguard crypto-assets an entity holds for platform users.

PCAOB highlights key considerations for auditors related to the Russian invasion of Ukraine
The PCAOB released a staff Spotlight document, Auditing Considerations Related to the Invasion of Ukraine. The Spotlight highlights important considerations for auditors of issuers and broker-dealers as they plan and conduct audits in this evolving environment.

Creativity Has No Limits

It’s a fun picture. That’s all we’re saying.

Questions and comments about Audit Committee Insights can be addressed to Vanessa Teitelbaum, Senior Director, Professional Practice (vteitelbaum@thecaq.org). This newsletter is intended as general information and should not be relied upon as being definitive or all-inclusive. The CAQ encourages readers to refer to applicable rules, standards, guidance, and other resources in their entirety. All entities should carefully evaluate which requirements apply to their respective organizations. Check out the CAQ’s Audit Committee Resource Webpage for more information.