COSO Internal Control—Integrated Framework 1992 vs. 2013

By December 31st 2014, companies that utilize the 1992 COSO Internal Control—Integrated Framework are expected to have fully transitioned to the 2013 framework.  If you are an organization that is required to report to the Securities and Exchange Commission, this change directly impacts you.  But when you look at what the framework represents, it is obvious that both public and private organizations of all sizes could benefit from adopting elements.  The purpose of the framework is to prevent and detect fraud.  It is a standard framework for designing, implementing, and conducting internal controls; as well as assessing the effectiveness of your current internal controls.

The standard was updated to account for the ongoing changes in the business environment, i.e. evolving technology, increased outsourcing, changing regulatory environment…  The most significant change in the 2013 framework from the 1992 framework was the addition of 17 principles and 77 focus areas.  These new items further define the five core areas – Control Environment, Risk Assessment, Control Activities, Information & Communication, and Monitoring Activities.

 COSO 17 Principles

Elements that would be most applicable to small and medium sized entities include –

  • Control Environment – The entity demonstrates a commitment to integrity and ethical values. Senior Management is responsible to designate the individual(s) responsible to manage the satisfaction of reaching the entity’s internal control objectives; as well as continually developing the individual(s).

 

  • Risk Assessment –The entity sets its internal control objectives; as well as operations and financial goals. Externally the entity abides by frameworks, laws and regulations.  Internally, risks are identified and their significance established.  Approaches to respond to the risks are established.  Fraud and all the potential ways it can be committed are considered.

 

  • Control Activities – The entity develops control activities, which include segregation of duties, technology control activities, and policies and procedures.

 

  • Information & Communication – Obtain and generate information. Communicate this information internally and externally.

 

  • Monitoring Activity – On an ongoing basis, evaluate internal controls to understand their presence and effectiveness.

 

So how do you start?

Review the COSO Internal Control—Integrated Framework (Core areas, principles, and focus areas) to understand what elements apply to your situation; conduct an assessment of your organization, seek board/management approval on concept implementation, engage staff through training and communications, develop a transition plan, execute the plan, monitor success and adjust if required.

If you are looking to establish internal controls for the first time, it may make sense to bring in a third party that understands your industry and the common risks, which should be considered.  Team this individual up with an internal resource that understands your entity and your processes.

Additional posts on this subject include –

What is the proper way to roll-out an ethics program?

 Internal Audits – “Inspect what you Expect”

 The Best Way to Avoid Fraud is to Remove the Opportunity

 How Problematic is a Financial Restatement?

Update – WSJ (04/29/2015), “Almost three-fourths of the U.S. stock-listed companies that have filed 10Ks with the U.S. Securities and Exchange Commission since Dec. 15, 2014 have transitioned to using the updated COSO 2013 framework for reporting internal controls of their financial reporting requirements, said Bob Hirth, chairman of the Committee of Sponsoring Organizations of the Treadway Commission (COSO Commission).”

Where are you in the process?

Author: Regis Quirin
Visit Regis's Website - Email Regis
Regis Quirin is a financial executive with 23 years of corporate experience, i.e. New York Stock Exchange, JP Morgan Chase, and GMAC ResCap; and 15 years working with small and medium-sized entities, i.e. joint ventures, start-up entities, established businesses. In 2014, Regis published "Redesign to Turnaround Underperforming Small and Medium-Sized Businesses" available via Amazon.

How Problematic is a Financial Restatement?

“On August 12, 2014, the Board of Directors and the Audit Committee of the Board of Directors of Ocwen Financial Corporation, after consultation with Deloitte & Touche LLP, the Company’s independent registered public accounting firm, determined that the Company’s financial statements for the fiscal year ended December 31, 2013 and the quarter ended March 31, 2014 can no longer be relied upon as being in compliance with generally accepted accounting principles.”  (8/12/2014, Securities and Exchange Commission, Ocwen Financial Form 8-k)

As the auditor for Ocwen, it is the responsibility of Deloitte to identify material misstatements.  As required by Auditing Standard No.12, “The objective of the auditor is to identify and appropriately assess the risks of material misstatement, thereby providing a basis for designing and implementing responses to the risks of material misstatement.”

At this point it is unclear whether the Ocwen material misstatement is due to an error in the application of accounting guidelines; or due to fraud.  The top accounting reasons for financial restatements include  – debt and securities issues; expense recording; reserves and accrual estimates; executive compensation; revenue recognition; and, inventory.  While the most probable fraud committed is the management of earnings to mislead investors.  But neither option is very positive for a company to admit.

Regardless of the accounting reason, a financial restatement shakes the confidence of investors, credit institutions and potentially customers/clients.  Regulatory scrutiny may increase and your ability to grow constrained.  As the actual impact to earnings is directly related to the issue, an average cost to restate cannot easily be projected.

In this situation, in response to the announcement – The Ocwen share price fell 4.5% the day of the announcement, to $25.16; Block & Leviton LLP announced that it was investigating the company and certain officers and directors to determine if anyone profited from the alleged accounting errors; The Rosen Law Firm announced the filing of a “Securities Class Action” against Ocwen Financial Corporation; The SEC subpoenaed records from Ocwen regarding its dealings with sister companies; and, S&P lowered its outlook on Ocwen Financial to negative.

Unfortunately, this situation with Ocwen is not uncommon.    According to research performed by the Center for Audit Quality, from 2003 through 2012, 10,479 entities required restatements, i.e. SEC 8-K filings.  For this 10 year period, restatement counts ranged from a high of 1,784 in 2006 to a low of 711 in 2009; averaging 1,048 per year.

So what can a company due to avoid this situation – Seek guidance from an Accounting professional on the proper application of GAAP, for your situation; Remove the opportunity for fraud to be committedMaintain a strong Internal Control environment including a Segregation of Duty Analysis; Implement conservative policies and procedures and reduce the manual intervention which causes errors; and, Ensure an ethical environment, but maintain a Whistleblower program.

As the SEC continues with the implementation of the JOBS Act, one can only wonder about the frequency of material misstatements, requiring financial restatements with small and medium-sized non-public entities.

SEC Press Release – January 20, 2016 – “The Securities and Exchange Commission today announced that Ocwen Financial Corp. has agreed to settle charges that it misstated financial results by using a flawed, undisclosed methodology to value complex mortgage assets.  Ocwen agreed to pay a $2 million penalty after an SEC investigation found that the company inaccurately disclosed to investors that it independently valued these assets at fair value under U.S. Generally Accepted Accounting Principles (GAAP).”

Author: Regis Quirin
Visit Regis's Website - Email Regis
Regis Quirin is a financial executive with 23 years of corporate experience, i.e. New York Stock Exchange, JP Morgan Chase, and GMAC ResCap; and 15 years working with small and medium-sized entities, i.e. joint ventures, start-up entities, established businesses. In 2014, Regis published "Redesign to Turnaround Underperforming Small and Medium-Sized Businesses" available via Amazon.

Accounting Discretion or Earnings Management?

Surveys completed by 169 CFO’s showed , “…CFOs believe that in any given period about 20% of firms manage earnings…only about 60% of earnings management is income increasing, while 40% relates to income-decreasing activities…CFOs believe that it is difficult for outside observers to unravel earnings management…” (Earnings Quality: Evidence from the Field, September 2012).

There are policies and practices within GAAP, that allow for a certain amount of flexibility, i.e. where reasonable individuals may disagree , such as revenue recognition timing; depreciation and amortization policies; allowance for doubtful accounts projections; pension expense estimates; and inventory valuation.

These discretionary practices are also causing issues within the Auditing community.  Based on a recent report issued by the Public Company Accounting Oversight Board – REPORT ON 2007-2010 INSPECTIONS OF DOMESTIC FIRMS THAT AUDIT 100 OR FEWER PUBLIC COMPANIES (PCAOB Release No. 2013-001 February 25, 2013), audit deficiencies identified include – auditing revenue recognition; auditing fair value measurements; auditing accounting estimates; and, auditing procedures to respond to the risk of material misstatement due to fraud.

Issues arise when these policies allow for abuse.  Private companies may wish to increase expenses and lower earnings, to minimize taxes; while public companies may wish to decrease expenses and increase earnings, to achieve a higher stock valuation.  These strategies primarily move earnings from period to period.  To sustain the desired approach, successive quarters will need to be manipulated.  Regardless of your initial reason to manage the earnings, the end result will be a strategy where you mislead investors and lenders, i.e. commit fraud.

Additionally, there are also policies within GAAP that make targeted manipulation possible.  Common manipulation techniques include – over-accruing “cookie-jar reserves”; and establishing a reserve for restructuring charges “big-bath reserves.”

To avoid this situation – institute a strong control environment; and, retain a CFO with sound ethical convictions.  While it may be difficult to identify earnings management for an outsider looking in, an insider with the proper training in Accounting, Finance, that understands the business model, should easily identify the issue and implement corrective measures going forward.

Author: Regis Quirin
Visit Regis's Website - Email Regis
Regis Quirin is a financial executive with 23 years of corporate experience, i.e. New York Stock Exchange, JP Morgan Chase, and GMAC ResCap; and 15 years working with small and medium-sized entities, i.e. joint ventures, start-up entities, established businesses. In 2014, Regis published "Redesign to Turnaround Underperforming Small and Medium-Sized Businesses" available via Amazon.

Six Tips to Improve Your Internal Controls Audit

Re-Post of a blog written by Teresa Bockwoldt, first posted on www.vibato.com

Many organizations feel ambivalent about their yearly audit. They know it’s important, but there’s a sense of dread at the impending disruption and costs to the organization that, frankly, bring little to no obvious positive effect to the bottom line.

Fortunately there are ways to enhance the value of your audit – and even cut your audit-related costs over time. We recommend starting with your internal controls over financial reporting, which auditors are now required to review in order to meet legislative guidelines.

1. Be Proactive

Understanding what your auditors will be doing, how they do it, and what they expect – before the audit starts – is key to an efficient, successful audit. The traditional practices of hall-roaming, constant disruptions, and off-topic discussions should be mitigated in advance by having a plan to host, manage, and focus your auditors. Being proactive can include all of the activities identified in steps 2 through 6, and will lead to fewer headaches for everyone involved. Establishing a proactive effort around your audit will also set your auditor’s expectations, and help them understand how to be more effective as well. They want you to be organized, have the appropriate information available, and be willing to discuss or address any issues they find. Having a formal plan for your audit is the first step in showing them that you are ready.

2. Actively Manage the Audit Staff

Assign one member of your internal team – the controller or internal audit manager – to actively manage the audit staff. Make it clear to the auditors that all requests for information and documentation must be fielded through that single employee. This will reduce disruptive behavior – such as an auditor storming into an office and demanding the immediate delivery of something – to employees inside and outside your finance team.

3. Complete the Risk Assessment and Segregation of Duties Analysis Yourself

Regulations require auditors to scope their audit based on risk. In this environment, the risk assessment and segregation of duties analysis take on a new level of importance. Traditionally, auditors will spend time preparing these assessments themselves. We recommend taking this on internally, or outsourcing to a third-party expert that charges less per hour than your auditor. The key is to get your auditor’s approval of the methodologies behind the work and the results prior to starting the audit. Also, be sure you can support independence and objectivity when internal personnel are used. By working with the auditor on what you have prepared, you are already limiting and controlling the potential scope of the audit – and this can make a big difference in both the duration and the outcome.

4. Balance Your Control Counts

Strive to balance your internal control counts, since too few controls put you at risk, and too many result in high audit and maintenance costs. Look at how many internal controls you have per employee in the finance department and, if the numbers seem skewed, consider undertaking a control rationalization effort before the end of your fiscal year. The best way to determine how many controls you need is to use a risk assessment to identify the highest areas of risk in your business, and focus mainly on those areas. Having redundant controls to mitigate the same risk is a good starting point, but over time you should be able to reduce this ideally down to one control per risk – saving you significant cost and effort as time goes on.

5. Document for Audit-ready Review

Documentation is another area where some simple, proactive work internally pays big rewards down the road. Find out how your auditor wants to see your documentation, and then follow an organized system that maps to their standards. Vibato recommends storing your monthly and quarter-end documents in binders that are tabbed out by topic (such as journal entries or bank statements). This kind of organization not only gives you a better sense of how far along you are at any given moment, it also makes it easy to find what you need during the audit – and ensures that your organization isn’t paying an auditor for something your own team could have done more cost-effectively.

6. Bring in a 3rd Party

Consider bringing in a reputable and experienced third party consultant for audit-related help that requires more independence or expertise than your internal team can offer. The right consultant acts as a client sounding board and advocate– which auditors no longer do—who can deliver focused, high quality service for a lower hourly rate than what an audit firm would charge for its senior partners. Rely on consultants when you need assistance with your risk assessment and segregation of duties analysis; for testing and documentation efforts; and for control implementations or rationalization efforts. The best consultants will offer established methods that have been proven to work, ensuring you get the most not only out of their expertise but out of your entire audit as well.

Author: Regis Quirin
Visit Regis's Website - Email Regis
Regis Quirin is a financial executive with 23 years of corporate experience, i.e. New York Stock Exchange, JP Morgan Chase, and GMAC ResCap; and 15 years working with small and medium-sized entities, i.e. joint ventures, start-up entities, established businesses. In 2014, Regis published "Redesign to Turnaround Underperforming Small and Medium-Sized Businesses" available via Amazon.

5 Steps to Effective Segregation of Duties Analysis

Re-Post of a blog written by Teresa Bockwoldt, first posted on www.vibato.com

If you are like most finance executives, you probably would like to minimize the risk of fraud and financial mistakes within your organization. You probably also would like to reduce the chance of an audit-related surprise like a material weakness or waste time and resource effort with out-of-scope situations.

One way to achieve these objectives is to complete a Segregation of Duties (SoD) analysis at the beginning of each fiscal year. This relatively simple process, which takes only a few hours with the right information and tools, can yield big rewards, especially for small or rapid growth companies, or nonprofit organizations where there is an imbalance between number of staff (low) and workload (high).

The SoD analysis describes all the tasks related to your financial transactions and lists the employee or title responsible for handling each of those tasks. And when we say all the tasks, we mean all the tasks, from the most mundane (who opens the mail) to the most strategic (who signs payroll checks). This analysis emphasizes who not how: the SoD focuses on people and tasks, not policies and procedures.

The SoD identifies points in your financial processes where fraud or mistakes might occur and go undetected because one person is completing several finance-related tasks that conflict with each other (segregation conflict). For example, consider the opportunity for fraud if the accounting personnel have access to both your check stock and your signature stamp or if the same shipping and receiving manager receives inventory and investigates inventory discrepancies.

In a good SoD analysis, you would identify these segregation conflicts and develop a way to mitigate them – such as dividing the responsibilities or incorporating a monthly review of transactions by a higher level manager. The goal is to make it harder for anyone who works at your organization (including employees, consultants, volunteers, and Board members) to be tempted to commit fraud. Essentially, you are minimizing organizational risk by removing the opportunity, and hence the temptation, to commit fraud.

Since audits focus on risk and how it is mitigated, the SoD analysis will help both your fraud prevention and audit preparation efforts. Your auditor will be looking for holes within your organization where there might be opportunities for mistakes or concealment. If you can show the auditor you’re identifying and plugging those holes, by providing a copy of your SoD plus a list of follow-up actions, you can reduce the work your auditor needs to do and demonstrate the integrity of your organization’s financial reporting efforts.

A segregation of duties analysis is always completed as part of an audit; so if you do not complete one and show the results to your auditors, your auditor will complete one for you — and charge you for it. We recommend that organizations complete their SoD analyses, either on their own or with help from an objective third party, for several reasons. The biggest advantage in this approach is that an organization will be able to identify and remediate conflicts before the annual audit, thus minimizing the risk of a negative opinion. Another benefit is that if you can show your auditor that you are identifying and mitigating segregation conflicts, it increases their belief that you are running your organization properly and will lower their perception of your organizational risk – this can benefit you in other ways as well.

We recommend a five (5) step approach to completing an SOD analysis:

Step 1: Choose Your SoD Approach

Your executive team has decided to conduct an SoD analysis; now you must determine whether to complete the analysis using only internal resources or with help from a qualified third party.

We strongly recommend bringing in third-party assistance unless your internal audit or accounting team has both the experience and the tools to complete this process efficiently and cost-effectively. As is always the case when hiring a consultant, you’ll need to weigh the consultant’s fees and experience against the time and costs your in-house team would spend creating an in-house tool, researching your auditor’s requirements, collecting the information, and compiling the results.

Another tip: If you plan to do the analysis internally, do some research on the best tools/methods available that you can leverage. There is no reason to create this process from scratch, since a little knowledge will get you a long way towards understanding where you need to focus, and how to collect/analyze/remediate any issues. The more automated you can make your approach, the more reliance your auditors will tend to place on it because you are minimizing the risk of human error.

Finally, you will need to understand what risk levels are acceptable or unacceptable, not just to your organization but to your auditor. So before you start your SoD, review the notes from prior audits and/or ask your external auditors about their top concerns. This proactive approach will help you prioritize the conflicts you find and take action only on the ones that matter to your auditor.

Step 2: Tap Your Knowledge Network

Now that you have a methodology, some tools, and a team, you need to acquire information about who does what within your organization.

Remember, many finance-related activities happen outside the finance organization itself. For example, your receptionists “touch” the finance department if they’re responsible for receiving, opening, and sorting the mail. Similarly, your warehouse staff also “touch” the finance department when they ship products or receive inventory and invoices. For a comprehensive SoD analysis, then, it is extremely important to bring in representatives from the human resources, operations, IT, and finance departments, as well as directors or managers from satellite offices or manufacturing facilities.

Gather all representatives for an in-person meeting or conference call, during which your internal audit leader or consultant will go step-by-step through each finance task, and ask for information about who completes these tasks. It is important to assign titles, rather than individual names, to ensure the analysis stays consistent regardless of the day-to-day human resources changes in the organization (such as absences, resignations, or promotions).

Step 3: Identify and Prioritize Conflicts

Once you’ve assigned titles to tasks, you need to see where your segregation conflicts lie and prioritize them according to your organization’s risk limits. As a general rule, you should pay close attention to conflicts in tasks related to receiving or disbursing cash or checks; wire transfers; managing inventory; and posting journal entries.

Here’s where using an automated, visually-oriented approach pays off. Imagine the time you’d spend sifting through hundreds of pages of documents, manually checking titles and tasks, creating graphics to show the conflicts, and then ranking those conflicts according to risks. Some auditors and consultants still use this manual approach, which makes completing the SoD time-consuming and expensive. You’ll save time and money, and likely get a better result, by using an automated tool that synthesizes the information and provides a graphical output with conflicts highlighted and ranked according to the risks your organization and your auditor have identified.

Step 4: Develop Mitigation Plans

During this step, keep in mind that every organization has some SoD conflicts. Your goal is not to get to zero conflicts but rather to recognize which conflicts you have and to address those conflicts according to the risks they pose to your organization.

Your mitigation options include reassigning responsibilities, hiring more staff, increasing the frequency of cross-checks (like monthly closes), or introducing new approval or reviews either within or outside the finance department. A nonprofit or small company, for example, might ask a board member to review financial transactions, in lieu of hiring another staff member.

Occasionally, your auditor might disagree with how you’ve prioritized conflicts or want a more aggressive mitigation (such as hiring a new employee) that goes against your business realities. In these situations, it’s important to go back to your SoD analysis and prior years’ audits and provide evidence that backs up your assessment. If you have a third party consultant, they should be able to argue your case.

Step 5: Apply Your Analysis Beyond the Audit

You’ll want to share your SoD analysis with your auditors twice – when you’ve first completed it, to ensure that all areas of business risk are covered, and again when they are completing your year-end audit. Meantime, you can apply the lessons learned from your SoD analysis to other areas of your business. Since this analysis will highlight where existing duties are distributed unevenly throughout the applicable resource pool, the tool also helps you make more informed decisions during company-wide or departmental reorganizations. This analysis can be used to justify staffing recommendations to the management team or Board of Directors.

Author: Regis Quirin
Visit Regis's Website - Email Regis
Regis Quirin is a financial executive with 23 years of corporate experience, i.e. New York Stock Exchange, JP Morgan Chase, and GMAC ResCap; and 15 years working with small and medium-sized entities, i.e. joint ventures, start-up entities, established businesses. In 2014, Regis published "Redesign to Turnaround Underperforming Small and Medium-Sized Businesses" available via Amazon.

Mid-Year Look-Back and a Look-Forward

July is a perfect month to look back at the full-year plan established in January and re-forecast the balance of the year.  While a “best practice” for any business is to monitor success monthly, at reaching targets established at the beginning of the year (Communicating and Monitoring Success at Reaching Strategic Goals http://cfotips.com/?p=26); there is additional value in reviewing your full-year plan to understand if you are reaching your goals?

Look Back

Items for your consideration with references to topic specific CFOTips blog posts are as follows —

Review company success at generating revenue through marketing and sales

– Marketing Economics http://cfotips.com/?p=226.

-Activity Based Costing and Sales Management http://cfotips.com/?p=57.

-Bridging the gap between Sales and Finance http://cfotips.com/?p=133.

Review your company’s financial health

– For a Business – Cash Flow is King http://cfotips.com/?p=139.

– Bad Debt Strategies http://cfotips.com/?p=69.

Review if your company is operating efficiently and as expected

– Process Improvement to Eliminate/Contain Non-Value Added Costs in the Services Industry http://cfotips.com/?p=42.

-Internal Audits – “Inspect what you Expect”  http://cfotips.com/?p=325.

Review customer accounts

-Relationship Development after the Sale http://cfotips.com/?p=353.

-The Voice of the Customer http://cfotips.com/?p=154.

Review your position in the market

– How You Compare, i.e. Competitive Analysis Tactics http://cfotips.com/?p=328.

Look Forward

If after this review you are confident that you understand the reason for any variance, plan for the balance of the year –

-Re-forecast your projections.

-Evaluate if strategies identified at the end of last year make sense for the balance of this year.

-Ensure optimal tax planning – state and federal.

Finish the year strong!

Author: Regis Quirin
Visit Regis's Website - Email Regis
Regis Quirin is a financial executive with 23 years of corporate experience, i.e. New York Stock Exchange, JP Morgan Chase, and GMAC ResCap; and 15 years working with small and medium-sized entities, i.e. joint ventures, start-up entities, established businesses. In 2014, Regis published "Redesign to Turnaround Underperforming Small and Medium-Sized Businesses" available via Amazon.

Internal Audits – “Inspect what you Expect”

According to The Institute of Internal Auditors (https://na.theiia.org) —

“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”

During the normal course of business, department heads – identify operational risks; develop and document policies and procedures to mitigate these risks; and train their staff on the procedures.  These policies and procedures are amended, probably annually by the responsible department.  Internal auditors validate that the policies and procedures are followed and effective at minimizing financial risk.

But, recent market turmoil revealed additional risks that if not addressed expose the company to brand and reputational risks, as well as financial risk.  The role of the internal auditor is expanding and the approach employed is evolving.  Internal Auditors are accountable for reviewing current processes and improving them when possible, by implementing best practices.

A proper internal audit approach includes understanding business goals usually identified through senior manager interviews, preparing risk assessments, scoping key audit areas, evaluating controls, creating remediation plans, and testing controls.  An internal auditor must be able to evaluate, assess and implement controls across business areas.

According to the 2012 Internal Audit Capabilities and Needs Survey (Protiviti March 2012), identified themes for 2012 are associated with technology and the risks presented, such as IT Asset Management; Vendor Negotiations; Fraud; Social Media Applications; Cloud Computing; Continuous Auditing/Monitoring.

What has been your experience?

Author: Regis Quirin
Visit Regis's Website - Email Regis
Regis Quirin is a financial executive with 23 years of corporate experience, i.e. New York Stock Exchange, JP Morgan Chase, and GMAC ResCap; and 15 years working with small and medium-sized entities, i.e. joint ventures, start-up entities, established businesses. In 2014, Regis published "Redesign to Turnaround Underperforming Small and Medium-Sized Businesses" available via Amazon.

Audit Transparency – Rating the Raters

On May 1, 2012, the Public Company Accounting Oversight Board (PCAOB) announced changes to its website (www.pcaobus.org) where site visitors can now review certain public information provided by audit firms, which includes registration, annual and special reporting, disciplinary proceedings and inspection reports.

The PCAOB was created in 2002 as a result of the Sarbanes-Oxley Act.  As required by the act, auditors of US public companies are subject to external and independent oversight, by the PCAOB.  The SEC maintains authority over the PCAOB, with respect to rules, standards and budgets.

As of April 25, 2012, there were 2,378 registered firms (foreign and domestic), as well as 42 pending applications.  As of May 7, 2012, information for 1,627 inspection reports was provided, including 118 “QC criticisms now public.”  A quick review of the Big 4 Audit firms showed –

Firm Entity Reports QC Criticisms
Deloitte & Touche 18 1
Ernst & Young 30 0
PriceWaterhouse 32 0
KPMG 35 0

This type of information can only benefit companies/issuers that are looking for a new auditor for their private or public concern.

Please let me know how useful this information was to you, by Commenting.

Author: Regis Quirin
Visit Regis's Website - Email Regis
Regis Quirin is a financial executive with 23 years of corporate experience, i.e. New York Stock Exchange, JP Morgan Chase, and GMAC ResCap; and 15 years working with small and medium-sized entities, i.e. joint ventures, start-up entities, established businesses. In 2014, Regis published "Redesign to Turnaround Underperforming Small and Medium-Sized Businesses" available via Amazon.

H.R. 3606, aka the Jumpstart Our Business Startups (JOBS) Act, is Law

The U.S. Senate granted approval March 22nd; while the House of Representatives approved March 27th.  The Act was signed into law by the President on April 5th.  This law creates a category of companies called “emerging growth companies” that stay under the radar of the Securities and Exchange Commission (SEC), for up to five years.  This class of companies includes entities with gross revenues of less than $1 billion in the most recent fiscal year.  Reportedly, this population includes 14% of companies.

The logic – relax rules that limit the ability of small businesses to garner capital, thereby assisting their growth.  As these businesses thrive, hiring increases.

Benefits afforded to emerging growth companies by this law include –

-Exempt from the requirement of separate shareholder approval of executive compensation;

-Need only to provide audited financial statements for two years, as part of their IPO registration;

-Exempts external auditors from attesting to the assessment of internal controls provided by management;

-Exempt from any firm rotation requirement  being considered by the Public Company Accounting Oversight Board;

-Raises the number of investors to 2,000 and investment value to $50 million, prior to SEC registration;

-Eases certain conflict-of-interest restrictions between the analysis and investment banking sides of a firm with respect to offerings; and,

-Exempt from soliciting investment from only sophisticated investors.  Reportedly, this provision will allow companies to seek funds over the internet, i.e. crowdfunding.

But don’t expect any sudden changes on Monday (4/9).  The SEC has 270 days to review the law and revise current regulations.  Items of this law alter elements of the following laws – Securities Act of 1933; Securities Exchange Act of 1934; Investor Protection and Securities Reform Act of 2010 (title IX of the Dodd-Frank Wall Street Reform and Consumer; Sarbanes-Oxley Act of 2002; Reg D; Rule 144A…

Detractors believe that loosening regulations will only lead to abuse and fraud.  According to the final version, the SEC will report to Congress every two years, tracking the incidence of fraud associated with these changes.

Author: Regis Quirin
Visit Regis's Website - Email Regis
Regis Quirin is a financial executive with 23 years of corporate experience, i.e. New York Stock Exchange, JP Morgan Chase, and GMAC ResCap; and 15 years working with small and medium-sized entities, i.e. joint ventures, start-up entities, established businesses. In 2014, Regis published "Redesign to Turnaround Underperforming Small and Medium-Sized Businesses" available via Amazon.

The Evolution of the Audit Process

By this time, your annual audit is either complete or winding down.  You have documented the auditor’s requests and considered how you could make the process easier next year.  You may have had your exit discussion and are in the process of considering how and when to implement any suggested process improvements.  In year’s past, that was it, until you received your engagement letter next November/December.

But this year may be different.  One change being discussed may alter the process, in the next twelve months –

In August 2011, the Public Company Accounting Oversight Board (http://pcaobus.org) released for comment PCAOB Release No. 2011-006, which proposed an audit FIRM rotation.  PCAOB questions how objective an auditing firm could be if the audit firm and the client have had a long-standing relationship.

As of March 24, 636 letters were received, i.e. some for the proposal and some against.  The comment period will stay open until April 22, 2012.

This proposal represents a more stringent requirement than the one imposed by the Sarbanes-Oxley Act (2002).  As a way to ensure independence and objectivity of audit firms, Sarbox requires senior managing audit PARTNER rotation every five years.

The primary objection, for those that oppose the PCAOB proposal, are that as you shorten the time of engagement, you lose the expected efficiencies and cost savings associated with a long-standing relationship.

According to a study entitled “Audit Partner Rotation: An Analysis of Benefits and Costs” audit partners reported that it required two-to-three years before client familiarity was established.  Based on this research, audit clients only receive the benefits of an established audit relationship for two years, prior to a partner rotation.  At this early stage, Firm Rotation research is spotty.

Even though these actions technically are imposed only on public companies, it would be prudent for a CFO to take note.  Quickly when business methods are adopted and accepted by key stakeholders, they have a way of becoming a “Best Practice,” i.e. a business requirement that is expected, but not legally based.

What is your experience?

Author: Regis Quirin
Visit Regis's Website - Email Regis
Regis Quirin is a financial executive with 23 years of corporate experience, i.e. New York Stock Exchange, JP Morgan Chase, and GMAC ResCap; and 15 years working with small and medium-sized entities, i.e. joint ventures, start-up entities, established businesses. In 2014, Regis published "Redesign to Turnaround Underperforming Small and Medium-Sized Businesses" available via Amazon.