Audit Committee Insights | October 2021

Trick or treat. The leaves are falling and many companies are issuing Q3 reports and headed towards year-end. A busy time of year for audit committees is approaching. Continue reading to find the latest financial reporting news and insights for audit committees. We welcome input; please let us know what you think.

Subscribe here so that you never miss an update from the CAQ.

More Directors Say ESG Linked to Corporate Strategy but Risks Not Very Well Understood

According to PwC’s Annual Corporate Directors Survey, 64% of directors say ESG is linked to corporate strategy. This is a 15-point jump since last year, which is not too surprising given the groundswell of attention we have all seen in the last year. However, the survey also notes that just 25% of directors say their board understands ESG risks very well.

PwC’s survey goes on to report:

• ESG tops shareholders’ agendas (43% of directors report shareholders want to discuss ESG)
• Larger company boards are further ahead on ESG:
  • 74% of companies with over $5B in revenue state ESG is linked to strategy compared with 54% of companies with under $1B in revenue
  • 62% of companies state ESG is regularly on the board’s agenda compared with 38% of companies under $1B in revenue
• Directors reject looming ESG regulations:
  • 18% of directors are in favor of mandatory or disclosure requirements with 67% stating they prefer the current, voluntary approach
  • 94% of directors say their companies are offering some voluntary disclosures already
  • Only 28% of directors say their board has a strong understanding of the company’s ESG/sustainability messaging

The key takeaway for audit committees? 1. Continue to ask about your company’s ESG/sustainability messaging. It’s important to understand the inventory of ESG and sustainability information that is reported. 2. Consider the need for short-term or long-term ESG assurance. An intermediate step is performing an ESG information readiness assessment. The CAQ’s The Role of Auditors in Company-Prepared ESG Information: A Deeper Dive on Assurance and Key Actions for Establishing Effective Governance Over ESG Reporting are resources available to help audit committees.

New Approach to Cyber Oversight for Board of Directors

79% of CEOs believe that information security is a strategic function and a potential source of competitive advantage according to KPMG’s US CEO Outlook. Therefore, it’s not surprising that cybersecurity is among the top risks of many corporate directors.

EY’s Center for Board Matters analyzed Fortune 100 company cybersecurity disclosures (2018-21) and found that:

• 100% of companies included cybersecurity as a risk factor
• 68% disclosed that the audit committee oversees cybersecurity matters
• 10% disclosed alignment with external framework or standard
• 5% stated that preparedness includes simulations, tabletop exercise or response readiness tests

Fortunately, help is here from Tapestry Networks, the Center for Long-Term Cybersecurity, and King & Spalding who recently published the Cyber Oversight Effectiveness Development (COED): A New Approach for Boards of Directors. COED is a new approach for building a board’s capabilities as it oversees cybersecurity risk and provides strategic leadership in this critical area.

“Even where internal management of cyber risk appears strong, the board of directors can worry that its oversight may not be adequate – or that it has no reliable way to assess its adequacy or to compare its capabilities with those of the boards of other firms.”

Sound familiar? Indeed. Here are the key takeaways to help boards and audit committees:

• Cyber risk is in constant evolution. Any model for assessing oversight must therefore be dynamic.
• Here are three board actions that repeat over time:
  1. Staging – take a snapshot of where the board is at a given moment. COED provides diagnostic tools to help establish this snapshot.
  2. Intervention comprises board actions—including education, reorganization, seeking out internal and external expertise, running war games, and engaging in scenario planning—to accelerate learning and move the board toward greater cyber risk capability and confidence. (Remember the EY CBM finding above? 5% of Fortune 100 companies disclose that preparedness includes simulations, tabletop exercise or response readiness tests).
  3. Reflection involves measuring the impact of the interventions. The approach then cycles back to a new round of staging and repeats over time, ideally on a cadence determined by the board’s view of the threat environment and its own needs.

Why do we keep talking about cyber? The risks keep evolving. Thankfully, there are resources to aid boards and audit committees. The COED resource is worth a read.

Regulatory Developments: PCAOB Staff Previews 2020 Inspection Reports; SEC Chief Accountant Emphasizes Importance of Effective Audit Committee Oversight

On October 18, 2021, the PCAOB issued a new Spotlight, Staff Update and Preview of 2020 Inspection Observations, providing thematic observations based on 2020 inspections. The Outlook is based on inspections of 153 audit firms with review of portions of 617 audits that generally had financial years ended during 2019 and the first half of 2020.

Which financial statements do these inspections relate to? These inspections occurred during 2020 and take place subsequent to the audit. Therefore, the inspection would have related to the audit report issued in 2020 of the financial period ended December 31, 2019 (if a calendar year-end company). This Outlook is a thematic preview of inspection reports not yet issued. For a calendar year-end company, the inspection would likely have taken place remotely during COVID but the audit being inspected would have been complete or nearly complete by mid-March 2020. Some companies with a fiscal year ended March 31 and June 30, 2020 were also reviewed by the PCAOB in 2020 according to the Outlook.

What are key takeaways for audit committees?

• The PCAOB inspection process is an important part of the strong regulatory ecosystem in the US. PCAOB inspection findings are one of several data points used by audit firms to refine their audit methodology and training, which improves and maintains high audit quality.
• The PCAOB Outlook observed the following good practices:
  • Real-time monitoring of in-process audit engagements
  • Increased supervision of the work performed by specialists
  • Increased training and emphasis on consultations
• There is positive trend with fewer findings identified generally during 2020 inspections compared with 2019 inspections for annually inspected firms (those firms who audit more than 100 issuers).
  While a deficiency in their inspection report does not necessarily mean that the public company’s financial statements are materially misstated or that undisclosed material weaknesses in ICFR exist, the findings are taken seriously by firms.
• Common deficiencies include:
  • Revenue and related accounts
  • Accounting estimates
  • Inventory
  • Critical audit matters
  • Form AP
  • Independence
  • Engagement quality reviews

On October 26, 2021, SEC Chief Accountant Paul Munter emphasized the importance of high quality independent audits and effective audit committee oversight to high quality financial reporting to investors. Munter points out the need for continued attention to auditor independence, the foundation of audit quality. When an entity is active with mergers and acquisitions, it’s critical that timely information is shared with the entity’s auditor to enable appropriate analysis of the impact of such M&A activity on the auditor’s independence. Compliance with auditor independence rules is a shared responsibility of the issuer, its audit committee, and the auditor. When there is significant M&A activity, audit committees should be aware of significant, multi-year non-audit service contracts or business relationship arrangements with non-audit clients that could impact the auditor’s ability to remain independent of its existing audit client in certain future circumstances.

ICYMI: CAQ Public Policy and Technical Alert (PPTA), September 2021

Each month, the PPTA highlights and examines the regulatory, standard-setting, legislative, and broader financial reporting developments impacting the public company audit profession.  The September PPTA included these featured articles:

PCAOB adopts rule to create framework for HFCAA determinations

The PCAOB adopted a new rule related to its responsibilities under the Holding Foreign Companies Accountable Act (HFCAA). The rule provides a framework for the PCAOB to use when determining, as contemplated under the HFCAA, whether it is unable to inspect or investigate completely registered public accounting firms located in a foreign jurisdiction because of a position taken by one or more authorities in that jurisdiction. The rule establishes:

• The manner of the PCAOB’s determinations;
• The factors the PCAOB will evaluate and the documents and information it will consider when assessing whether a determination is warranted;
• The form, public availability, effective date, and duration of such determinations; and
• The process by which the PCAOB will reaffirm, modify, or vacate its determinations

FASB proposes improvements to fair value guidance for equity securities

The FASB issued a proposed Accounting Standards Update (ASU) that would improve financial reporting for investors and other financial statement users by increasing comparability of financial information across reporting entities that have investments in equity securities measured at fair value that are subject to contractual restrictions preventing the sale of those securities. The amendments in the proposed ASU would clarify that a contractual restriction on the sale of an equity security is not considered part of the unit of account of the equity security and, therefore, is not considered in measuring fair value. Stakeholders are encouraged to comment on the proposed ASU by November 14, 2021.

Your Employees May Be Languishing. The Antidote is Flow.

It’s not burnout and it’s not depression. It’s that blah feeling. The neglected middle child of mental health, languishing is a sense of stagnation and emptiness. By acknowledging that so many are languishing, it lights a path out of the void. As the pandemic drags on, languishing “might be the dominant emotion of 2021,” according to a New York Times article by Adam Grant. Grant touched on this topic during his keynote address at this month’s NACD Summit 2021.

The antidote is flow. Flow is that elusive state of absorption in a meaningful challenge or a momentary bond, where your sense of time, place and self melts away. To achieve flow Grant suggests creating periods of uninterrupted time and focusing on a small goal with “just-manageable difficulty.” Don’t just ask if your employees are doing OK. Ask if they are thriving. Otherwise, they might be languishing.

Questions and comments about Audit Committee Insights can be addressed to Vanessa Teitelbaum, Senior Director, Professional Practice (vteitelbaum@thecaq.org).

This newsletter is intended as general information and should not be relied upon as being definitive or all-inclusive. The CAQ encourages readers to refer to applicable rules, standards, guidance, and other resources in their entirety. All entities should carefully evaluate which requirements apply to their respective organizations.