Speech by SEC Staff:
|The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed herein are those of Mr. Turner and do not necessarily reflect the views of the Commission, the Commissioners, or other members of the Commission's staff.|
Thank you for the kind introduction and opportunity to share with you my thoughts on high quality financial reporting and the role of audit committees in achieving that goal.
Let's set the stage for our discussion first. This country's capital markets have fueled the longest economic boom and period of prosperity the United States has ever experienced. Approximately one third of this country's wealth is currently invested in our capital markets, which have an aggregate value of 17 trillion dollars, almost twice the Gross National Product. Almost 80 million investors from all walks of life have placed their trust and confidence in the U.S. capital markets. They are unquestionably the most liquid and deepest markets in the world.
The markets and their participants have gained investors' confidence through quality information and investors' trust through vigilant and active corporate governance. Quality information is the life-blood of markets; corporate governance ensures the flow of that information is not severed.
Yet investors and the business community learned a very valuable lesson 70 years ago that the trust and confidence in markets can be shaken and lost. We learned that liquidity can disappear and capital quickly dry up. Fair and orderly markets can dissolve much more quickly than they are built. An economy that is seemingly the Emerald City of Oz with roads of gold can turn to a bowl of dust overnight.
Today, we can ensure against such events by building a foundation based on a sound accounting and financial reporting system. And audit committees are uniquely positioned to oversee the construction and operation of those systems. But if the actions and influence of audit committees are to be real, to be more than a façade at the front of a building, then they must extend beyond a playing field defined by prescribed rules, obligations and responsibilities. Instead, the boundaries of an audit committee's efforts must be shaped by an unwavering commitment to investors and a dedication to the integrity of high quality financial reporting.
I would like to share with you some of the best practices followed by audit committees that I have seen in the past year or so, as well as some of my observations on them.
Let me start out by noting the role of the audit committee is one of proactive oversight of the financial reporting and disclosure process and the results of that process. It cannot supplant the day-to-day responsibilities of management to ensure the accuracy of the financial statements. Rather the audit committee's function is based, in part, on the ability of the audit committee to carry out the necessary level of due diligence, relying on experts such as the Chief Financial Officer, Internal Auditor, and independent external auditors. And then, with counsel from its legal advisors, it should document the processes followed by the committee, the conclusions reached and the basis for those conclusions in an appropriate fashion, such as in the committee charter and minutes. Due Diligence and Documentation, three D's that provide the support for the best practices and work of an active, vigilant audit committee.
The Report and Recommendations of the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees ("BRC") sets forth five Guiding Principles for Audit Committee Best Practices. I strongly urge each and every Audit Committee that is serious about the quality of the financial reporting of their company to seriously consider these practices.
Principle 1 discusses the Audit Committee's key role in monitoring the other component parts of the audit. In this pivotal role, aptly described as the first among equals, the committee oversees management who has and must accept the primary responsibility for the financial statements, the external auditors on whom investors rely to provide an unbiased, robust examination of the numbers to ensure their credibility and integrity, and where they exist, internal auditors who provide a source of advice and information on the processes and safeguards that exist. It is important that this oversight role be timely, robust, diligent and probing.
Principle 2 states the importance of independent communication and information flow between the audit committee and internal auditor. The internal auditor should have an unobstructed and clear communication channel to the audit committee. This is especially important today as the internal auditor can evaluate and report to the audit committee on the adequacy and effectiveness of a company's internal controls.
In today's electronic world, the design and operation of effective internal accounting controls is more important than ever. And yet with increasing frequency, as the 1999 Committee of Sponsoring Organizations ("COSO") Report entitled, "Fraudulent Financial Reporting: 1987 - 1997," notes, financial frauds often involve the override of internal controls by a company's Chief Executive Officer and/or Chief Financial Officer.
Principal 3 of the BRC Report is the need for independent communication and information flow between the audit committee and the outside auditors. The BRC goes on to state, "Integral to this reliance is the requirement that the outside auditors perform their service without being affected by economic or other interests that would call into question their objectivity and, accordingly, the reliability of their attestation…the Committee believes that every audit committee should adopt additional voluntary measures to ensure outside auditors' objectivity." (emphasis added)
Principle 4 of the BRC Report is one of the cornerstones of the foundation of high quality financial reporting. That principle requires candid discussions with management, the internal auditor, and outside auditors regarding issues implicating judgment and impacting quality. A key word in this paragraph is "candid."
Finally, and equally important to the first four principles, is number 5, Diligent and Knowledgeable Committee Membership. It goes without saying, you have to know what you are doing before you can do it, and to do any job right you need the right tools.
Since the issuance of the BRC Report, and the adoption of the new audit committee rules by the stock exchanges, the American Institute of CPA's Auditing Standards Board and the SEC, I have heard about audit committees that have undertaken with renewed enthusiasm their role in corporate governance. This in turn should contribute to the quality of information the stockholders are receiving.
I would like to share with you some additional thoughts on best practices that I believe improve the performance of audit committees and that hopefully will improve the quality of companies' public information and financial reporting.
The COSO Report noted that many financial frauds occurred in companies where audit committees met infrequently. Too often, I have heard of committees that meet maybe one to three times a year, often for a few minutes over breakfast or just before the regular board meetings. Such practices cannot foster the type of in-depth, robust dialogue the BRC called for. Sound advice from the auditors, both internal and outside will be short-changed, if presented at all, and there can be no in-depth probing into the quality of financial reporting done by management.
As a result, I would strongly encourage audit committees to meet no fewer than four to six times a year. Additional or extended meetings may very well be needed when events such as material acquisitions occur or for training provided by management to new committee members on the company's accounting practices and business operations. This basic understanding is fundamental to the ability of audit committee members to be able to adequately fulfill their responsibilities.
Just as the audit committee has responsibilities, so does the external auditor. In the words of the BRC, "It is…imperative to the integrity and effectiveness of the audit committee's oversight process that all parties recognize that the audit committee and full board, as the representatives of shareholders, are the ultimate entities to which auditors are accountable." As such, the audit committee should review on a regular basis the relationships between management and the internal and external auditors. It is critical that the external audit engagement partner clearly understands that he or she is responsible to and serving the investors and audit committee, not management. It is the audit committee who hires auditors, evaluates their performance and, when necessary, fires them. I believe a best practice in this respect is for the auditor to issue the audit engagement letter directly to the audit committee and for the audit partner and committee to have a clear understanding of the terms of the engagement, scope of the audit and responsibilities of the auditor for reporting to the audit committee.
Auditors often identify improvements that can or should be made to a company's internal controls, policies and financial disclosures. The auditor typically communicates these observations to management and the audit committee in what is referred to as a "Management Letter." This letter is a valuable and integral part of each audit.
However, the staff has noted circumstances recently where the auditors, sometimes at the request of management, did not provide a copy of the management letter to the audit committee. In some of these circumstances, significant financial reporting issues arose. The issues were documented by the auditors in their workpapers and management letter but, unfortunately, had not been appropriately communicated to the audit committee.
Each and every audit committee should request from the auditor a copy of all management letter comments. It is important that this be obtained on a timely basis at the completion of each audit. In some cases, auditors may also provide management letter comments as they complete their interim audit procedures or their reviews of the quarterly financial statements. In addition to obtaining a copy of the management comment letter, audit committees should have an indepth discussion with the internal and external auditors regarding what changes or improvements should be made in internal controls, policies or financial reporting processes. Then the audit committee should discuss with management how those changes or improvements will be implemented. My experience, as a Chief Financial Officer, audit partner, and participant in board meetings has shown that a robust management letter and candid discussion of that letter can be of tremendous value to the company and its audit committee.
It also is the responsibility of the audit committee to ensure the auditors are compensated fairly for performing an effective and quality audit. Over the years, audit committees who considered negotiating the lowest possible audit fee to be their most important job, without regard for audit quality, have disappointed me. It is this type of behavior that leads one quickly down a road filled with ruts and thorny bushes. An audit committee that "brow beats" an auditor into an unrealistically low fee will have to share the blame if at a later date investors call into question the quality of the company's financial reports.
Instead, audit committees should inquire about issues such as:
|1.||The adequacy of staffing of the audit.|
|2.||The experience levels of the auditors assigned to the audit, including their experience with the company and its industry.|
|3.||The percentage of the total audit hours actually spent by the more experienced partner and manager. (A small percentage may raise a red flag and risk for the audit committee that sufficient experience and expertise is not being devoted to judgmental and risky business and financial reporting issues.|
|4.||The total number of hours spent on the engagement by the partner and manager.|
|5.||The adequacy of the total hours spent on areas that require significant judgment and that have the greatest inherent risk when it comes to the numbers.|
|6.||The number of hours being spent by the partner and manager on the more judgmental and risky business and financial reporting issues.|
The independent audit of financial statements is the unique franchise of the accounting profession. During the recent public hearings the Commission held on auditor independence, some participants stated a belief that the audit has been used as a loss leader to attract management consulting fees. Recent data published in the Manufacturers Alliance, Survey of General Audit 2000, suggest that this assertion may have substance. For example, The Alliance reports that audits of companies with revenues in the range of $4 billion to $6 billion incur external audit fees for financial statement audits as low as $450,000 and as high as $3.5 million. The low end of that range certainly does give credence to the possibility of an underbid audit. It is not in the public's interest for audit fees to be viewed as a burden, a service only worthy of loss leader status in order to expand the non-audit fees of the accounting firm. It certainly is not in the interest of the individual members of the Audit Committee or the Board of Directors.
During the public hearings of the Commission, one well known audit committee member recommended that audit committees should inquire about and ensure that the audit fee does not represent a "loss leader" being used to leverage the audit into other consulting engagements. He also recommended that audit committees inquire about the compensation scheme for the audit partner and determine if it is affected in any way by the cross- selling of consulting services. I strongly endorse these recommendations.
Another very distinguished panel issued a report in 2000 that also sets forth some important recommendations and observations for audit committee members. The Panel on Audit Effectiveness, commonly referred to as the "O'Malley Panel", was comprised of representatives from the business, accounting and legal professions. Several of the members have served as members of boards of directors and audit committees.
In January 2001, Chairman Levitt sent a letter to the Audit Committee Chairs of 5,000 public companies. We wanted to be sure that the O'Malley Panel Report was brought to the attention of audit committees, and that they had the opportunity to give consideration to the Panel's recommendations. For those of you who are legal counsels for audit committees, I would encourage you to participate in this process.
Some of the recommendations of the Panel that I believe are very important to improving the audit process and quality of financial reporting, and which constitute best practices include:
The Bar has raised the question of guidelines for audit committees, and I believe the O'Malley Panel Report can serve a useful purpose in filling that void.
The O'Malley Panel went on to recommend that in determining the appropriateness of a service, an audit committee should consider ten factors, as follows:
|1.||Whether the service is being performed principally for the audit committee.|
|2.||The effects of the service, if any, on audit effectiveness or on the quality and timeliness of the entity's financial reporting process.|
|3.||Whether the service would be performed by specialists (e.g., technology specialists) who ordinarily also provide recurring audit support.|
|4.||Whether the service would be performed by audit personnel, and if so, whether it will enhance their knowledge of the entity's business and operations.|
|5.||Whether the role of those performing the service would be inconsistent with the auditors' role (e.g., a role where neutrality, impartiality and auditor skepticism are likely to be subverted).|
|6.||Whether the audit firm personnel would be assuming a management role or creating a mutual or conflicting interest with management.|
|7.||Whether the auditors, in effect, would be "auditing their own numbers."|
|8.||Whether the project must be started and completed very quickly.|
|9.||Whether the audit firm has unique expertise in the service.|
|10.||The size of the fee(s) for the non-audit service(s).|
I urge each and every audit committee to seriously consider these factors as they consider and determine if it is appropriate to approve a specific non-audit service provided by the independent auditor.
Another communication audit committees will be receiving on annual basis, is what is referred to as the Independence Standards Board, or ISB, letter. This letter from the auditors is to spell out any matters or relationships between the auditor and client that may impact on the auditor's independence.
Upon receiving the ISB letter, I believe the best practice would be for the audit committee to consider the services and relationships identified in the letter using the guidance provided by the O'Malley Panel. I would also hope that management would reconcile for the audit committee, the matters, issues and amounts disclosed in the ISB letter to the billings for services disclosed in the proxy. For example, does the proxy disclosure of "other" fees paid to the auditor include any prohibited services or fees, such as bookkeeping or contingent fees? I would also encourage audit committees to inquire as to whether the ISB letter discusses not only all matters relevant to the firm in the United States, but also to its affiliates overseas.
Unfortunately, the staff is aware of actual violations of the independence rules relating to financial interests held, or prohibited services being performed, such as bookkeeping, that were not reported to the audit committee in the ISB letter as required. This appears to be a larger issue for those companies who have international operations and when those operations are audited by a foreign affiliate of the U.S. firm. Accordingly, to avoid an embarrassing situation in the future, I would certainly encourage any audit committee to ask the engagement partner if appropriate steps have been taken and quality controls put in place to ensure the auditor's independence on a global basis.
Warren Buffett, perhaps the most widely recognized investor of our time, also weighed in during the development of the BRC's recommendations. He suggested an approach based on audit committees asking auditors three intriguing questions:
|1.||If the auditor were solely responsible for preparation of the company's financial statements, would they have been prepared in any way different than the manner selected by management? The audit committee should inquire as to both material and nonmaterial differences. If the auditor would have done anything differently than management, an explanation should be made of management's argument and the auditor's response.|
|2.||If the auditor were an investor, would he have received the information essential to a proper understanding of the company's financial performance during the reporting period?|
|3.||Is the company following the same internal audit procedure that would be followed if the auditor himself were CEO? If not, what are the differences and why?|
Warren Buffett recommended that, consistent with the three D's I previously mentioned, the audit committee document the responses to these questions in its minutes. The answers to these questions really indicate whether, if the auditor was running the Company, the same financial statements and disclosures would have been published and the same internal controls would have been established.
The AICPA has also issued two important standards affecting audit committees and auditors. The two new standards are Statement on Auditing Standards ("SAS") No. 89 on Audit Adjustments and SAS No. 90 on Audit Committee Communications. In addition, in February 2000, the AICPA issued Practice Alert 2000-2, "Quality of Accounting Principles – Guidance for Discussions With Audit Committees."
The AICPA's standards and guidance requires the auditor to discuss with the audit committee the QUALITY, not just the acceptability, of the accounting principles used by an entity. This Quality discussion should include not only the audit committee and the auditor, but also management, since management has primary responsibility for the entity's financial reporting. The Quality discussion should be robust, candid and probing and encompass:
|1.||Consistency of the entity's accounting policies and their application.|
|2.||Judgments and estimates that effect the financial statements.|
|3.||The consistency, clarity and completeness of the financial statements and related disclosures.|
|4.||Items having a significant impact on the representational faithfulness, verifiability, and neutrality of the accounting information.|
|5.||Consideration of factors affecting asset and liability carrying values.|
|6.||Use of special structures and timing of events that affect financial statements. The audit committee should inquire as to the auditor's involvement in designing such structures and whether the accounting for such structured transactions is transparent and reflects economic reality.|
|7.||The frequency and significance of all transactions with related parties.|
|8.||Unusual arrangements such as bill and hold or side letter sales agreements, self insurance, or non-standard adjustments made at the end of a reporting period especially those that "just make" the consensus estimate. I would note that the staff believes an auditor has not gathered sufficient evidence and performed a GAAS audit if the auditor has not examined the non-standard adjustments that are individually or in the aggregate material.|
|9.||Materiality thresholds and whether such thresholds have been consistently applied.|
|10.||Audit adjustments identified by the auditor including the nature of any adjustments the auditor identified but did not include on the summary adjustments.|
I have seen a publication by Arthur Andersen, which takes the audit committee and management through the discussion on quality. This publication, "New Responsibilities and Requirements for Audit Committees," lists sample questions that are very useful in guiding the discussion. Here are some sample questions that are in their book.
Relevance/Predictive Value/Earnings Persistence
Relevance/Predictive Value/Disaggregated Information
In addition to the use of these or similar questions, I suggest companies and their audit committees should develop their own Report Card as a specific scoring mechanism, using the above categories, to more fully assess the quality of their financial reporting.
I also encourage audit committees to ask questions about the quality of the company's public earnings releases. Some of these press releases seem to spin straw into gold! Too often today, we are seeing press releases that convey an incomplete or inaccurate picture to investors. I call it an "EBS" or "Everything but Bad Stuff" release. And typically, these releases set forth the "pro forma" numbers before the actual operating results.
For example, I have seen releases that present:
|1.||Earnings before marketing costs.|
|2.||Cash earnings per share that bear no relevance to cash flows but rather are merely earnings adjusted to eliminate amortization of selected costs.|
|3.||Earnings before losses from newly started businesses, such as a new internet subsidiary, or|
|4.||Any one or combination of the above, but with one-time gains from sales of investments added back.|
Recently I saw a press release that went so far as to explain that sales commissions were unusual in that they had increased due to an increase in sales. Imagine that, commissions going up because of increasing sales. The same release went on to say personnel costs were also unusually high because they had hired more people. In my mind, these are not unusual items but rather normal operating costs that should be discussed in the context that they would be expected given the trends noted.
Hopefully, audit committees will view with skepticism this biased and unbalanced approach to disclosure of financial information. Investors who see such press releases should view them with caution and appropriate skepticism. I encourage investors to read such earnings releases with a wary eye and to read the full Form 10-Q where all the facts should be presented in a complete and balanced fashion.
Finally, an audit committee that follows best practices will no doubt elect to undergo an annual evaluation. Just as the board of directors evaluates the management team, I believe the audit committee should perform an annual self-assessment of its performance and obtain input from the entire board of directors. Audit Committee Effectiveness-What Works Best, a publication by PricewaterhouseCoopers and sponsored by the Institute of Internal Auditors Research Foundation, provides a tool for carrying out such an assessment. This guide provides direction and is a useful tool for any audit committee members carrying out their self-assessment responsibilities. It has an actual self-assessment guide that helps audit committees to consider whether it has fulfilled its responsibilities, but also identify opportunities for follow up actions. As an example, it covers such important topics as scrutinizing the areas requiring judgement in the financial statements, the observations of internal and external auditors on internal controls and risk exposures, and training of the audit committee. In addition it notes the internal and external auditor and general counsel may also be able to assist the audit committee in designing a meaningful self-assessment program.
Let me close by again noting the great work that members of the accounting profession, the Blue Ribbon Committee and O'Malley Panel, and the stock exchanges have performed. These efforts have all made the tremendous progress to date possible, and an improvement in the quality of financial reporting hopefully inevitable. To achieve those improvements will not be an easy task, but I have every faith we can get there, a faith that I hope the work of audit committees will sustain.
|Home | Previous Page||