In response to concerns raised by industry groups about internal control audits growing costlier and more complex, Securities and Exchange Commission Chief Accountant James Schnurr (pictured at left) is encouraging audit committee members to step up their dialogue with independent auditors and management. Such discussions should encompass the auditor’s approach to risk assessment, testing, and documenting evidence under standards set by the SEC and the Public Company Accounting Oversight Board, and in response to PCAOB inspections

Schnurr also emphasized the need for communication between the audit committee, management, and auditors on highly judgmental areas, including disclosures relating to the new FASB standard on revenue recognition, and in reaching determinations of materiality and other decisions at the company level, in support of the SEC’s goal for enhanced disclosure effectiveness.

Schnurr’s remarks took place at the second annual Audit Committee Summit at the University of California, Irvine. 

Industry concerns about ICFR audits
Noting that he, together with PCAOB Chairman James Doty and members of their respective staff, had met with representatives of the U.S. Chamber of Commerce, Financial Executives International, and the Center for Audit Quality in response to concerns such as those noted in a May 29, 2015 letter from the Chamber of Commerce to the SEC and PCAOB, Schnurr described the meetings as “productive” and said the dialogue would continue.

The Chamber’s 19-page letter detailed examples provided by members of the Financial Reporting Working Group, a multi-association group formed by the Chamber’s Center for Capital Market Competitiveness, providing instances of what the members believed to be overly detailed audit procedures for low-risk items, unrealistic documentation requirements for approval processes that had moved from paper-based to electronic, and a move away from reliance on entity-level controls in favor of process level controls. The letter also noted a move among independent (external) auditors away from previous levels of reliance on the work of the internal auditor.

Practice devolving back to AS 2?
“It appears that practice is moving gradually back to AS 2 as a result of the PCAOB inspection process,” one company noted, referencing the initial standard, Auditing Standard No. 2, issued by the PCAOB, implementing the auditor’s responsibilities under Sarbanes-Oxley Section 404(b), vs. the standard that superseded it – AS 5, which was applauded for incorporating a more risk-based approach to the audit of internal control over financial reporting (ICFR), which in turn was believed to increase the effectiveness of (while at the same time potentially decrease the cost of) the ICFR audit.

The industry group also emphasized that AS 5 benefitted by being in synch with the SEC’s updated guidance for management’s assessment of and reporting on ICFR, in fulfillment of the requirement set on management by Sarbanes-Oxley Section 404 (a). Thus, the Chamber indicated its belief, based on what it had heard or observed from its auditors, that more recent PCAOB inspections were out of synch with the SEC’s and PCAOB’s amended rulemaking.

“The business community believes that strong and effective internal controls and audits are an important component of the ability of businesses to communicate with investors in order to raise the capital needed to operate, grow, and compete,” read the Chamber’s letter. “However, developments over the past several years have raised concerns that the unintended consequences of the PCAOB inspection process and corresponding changes to internal control processes are eroding judgment, as well as increasing costs and burdens for work that may in some instances not lead to more effective audits or controls. While accelerated filers are feeling the direct impacts, even non-accelerated filers are being affected.”

Communication essential among audit committees, auditors, and management
Schnurr demurred on whether the PCAOB’s inspection process , the auditor’s response thereto, or the underlying quality of management’s ICFR assessment and related documentation are to blame for the change in audit approach observed by the industry groups. He chose instead to state that there could be two or more potential issues at play.

“Some suggest that ICFR implementation is simply not compliant with the requirements and that deficiencies in audits identified by the PCAOB may, at least in part, be indicative of deficiencies in management’s controls,” he said. “Others have suggested the PCAOB may have set expectations for auditor performance at a level that exceeds the requirements of its auditing standards.”

Schnurr noted that in response to these concerns, the SEC and PCAOB would continue to meet with industry. However, he also emphasized the importance of enhanced communication between all segments of what has traditionally been described as a “three-legged stool” − management, auditors, and the audit committee.

“I encourage you to engage in a dialogue with your auditors regarding matters such as the auditors’ risk assessment decisions, selection of key controls, and approach to testing these controls in the context of existing guidance from the SEC and the PCAOB,” said Schnurr. “You may seek understanding of the critical audit decisions from both the engagement team and, if necessary, request that the concerns or disagreement between management and the engagement team be elevated to others at the audit firm who may be in a better position to articulate certain aspects of the firm’s audit approach and methodology.”

Further cementing his call to action, Schnurr added, “I believe that more effective communication between audit committees, management, and independent auditors will help alleviate some of the concerns raised.”

At the same time, said Schnurr, “we will continue to work closely with the PCAOB in this area. Together, we will consider whether these issues would benefit from additional staff communication, for example at future conferences, or other actions by the Commission or the PCAOB, keeping in mind first and foremost both organizations’ commitment to reliable financial reporting and investor protection.”

(Note: Two such future conferences at which Schnurr is slated to speak are FEI’s Current Financial Reporting Issues Conference and the AICPA’s Annual Conference on Current SEC and PCAOB Developments.)

ICFR an area of interest in multiple SEC divisions; close coordination with PCAOB
As to the level of SEC interest in ICFR, Schnurr noted, “ICFR is an area that has and will continue to attract the attention of the SEC staff.” He noted there have been numerous SEC staff speeches in recent years “questioning whether material weaknesses in ICFR are being properly identified, evaluated, and disclosed,” and that the SEC’s Division of Corporation Finance has sent letters to companies asking for more information about their ICFR evaluation or related disclosures. He made it clear that “the staff’s efforts related to ICFR are coordinated among the various offices and divisions of the SEC, including OCA, the Division of Corporation Finance, and Enforcement,” and that “we also work closely on ICFR matters with the PCAOB.”

Schnurr described the types of issues SEC staff have questioned include whether companies fully and accurately describe identified control deficiencies, including understanding the nature of the deficiency and the control that failed or was insufficient.

“We also routinely engage management in discussions regarding the root causes of identified control deficiencies, which is important because of the potential pervasive impact of certain control issues that may not be immediately obvious,” he added. “Appropriate disclosure of a material weakness is important because it can aid investors in assessing the potential impact to the financial statements of the material weakness.”

Observing that a significant level of judgment on the part of management and auditors can be required in reaching conclusions on the effectiveness of ICFR, Schnurr reminded the audience of audit committee members of their oversight duty in this area. “Effective oversight of these judgments and the conclusions reached by both management and the independent auditor represents an important responsibility of audit committees,” he said.

Evidentiary requirements in PCAOB, SEC and COSO literature
“It is important to keep in mind that while PCAOB inspection findings are, of course, one very visible factor to consider, they are only one of several elements in the ICFR equation,” said Schnurr. “That equation also includes the Commission’s interpretive guidance that is aligned with Auditing Standard No. 5 and management’s statutory obligation to devise and maintain an adequate system of internal controls. Furthermore, to the extent a company’s ICFR is subject to an independent audit requirement, it is also important to recognize that auditors need evidence of the design and effective operation of controls. “

Highlighting the role of evidence, Schnurr continued, “This basic principle is well recognized in the SEC’s guidance for management, which states that management’s assessment must be supported by evidential matter that provides reasonable support for its assessment. The guidance goes on to say that the nature and extent of the evidential matter may need to be adjusted depending on factors such as complexity of a control, the level of judgment required to operate the control, and the significance of the risk of misstatement the control is designed to address.”

Referencing the updated Internal Control-Integrated Framework published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) in 2013, Schnurr said, “Similarly, the updated COSO Framework discusses documentation of internal controls, including management’s responsibility for providing support to regulators, shareholders, independent auditors, and other third parties for its assertion on the effectiveness of internal control.”

AICPA releases SAS 130 on ICFR audits
Although not mentioned in the chief accountant’s speech, there was another development on the internal control / ICFR front this week.

On Oct. 27, the AICPA released an updated Statement on Auditing Standards 130, “An Audit of Internal Control Over Financial Reporting That Is Integrated With an Audit of Financial Statements.” SAS 130 is effective for integrated audits for periods ending on or after Dec. 15, 2016. The AICPA’s standard applies to audits of private companies and not-for-profits, whereas PCAOB’s AS5 applies to audits of public companies. Read more about SAS 130 in this Journal of Accountancy article.

Status of concept release on audit committees
Schnurr told the UC-Irvine conference that the SEC had received almost 100 comment letters on its July 1 Concept Release on Possible Revisions to Audit Committee Disclosures. The Concept Release sought public comment on issues dealing with the audit committee’s oversight of the auditor, as well as regarding the desire expressed by investors for additional disclosures regarding audit committees’ responsibilities in other areas.

Schnurr noted that about 40 percent of the comment letters were from audit committees and management, with about 20 percent from auditors and other accountants, and the remaining 40 percent split among investors, academics, professional associations, law firms, and others.

Some of the comments addressed the extent to which any additional audit committee disclosures should be voluntary vs. mandated, said Schnurr. Other comments called for “strengthened definition of an audit committee financial expert.” Some commenters noted potential overlap between the SEC’s Concept Release and some of the PCAOB’s current projects, including the PCAOB’s consideration of audit engagement partner disclosure, proposed changes to the auditor’s reporting model, and the potential use of audit quality indicators. “The staff will consider these comments as we continue our close collaboration with the PCAOB on those projects,” Schnurr said.

Revenue recognition disclosures required
Another area highlighted by Schnurr was the new revenue recognition standard issued by FASB, as reported by Compliance Week’s Tammy Whitehouse in SEC Expects Year-End Disclosures on Revenue Rule Plans.

Essentially, this type of disclosure is addressed in the Staff Accounting Bulletin No. 74, “Codification of Staff Accounting Bulletins,” Topic 11 M: Disclosure of the Impact That Recently Issued Accounting Standards Will Have On The Financial Statements Of The Registrant When Adopted In A Future Period.

Given the pervasive impact the new standard is likely to have on revenue recognition, together with the fact that the effective date was further delayed to 2018 as FASB considers further guidance in response to issues raised by its Revenue Recognition Working Group and others, developing such an estimate and related quantitative and qualitative disclosures can be quite daunting.

Schnurr counseled the conference attendees to “consider whether adequate resources have been dedicated to analyzing the impact of the new guidance and whether additional internal or external resources may be needed.” He also told them to “challenge the auditors on conclusions that do not appear to reflect the core business of the company.” He suggested that audit committee members also reach out to the company’s Investor Relations team regarding the nature and timing of communications with investors and analysts.

In developing the required Rev Rec disclosures, Schnurr said, “We expect the level of these disclosures to increase between now and adoption and are looking forward to understanding more about the impacts during our review of the 2015 financial statements.”

Additional highlights from Schnurr’s remarks on Rev Rec can be found in the Journal of Accountancy article Tips for Successful Revenue Recognition Implementation.

Disclosure effectiveness and materiality
The final topic covered in Schnurr’s remarks related to the SEC’s Disclosure Effectiveness project, including the FASB’s recently issued proposals on materiality. He referenced a recent request for comment issued by the SEC on Reg S-X, and described coordinated efforts under way between the SEC’s Office of the Chief Accountant, Division of Corporation Finance, and FASB to “address the interaction between the Commission’s rules and GAAP.”

Referencing FASB’s materiality proposal, Schnurr said, “FASB recently issued a proposal aimed at potentially improving the effectiveness of financial statement disclosures. That proposal would, among other things, clarify that omitting a disclosure of immaterial information would not be an accounting error.” (See our earlier post, FASB’s Materiality Proposal: A Big Deal; the FASB’s comment deadline is Dec. 8. See also the IASB’s recently proposed draft Practice Statement on materiality.)

Schnurr emphasized that the exercise of significant judgment by management and auditors would come into play in assessing when a disclosure can be omitted as immaterial, and urged audit committee members to be an “active and willing participant” in the process of determining not only the ‘volume’ of disclosure, but more importantly, the quality of disclosures. For all intents and purposes, Schnurr essentially enlisted audit committee members in the battle for disclosure effectiveness.

Learn more
Related information will be presented at the following events:

• Accounting and Auditing Current Developments from the MACPA, Nov. 2, Bowie Comfort Inn
• MACPA fall professional issues updates with Tom Hood; see the complete schedule here.
• AICPA National Conference on Current SEC and PCAOB Developments, Dec. 9-11, Washington, D.C.