November 26, 2002
Jonathan G. Katz, Secretary
U.S. Securities and Exchange Commission
450 Fifth Street, NW
Washington, DC 20549-0609
Re: File No. S7-40-02 -- Comments on Proposed Rule Included in Release Nos. 33-8138 and 34-46701: Disclosure Required by Sections 404, 406 and 407 of the Sarbanes-Oxley Act of 2002
We respectfully submit our comments on the Commission's proposed rules for implementing the requirements in Sections 404, 406 and 407 of the Sarbanes-Oxley Act of 2002 (SOA). We agree with the thrust of the Commission's proposed rules. We also agree with the Commission's proposal to revise its recently adopted rules requiring a company's principal executive and financial officers to certify the company's quarterly and annual reports and issuers to submit quarterly and annual certifications and conduct quarterly evaluations of internal controls and procedures for financial reporting, in effect amending the form of the principal officers' certification currently contained in quarterly and annual report forms. Our specific comments on the proposed rules for each SOA section are summarized in the attached APPENDIX.
In addition to the detailed comments attached to this letter, we have one comment that we believe warrants particular attention by the Commission:
Unless the Commission further clarifies the distinction between "disclosure controls and procedures" and "internal controls and procedures for financial reporting", we believe that it is unclear as to which controls and procedures an issuer's management must certify during the transitional period that ends when the proposed Section 404 rules are implemented. Therefore, we recommend that the Commission further clarify the distinction between these two categories of controls and procedures and more narrowly define the nature of the disclosure controls and procedures that management must certify during the transition period. In making this amendment, the Commission should reaffirm its view that management has an ongoing and longstanding responsibility with respect to ICP and, along with the auditors, has historically reviewed ICP in conjunction with the annual audit of the issuer's financial statements; therefore, the relief the Commission offers with respect to management's responsibilities during the transition period is restricted to the certification process.
To explain further, we will first refer to the Commission's definitions of these two terms. With respect to defining "disclosure controls and procedures", the Commission states:
"For purposes of the Exchange Act Rules 13a-14 and 15d-14, `disclosure controls and procedures' have been defined as controls and other procedures of an issuer that are designed to ensure that information required to be disclosed by the issuer in the reports filed or submitted by it under the Exchange Act is recorded, processed, summarized and reported, within the time periods specified in the Commission's rules and forms. `Disclosure controls and procedures' include, without limitation, controls and procedures designed to ensure that information required to be disclosed by an issuer in its Exchange Act reports is accumulated and communicated to the issuer's management, including its principal executive and financial officers, as appropriate to allow timely decisions regarding required disclosure."
With respect to "internal controls and procedures for financial reporting", the Commission proposes the following definition:
"... the purpose of internal controls and procedures for financial reporting is to ensure that companies have processes designed to provide reasonable assurance that:
- the company's transactions are properly authorized;
- the company's assets are safeguarded against unauthorized or improper use; and
- the company's transactions are properly recorded and reported
to permit the preparation of the registrant's financial statements in conformity with generally accepted accounting principles".
Under the proposed rules for fiscal years ended on or after September 15, 2003, management must evaluate both "disclosure controls and procedures" and "internal controls and procedures for financial reporting" on a quarterly basis. Annually, "internal controls and procedures for financial reporting" are assessed as of the end of the fiscal year, management's conclusion is articulated in an internal control report and the external auditor must attest to management's assertions contained in the internal control report. We believe that the requirements and expectations of management are reasonably clear for fiscal years ended on or after September 15, 2003, if the proposed rules are adopted. However, during the transition period ended as of the date the proposed rules become effective, we believe it is unclear as to which controls and procedures management is required to evaluate. Accordingly, we explain below two steps that we recommend the Commission take when finalizing the proposed rules.
First, clarify relationship between disclosure controls and procedures and internal controls and procedures for financial reporting
We are of the opinion that the Commission's commentary addressing the relationships between "disclosure controls and procedures" (DCP) and "internal controls and procedures for financial reporting" (ICP) is insufficient. On page 39, the proposed rules state: "In several aspects, these disclosure controls and procedures would overlap with internal controls and procedures". On page 41, it states: "In large part, we believe there is significant overlap between these two types of controls and procedures". These statements lack clarity.
We believe internal controls and procedures for financial reporting are a subset of disclosure controls and procedures. The Commission has issued rules to require issuers to maintain, and regularly evaluate the effectiveness of, DCP designed to ensure that the information required in reports filed under the Securities Exchange Act of 1934 is recorded, processed, summarized and reported on a timely basis. As defined by the Commission, DCP apply to material financial and non-financial information required to be included in public reports to make them not misleading to investors. This definition is broader than the scope of ICP. To the extent that ICP impact disclosure, a company's DCP are clearly inclusive of such internal controls because disclosure controls apply to all material information to be included in public reports, both within and outside the financial statements.
In its August 29 release, the Commission introduced DCP as a new term. With respect to these new rules, the Commission states the following in its August 29 release:
"The certification statement regarding fair presentation of financial statements and other financial information is not limited to a representation that the financial statements and other financial information have been presented in accordance with "generally accepted accounting principles" ("GAAP") and is not otherwise limited by reference to GAAP. We believe that Congress intended this statement to provide assurances that the financial information disclosed in a report, viewed in its entirety, meets a standard of overall material accuracy and completeness that is broader than financial reporting requirements under GAAP. A "fair presentation" of an issuer's financial condition, results of operations and cash flows encompasses the selection of appropriate accounting policies, proper application of appropriate accounting policies, disclosure of financial information that is informative and reasonably reflects the underlying transactions and events and the inclusion of any additional disclosure necessary to provide investors with a materially accurate and complete picture of an issuer's financial condition, results of operations and cash flows."
Thus, DCP are designed to ensure that all material information is accumulated and summarized for timely assessment and disclosure pursuant to the SEC's rules and regulations. Given the SEC's broad view of disclosure, as articulated in its August 29 release, we find it difficult to identify any ICP that would not be viewed as a subset of DCP so long as such ICP are relevant to the fair presentation of financial statements, which are an integral part of public reports. Therefore, we recommend that the Commission clarify the distinction between DCP and ICP so issuers will understand their scope.
In our discussions, we have asked the Commission staff to provide us with examples of ICP that are outside the scope of DCP. One member of the staff indicated that internal operating controls are an example. As we pointed out in our dialogue, we do not believe that that example addresses the question. Operating efficiency and effectiveness is an internal control objective, just as reliability of financial reporting is an internal control objective. The requirement to evaluate ICP on a quarterly basis pertains to reliability of financial reporting, not to operational efficiency and effectiveness.
In our view, when the scope of internal controls and procedures is limited to objectives relating to reliability of financial reporting (e.g., they do not apply to objectives relating to operational efficiency and effectiveness or compliance with applicable laws and regulations), such controls and procedures are correctly viewed as a subset of DCP. It appears that the Commission's proposed definition of ICP, as described above, is primarily related to reliability of financial reporting. To state that DCP and ICP significantly overlap leaves open the question as to which ICP do not overlap with DCP.
One possible illustration of ICP that would not overlap with DCP is this: those controls and procedures that relate to immaterial accounts and balances. Such controls and procedures would fall outside the scope of DCP because DCP, by definition, relates to material information required to be included in public reports, whether within or outside the financial statements. We don't believe this distinction is useful, as management and the external auditor would not concern themselves with such ICP because they don't really matter from a materiality standpoint. So the question remains, what ICP would management review in its quarterly evaluation pursuant to Section 404 that would not overlap with DCP? If there are no examples, then ICP must be a subset of DCP.
Second, narrowly define the nature of disclosure controls and procedures that management must certify during the transition period
As stated earlier, the requirement under the proposed rules for fiscal years ended on or after September 15, 2003, are clear, because management must evaluate both DCP and ICP on a quarterly basis beginning at that time. The definition of ICP that the Commission decides to adopt in the final rules in effect "builds a fence" around ICP so that management has a context for understanding the scope of the internal controls report to be filed in the annual report and the external auditor is able to understand the scope of the attestation responsibility.
However, until Section 404 is effectively implemented, there is a transition period that ends as of the expiration of the fiscal year ended on or after September 15, 2003. During this transition period, it is not as clear as to which controls and procedures management is required to evaluate on a quarterly basis. This lack of clarity stems from management (1) being required to evaluate DCP during the transition period (as required by the Commission's August 29 release) and (2) not being required to evaluate ICP during the transition period (under the proposed rules). If the Commission agrees with us that ICP is a subset of DCP or retains its present view that ICP overlaps, either in several aspects or in large part, with DCP, then issuers are left without a clear view as to the nature of the controls and procedures they are required to evaluate during the transition period. This lack of clarity potentially leaves management in a position of having to address a de facto requirement to evaluate all or a significant portion of ICP during the transition period. As explained below, we do not believe the Commission intends this result.
We believe that many companies have repeating, defined and managed ICP in place to ensure that material information is included in the financial statements included in public reports. For example, many issuers have in place routine, day-to-day transaction processes that feed the financial reporting process. However, the closing processes of these companies may not be as formalized as the transaction processes. An important justification for a transition period is to give issuers an opportunity to document and, if necessary, improve their ICP, so that management will be better prepared to certify these controls and procedures when the proposed Section 404 rules go into effect. Until these issuers are better prepared, it would not be fair to "raise the bar" overnight and expect them to certify the ICP. We believe the Commission had this intent in mind when it stated the following in its release:
"Although we believe that management and auditors currently review such controls and procedures in conjunction with a company's annual audit, we understand that in many cases such reviews may not be as thorough or as detailed as the proposed rules would require. We expect that companies and their auditors will require substantial time to develop processes under relevant standards and to train appropriate personnel to ensure compliance with these requirements imposed by the Sarbanes-Oxley Act. Similarly, companies and accounting firms likely will need additional time to actually perform these activities."
We concur with the above position for the reasons expressed above.
Given the Commission's intent, as expressed above, we recommend clarification of the nature of the DCP that management is required to certify on a quarterly basis during the transition period. More specifically, we suggest that the DCP subject to certification during the transition period be more distinctly and narrowly defined. One way to do this is to limit management's certification in the interim to the controls and procedures pertaining to material information included in public reports outside of the financial statements, such as in the MD&A, the proxy information, current reports, etc. These DCP would not pertain to material information included in the financial statements to ensure that those statements are in accordance with generally accepted accounting principles and are not misleading to investors. The financial statements are the domain of ICP, which would be evaluated quarterly by management once the Section 404 rules become effective. This position would be consistent with the intent of the Commission to defer implementation of Section 404 until fiscal years ended on or after September 15, 2003. By clarifying its intent in this manner, the Commission would harmonize the requirements set forth in both its proposed Section 404 rules and its August 29 release.
- "Disclosure controls and procedures" (DCP) are the activities in place that ensure that all material information that is required to be disclosed in public reports are included in such reports, both within and outside the financial statements. "Internal controls and procedures for financial reporting" (ICP) are a subset of DCP. Unless the Commission can set forth meaningful examples to the contrary, the proposed rules should be amended to explain that ICP are a subset of DCP.
- The proposed rules should be amended to more narrowly define the DCP subject to certification by management on a quarterly basis during the transition period that ends when the proposed Section 404 rules go into effect. Such clarification should be consistent with the proposed rules where management is required to evaluate DCP, but not ICP, on a quarterly basis during the transition period.
- One way for the Commission to accomplish this objective is as follows: amend the proposed rules to state that the DCP that must be certified by management quarterly during the transition period are limited to those controls and procedures relating to material information included in public reports but outside the financial statements. The material information included in financial statements are the domain of ICP, which will be evaluated by management quarterly after the transition period expires when the proposed Section 404 rules go into effect. In making this amendment, the Commission should reaffirm its view that management has an ongoing and longstanding responsibility with respect to ICP and, along with the auditors, has historically reviewed ICP in conjunction with the annual audit of the issuer's financial statements; therefore, the relief the Commission offers with respect to management's responsibilities during the transition period is restricted to the certification process.
- The consequences of leaving the proposed rules "as is" is to leave management in a precarious position of having to address a de facto requirement to evaluate all or a significant portion of ICP during the transition period. We do not believe the Commission intends this result; therefore, clarification is needed.
We appreciate the opportunity to submit our comments. We hope they are helpful to the staff. If the staff would like to discuss any of the points made in this letter, please contact Jim DeLoach at (713) 314-4981.
Very truly yours,
By: James W. DeLoach, Jr.
SPECIFIC COMMENTS ON THE PROPOSED RULES
Section 404 of the Sarbanes-Oxley Act directs the Commission to propose and adopt rules that would require management to annually assess the company's internal control structure and procedures for financial reporting. Section 404 contemplates only an annual evaluation of the company's internal controls. A company's officers already must certify to significant changes to internal controls and procedures for financial reporting, as required by Section 302 of the Sarbanes-Oxley Act.
Management's Internal Control Report
We support reference to Codification of Statements on Auditing Standards (AU) Section 319 as a basis for proposing a definition of internal controls and procedures for financial reporting. The Commission's proposed definition is appropriate for now, pending any superseding definition or other literature that is issued or adopted by the Public Company Accounting Oversight Board.
With respect to the question as to whether the Commission should propose specific disclosure criteria and standards for the management report, the proposed rule already states that a company's annual report must include "an internal control report of management that includes:
- A statement of management's responsibilities for establishing and maintaining adequate internal controls and procedures for financial reporting;
- Conclusions about the effectiveness of the company's internal controls and procedures for financial reporting based on management's evaluation of those controls and procedures in accordance with Exchange Act Rule 13a-15 or 15d-15, as of the end of the company's most recent fiscal year; and
- [A] statement that the registered public accounting firm that prepared or issued the company's audit report relating to the financial statements included in the company's annual report has attested to, and reported on, management's evaluation of the company's internal controls and procedures for financial reporting".
The question, therefore, is what more is needed to provide guidance to companies so they will know what they should do and not do? For example, should the internal control report define ICP? If so, using the Commission's definition, management can point out that internal controls are designed to provide "reasonable assurance" that financial reporting objectives are met. Should management communicate that there are inherent limitations in internal controls for financial reporting, i.e., that such controls can be circumvented through collusion, etc. The concepts of "reasonable versus absolute assurance" and "inherent limitations in internal control" have been documented in the professional literature for a long time. Can management include them in the internal control report? Can management use such negative assurance language as "to the best of our knowledge" or does the Commission expect positive assurance? These and other questions will arise if the Commission does not provide any guidance. While we do not have a problem with the Commission's not issuing detailed rules, companies are likely to submit internal control reports with varying language and differences in content.
Attestation to, and Report on, Management's Internal Control Report by the Company's Auditor
We understand the rationale for delaying the effective date of the rules until such time as attestation engagements standards are issued or adopted by the Public Company Accounting Oversight Board (the "PCAOB"). The proposed transition plan is a reasonable one.
We agree that the company should file both the internal control report and auditor's attestation report in its annual report. The attestation report should immediately follow the internal controls report. We agree that the attestation and report required by Section 404(b) should be issued in accordance with standards for attestation engagements "issued or adopted" by the PCAOB.
Quarterly Evaluation of Internal Controls and Procedures for Financial Reporting
We agree with proposing changes to Exchange Act Rules to require periodic evaluations of both the company's disclosure controls and procedures and its internal controls and procedures for financial reporting. We concur with the objective of creating symmetry between the Commission's requirements for periodic evaluations of both the company's disclosure controls and procedures and its internal controls and procedures for financial reporting. Thus, a company's management is required to evaluate the effectiveness of the design and operation of the company's internal controls and procedures for financial reporting, as well as its disclosure controls and procedures, with respect to each annual and quarterly report that it is required to file under the Exchange Act
Federal Deposit Insurance Act Internal Control Reports
We agree with the Commission's efforts to coordinate with the FDIC and other federal banking regulators to eliminate, to the extent possible, any unnecessary duplication between its proposed internal control report and the FDIC's internal control report requirements.
Registered Investment Companies
We concur with the Commission's proposal to make various technical changes to its rules and forms to implement Section 302 of the Sarbanes-Oxley Act for registered investment companies.
Transition Period for Compliance with Rules Regarding Evaluations of, and Reports and Attestations on, Internal Controls and Procedures for Financial Reporting
We agree with the proposed transition period for companies and registered public accounting firms to prepare for complying with the proposed rules. Companies need some time to document their internal controls and procedures in an orderly fashion to avoid significant costs. Based upon our discussions with companies, sufficient time is needed to develop processes and documentation under the relevant standards, to train the appropriate personnel to ensure compliance and perform the necessary evaluation and attestation activities.
If a company desires to provide voluntarily an annual report on the effectiveness of its internal controls and procedures for financial reporting, we agree with the Commission that existing accounting literature provides adequate guidance for such reporting. Further, if company's request attestations from their external auditors, we agree with the Commission that existing standards regarding attestation engagements provide sufficient guidance for such attestations.
We generally agree with the proposed rules to address the provisions of Section 406 of the Sarbanes-Oxley Act to adopt rules requiring a company to disclose whether it has adopted a code of ethics, and if not, the reasons therefore, as well as any changes to, or waiver of any provision of, that code of ethics.
Proposed Rules Compared to Section 406 of the Sarbanes-Oxley Act
We agree with the Commission's proposal that a code of ethics should apply to a company's principal executive officer as well as its principal financial officer. The CFO cannot get the job done without the support of and responsible behavior from the CEO. The expanded rule should extend beyond the requirement of Section 406 of the Sarbanes-Oxley Act by applying the language of that section of the Act to the principal executive officer.
However, we also recommend extending the rules to a broader group of officers. The rules should apply to all officers who, directly or indirectly, impact public reporting. These officers would include the general counsel, executive officers, operating unit managers and others who make decisions that ultimately impact public reports.
A company's code of ethics for its executive management may be expanded into a broader code of corporate governance for the board of directors. We are aware of some companies that have a code of conduct that applies to the board of directors; however, such codes generally address in greater detail the mission of the board, the roles and responsibilities of the board and its committees, the rights of shareholders and other matters that more specifically relate to directors. Therefore, we do not recommend that the proposed rule be expanded to directors. While we believe that directors have an oversight role in determining that management enforces the company's code of conduct, we do not believe it is necessary for the Commission to include this standard as a requirement.
Description of the Proposed Code of Ethics Disclosure Requirements
A code of ethics is much more than a statement of standards for responsible behavior. It must also be communicated, understood, acknowledged and reinforced. Compliance should be monitored. Disciplinary action should be taken for violations and lessons learned from violations communicated to employees. Processes must be in place to ensure compliance with the code of ethics. Requiring disclosure of those processes would certainly force companies to acknowledge that a code "without teeth" lacks substance. But we are not convinced that investors need this information.
We do not believe that it is necessary to require a company to describe its procedures for granting a waiver from a provision of its code of ethics. Requiring companies to disclose a waiver serves as a strong deterrent to a board to approving a waiver.
Disclosure of codes of ethics has not been a consistent practice by all companies that have one. If the Commission were to require each issuer to disclose the date of adoption of its written code of ethics and the date of the most recent update to that code, investors might infer, erroneously we believe, that companies that have had a written code for many years are in some way more ethically managed than those companies that recently published a written code. We do not believe that this inference is sound. This disclosure requirement should acknowledge that there are companies that have operated in the past without a written code but have nevertheless consistently demonstrated day-in and day-out a strong commitment to ethical and responsible business behavior for many years. Management's philosophy and operating style has a significant impact on ethical and responsible behavior. A commitment to ethical values can be driven into an organization through the actions, words and deeds of their leaders, with or without a written document. Therefore, we recommend that in requiring disclosure of the date of adoption of a written code, the Commission should acknowledge that companies may have had an informal code for many years prior to publishing that code in writing. Thus, a written code formalizes the issuer's ethical culture and commitment to values. The absence of a written document in the past does not necessarily mean a company did not have a commitment to ethics in the past.
Content of the Code of Ethics
We do not believe it is necessary for a company to have to file its code of ethics as an exhibit to its annual report as proposed. As an alternative, the company could describe the principal topics that the code addresses. Alternatively, the code can be published on the company's website, with reference made to such disclosure in the annual report. If this disclosure is made, the code need not be included in the annual report, other reports and registration statements.
Types of Companies That Would Be Subject to the Proposed Code of Ethics Disclosure Requirements and Location of the Disclosure
We agree that all companies that file Form 10-K or 10-KSB reports should be subject to the proposed disclosure requirement. We also agree with the proposal to require this disclosure in annual reports filed by a foreign private issuer on Form 20-F and by a Canadian issuer on Form 40-F.
We do not believe that a company should be required to provide the proposed code of ethics disclosure in its quarterly reports. However, such disclosure should be made in a company's proxy and information statements and in Securities Act registration statements.
Proposed Form 8-K or Internet Disclosure Regarding Changes to, or Waivers from, the Code of Ethics
If a change is made to the code of ethics or a waiver is issued, we agree that such events should be disclosed through the filing of a Form 8-K. If the company chooses to report the proposed disclosure on its website, we agree that the company should provide investors with advance notice in the company's annual report of its intent to satisfy the disclosure requirements through the use of this option. Otherwise, investors may not expect these disclosures to be made on the company's website in lieu of a Form 8-K filing, and may therefore be confused regarding the location of this disclosure. This notice will need to be disclosed continuously, so long as the company chooses to keep this option open.
A "waiver" can be a sufficiently distinct and formal event. It also can be a "de facto, post hoc" event in which it is granted or acceded to after the occurrence of a "violation" is reported. In either case, the same result occurs, i.e., a provision in the code of ethics has been waived in lieu of enforced. In both cases, the waiver should be disclosed.
Should management be allowed to use the website option without having previously disclosed that it may do so? We don't believe so. The Commission should retain its proposed minimum time frame of 12 months so that an advance notice will be effective. We do not believe the minimum period need be longer than 12 months. In the absence of a sufficient advance notice, a Form 8-K filing should be required.
If a company opts for the website method of disseminating the disclosure of its code, the Commission need not specify where and how this disclosure should appear on the company's website. Most companies that do disclose their codes on their website do so in a manner where the code is displayed prominently. The Commission may want to point out that if a company chooses to use the website disclosure alternative, it should be executed so that it is easy for investors to find the required disclosure.
All Exchange Act reporting companies should disclose their website addresses. That disclosure should appear on the front cover of all periodic and current reports, along with the company's street address. A company have also disclose its website address on the front cover of all of its Exchange reports, including proxy and information statements, Exchange Act registration statements and Securities Act registration statements.
We agree that foreign private issuers should file disclosure about ethics code changes and waivers within two days under cover of Form 6-K. They should also be required to promptly disclose ethics code changes and waivers.
Registered Investment Companies
We generally agree with the proposed amendments to Forms N-SAR and N-CSR to apply the requirements of operating companies to a registered investment company.
We generally agree with the proposed rules to address the provisions of Section 407 of the Sarbanes-Oxley Act to: (1) require a company to disclose whether its audit committee includes at least one member who is a financial expert; and (2) define the term "financial expert". We believe that directors serving on audit committees must not only be independent, they must also be qualified. Such qualifications not only include accounting and/or related financial expertise but also sufficient knowledge of the businesses operated by the issuer and an understanding of how changes in those businesses can impact upon the issuer's public reporting.
Proposed Disclosure Comments
This new disclosure effectively provides a metric against which all companies will be measured. For many companies, recruiting a qualified individual to serve as a "financial expert" may present a considerable challenge as all public companies focus simultaneously on the ramifications of this disclosure. To our knowledge, no one has yet produced empirical evidence of the available pool of qualified candidates who are willing to serve in this capacity. For that reason, the Commission should consider allowing for a reasonable period of time to enable companies to recruit qualified directors before their "performance" against this metric is made public. This approach has merit given that the listing requirements provided by the major exchanges have provided for a transition period for companies to meet majority-independence standards, e.g., the NYSE rule does not go into effect for two years. Consideration should be given to selecting an appropriate period that provides sufficient time for the recruiting process to take place. In the interim, audit committees continue to have the ability on their own to retain independent accountants or other consultants whenever necessary, which should be viewed as tantamount to having a "financial expert" on the audit committee.
We believe investors would benefit from disclosure of the number of financial experts serving on the company's audit committee. This information would provide investors insights they can use to evaluate the quality of the audit committee's oversight of the audit process. Emphasis on the number of financial experts is appropriate because the complexities of business may require the service of more than one such expert on the committee. "Financial literacy", as different groups have defined it, may be inadequate for effective discharge of audit committee responsibilities in some instances.
We are not convinced that the basis for requiring disclosure of the names of the financial experts has been sufficiently explained in the proposed rule. We do not see a compelling argument that investors need this information. We are also not convinced that the required disclosure of the business experience of directors, as required by Item 401 (e) of Regulations S-K and S-B, is sufficient to enable the reader to understand the background of directors for purposes of evaluating their qualifications as "financial experts". If the Commission chooses to require disclosure of the names of financial experts, we recommend that the rationale for such disclosure be made more compelling. Further, the commission should evaluate the adequacy of the disclosure of the business experience of directors.
We have no empirical basis to assert one way or the other that disclosure of the names would discourage people from serving as financial experts on an audit committee. However, we believe that this is an issue that the Commission should carefully consider. Following are two points the Commission should consider:
- In a survey conducted by McKinsey in May 2002, it was found that 25% of the participating directors had, over the previous 12 months, resigned a directorship or had turned down a directorship because of concern over liability issues. That survey was conducted before the Sarbanes Oxley Act was signed into law. The exposure of audit committee members has increased due to the expanded responsibilities of audit committees and the questions that will potentially be raised about the effectiveness of the role and oversight of the audit committee if any deficiencies arise in public reporting. Thus, there may be reluctance on the part of directors to serve in the capacity of "financial expert" on the committee, irrespective of what the Commission decides on the matter of disclosing the names of such experts.
- The proposed standards for a "financial expert", as defined, effectively reduce the available pool of individuals qualified to serve in this capacity on an audit committee. If and when thousands of public companies are focused on recruiting qualified candidates, the selection process may be constrained due to the demanding standards and limited pool of candidates. Therefore, any steps (such as requiring disclosure of the names of individual directors serving in the capacity of "financial expert") that could potentially discourage directors, who are otherwise qualified, from serving in this capacity should be carefully evaluated. The primary consideration at this time should be on enabling public companies to fill these positions and on refraining from the issuance of peripheral disclosure requirements that could make it more difficult for issuers to comply with the standards. We believe that the proposed requirement to disclose the number of financial experts on the audit committee provides the necessary impetus and motivation for issuers to accomplish the desired objective.
We recommend that the Commission address the issue of the degree of individual responsibility, obligation or liability under state or federal law of a person designated as a financial expert as a result of the designation. The Commission should articulate the purpose of having a financial expert serve on a company's audit committee so that all parties will understand what is intended. For example, a "financial expert" is not someone who should be expected to assume any additional personal risk or responsibility merely because he or she is labeled with the distinction of a being a "financial expert" serving on the audit committee. The audit committee's responsibilities, as set forth in its charter, remain unchanged. If qualified directors, including one or more "financial experts, serve on the committee, it will be able to better fulfill those responsibilities. A "financial expert" brings a level of capabilities and deep understanding of the financial reporting process that enables him or her to serve as a valued resource for the audit committee in overseeing the audit process.
The Commissions asked whether a term other than "financial expert" should be used. We believe that the term "financial expert" lacks sufficient context and is unclear and vague in terms of its scope and meaning. A term such as "audit committee financial expert" would have greater meaning because it suggests the level of expertise needed to assist an audit committee in providing oversight to the audit process.
We recommend that the Commission expand the disclosure required under Item 401(e) of Regulations S-K and S-B, as it relates to directors that the company has determined to be financial experts. As noted above, the current disclosure requirements do not provide information as to the basis for determining a director is qualified to serve as a financial expert on the audit committee.
We agree that the Commission should require disclosure of whether the financial experts are independent. However, if all members of the audit committee are independent and that fact is disclosed, it will apparent to the reader that the financial expert(s) on the audit committee are also independent. For purposes of this rule, the term "independent" should be consistent with or as restrictive as the manner in which the term is defined by the listing requirements of the various exchanges.
We also believe that an independence requirement should be built into the definition of "financial expert" so that any designated financial expert must be independent to qualify under the definition. If the "financial expert" is not independent, the whole purpose of having such an expert on the audit committee to assist in providing oversight to the audit process is defeated.
Proposed Definition of "Financial Expert"
We generally agree with the proposed definition of "financial expert". A financial expert should possess all of the five "attributes" listed in the proposed definition. We also believe that "direct experience" is the appropriate standard. "Experience in reviewing or analyzing financial statements" is more relevant to "financial literacy" than it is to "financial expertise". "Direct experience" in preparing or auditing financial statements of reporting companies should result in each of the five attributes.
With respect to the question of broadening the scope of individuals who may qualify as a financial expert, it is important that the members of an audit committee have an adequate understanding of the registrant's business and industry. As related to a financial expert, it is appropriate to require such individuals to possess experience in applying generally accepted accounting principles and in preparing or auditing financial statements generally comparable to those used in the registrant's financial statements, because the expert will have had relevant experience in considering the impact of changes in the business on the company's financial position, results of operations and changes in cash flows.
We agree that the five attributes proposed by the Commission adequately describe the qualities that a financial expert should have. We have no additional factors to add to the Commission's proposed list of factors that a company should consider in assessing a candidate's qualifications. We recommend that the Commission retain its guidance on "grand fathering" because past service on an audit committee alone should not qualify a person serving as a financial expert. Further, we generally agree with the methodology for assessing a financial expert's qualifications as set forth by the proposed rules.
Determination by the Board of Directors of Who Is a Financial Expert
For companies that are relatively complex in terms of structure, operations and markets, we believe that investors would find useful the number the persons that the board of directors has determined to be a financial expert serving on the company's audit committee. As the Commission states in the proposed rules, "... the more complicated the business, the greater the need for a higher threshold of financial expertise". As far as the names are concerned, as stated earlier, we are not convinced there is as compelling a need.
We believe that the board of directors in its entirety should make the decision as to who qualifies as a financial expert. In making this determination, the board should not evaluate the qualifications of candidates to serve as "financial experts" in isolation. In other words, when the board evaluates the qualifications of candidates for the role of "financial expert", the qualifications of other members on the audit committee who are not financial experts should also be considered. It should be expected that the other directors serving on the committee would bring business judgment and experience that would augment the contribution of the financial expert(s) on the committee. The Commission should consider making this point because understanding the business is as vital to an effectively functioning audit committee as understanding the auditing and financial reporting process.
With respect to certain foreign private issuers with two-tiered boards, we agree that the supervisory or non-management board would be the body that is best equipped to make this decision. If the Commission decides to allow less than the full board to make the financial expert determination, the company should be required to disclose the persons who are responsible for making the determination.
Impracticability of a "Bright-Line" Test
We would not propose a bright-line test in lieu of the attributes and guidance given. We agree that one size doesn't fit all. The attributes are sufficient to set the bar at a level to limit the pool to individuals with the requisite qualifications. The board of directors is the body that should apply these attributes to decide. All of the attributes, taken together, result in a level of direct experience that, in our judgment, would span a period of several years. Where the line is drawn in terms of years of experience would be an arbitrary decision. Perhaps this is the reason why there should be disclosure of the name(s) of the financial expert(s) serving on the board. Transparency as to the basis for the board's decision will drive directors to make decisions that will withstand scrutiny of investors.
Location of Disclosure
It should be sufficient to disclose information about audit committee financial experts in the company's annual report on Form 10-K and proxy or information statement. We believe that this information is relevant to a security holder's decision to vote for a particular director.
Any disclosure of the arrival or departure of a director in Form 8-K should also disclose whether the departing director was, or arriving director will be, a financial expert serving on the company's audit committee. A company should also make appropriate disclosures if: a financial expert leaves the audit committee, but remains on the board of directors; or an existing director joins the audit committee as a financial expert.
We agree that this disclosure need not be presented in quarterly reports on Form 10-Q.
Registered Investment Companies
We agree with using the proposed definition of "financial expert" for investment companies. We agree that the factors that are relevant in determining whether someone is a "financial expert" for operating companies are generally similar for investment companies.