the internal control environment associated with the new
TRANSCRIPT
The Internal Control Environment Associated with the
New Accounting Standards and M&A Activity
Date: February 28, 2018
Responsibilities of the Internal Audit ProfessionalIn A Changing Control Environment
2
COSO Framework
• The Committee of Sponsoring Organizations of the Treadway Commission’s Internal Control— Integrated Framework (COSO Framework) Principle 9 states, “[t]he organization identifiesand assesses changes that could significantly impact the system of internal control.”
• It is critical for companies and their Audit Committees to perform an assessment of newaccounting standards and the impact of changes in internal controls as part of maintainingeffective control over financial reporting, particularly in a period of change.
• Transactions that are “significant, complex or unusual” should be considered separately.
3
• Committee Charter — NYSE and NASDAQ require their listed companies’ Audit Committees to have charters.
• Composition — Audit Committees must comprise at least three fully independent members with one member being a financial expert with accounting or financial management experience.
• Independence — Independence should be reviewed at least annually, and the Sarbanes-Oxley Act of 2002 (SOX or the Act) Section 301 prohibits fee arrangements.
• Financial Expertise — SOX Section 407 requires an issuer to disclose whether at least one financial expert is on the Audit Committee and name the financial expert (Company Board of Directors makes determination).
Audit Committee Organization and Operation
4
Review and Monitor
• Company risk.
• Integrity of the company’s financial statements and internal controls.
• Qualifications and independence of the company’s independent auditor.
• Performance of both the company’s internal audit function and its independent auditor.
• Company’s compliance with laws and regulations.
Role of Internal Audit
5
Risks that Affect the Financial Statements
• Understand the company’s risk assessment and related control policies and procedures.
• Ensure risk disclosures in the financial statements and the Form 10-K are appropriate, robust and understandable.
• Periodically reassess the list of top risks, determining who in management and which board committees are responsible for each.
• Understand IT security processes and ensure they are updated appropriately.
Risk Oversight
6
Financial Reporting Oversight
Risks that Affect the Financial Statements
• Ensure reports and information are reliable and understandable.
• Understand complex accounting and reporting issues, and how management addresses them.
• Review significant financial reporting and regulatory developments, including their effect on the financial statements and on the company’s resource needs.
• Assess the quality of the accounting principles and their appropriateness, considering alternative treatments under US GAAP.
7
• CHANGE HAPPENS. We Can Help.
Audit Considerations for Infrequent TransactionsIncluding Mergers and Acquisitions
8
The Worst Accounting Scandals of All Time
Infrequent Transactions – What Could Go Wrong?
9
• 1998 - Waste Management • 2003 - Parmalat
• 2001 - Enron • 2005 - AIG
• 2002 - WorldCom • 2008 - Lehman Brothers
• 2002 - Tyco • 2008 - Bernie Madoff
• 2003 - HealthSouth • 2009 - Satyam
• 2003 - Freddie Mac
Audit Considerations for Infrequent Transactions
Audit Considerations Related to Significant Unusual Transactions
• AS 18 notes that significant unusual transactions, in addition to related-party transactions and those with executive officers, “have been contributing factors in numerous financial reporting frauds over the last several decades [and that] the PCAOB believes its existing requirements need to be strengthened to heighten the auditor’s attention to areas that have been associated with risks of fraudulent financial reporting and that also may pose increased risks of error.”
• AS 18 defines significant unusual transactions as “significant transactions that are outside the normal course of business for the company or that otherwise appear to be unusual due to their timing, size, or nature.” AS 18 contains amendments that make the use of this term and definition consistent throughout the PCAOB’s standards.
10
Audit Procedures for Infrequent Transactions
Audit Procedures Related to Significant Unusual Transactions
• Requiring the auditor to perform procedures to identify significant unusual transactions.**
• Requiring the auditor to perform procedures to obtain an understanding of, and evaluate, the business purpose (or the lack thereof) of identified significant unusual transactions.
• Adding factors for the auditor to consider in evaluating whether significant unusual transactions may have been entered into to engage in fraudulent financial reporting or conceal misappropriation of assets.
** Procedures the auditor would perform to identify significant unusual transactions include “(i) inquiring of management and others; (ii) understanding controls relating to significant unusual transactions; and (iii) taking into account other information obtained during the audit.”
11
Audit Risks for Infrequent Transactions
Audit Risks Related to Significant Unusual Transactions
In evaluating the business rationale (or the lack thereof) for significant unusual transactions, the auditor should consider whether:
• The form of such transactions is overly complex.
• Management has discussed the nature of the transaction.
• Management is placing more emphasis on the need for a particular accounting treatment than on the underlying economics of the transaction.
• Transactions that involve unconsolidated related parties, including special purpose entities, have been properly reviewed and approved by the audit committee or board of directors.
12
Audit Considerations for Infrequent Transactions
Audit Procedures Related to Significant Unusual Transactions
• In addition to examining documentation held by the company, the auditor should consider confirming the terms and amounts of the transaction with the other parties.
• The auditor also should obtain an understanding of the substance of the transaction to determine the appropriate information to include on the confirmation request.
• Auditors should also:– Identify and assess risks of material misstatement– Respond to risks of material misstatement– Evaluate financial statement presentation and disclosure– Communicate with audit committees– Review interim financial information
13
• CHANGE HAPPENS. We Can Help.
Internal Controls and theAdoption of New Accounting Standards
14
Observations from Implementations
A Significant Part of the Effort is Implementing New Controls
Implementing new controls includes the following:• Obtaining a complete inventory of items (contracts) impacted by the guidance.• Documenting the procedures performed to review each contract and to identify accounting
considerations under the new guidance.• Ensuring all relevant considerations have been addressed.• Reviewing existing whitepapers, narratives, and process flows to understand current
accounting.• Updating white papers, narratives, and process flows to reflect new accounting policies.• Ensuring procedures are in place to identify future changes.• Developing controls around new estimates and new disclosures.
15
Significant COSO Requirements
Control Environment
• Evaluate the “tone at the top” through implementation effort.• Evaluate new reporting requirements and responsibilities.• Assess new competencies required and ensure proper training.
Risk Assessment
• Reevaluate risk assessment throughout the adoption process to identify new risks including:– New estimates required– Reliance on new reports or data (including disclosure requirements)– Opportunities for fraud or potential fraud
16
Significant COSO Requirements (continued)
Control Activities
• Design new controls (or modify existing controls) in response to new risks.• Update accounting policies and related documentation.
Information and Communication
• Update reports or data requirements, and modify controls to ensure data quality.• Communicate changes internally, and provide updates as appropriate.
Monitoring Activities
• Perform timely evaluation of control activities and changes in business operations.• Consider if additional evaluations are required (by internal audit).
17
Key Management Considerations Tone at the Top
• Management involvement in implementing new accounting standards has a huge impact!• Am I more interested in getting it right or getting to the “right” answer? • The audit committee, board of directors, and external audit can have a huge impact on
communicating the importance of the changes.
Competence of Accounting Team
• Ensure employees have a knowledge of the accounting change and potential impact.• “Just because an area requires significant judgement does not mean the standard permits
optionality” – Barry Kanczuker, OCA Associate Chief Accountant.• Any accounting guidance “applied by analogy” is high risk.• It’s not what you know, it what you don’t that should concern you.
18
Key Management Considerations (continued)
Compliance
• Do the disclosures meet the SEC requirements and guidelines?
Data Quality
• Is the data used for disclosures and estimates reliable and subject to appropriate internal control?
Review
• Are all accounting positions appropriately reviewed and understood by management?• Are disclosures reviewed by the appropriate levels of management?
Monitoring
• Is a process in place to review the internal controls and to update supporting documentation?
19
• CHANGE HAPPENS. We Can Help.
QUESTIONS OR COMMENTS?
20
• CHANGE HAPPENS. We Can Help.
SAN ANTONIO (Headquarters)12500 San Pedro Avenue, Suite 670San Antonio, Texas 78216Phone 210.745.4200Email: [email protected]
www.aventinehillinc.com
DALLAS3131 McKinney Avenue, Suite 600Dallas, Texas 75204Phone 214.710.2557Email: [email protected]
HOUSTON2727 Allen Parkway, Suite 850Houston, Texas 77019Phone 713.580.9400Email: [email protected]
AUSTIN901 South Mopac ExpresswayBarton Oaks Plaza One, Suite 300Austin, TX 78746Phone: 512.329.2560Email: [email protected]
21
CONTACT US