Tate’s Excellent Audit Committee Guide – Completed Initial Edition – 115 Pages Plus Additional Links

Click on the link at the bottom of this post for a pdf of the completed initial edition of Tate’s Excellent Audit Committee Guide 08042015. The guide is for boards and audit committees of public companies, private companies, nonprofits, and governmental entities. This edition of the guide is 115 pages, plus links to additional resources and materials. The guide is updated regularly as new developments occur, and developments will also be posted to this blog. Please do tell other people about the guide and pass it along. Enjoy, and best to you.

Dave Tate, Esq. (San Francisco/California)
Click on the following link for the guide: Tate’s Excellent Audit Committee Guide 08042015

Commentary: Can California Find a Way Out of Its Pension Calamity? | PublicCEO

The latest reform effort wouldn’t solve the problem, but it at least would help keep it from getting worse. By Charles Chieppo. The longer you wait to solve a problem, the more painful the fix becomes. Californians are being reminded of that simple truth as their leaders attempt to grapple with the state’s snowballing public-pension …

Click on the following for the discussion: www.publicceo.com

I find this problem disgusting for several reasons. Not to be negative, but the problem, which has been known for a long number of years, (1) evidences that the majority, no not each of them, but the majority of legislators and elected officers as a whole where these problems exist cannot be trusted to perform their duties or represent the voting tax paying public, (2) evidences that there must be absolute transparency and disclosure in governmental accounting and reporting, (3) evidences that there must be an independent watchdog entity that has legal authority to take action and stop these problems early when they happen, and (4) evidences that government will not police itself.

It is my understanding that the new government accounting rules might soon eliminate the ability of governmental entities to hide these unfunded liability problems. These changes should have been made long ago. And I’ll only believe that it is corrected when I actually see it.

Even with transparency the problems continue to exist, for example, with social security and the federal disability fund.

Young people should be screaming about these problems that have been caused for them, elder people should be screaming about these problems that have been created for them, and people in the middle should be screaming about being somewhere in the middle of these problems.

The gross mismanagement of these problems has been extreme. Kind of funny, isn’t it, that the governmental entities enact statutes and regulations over business entities but then violate the public trust and fail to keep their own houses in order?  Sorry to rant a little, but these problems really bother me.  Take care. Onward.

Dave Tate, Esq. (San Francisco / California), http://directorofficernews.com, and working on Tate’s Excellent Audit Committee Guide, Click Here.

Tate’s Excellent Audit Committee Guide, Plus Prior 2007 CEB Audit Committee Chapter

For audit committee members and directors, I have attached three links below, the first for my 2007 audit committee chapter for the California Continuing Education of the Bar, the second for the new audit committee guide that is a work in progress but already contains substantial materials, and the third to the cover and table of contents to Accounting and Its Legal Implications.

Using my blog posts, the 2007 audit committee chapter (which is now unpublished, CEB subsequently cancelled the entire Director and Officer binder), and the new audit committee guide you should get a good feel for new developments and guidance about audit committee member functions and responsibilities.

I also ask that you tell other people about this blog and the new audit committee guide.

1. Here is a link to my 2007 audit committee chapter for the California Continuing Education of the Bar (the chapter and the entire D&O publication has been cancelled for some time), CLICK HERE

2. The following is a link to the new audit committee guide which contains substantial materials although it is a work in progress, Tate’s Excellent Audit Committee Guide (July 31, 2015 version), Tate’s Excellent Audit Committee Guide 07312015 CLICK HERE

3. Cover and Table of Contents from Accounting and Its Legal Implications – I expect to scan and post this entire material shortly – although some is outdated, it is still a good read – originally published by Business One/Irwin Publishing, CLICK HERE

Thank you. Dave Tate, Esq. (San Francisco / California).

New Audit Committee Standard of Care – External Auditor Assessment Tool From NACD, NYSE Governance Services, Center for Audit Quality, and Others

Several influential organizations have issued External Auditor Assessment Tool, A Reference for Audit Committees Worldwide. Here is a link to a PDF of the Tool auditor_assessment_tool_worldwide.

The tool is presented by the NACD, NYSE Governance Services, the Center for Audit Quality, the Independent Directors Council, the Association of Audit Committee Members, and Tapestry Networks. And that is why, i.e., because of the stature of the presenting organizations, this document has or will present a standard of care, i.e., a standard in the relevant community, for audit committees on the topics that the tool covers.

Every audit committee member of a public company needs to read, digest and understand this document (it’s not very long – basically 10 pages in length and large type font). On its face the document provides sample questions and issues for audit committees to discuss and consider when assessing their organization’s external auditor. But the document provides more – as you analyze the questions and issues, they present sample questions and issues that the external auditor needs to have satisfied and that the audit committee needs to oversee.

Consider for example the following sample questions:

1. Did the lead audit partner discuss the audit plan and how it addressed company/sector-specific areas of accounting and audit risk (including fraud risk) with the audit committee?  Well . . . did this occur and in what detail?

2.  During the audit, did the auditor meet the agreed-upon performance criteria as reflected in the engagement letter and audit plan?  So . . . did the audit satisfy for example the applicable Statements on Auditing Standards?

3.  In private sessions, did the auditor discuss sensitive issues candidly and professionally?

4.  Did the auditor adequately discuss the quality of the company’s financial reporting, including the reasonableness of accounting estimates and Judgments?

5.  Were there any significant differences in views between management and the auditor?

6. Is the external auditor responsive and communicative (e.g., by soliciting input relative to business risks or issues that might impact the audit plan, identifying and resolving issues in a timely fashion, and adapting to changing risks quickly)?

7. Does the external auditor proactively identify opportunities and risks (e.g., by anticipating and providing insights and approaches for potential business issues, bringing appropriate expertise to bear, and by identifying meaningful alternatives and discussing their impacts)?

And the suggested questions and issues continue.

Although many of these suggested questions and issues already are covered in various Statements on Auditing Standards, how often do you hear Statements on Auditing Standards discussed in the context of audit committee responsibilities? They have been in my published materials for years (including for example, many audit committee guideline and evaluation discussion papers; Audit Committee Functions and Responsibilities, Chapter 5A for the California Continuing Education of the Bar publication, Advising and Defending Corporate Directors and Officers (October 2007); and Accounting and Its Legal Implications, A Guide for Managers, Business Owners, and Entrepreneurs (Irwin Professional Publishing, Business One 1994).

This audit committee assessment tool, presented by high-stature organizations, puts the spotlight on the topics that the document discusses.  Some people will think this is good, and some will think it is bad. Some people will believe that the document goes too far, and other people will identify the many questions and issues that it does not cover. Nevertheless, most of these questions and issues have already existed for years.

Dave Tate, Esq. (San Francisco/California), http://directorofficernews.com

Assistant Attorney General Leslie R. Caldwell Delivers Remarks at the Compliance Week Conference | OPA | Department of Justice

Click on the following link for the speech: www.justice.gov

Tate – A very good speech for all officers and directors to read. Practical and it details an approach to corporate accountability from the Department of Justice viewpoint.

Dave Tate, Esq., San Francisco, http://directorofficernews.com

California Nonprofit Board and Director Standards of Care

This blog post includes a video about California nonprofit board and director standards of care including discussions about the business judgment rule, the Nonprofit Integrity Act, risk management, audit committees, and board and committee self-evaluation. Below the video you will also find a link to my paper discussing those topics in detail. Please pass this blog post to everyone who would be interested in these materials. Thank you. Dave Tate, Esq. (San Francisco and California).

Click on the following link for the paper discussing California nonprofit board and director standards of care, Nonprofit Board and Director Standard of Care David Tate Esq 05252015

Comments for Audit Committees about the PCAOB May 2015, Audit Committee Dialogue

This blog post includes a short video discussing the Public Company Accounting Oversight Board’s May 2015, Audit Committee Dialogue, and below the video you will find a link to the Audit Committee Dialogue. Please pass this blog post to everyone would be interested in these materials. Thank you. Dave Tate, Esq. (San Francisco and California).

Click on the following link for the PCAOB’s May 2015, Audit Committee Dialogue, Click Here.

Social Security Risk Management – Congress and President Get a “D” and a NIST Tier 1 or 2 Rating

I’m going to rant a little in this “fun” post. Another week, another article about social security going broke, about tweaks to “fix” it by payroll tax increases, cutting benefits, taxing benefits, and/or raising the age to receive benefits. The following is another disheartening article about the doom of social security, about beginning in 2017 and thereafter new increases in the age to receive benefits, that even those reductions in benefits won’t “fix” social security, and that those increases originated way back in 1983.  For the article Click Here.  The point is, 1983 was over 30 years ago, and even before that it was known that social security was failing. The options are not good for anyone who has paid for social security for all of their working life, or even just for a significant number of years, for younger people (in their 20’s and 30’s) who are new or relatively new to the mandatory social security payment program, or for people who are somewhere in the middle (in their 40’s). I suspect that few people would voluntarily pay into such a system if they were allowed to vote on it today.

I don’t fault elected representatives who speak up and propose new fixes, because social security has to be fixed. It’s just that none of the options are good. I have already lost when you consider the amounts that my employers and I have paid into social security over my working life. And that was money year after year that could have been better used for many other things.

The President is the CEO of social security. Congress, the Senate and the House, are the Board of Directors. That means whomever is in office at the time, and in the case of the social security system, that means year after year, decade after decade.  Let me just say that if social security was a company the CEO and the Board would all be fired, or the program would have been terminated or really fixed or altered decades ago.

Have you seen the NIST – National Institute of Standards and Technology – Framework for Improving Critical Infrastructure Cybersecurity? The Framework originated in 2014, as a U.S. Government recognized outline for risk management steps in cybersecurity. The following is an August 31, 2014, blog post discussing the Framework, Click Here. You will note that the Framework includes a Tier rating system for how developed an entity’s risk management system is, Tier 1 being the worst and Tier 4 being the best. Below I have copied and pasted the four Tiers. Based on the NIST Tier descriptions, I rate social security system design and risk management at Tier 1, or perhaps a Tier 2 rating. You give it your rating. Social security is not even close to the Tier 4 rating that it should have given that payments into social security are forced on people, the astronomical amount of money that is withheld and paid into the system each pay period, and how people really are entirely dependent on the honesty and integrity of the system’s operation, management and risk management, including the honesty and integrity of the President as CEO and Congress as the Board. Below are the NIST Tiers. Enjoy.

Dave Tate, Esq. (San Francisco/California).

NIST Tiers:

Tier 1: Partial (first and lowest level of risk management practices) – Risk management practices are not formalized.  Risk is managed on an ad hoc and sometimes reactive manner. There is limited awareness of cybersecurity risk at the organizational level.  An organization may not have the processes in place to participate in coordination or collaboration with other entities.

Tier 2: Risk Informed (second level of risk management practices) – Risk management practices are approved by management but may not be established as organizational wide policy.  The organization knows its role in the larger ecosystem but has not formalized its capabilities to interact and share information externally.

Tier 3: Repeatable (third level of risk management practices) – The organization’s risk management practices are formally approved and expressed as policy. There is an organization-wide approach to manage cybersecurity risk. The organization understands its dependencies and partners and receives information from these partners that enables collaboration and risk-based management decisions within the organization in response to events.

Tier 4: Adaptive (forth and highest level of risk management practices) – The organization adapts its cybersecurity practices based on lessons learned and predictive indicators derived from previous and current cybersecurity activities. There is an organization-wide approach to managing cybersecurity risk that uses risk-informed policies, processes, and procedures to address potential cybersecurity events. Cybersecurity is part of the organizational culture and evolves from an awareness of previous activities, information share by other sources, and continuous awareness of activities on their systems and networks. The organization manages risk and actively shares information with partners to ensure that accurate, current information is being distributed and consumed to improve cybersecurity before a cybersecurity event occurs.

* * * * *

Audit Committee Self-Evaluation Form For Your Use

Audit committee self-evaluation form for your use, click on the following: Audit Committee Self-Evaluation Form David Tate Esq 10302014
Dave Tate, Esq. (San Francisco/California)