With the SEC’s stepped-up enforcement regarding corporate accounting and financial reporting, many audit committees are sharpening their focus on the quality of the company’s financial reporting and disclosures. Essential to this, of course, is having robust discussions with management and auditors about the numbers and the narrative—critical accounting policies, judgments, and estimates, disclosures (including non-GAAP information), internal controls, key transactions, particular areas of SEC staff focus, and more.
But getting the numbers right also hinges on getting the tone and culture right. How does management get things done? What is the tone in the finance organization? As I saw during my time at the SEC, when significant problems with a company’s financial statements cropped up, there also tended to be problems with the tone and culture—particularly a reluctance to ask the “why” questions. In this stepped-up enforcement environment, audit committees—even those who are “on top of the company’s numbers”—can continue to step-up their own game by focusing on the softer elements of financial reporting integrity (and good regulatory compliance generally).
Constantly assess the tone and culture. How does management get things done? Is there a strong culture of transparency and open communication? Are robust discussions of pros and cons encouraged, and dissenting voices heard? Are people rewarded for raising red (or even yellow) flags? Is there a commitment to financial reporting integrity throughout the organization? Exposure to middle management and other employees can help the audit committee get a good sense of the tone and culture driving not only financial reporting, but compliance activities generally.
Do the CFO and finance team have what they need? Financial reporting quality starts with the CFO and finance team. Make sure they have the resources (budget and talent) to do their job well. Long hours and lean teams can detract from financial reporting quality—as can pressure on management for quarterly results. A critical role for the audit committees/board is to help alleviate the pressure on management for near-term results and support their focus on long-term performance.
Be skeptical—and don’t be satisfied until you’re satisfied. Does the financial reporting process—including the audit committee’s review of draft SEC filings and other financial communications—feel overly routine or too smooth? Does the audit committee sufficiently press management—particularly on financial reporting or disclosure issues in gray areas—and understand the issues that management and/ or auditors spent most of their time on? Does the audit committee stay on an issue until it’s satisfied with the answer? Is management sufficiently skeptical of its own information (an important sign of candor)? Do the audit committee and management recognize their own inherent biases? This paper from KPMG and COSO is a good read: “Enhancing Board Oversight: Avoiding Judgment Traps and Biases."
When Tone Turns Negative: Spotting Red (and Yellow) Flags
One of the hardest things for an audit committee to spot is fraud by “management override.” It requires a solid understanding of the business—how it makes money, and the challenges and pressures management is facing—and constant sensitivity to changes in tone and transparency. Two good primers on fraud risk—the CAQ’s “Deterring and Detecting Financial Reporting Fraud” and the AICPA’s “Management Override of Internal Controls: The Achilles Heel of Fraud Prevention”—list a host of red and yellow flags to watch out for. There are many, but my SEC experience makes me particularly sensitive to these:
- Downplaying the importance of qualitative materiality factors like compliance with debt covenants, “small” adjustments to meet analysts’ earnings expectations, or key non-GAAP metrics (like inventory levels) that investors could consider “material” to financial performance.
- Giving more weight to meeting an SEC filing deadline or earnings release date than to giving all key financial reporting matters full and robust consideration.
- Discounting red or yellow flags—like “chatter” among middle management about insufficient resources or unrealistic performance targets.
- Concluding an investigation prematurely, or being reluctant to seek independent perspectives.
From my former perspective at the SEC, good audit committees were (and are) a “pain in the neck”—never quite satisfied, always asking that follow-up question, and not letting go until they’re satisfied with the answer. And while audit committees aren’t regulators, their version of enforcement is to help ensure the right tone and set clear expectations for the finance organization—and for compliance activities across the enterprise—to promote a culture of accuracy, integrity, and transparency. It’s what investors expect, and what the SEC and other regulators will be looking for.
Howard Scheck, a KPMG partner, leads the SEC regulatory enforcement and compliance efforts of KPMG’s Forensic Advisory Practice and is a former Chief Accountant in the SEC’s Division of Enforcement.
This article is republished with permission from KPMG's Audit Committee Institute. Visit boardleadership.kpmg.us/audit-committee.html for more.