Deloitte & Touche LLP
November 29, 2002
Mr. Jonathan G. Katz
RE: Release Nos. 33-8138; 34-46701; IC-25775
Dear Mr. Katz:
Deloitte & Touche LLP is pleased to respond to the request for comments from the Securities and Exchange Commission (the "Commission") on its proposed rule, Disclosure Required by Section 404, 406 and 407 of the Sarbanes-Oxley Act of 2002 (the "Act"), File No. S7-40-02. This letter only addresses the proposal as it relates to Section 404 of the Act, Management Assessment of Internal Controls and the proposed amendment to the Exchange Act Rules adopted on August 29, 2002 to implement Section 302 of the Act, Corporate Responsibility for Financial Reports. We are submitting separate comment letters with regard to the proposed rules for Sections 406 and 407 of the Act.
We strongly support the goals of the President of the United States, the United States Congress, and the Commission to improve the quality and transparency of financial reporting. The implementation of the Act is the primary vehicle by which positive changes will come about and we are committed to assisting the Commission in the adoption of responsible rules to effect changes that serve to improve the quality of financial reporting and help to restore investor confidence in our capital markets. Key aspects of the implementation of the Act are the Commission's proposed rules concerning internal control reports and certifications required by Sections 404 and 302 of the Act. We believe that management and auditor reporting on internal control will improve the effectiveness of internal control over time. We strongly support internal control reporting including extending certain aspects of the requirements beyond the Commission's proposed rule. The following are our comments with respect to this proposed rule for your consideration prior to the adoption of the final rule.
II. Overall Comment Regarding Management's Evaluation and Internal Control Report
The Act requires a complex series of certifications and reports on different aspects of internal control at different points in time. Considerable confusion exists today concerning these requirements and how the additional information regarding controls will benefit investors. Because of difficulty in understanding the reports and certifications and the lack of comparability, users of such information are likely to find the complex subject of internal control and the required reporting quite difficult to use in making their investment decisions. Accordingly the Commission needs to simplify the requirements of their rules on Sections 302 and 404 of the Act and improve the understandability and comparability of the information for users of financial information. We provide some recommendations toward this goal in this letter.
We believe that:
In accordance with the principles set forth above we have the following comments on the proposed rule.
We agree that, because many definitions of internal control exist, a common definition needs to be established in the final rule so that management can properly develop their internal control assertions and users can compare these internal control assertions. The proposed rule provides a common definition of internal control by summarizing the objectives of internal control, to ensure that companies have processes designed to provide reasonable assurance that:
Importantly, notwithstanding the recitation of the above objectives of internal control within the proposed rule, the proposed amendments of Item 307 of Regulation S-K and S-B and Forms 20-F and 40-F fail to specify that management's assertion concerning internal control should specifically relate to these objectives as listed above.
Further, Section 103 of the Act requires the Public Company Accounting Oversight Board (the "PCAOB") to create or adopt auditing standards to require the auditor to report on whether the company's internal control over financial reporting:
Although the objectives of internal control and the objectives of Section 103 of the Act are similar and, as stated in the proposed rule, generally consistent, they are not the same. Further the proposed rule is devoid of any guidance as to the form of management's assertion. If the auditor is required to report exactly as specified in Section 103 of the Act, but management's assertion does not include the objectives of internal control or the objectives of Section 103, the auditor's opinion will not relate specifically to management's assertion. If left unaddressed in finalizing the rule, confusion will be widespread on the part of management in making their evaluation and report and on the part of users when trying to interpret the relationship between management's assertion and the auditor's opinion.
Because of this lack of guidance, assertions made by management will be ambiguous and will not be comparable from company to company. For example a review of disclosures by registrants of the disclosures required by Item 307 of Regulation S-K (§229.307) show diversity in practice already developing. The following examples illustrate the developing diversity in practice regarding Item 307 disclosures:
Indeed, if the auditor is forced to report on the objectives stated in Section 103 by action of the PCAOB pursuant to the law, but the isssuer is not required to include these objectives in their assertion, the auditor would be reporting conclusions without a management assertion. This would be a fundamental departure from present standards governing auditing and attestation.
We believe that management's assertion should specifically include the objectives of internal control listed in Section 103 of the Act and that the auditor's opinion should relate to that assertion as required by the Act. Any other information provided by the issuer in its report on internal control should be consistent with the assertion and responsibility statement. The Commission should provide guidance concerning what additional information about internal control, if any, would be useful to users if included in management's report. A possible area of expanded voluntary disclosure might be to describe the key elements of internal control in the company.
Attached to this letter, in Appendix A, we have included sample paragraphs to be used in management's assertion and the independent accountants' report. These sample paragraphs incorporate the objectives of internal control and procedures for financial reporting that are described in Section 103 of the Act. Portions of the paragraphs are shaded to indicate how they mirror one another with respect to these objectives. The sample paragraphs, however, do not reflect our recommendation discussed in part IV of this letter.
The proposed rule does not explicitly require the use of evaluative criteria. Rather it refers to the description of internal control over financial reporting found the AICPA Statements on Auditing Standards (SASs), Internal Control in a Financial Statement Audit, (AU 319). Although we agree entirely with this description and believe it is an appropriate description for issuers and auditors to use for the purposes of defining internal control, the description in AU 319 does not provide evaluative criteria. The auditor uses the description in AU 319 to obtain an understanding of internal control and to consider the effectiveness of internal control in designing substantive audit procedures. For this reason AT 501 footnote 8 states, "AU section 319 is not intended to provide criteria for evaluating internal control effectiveness."
In order for management's evaluations to be effective and for their assertions to be meaningful, comparable, and consistent, the final rule should explicitly require the issuer to adopt suitable evaluative criteria. Use of evaluative criteria will improve the quality of the evaluation of internal control performed by management and provide a more detailed and comprehensive benchmark for purposes of evaluation and reporting on the effectiveness of internal control. To assist users of financial information, the internal control reports and certifications on the effectiveness of internal control could be related to publicly available evaluative criteria. Using publicly available evaluative criteria would improve the users' understanding of the meaning of the assertion or certification and would permit the comparison of one company with another on a consistent basis or at least allow for the differences of basis to be readily identifiable by and understandable to users.
Accordingly, we recommend the Commission require the issuer to adopt suitable evaluative criteria established by experts outside the company and available to the public that have the following attributes (as described in AT 100.24):
AT 501.25 further describes suitable criteria as those that are, "composed by groups of experts that follow due-process procedures, including exposure of the proposed criteria for public comment. The attestation model described in AT 501 also permits management to create their own criteria. However, if management develops and uses its own criteria either the use of the report must be restricted or the criteria have to be disclosed in the report. We believe the complexity and volume of such disclosure would not promote understandability; as a result, we do not support management developing its own criteria.
An example of criteria we believe are appropriate is contained in Internal Control - Integrated Framework, published by the Committee of Sponsoring Organizations of the Treadway Commission ("COSO"). AT 501 recognizes the suitability of the COSO criteria. Additionally, the description of internal control used in section AU 319 of the auditing standards is derived from the COSO criteria. Banks commonly use the COSO criteria in internal control reporting under the requirements of the Federal Deposit Insurance Corporation Improvement Act ("FDICIA"). The COSO criteria have been modified since their publication in 1992 to include additional consideration of safeguarding of assets (in 1994) and extended to include more definitive criteria with respect to controls over derivatives (in 1996). Currently, COSO is preparing guidance on assessing and managing enterprise risk. Because the COSO criteria are widely recognized and kept current with emerging issues, we believe understandability and comparability of internal control reports would be improved by their use or criteria with similar attributes and recognition. Additionally, we recognize that other suitable criteria exist such as the Criteria of Control (CoCo) Framework established by the Canadian Institute of Chartered Accountants and Internal Control: Guidance for Directors on the Combined Code (the Turnbull Report) issued by the Institute of Chartered Accountants in England and Wales. Accordingly we recommend that the Commission indicate in the final rule that the COSO criteria are suitable criteria and that others such as CoCo and Turnbull that meet the requirements of AT 501 may also be suitable.
Evaluation of the effectiveness of internal control by management
Sections 302 and 404 require management to perform evaluations of the effectiveness of internal control on which they base their certifications and reports required by the sections. Little guidance is given concerning this evaluation. The Section 302 certification requires management to disclose to the auditors and the audit committee, "all significant deficiencies in the design or operation of internal controls which could adversely affect the issuer's ability to record, process, summarize and report financial data and identify for the issuer's auditors any material weaknesses in internal controls."
The relationship of "significant deficiencies" and "material weaknesses" and how they may affect management's evaluation is not discussed in the proposed rule. We believe that the rule should specify that the existence and identification of a material weakness in internal control require management to disclose that internal control is not effective because of the identified material weakness. The rule also should indicate that one or more significant deficiencies may constitute a material weakness. Consequently management should consider all the deficiencies identified and determine whether each or a related group are significant deficiencies. Likewise management should consider whether one or a group of related significant deficiencies are a material weakness. Management and the audit committee may wish to establish appropriate thresholds for the identification of significant deficiencies and material weaknesses in advance of making evaluations.
III. Require Public Reporting of Significant Deficiencies and Reportable Conditions
Investors should be aware of significant deficiencies and material weaknesses in internal control identified by the company or the auditor. By disclosing these matters, the Commission's stated concern about boilerplate disclosure will be mitigated and the transparency of the internal control evaluation and reporting process will be significantly enhanced. Most of all, users of the information will have a better understanding of the company's internal control. Such a reporting requirement also will have the impact of promoting improvement in internal control.
IV. Expand Requirement to Include Disclosure Controls at Annual Date
The Act and the proposed rule do not require the auditor to report on management's certification concerning disclosure controls and procedures at year-end. Significant confusion exists about the scope of disclosure controls and procedures including to what extent they include financial reporting controls. We strongly agree with the proposed amendment to the final rule on section 302 to require management to evaluate and certify financial reporting controls in addition to disclosure controls and procedures on a quarterly basis. This will help reduce the confusion and make clear that disclosure controls and procedures often overlap or are dependent upon the effectiveness of financial reporting controls. Nevertheless the distinction between disclosure controls and procedures and financial reporting controls is likely to be unclear to users of financial information. Users should be concerned with the controls over the information presented in the filings regardless of whether they are classified as financial reporting or disclosure controls and procedures. Accordingly we believe that the auditor's annual reporting requirement should be expanded to comprehend disclosure control and procedures. Auditor reporting on disclosure controls and procedures at interim dates should not be required.
V. Amendment of Certification Rules and Item 307 of S-K
We support the proposed amendment that would require management to evaluate its disclosure controls and procedures as well as its internal control over financial reporting as of the end of each period covered by the report, rather than as of a date within 90 days prior to the filing of the quarterly or annual reports. However, we note that based on the text of the proposed rule, issuers would be required to "disclose any significant changes to the registrant's internal controls and procedures for financial reporting made during the period covered by the quarterly or annual report...." In order for the disclosure provided to users of financial information about changes in internal control to be useful it must not be obscured by large quantities of information. Users of financial information need to know what changes in internal control were made to address significant deficiencies identified in the current and previous evaluations and what significant changes were made in internal control since the last evaluation. To provide disclosure of all significant changes in internal control made during the period will include many changes unrelated to significant deficiencies. The volume of such disclosures for large companies could be overwhelming to the users of the information and, since the changes would be subject to evaluation as of the end of the period, not relevant. Accordingly, we believe that disclosures about changes in internal control should be limited to those made to address a significant deficiency or material weakness and significant changes made subsequent to the latest evaluation. We believe this approach will provide necessary, useful information to users and is more consistent with the Act than the proposed rule.
VI. Economic Impact
In the proposed rule, the Commission estimated issuers would spend an additional 5 burden hours evaluating internal controls for financial reporting for each quarterly and annual report. We recognize the narrow scope of this statement. However there should be no mistake that the total effort on the part of issuers and auditors to evaluate, audit and report on internal controls as required by the Act and the Commission's rules is quite substantial. We have observed significant efforts being undertaken by many of our clients to ensure compliance with Section 302. In one instance, a company's disclosure committee, consisting of twenty people, is scheduled to meet for two full days each quarter to ensure compliance with Section 302 alone. In another instance, a large multi-national company that includes numerous subsidiaries, the disclosure committee consists of 46 people. This disclosure committee has planned a series of meetings with legal counsel, internal auditors, external auditors, and outside advisors to ensure compliance with Section 302. These examples are indicative of the effort some companies are expending to meet these requirements. It will be unfortunate if issuers who are less diligent than those in the above examples misread the economic analysis to conclude that only a cursory effort is required. We believe the economic analysis should include a clear statement that the total effort required is likely to be substantial for many companies particularly those with many operations.
VII. Terminology Issues
The final rule should use terminology that is consistent with the terms currently used and well understood by investors and issuers. The proposed rule uses the term "internal controls and procedures for financial reporting." Whereas the AICPA's auditing and attestation literature as well as the Internal Control - Integrated Framework, published by COSO use the term "internal control" to discuss internal control concepts generally and the term "internal control over financial reporting" to refer to the subset of internal controls that relate to financial reporting objectives. We believe the terminology used by the AICPA and COSO are well understood by users of financial statements and encompass the intention of the requirements under the Act. Therefore, in order to alleviate confusion among users of financial information, we recommend that the final rule use the terms "internal control" and "internal control over financial reporting."
Additionally, the proposed rule uses the term "attestation" to refer to the report that the external auditor is to provide with respect to management's assertion regarding internal control over financial reporting. However, an "attestation" engagement, as the term is used in existing AICPA professional standards and by the accounting profession, can refer to a variety of different types of engagements. An "attestation" may refer to an audit, or examinations or reviews of other subject matters such as MD&A or compliance with laws and regulations. In order to make it clear references to the work to be performed in relation to management's assertion on internal control over financial reporting should be described as the "auditor's report on internal control over financial reporting" or, based on our recommendation in section III. above, as the "auditor's report on disclosure controls and internal control over financial reporting." These terms would clearly describe the work being performed by the auditor and avoid confusion among users.
VIII. Answers to Specific Questions
Definition of Internal Control
It is appropriate for the rules regarding Section 404 to refer to the definition of internal control provided in AU 319 is appropriate but, since this definition was taken from the COSO report, it is preferable to cite the definition from COSO rather than AU 319. Although we agree with the definition, as discussed in our comments in section II above, simply providing this definition does not provide management with the information and guidelines needed in order to effectively assess the company's internal control over financial reporting. AU 319 does not provide evaluative criteria to evaluate whether control deficiencies are "material weaknesses" or "significant deficiencies. The Commission should define the attributes of suitable evaluative criteria to be used by management in performing its assessment and specifically indicate that the COSO criteria are suitable.
Filing and Placement of the Auditor's Attestation Report
The company should be required to file the attestation report issued by the company's external auditor in its annual report. The Commission should designate a specific place for this report as well as for management's report on internal control over financial reporting. We suggest that because management's report and the attestation report relate to internal control over financial reporting, that both reports be placed in close proximity to the financial statements and the auditor's opinion on the financial statements.
Applicability to Investment Companies
For large investment company complexes, it is not unusual that a certification is made at the end of each month since the reporting periods for different funds often end throughout the year. In the original certification rules a single evaluation of controls is permitted for the entire complex within ninety days of the certification date. For investment company complexes that operate within a common control structure, the original rules minimized the number of redundant evaluations required to approximately four times through out the year (within ninety days of the certification). The requirement to perform an assessment at the end of each reporting period places an undue time burden on an investment company complex. The benefit achieved of more frequent evaluations does not justify the additional time commitment. Since many investment company complexes have outsourced a number of the processes included the their control environment, the ability of the complex to make a thorough evaluation on the internal control process on a monthly basis becomes even more difficult. The current certification rules provide the certifiers more time to address these logistic issues and therefore permit them to perform a more comprehensive evaluation of the controls.
Effective Dates of Proposed Rules
The proposed rules related to management's assessment of internal control over financial reporting should not become effective before the PCAOB has issued or adopted the standards for external auditors to follow in performing the attestation of management's report. We believe the requirement for management's report and the auditor's attestation of that report should be implemented simultaneously.
In order to provide additional time for PCAOB to act and to ensure an adequate time frame for the education and training of audit personnel at registered public accounting firms, we recommend that this rule be effective for periods ending on or after December 15, 2003.
Proposed amendment to section 302 final rule
We strongly agree with the proposed amendment to require evaluation of financial reporting controls in addition to disclosure controls and procedures as discussed in section III above.
IX. Other Observations
References to "accounting literature"
The proposed rule contains two references to "accounting literature" in order to describe the current standards that may be used by companies and auditors to perform evaluations of internal control. These references to "accounting literature" are technically incorrect and should be modified. The first incorrect reference relates to existing standards that management may follow in evaluating internal control; these standards are contained in Internal Control - Integrated Framework, published by COSO. This publication by COSO should not be referred to as "accounting literature" but should be referred to by name. Additionally, existing standards for auditors to follow in performing attestation engagements related to an entity's internal control are contained in SSAE 10, Attestation Standards: Revision and Recodification (AT 501), Reporting on an Entity's Internal Control Over Financial Reporting. SSAEs are not "accounting literature." The final rule should reflect the proper references.
We believe the overall objective of Section 404 is to provide investors with meaningful information regarding a company's internal control. As a result of the Section 404 requirements, in conjunction with the requirements under Section 302, the disclosure control and internal control processes of a company will become more formalized, deficiencies will be recognized by management on a timely basis, the likelihood of control overrides or failures will decrease, and the effectiveness of a company's disclosure control and internal control will be more visible to investors. Because of these impacts, we believe Section 404 of the Act, if implemented effectively, has the potential to make a very significant positive impact on financial reporting. However, we also believe that in order for the requirements under 404 to be effectively and consistently implemented, the issues enumerated above should be addressed.
If you have any questions, please contact Robert J. Kueppers at (203) 761-3579.
cc: The Honorable Harvey L. Pitt, Chairman of the Securities and Exchange Commission
Sample Paragraphs from Management's Report on
|1||Release, 65 Federal Register, at 76,040.|
|2||Financial Statement Restatements: Trends, Market Impacts, Regulatory Responses, and Remaining Challenges, General Accounting Office, October 2002, p. 21.|
|3||Specifically, the commission states, "For purposes of this new disclosure item, we would define the term `code of ethics' to mean a codification of standards that is reasonably designed to deter wrongdoing and to promote ... prompt internal reporting to an appropriate person or persons identified in the code of violations of the code."|
November 29, 2002
Mr. Jonathan G. Katz
U.S. Securities and Exchange Commission
450 Fifth Street, N.W.
Washington, DC 20549-0609
RE: Release Nos. 33-8138; 34-46701; IC-25775
Disclosure Required by Sections 404, 406, and 407 of the Sarbanes-Oxley Act of 2002
File No. S7-40-02
Dear Mr. Katz:
Deloitte & Touche LLP is pleased to respond to the request for comments from the Securities and Exchange Commission (the "Commission") on its proposed rule regarding Disclosure Required by Sections 404, 406, and 407 of the Sarbanes-Oxley Act of 2002 (the "Act"), File No. S7-40-02. This letter addresses the proposed rule to implement Section 407 of the Act, Disclosure of Audit Committee Financial Expert. We are submitting separate comment letters with regard to the proposed rules for Sections 404 and 406 of the Act.
We strongly support the goals of the President of the United States, the United States Congress, and the Commission to improve the quality and transparency of financial reporting and corporate governance. Effective implementation of the Act will result in positive changes in financial reporting and governance. We are committed to assisting the Commission in the adoption of responsible rules to improve the quality of financial reporting and to help increase investor confidence in our capital markets. One element of the Act's implementation is the Commission's proposed rule concerning disclosure of audit committee financial experts. Following are our comments with respect to this proposed rule for your consideration in the final rule-making process. We have organized our response into overall comments on our key concerns relative to the proposal, followed by responses to some of the other specific questions that the Commission has posed for comment.
II. Overall Comments
Deloitte & Touche believes that, in certain areas, the proposed rule goes beyond the requirements and intentions of the Act. In some areas, we believe this will benefit investor protection and overall corporate governance. In others, however, we believe that some of the additional requirements and strict interpretations set forth in the proposed rule may have the unintended overall effect of diluting, rather than enhancing, investor protection and audit committee effectiveness. Our primary concerns relate to the likely unintended effects of the proposed requirements for qualification as a financial expert. The table below summarizes this, and our other key concerns, in order of priority.
|Priority||Area||Requirements of Act||Requirements of Proposed Rule||Recommendations of Deloitte & Touche|
|A||Requirements (Definition of Financial Expert)||Principles-oriented, requiring Commission to consider four attributes||Compliance-oriented, requiring possession of five attributes in all cases; segregated one attribute from the Act into two and modified several of the Act's attributes||Principles-oriented definition that (a) requires an understanding of GAAP, financial statements, and audit committee functions, and (b) requires at least one of the other three attributes be possessed|
|B||Terminology||Financial expert||Financial expert||Financially experienced audit committee member|
|C||Disclosure of Names and Number of Financially Experienced Audit Committee Members||Disclose whether at least one audit committee member is a financial expert||Disclose name(s) and number of financial expert(s)||Disclose whether at least one audit committee member possesses requisite financial experience, but do not disclose specific names and numbers|
|D||Evaluation of Qualifications||Not specifically addressed||Board evaluates||Independent board members evaluate|
|E||Location of Disclosure||In periodic reports required under Section 13(a) and 15(d) the Exchange Act of 1934||In annual reports (on Forms 10-K, 10-KSB, 20-F, and 40-F)||In annual reports and on an immediate and interim basis if an audit committee loses its only financially experienced member(s) without concurrently replacing him or her (them)|
For Section 407 to be implemented consistently and effectively, and without undermining Congress's intent, we believe that the above aspects of "Disclosure about Financial Experts Serving on a Company's Audit Committee" should be considered by the Commission as it completes its rule-making process. Additional perspective relating to these key concerns follows below.
Deloitte & Touche recently conducted an informal survey of approximately 70 individuals, the vast majority of whom are audit committee members, CEOs, or CFOs of public companies, on a variety of governance matters. Though not performed as an opinion poll utilizing statistically valid methodologies, the results of this informal survey, referred to throughout this comment letter, provide some insight into what some executives and audit committee members think about certain aspects of the proposing release. The questions and answers related to the Section 407 proposed rule appear, in their entirety, in the Appendix.
II A. Primary Concern: Requirements (Definition of Financial Expert)
We believe that the principles set forth in the Act for consideration by the Commission in defining "financial expert" provide a more clear, effective, and workable framework than existing New York Stock Exchange (NYSE) and NASDAQ guidance for evaluating whether the requisite financial expertise is resident in at least one member of the audit committee. While the Act is a matter of law, we believe that the attributes that it listed were only intended for consideration by the Commission. The Act did not mandate that an individual possess all of the attributes in order to be deemed a qualified individual. Although the proposed rule asserts that it does not suggest a bright-line test, we believe that the requirement to possess all five attributes has effectively that result. Relative to the Act, we believe that the proposing release is too rules-oriented, and that the prescriptive definition could potentially lead to negative, unintended consequences that would undermine Congress's intended result of enhancing investor protection. This concern is supported by our recent survey, which indicated that almost two-thirds believed that the rule, as proposed, would either have no impact on audit committee effectiveness or decrease audit committee effectiveness.
Unintended Consequences. The experience needed to fulfill all five of the attributes set forth by the Act and modified by the proposed rule would provide someone steeped in financial reporting experience. However, individuals who fit the profile required by the proposed rule may not typically possess the other characteristics critical to functioning as a peer to the other board members and to being a successful audit committee member and board member. These include traits such as general business acumen and judgment, inquisitiveness, commitment to protecting the public interest, willingness to ask tough questions, and willingness to invest the time to serve shareholders effectively. (See, e.g., The Business Roundtable, Principles of Corporate Governance (May 2002) at 13.) While it is the board's responsibility to ensure that audit committee members have all the traits necessary to effectively fulfill their role, the nature of the proposed definition may not generally result in a "financial expert" who has the other key traits of a successful audit committee and board member. As noted below, the pool of candidates who are qualified "financial experts," as proposed, is likely to be small; the pool of qualified "financial experts" who possess these other traits as well is likely to be even smaller. This could result in the unintended and undesirable consequence of forcing some boards, in order to avoid public criticism for lacking a "financial expert," to appoint one, who, in their eyes, is not an optimal board or audit committee member from an all-around perspective. This result could undermine the effectiveness of the audit committee. For foreign private issuers, where the proposed rule would additionally require experience with two regimes of accounting principles, the combination of traits is such that candidates could be so rare as to render the rule inoperable.
Additionally, the proposed definition is likely to preclude some of the most financially experienced and best existing audit committee members and financial executives from meeting the proposed definition of "financial expert," even if they currently meet the requirements for financial literacy and financial expertise. This sentiment was echoed recently, albeit in an exaggerated fashion, in a November 15, 2002 Wall Street Journal article that included a quote by Treasury Secretary Paul O'Neill. In that article, Mr. O'Neil acknowledged business leaders' fears that if the Commission turns some of the Act's provisions into "directives" rather than "suggestions," "There are going to be 10 people in the country who qualify to be audit committee members." As the Act is law, the provisions are directives to some extent, but the law left several important decisions for the Commission's consideration. Our survey suggested that the pool of qualified individuals is relatively small. Eighty-eight percent of respondents indicated that they were financially literate as defined by the 1999 Report and Recommendations of the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees, and 78 percent answered that they possessed financial expertise as defined by the same guidelines. However, only 44 percent indicated that they met the Commission's proposed definition of financial expert.
If companies attempt to maximize the number of financially experienced individuals serving on their audit committees, it is possible that many of these present, highly credentialed audit committee members may be displaced by new directors who fulfill the proposed definition but lack the equally important traits discussed above. The result, again, would be to undermine the effectiveness of the audit committee in its duty to protect shareholder interests.
Finally, we believe that the proposed definition will result in a limited pool of qualified and willing individuals, not only because it is very detailed, but also because the definition and the "financial expert" terminology itself imply a significantly elevated role to the public that is not inherent in the oversight nature of the position. Although the Commission's intent was not to increase the actual obligation or liability of the "financial expert," the public may perceive otherwise. If one considers the need for qualified audit committee members for smaller and newer companies, the issue will undoubtedly be much more acute.
Recommended Modifications to Definition. To prevent these unintended consequences; to implement both the letter and spirit of the Act; and to serve the best interests of the investing public and registrants, we believe the Commission should modify the definition and choose alternative terminology ("financially experienced audit committee member") as noted in Section II B. To be deemed a financially experienced audit committee member, an individual should be required to have an understanding of home-country GAAP and financial statements (attribute (a) of the proposed rule), as well as of audit committee functions (attribute (e) of the proposed rule). As it is possible and frequent that individuals possess deep financial acumen without having all three of the other attributes, we believe that only one of the other three attributes (attributes (b), (c), and (d) of the proposed rule) should be required.
With a framework, rather than a rulebook, for the application of the board's judgment, the pool of willing and qualified candidates will expand. More importantly, without a strict "check-the-box," compliance-driven definition, the likelihood of obtaining candidates who possess the other traits and background necessary to being effective audit committee and board members will also likely increase.
II B. Other Key Concerns: Terminology
We are concerned that the term "financial expert" carries strong connotations and has specific meaning under the securities laws. We believe the use of this term could be misperceived by the public to mean that the qualified individual has an elevated responsibility or liability relative to the other audit committee and board members, regardless of the Commission's intentions. The term "financial expert" also implies that the designated individual has more direct responsibility for financial reporting than this oversight role affords. These potential misperceptions could discourage some effective, financially experienced audit committee members from serving as "financial experts."
Further, the proposed term is narrow and may be construed to imply deep, comprehensive knowledge and experience in all areas of finance, accounting, and financial reporting. In today's complex environment, we believe that only teams, as opposed to individuals, possess the type of comprehensive knowledge that would be attributed by the public to an audit committee member described as a "financial expert." It would be difficult for a single financial executive, certified public accountant, or accounting professor, let alone anyone else, to meet that standard.
We believe that a preferable term, which is consistent with our other recommendations outlined regarding the proposed definition above and which would avoid the misimpressions associated with the "financial expert" term, is "financially experienced audit committee member."
II C. Other Key Concerns: Disclosure of Names and Number of Financially Experienced Audit Committee Members
The Act only requires disclosure of whether at least one "financial expert" is on the audit committee, but the Commission has taken this requirement further and proposed that the specific names and number of "financial experts" be disclosed. While we do not question the benefits of deep financial experience being possessed by the audit committee, we believe that the proposed disclosure requirements could have some negative and unforeseen consequences as discussed in the following paragraphs. Thus, we believe that the Act's requirements, as amended by the recommended alternative terminology, should be reflected in the final rule. That is, the Commission should require only disclosure that at least one financially experienced member serves on the audit committee.
The disclosure of names and numbers may not provide additional meaningful value to investors. We believe investors are primarily interested in whether the audit committee possesses financial experience to ensure proper oversight of the financial reporting function. This point was consistent with our informal survey; 78 percent of the respondents indicated that they believed that disclosure of the number and names of financial experts would not be beneficial to investors.
In addition, the proposed requirement could deter qualified individuals from being willing to assume the role due to the expectation gap, arising from name disclosure, between the public's perceived increased liability on the part of the qualified individual and the actual unchanged liability. We are concerned that the pool of willing financially experienced audit committee members may shrink and the combination of "names and numbers" could well result in smaller and less sophisticated committees-clearly an unintended and undesirable consequence.
Finally, the proposed requirement could have an unintended impact of advancing a theory that "more is better" so as to render, in investors' minds, the notion that financial experience has greater value than broad business experience, inquisitiveness, and the other traits noted in Section II A that are critical to being an effective audit committee and board member. If the perception becomes that "more is better" and committees attempt to maximize the number of financially experienced members, the competition for such talent could challenge the pool of available resources.
II D. Other Key Concerns: Evaluation of Qualifications
The Act does not identify who should be responsible for the assessment of an audit committee member's financial experience. We believe that the independent board members, collectively, is the appropriate group to make such an assessment on behalf of the shareholders. While we do not object to a full board determination, as proposed by the Commission, we believe that the credibility of the assessment process would be enhanced if the independent board members were responsible for the evaluation. The non-independent members could be perceived as not being objective in the evaluation process or as possessing the ability to exert undue influence on the process.
II E. Other Key Concerns: Location of Disclosure
The Act requires disclosure in periodic reports required pursuant to Section 13(a) or 15(d) of the Exchange Act, while the proposed rules require disclosure only in annual reports on Forms 10-K, 10-KSB, 20-F, and 40-F. We concur with the proposed rule and believe that annual disclosure is sufficient unless an audit committee loses its only financially experienced member(s) without concurrently replacing him or her (them). Investors should be informed of this situation in a timely fashion via the filing of Form 8-K.
III. Other Comments
The preceding section discusses our overriding concerns relative to many questions posed by the Staff. This section provides our views on certain of the other specific questions for which the Commission requested comments in the proposing release.
III A. Proposed Disclosure Requirements
Should the Commission specifically address the issue of the degree of individual responsibility, obligation or liability under state or federal law of a person designated as a financial expert as a result of the designation? If the Commission should address this issue, how should it do so?
Yes. Regardless of the term used for the designated individual in the final rule, we believe that the Commission should address the responsibility, obligation, or liability of an audit committee member serving in the role designated by Section 407 of the Act. We believe that the designated individual should not be considered an "expert" under Section 11 of the Securities Act as a result of such designation or the individual's participation in such capacity on a company's audit committee.
Should we require disclosure of whether the financial experts are independent, as proposed? If so, should we define "independent" in the same manner as the term is used in Section 10A(m)(3) of the Exchange Act? Should we incorporate an independence requirement into the definition of "financial expert" so that any designated financial expert must be independent to qualify under the definition?
Section 301 of the Act, as clarified by the Commission's November 8, 2002 Frequently Asked Questions, requires that all listed company audit committee members be independent. Because independence is a prerequisite for listed company audit committee membership, we believe such disclosure by listed companies is not necessary and that inclusion in the definition of a financially experienced individual would be redundant.
Non-listed companies and registered investment companies may find themselves in a position of having a financially experienced individual who is not independent. As the rules imply that a non-independent board member can effectively fulfill the audit committee member role for such a non-listed company, then there should be no requirement to disclose whether the financially experienced person is independent and independence should not be a part of the definition.
III B. Proposed Definition of Financial Expert
Should we require a financial expert to have direct experience preparing or auditing financial statements of reporting companies? Should experience reviewing or analyzing such financial statements suffice? If so, why?
Experience preparing or auditing financial statements of reporting companies is a relevant indicator and consideration in assessing an individual's level of financial acumen, but we believe that "direct experience" should not be a prerequisite to being deemed a qualified individual. Some of the country's premier audit committee members with the utmost financial experience have never served in the positions designated by the proposed definition or directly prepared/audited financial statements, yet we believe that they possess the financial experience necessary to fulfill the role designated by the Act.
For instance, CEOs may never actually have prepared or audited financial statements for reporting companies, but to lead a successful business, they must generally have experience reviewing and analyzing financial statements. If such individuals do not have this direct experience, it is unlikely that they have direct experience required by proposed attributes (b) and (d), thereby rendering them unqualified under both the proposed definition and the definition as amended by our recommendations. The Blue Ribbon Committee recognized that CEOs generally would possess financial expertise. Beyond that, with the implementation of Section 302 of the Act, registrant CEOs are required to certify the accuracy of the financial statements and maintenance of disclosure controls. While the CEO is likely to have a support structure to prepare for the certification, the act of certifying presupposes a sophisticated understanding of financial statements and reporting processes. Thus, omitting experience as a CEO from the positions that are considered when assessing whether someone possesses financial experience has the potential to confuse investors. Although the Act did not specifically list CEO experience as qualifying experience, it does recognize that "similar function(s)" would qualify someone to possess financial experience. To reconcile this ambiguity created by Section 302 of the Act, we believe that the Commission should include CEO experience as qualifying experience in the final rule.
Another consideration related to proposed attribute (c) (and attribute (b)) is the term "generally comparable." As no clarification of the term is offered in the proposal or the Act, we believe that it would be subject to varied interpretations. Some may construe the term to imply that a financially experienced individual must have the relevant experience with a company in the same industry and/or of the same size as the issuer. This interpretation may further diminish the pool of potentially qualified individuals and potentially discredits valuable, relevant, and meaningful experience with a company in another industry. Recognizing that this term was included in the Act and in the spirit of a principles-oriented approach, we believe that the Commission should clarify that "generally comparable" does not require experience in the same industry. However, industry experience or other "comparable" experience might be added to the list of considerations used by the board to determine if the flexible three attributes are met (attributes (b), (c), and (d) of the proposed rule).
III C. Determination by the Board of Directors of Who Is a Financial Expert
Is there more useful information on how financial experts are determined?
We believe it would be beneficial for investors to receive brief, general notice of how the assessment was made. For example, the Commission should consider requiring a one- or two-sentence annual disclosure of how often the assessment is performed and the considerations used in the process.
III D. Location of Disclosure
A company currently may not have an audit committee member who qualifies as a financial expert under the proposed definition but may intend to seek one. In such a case, the proposed rules would require a company to disclose that it does not have a financial expert on its audit committee. However, the company could explain that it is searching for a qualified individual to serve on its audit committee. Should we provide companies with a transition period to find such a person? If so, what would be an appropriate transition period?
Our survey showed that 41 percent of the respondents indicated that their companies did not have at least one member on the audit committee who meets the proposed definition. While this may not be representative of the number of companies lacking a financially experienced audit committee member, it does suggest that many companies may not be in a position to immediately disclose the existence of such an individual. This may cause undue and premature concern in the investing public and criticism of the registrant, when, in fact, the registrant may be looking to add a financially experienced individual to the audit committee. Similar to the NYSE's proposed transition period for compliance with its enhanced independence definitions, we believe the Commission should permit a transition period for requiring the disclosure, particularly if the final definition of a qualified individual is unchanged. We believe requiring the disclosure for reports filed for calendar years ending on or after December 15, 2003 would be appropriate.
IV. Foreign Private Issuer Considerations
We note that the proposed rules for Section 407 of the Act encompass foreign private issuers, who are subject to governance standards promulgated in their home countries. We understand the Commission is considering the applicability of proposed stock exchange listing standards, as well as certain proposed rules to implement the Act, as they relate to foreign private issuers. We also understand the Commission is proactively seeking input from various organizations outside the United States regarding these proposed rules as they relate to foreign private issuers. We support the Commission's efforts to solicit input from organizations outside the United States on these matters. While our comments herein relate to the concept of audit committee disclosures as addressed in the proposed rules for Section 407 of the Act, irrespective of the country of domicile, we believe that the Commission should specifically address the applicability of this and other proposed rules to foreign private issuers. In this regard, we recommend that, if foreign private issuers are ultimately deemed to be subject to the final Section 407 rules, the Commission should adopt a transition period for foreign private issuers that acknowledges the differing concerns and "state of readiness" of certain foreign private issuers relative to the requirements of Section 407 of the Act.
We believe that the proposed rule to implement Section 407 of the Act will provide clarity regarding the role of an audit committee's financially experienced member(s) and assist in the process of improving investor confidence. However, we also believe that for the proposed rule to be effectively and consistently implemented, the issues enumerated above should be addressed.
If you have any questions, please contact Robert J. Kueppers at (203) 761-3579.
Very truly yours,
/s/ Deloitte & Touche LLP
Deloitte & Touche recently conducted an informal survey of approximately 70 individuals, the vast majority of whom are audit committee members, CEOs, or CFOs of public companies, on a variety of governance matters, including a series of questions on financial expertise and the Commission's proposed rules. The questions and responses on this topic appear here.
1. Do you believe you meet current (Blue Ribbon Committee) guidelines for financial literacy?
2. Do you believe you meet current (Blue Ribbon Committee) guidelines for financial expertise?
3. Do you believe you meet the SEC's proposed definition of a "financial expert"?
4. Does your audit committee have one or more members who would be a "financial expert"?
5. The SEC's proposed rule regarding the definition and disclosure of audit committee "financial expert(s)" will:
|36%||Positively impact the effectiveness of public company audit committees|
|45%||Not impact the overall effectiveness of public company audit committees|
|19%||Diminish the effectiveness of public company audit committees|
6. Do you believe investors would benefit from the disclosure of the specific names and number of audit committee "financial experts?"