Remarks before the 2011 AICPA National Conference on Current SEC and PCAOB Developments
Jason K. Plourde
Professional Accounting Fellow, Office of the Chief Accountant
U.S. Securities and Exchange Commission
As a matter of policy, the Securities and Exchange Commission disclaims responsibility for any private publication or statement of any SEC employee or Commissioner. This speech expresses the author's views and does not necessarily reflect those of the Commission, the Commissioners, or other members of the SEC Staff.
Good morning, my name is Jason Plourde and I am a Professional Accounting Fellow in the Professional Practice Group in OCA. I want to speak to you this morning about the use of pricing service information in informing fair value measurements and disclosure.
The staff understands that third party pricing services can often be used by management of public companies to obtain information to assist them with management’s responsibilities for estimating and disclosing the fair value of financial instruments in their financial statements. Some of the financial instruments for which pricing service information is used may be classified by management in Level 2 of the fair value hierarchy, and may range from bonds for which quoted prices in active markets are observable for similar instruments to collateralized debt obligations for which the only similar observable transactions are not in active markets.
Measurements and disclosures in this area may be subject to significant judgments by management, particularly in instances where there are no similar securities that are actively traded and, accordingly, where observable market participant assumptions may be used to estimate fair value. These estimates and related disclosures can be important information to investors not only for financial institutions but also for other issuers as well, including foreign private issuers who file financial statements in accordance with IFRS.
There has been increasing focus on this issue. For example, as you’ll hear more about tomorrow, staff in our Division of Corporation Finance may ask management questions in the comment letter process about its use of pricing service information. These questions may be related to the use of the pricing services in complying with the accounting and disclosure requirements in the financial statements, MD&A disclosure, management’s assessment of internal control over financial reporting (or ICFR), and the basic requirement to maintain books and records. I understand staff in our Division of Investment Management are asking similar questions of registered investment companies.
Of course, auditors have an important role in this area as well. The PCAOB also has been focused on this topic. You can see this evidenced in inspection findings by the Board, as well as the PCAOB’s convening of a pricing sources task force to inform its possible standard-setting or guidance around the auditor’s consideration of management’s and its own use of pricing service information in estimating fair value. The PCAOB’s report on observations of its inspections related to audit risk areas affected by the financial crisis, released in September 2010, noted deficiencies in auditing the fair value of complex financial instruments and auditing management’s controls over valuation, including the failure of auditors to sufficiently evaluate whether fair value measurements were determined using appropriate valuation methods or to adequately test controls over issuers' valuation processes. The report also notes instances where the auditor failed to understand the methods or assumptions used by external parties assisting them in developing an independent estimate of fair value for corroborative purposes.
In the context of using third party pricing service information to inform the estimation and disclosure of fair value, I want to remind management about its existing obligations to:
- Comply with GAAP, including disclosure requirements
- Maintain appropriate internal controls to prevent or detect material misstatements
- Assess ICFR
I will address each of these in turn but, before I do, I wanted to note that these management responsibilities can also inform the auditor’s risk assessment process when management incorporates information from third party pricing services. I understand that speakers from the PCAOB plan to discuss considerations for auditing fair value measurements tomorrow.
Compliance with GAAP
In markets where securities are not actively traded, pricing services may make assumptions about inputs that market participants would use to price securities, including assumptions about what securities are similar for the purposes of using observable inputs to price securities that are not as actively traded. Management may need to perform different procedures and controls when considering the information obtained from pricing services regarding the fair value of financial instruments, than the types of controls it performs when considering information obtained from other specialists, such as those that provide information about the fair value of intangible assets in business combinations or about pension liabilities. For example, management may be more involved in the initial determination of assumptions used by an actuary to value its pension liability than in determining the assumptions that are used to value a financial instrument. Further, there may be more information routinely provided by other specialists such as actuaries regarding their methodology. Existing financial statement disclosure requirements in these areas may require management to reveal more detailed disclosures about assumptions and inputs than it would in the fair value context. For example, the discount rate and the expected long-term rates of return on plan assets for a pension liability are required to be disclosed.
In determining compliance with GAAP, if management includes information from a third party pricing service to inform developing its estimate, it may need to consider the extent of its understanding of the pricing service’s valuation techniques, assumptions and other inputs depending on, for example, the significance and complexity of its securities positions and the other procedures and controls it performs. For example, management may need to consider how the pricing service developed the assumptions and models used to assure that its fair value estimate is consistent with a market participant view and appropriately classified within the fair value hierarchy. If the pricing service only provides a price for a given CUSIP with no information about the models or assumptions used to price it, management may not have enough information to assess the appropriateness of that price to determine whether it is in conformity with GAAP. This point may be more important when the assumptions used could be within a wide range of estimates used by market participants. Further, caveats or disclaimers that the pricing service includes with its pricing information may affect the procedures management performs to evaluate that information.
Maintaining appropriate internal controls to prevent or detect material misstatements
In addition to complying with GAAP, management is required to maintain a system of internal control over financial reporting sufficient to provide, among other things, reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in conformity with GAAP or any other criteria applicable to such statements1. Management also has responsibilities to maintain accurate and reasonably detailed books and records as described in the Exchange Act and related rules. Management may need to obtain information about valuation techniques, inputs and assumptions from its third party pricing services to enable it to comply with these requirements.
Additionally, the Commission’s rules define ICFR, in part, as a process to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with GAAP. When management uses pricing service information in estimating fair value, there is risk that such information is inaccurate or incomplete and risk that the prices they provide are not exit prices or are otherwise not in accordance with fair value as defined in US GAAP or IFRS. These risks may prompt management to consider other controls and other information to provide reasonable assurance about the reliability of its financial reporting.
In 2007, the Commission issued an interpretive release on management’s assessment of ICFR under the Sarbanes-Oxley Act,2 which I will refer to today as the Management Guidance. The Management Guidance is one way to satisfy an issuer’s obligation under Section 404(a) of the Sarbanes Oxley Act. I believe the Management Guidance is a good place to look when assessing internal controls, including those that relate to fair value measurement when using information provided by pricing services.
Under the Management Guidance, a key component of the issuer’s approach to evaluating ICFR is the identification of and response to risks of material misstatement. Some considerations I believe may be useful in assessing the risk of material misstatements relating to estimating fair value measurements include:
- Nature and complexity of securities involved (for example, the issuer, term, coupon, collateral, cash flow waterfall, priority in default, and other key drivers of value);
- Level of market activity for securities (for example, normal activity in market and changes thereto, nature of market (brokered, exchange, etc.), analysis of bid-ask spreads, and so forth); and
- Availability of market data (for example, who compiles data, timeliness, alternative markets, assessment of trades for adequate size and distressed nature).
For example, more complex and less actively traded securities may have a higher assessed risk of misstatement due to the uncertainties about their value and larger possible ranges of values that market participants may attribute to them. Within Level 2 securities, there may be a difference in management’s process for valuation of securities that trade less actively because of the different assessed risk of material misstatement . ICFR should be responsive to increasing risk of misstatement (including misstated disclosure) in more complex securities and those securities that are not actively traded. Management may need to design controls to appropriately weigh information received multiple pricing services and/or other sources of fair value information to assure that the prices recorded for securities are indicative of fair value.
Management may design a variety of controls to respond to identified risks. Some examples the staff is aware of include management’s interaction with the pricing service through what some term the “pricing challenge” process and through so-called “deep dives,” where management can obtain more detailed information from pricing services about the assumptions, inputs and other information used to price securities. Of course, the extent to which information from challenges, deep dives and other due diligence on pricing services is relevant depends on the assessed risk of misstatement and how much information about controls over the pricing of different classes of securities was obtained through management’s process. Other controls, such as its monitoring of the pricing services assumptions and changes thereto or other monitoring of market data may also be relevant for responding to identified risks of misstatement. Management of course needs to consider its own facts and circumstances to design and maintain controls that adequately addresses identified risk.
Independent audit reports on the internal controls of pricing services may be useful to management in designing and assessing ICFR. Such reports may provide useful information about the processes and controls used by pricing services. They might also address whether controls at the pricing service were suitably designed to achieve specified control objectives, whether they had been placed in operation as of a specific date, and on whether the controls that were tested were operating with sufficient effectiveness. In the absence of such reports, management may be able to consider other information to satisfy itself that the pricing service has appropriate controls or otherwise consider the limitations in using the information provided. Independent auditor reports that are available relating to fair value information should be read carefully. Even when such reports are obtained and the pricing service’s auditor reports that internal controls are designed to meet stated control objectives and that the stated controls have been placed in operation, management’s consideration of the valuation techniques and assumptions used by the pricing service in arriving at an fair value estimate for individual securities may still be important. The independent auditor’s report may state that its internal control evaluation did not include the accuracy of evaluated prices nor of any assumptions or inputs used in valuation or that the auditor did not evaluate the observable or unobservable nature of inputs to valuation techniques. Pricing services may receive information about inputs to valuation techniques, such as default rates, prepayment rates and cash flow “waterfalls” from other third parties whose controls and processes may or may not be part of the pricing service’s stated internal controls. Management’s controls may need to be responsive to these matters.
In summary, I believe management is well served to ask itself the following questions when using third party pricing services:
- Do we have sufficient information about the values provided by pricing services to know that we’re complying with GAAP?
- Have we adequately considered the judgments that have been made by third parties in order to be comfortable with our responsibility for the reasonableness of such judgments?
- Do we have a sufficient understanding of the sources of information and the processes used to develop it to identify risks to reliable financial reporting?
- Have we identified, documented, and tested controls to adequately address the risks to reliable financial reporting?
Auditors also may find these questions informative when considering their audit procedures on the measurements and internal controls relating to fair value estimates when management incorporates information from a pricing service. The answers to these questions may help to inform the auditor’s assessment of the presence and severity of control deficiencies.
Although my remarks have focused on fair value measurement and with management’s assessment of ICFR, I want to close with a reminder about financial statement disclosure. Management may need to consider whether the information received from the pricing service allows it to determine where in the fair value hierarchy to classify a security or group of securities for the purpose of providing the disclosures required by GAAP. If management cannot determine whether the inputs to a pricing service’s valuation model are observable, it may be difficult to determine if in fact the security in question can be accurately disclosed in Level 2 of the fair value hierarchy.
I hope these remarks are helpful as you consider fair value measurements and disclosures during year end. That concludes my remarks. Thank you for your time today.
1 See Exchange Act Section 13(b)(2)(B).
2 Release No. 33-8810