PCAOB Issues Concept Release On Audit Quality Indicators – Important For Audit Committees And External Auditors

The PCAOB has released a concept release on audit quality indicators. You can find the release HERE, and the relevant PCAOB page HERE. These will be important for audit committees, external auditors, and other people.

As the PCAOB states:

“The indicators are a potential portfolio of quantitative measures that may provide new insights about how to evaluate the quality of audits and how high quality audits are achieved. Taken together with qualitative context, the indicators may inform discussions among those concerned with the financial reporting and auditing process, for example among audit committees and audit firms. Enhanced discussions, in turn, may strengthen audit planning, execution, and communication. Use of the indicators may also stimulate competition among audit firms focused on the quality of the firms’ work and, thereby, increase audit quality overall. Issues raised by the release include: (i) the nature of the potential indicators, (ii) the usefulness of particular indicators described in the release, (iii) suggestions for other indicators, (iv) potential users of the indicators, and (v) an approach to implementation over time of an audit quality indicator project.”

Dave Tate, Esq. (San Francisco / California)

What Really Matters For Audit Committee Member Actions – Considering Updating & Publishing My Audit Committee Guide

I have been considering updating and publishing again my audit committee guide. The most recent publication was as a new chapter to the 2007 California Continuing Education of the Bar publication Advising and Defending Corporate Directors and Officers, which was an excellent publication with 17 chapters on the various topics. Unfortunately for whatever reason the sales were not sufficient and CEB later discontinued the publication. I have attached a copy of my initial 2007 chapter HERE.

A lot has changed from 2007 to now. And the materials that I cover in my blog have also changed considerably. But as I have been considering a possible update and the table of contents it strikes me how much of the material consists of lists of qualifications, issues and topic areas that an audit committee and its member are required to consider. And the list is growing as we speak. Considerable detail is being added as to how an audit committee member should evaluate the sufficiency of the external auditor – in other words, a deliberate evaluation where perhaps before in many cases there might not have been any significant evaluation. This will also change how the external auditor goes about performing the audit, the value that the external auditor might provide to helping the audit committee member perform his or her oversight duties, and somewhat the relationship between the audit committee members and the external auditor. On the whole I believe the change is good. But I have also written for some time that I have concern about the long list of issues and topic areas that an audit committee member is required to consider, and that all audit committee members really do need to understand what their duties are, including what is in the audit committee charter (e.g., if the charter says “risk management” that description is simply too broad – risk management of what?).

It strikes me, however, that at the end of the day, the performance of an audit committee member’s oversight responsibilities requires:

Audit committee member understanding and competency;

Agenda;

Timely and active diligence;

Putting in the time;

Reasonable reliance on competent other people (the CEO, the CFO, internal audit if there is one, the external auditor, culture, reputation and tone at the top, the accounting and financial reporting functions and professionals, legal counsel and others);

Sufficiency of information;

Deliberative decision making; and

Anticipation and thinking ahead.

In other words, we are primarily talking about the business judgment rule.

I’m not sure that I will put in the time to update the audit committee guide. If I had a crystal ball that decision would be easy – if the guide will be read and used by enough people, or if I could find a law firm that is interested in these topics, then it is worthwhile. If I do the update, most likely I will post the updated materials in blog posts and then add to the materials as they progress. That will get the materials out considerably earlier. I doubt that I will use a publisher – in addition to many published articles I have previously formally published two audit committee related materials. The process takes longer than I prefer. And, on my blog the materials also will be free and available to everyone.

Those are my thoughts this July 3, 2015, morning. More to follow on this.

Dave Tate, Esq. (San Francisco / California)

New Audit Committee Standard of Care – External Auditor Assessment Tool From NACD, NYSE Governance Services, Center for Audit Quality, and Others

Several influential organizations have issued External Auditor Assessment Tool, A Reference for Audit Committees Worldwide. Here is a link to a PDF of the Tool auditor_assessment_tool_worldwide.

The tool is presented by the NACD, NYSE Governance Services, the Center for Audit Quality, the Independent Directors Council, the Association of Audit Committee Members, and Tapestry Networks. And that is why, i.e., because of the stature of the presenting organizations, this document has or will present a standard of care, i.e., a standard in the relevant community, for audit committees on the topics that the tool covers.

Every audit committee member of a public company needs to read, digest and understand this document (it’s not very long – basically 10 pages in length and large type font). On its face the document provides sample questions and issues for audit committees to discuss and consider when assessing their organization’s external auditor. But the document provides more – as you analyze the questions and issues, they present sample questions and issues that the external auditor needs to have satisfied and that the audit committee needs to oversee.

Consider for example the following sample questions:

1. Did the lead audit partner discuss the audit plan and how it addressed company/sector-specific areas of accounting and audit risk (including fraud risk) with the audit committee?  Well . . . did this occur and in what detail?

2.  During the audit, did the auditor meet the agreed-upon performance criteria as reflected in the engagement letter and audit plan?  So . . . did the audit satisfy for example the applicable Statements on Auditing Standards?

3.  In private sessions, did the auditor discuss sensitive issues candidly and professionally?

4.  Did the auditor adequately discuss the quality of the company’s financial reporting, including the reasonableness of accounting estimates and Judgments?

5.  Were there any significant differences in views between management and the auditor?

6. Is the external auditor responsive and communicative (e.g., by soliciting input relative to business risks or issues that might impact the audit plan, identifying and resolving issues in a timely fashion, and adapting to changing risks quickly)?

7. Does the external auditor proactively identify opportunities and risks (e.g., by anticipating and providing insights and approaches for potential business issues, bringing appropriate expertise to bear, and by identifying meaningful alternatives and discussing their impacts)?

And the suggested questions and issues continue.

Although many of these suggested questions and issues already are covered in various Statements on Auditing Standards, how often do you hear Statements on Auditing Standards discussed in the context of audit committee responsibilities? They have been in my published materials for years (including for example, many audit committee guideline and evaluation discussion papers; Audit Committee Functions and Responsibilities, Chapter 5A for the California Continuing Education of the Bar publication, Advising and Defending Corporate Directors and Officers (October 2007); and Accounting and Its Legal Implications, A Guide for Managers, Business Owners, and Entrepreneurs (Irwin Professional Publishing, Business One 1994).

This audit committee assessment tool, presented by high-stature organizations, puts the spotlight on the topics that the document discusses.  Some people will think this is good, and some will think it is bad. Some people will believe that the document goes too far, and other people will identify the many questions and issues that it does not cover. Nevertheless, most of these questions and issues have already existed for years.

Dave Tate, Esq. (San Francisco/California), http://directorofficernews.com

Comments for Audit Committees about the PCAOB May 2015, Audit Committee Dialogue

This blog post includes a short video discussing the Public Company Accounting Oversight Board’s May 2015, Audit Committee Dialogue, and below the video you will find a link to the Audit Committee Dialogue. Please pass this blog post to everyone would be interested in these materials. Thank you. Dave Tate, Esq. (San Francisco and California).

Click on the following link for the PCAOB’s May 2015, Audit Committee Dialogue, Click Here.

Important new IFAC paper on risk management

With help from Grant Purdy, IFAC has published an excellent Thought Paper on risk management. From Bolt-on to Built-in: Managing Risk as an Integral Part of Managing an Organization. This is one of…

Click on the following link for the discussion: normanmarks.wordpress.com

Tate comment: currently I’m just passing this along. Evaluation and comments will follow. Norman certainly indicates that this is an important paper by IFAC. How, if at all, might it impact, add to, or create a standard of care or process for risk management including auditor evaluation and/or audit committee or risk committee oversight? More to follow.  Dave Tate, Esq. (San Francisco / California)

Addressing Cybersecurity Oversight in Audit Committee Charters | JD Supra

Cybersecurity continues to emerge as a key risk that is attracting the attention of regulators and boards of directors. Companies take different approaches regarding how the board…

Click on the following link for the discussion: www.jdsupra.com

Click on the link, which contains a short JD Supra update from Wilmer Hale discussing KPMG’s 2015 Global Audit Committee Survey. The survey is long and contains useful information (over 80 pages). I am making this post because of the discussion about audit committees being given responsibility for cybersecurity oversight. That’s fine, but I suggest that the overall board still must be actively involved in this oversight, you need to be sure that the audit committee members are qualified and have the time to take on this area of oversight, and the audit committee members and other stakeholders should have a good understanding about just what the oversight involves and how the committee should go about that oversight.

As we all know, cybersecurity is an important area of oversight that can significantly effect all businesses. Enjoy.

Dave Tate, Esq. (San Francisco/California)

My other blog: trust, estate, conservatorship and elder abuse litigation, http://californiaestatetrust.com