Compliance
Save

Financial Reporting Integrity: Factoring Tone and Culture into the Equation

by Howard Scheck

With the SEC’s stepped-up enforcement regarding corporate accounting and financial reporting, many audit committees are sharpening their focus on the quality of the company’s financial reporting and disclosures. Essential to this, of course, is having robust discussions with management and auditors about the numbers and the narrative—critical accounting policies, judgments, and estimates, disclosures (including non-GAAP information), internal controls, key transactions, particular areas of SEC staff focus, and more.

But getting the numbers right also hinges on getting the tone and culture right. How does management get things done? What is the tone in the finance organization? As I saw during my time at the SEC, when significant problems with a company’s financial statements cropped up, there also tended to be problems with the tone and culture—particularly a reluctance to ask the “why” questions. In this stepped-up enforcement environment, audit committees—even those who are “on top of the company’s numbers”—can continue to step-up their own game by focusing on the softer elements of financial reporting integrity (and good regulatory compliance generally).

Constantly assess the tone and culture.  How does management get things done? Is there a strong culture of transparency and open communication? Are robust discussions of pros and cons encouraged, and dissenting voices heard? Are people rewarded for raising red (or even yellow) flags? Is there a commitment to financial reporting integrity throughout the organization? Exposure to middle management and other employees can help the audit committee get a good sense of the tone and culture driving not only financial reporting, but compliance activities generally.

Do the CFO and finance team have what they need? Financial reporting quality starts with the CFO and finance team. Make sure they have the resources (budget and talent) to do their job well. Long hours and lean teams can detract from financial reporting quality—as can pressure on management for quarterly results. A critical role for the audit committees/board is to help alleviate the pressure on management for near-term results and support their focus on long-term performance.

Be skeptical—and don’t be satisfied until you’re satisfied. Does the financial reporting process—including the audit committee’s review of draft SEC filings and other financial communications—feel overly routine or too smooth? Does the audit committee sufficiently press management—particularly on financial reporting or disclosure issues in gray areas—and understand the issues that management and/ or auditors spent most of their time on? Does the audit committee stay on an issue until it’s satisfied with the answer? Is management sufficiently skeptical of its own information (an important sign of candor)? Do the audit committee and management recognize their own inherent biases? This paper from KPMG and COSO is a good read: “Enhancing Board Oversight: Avoiding Judgment Traps and Biases."

When Tone Turns Negative: Spotting Red (and Yellow) Flags

One of the hardest things for an audit committee to spot is fraud by “management override.” It requires a solid understanding of the business—how it makes money, and the challenges and pressures management is facing—and constant sensitivity to changes in tone and transparency. Two good primers on fraud risk—the CAQ’s “Deterring and Detecting Financial Reporting Fraud” and the AICPA’s “Management Override of Internal Controls: The Achilles Heel of Fraud Prevention”—list a host of red and yellow flags to watch out for. There are many, but my SEC experience makes me particularly sensitive to these:

  • Downplaying the importance of qualitative materiality factors like compliance with debt covenants, “small” adjustments to meet analysts’ earnings expectations, or key non-GAAP metrics (like inventory levels) that investors could consider “material” to financial performance.
  • Giving more weight to meeting an SEC filing deadline or earnings release date than to giving all key financial reporting matters full and robust consideration.
  • Discounting red or yellow flags—like “chatter” among middle management about insufficient resources or unrealistic performance targets.
  • Concluding an investigation prematurely, or being reluctant to seek independent perspectives.

From my former perspective at the SEC, good audit committees were (and are) a “pain in the neck”—never quite satisfied, always asking that follow-up question, and not letting go until they’re satisfied with the answer. And while audit committees aren’t regulators, their version of enforcement is to help ensure the right tone and set clear expectations for the finance organization—and for compliance activities across the enterprise—to promote a culture of accuracy, integrity, and transparency. It’s what investors expect, and what the SEC and other regulators will be looking for.

Howard Scheck, a KPMG partner,  leads the SEC regulatory enforcement and compliance efforts of KPMG’s Forensic Advisory Practice and is a former Chief Accountant in the SEC’s Division of Enforcement.

 

This article is republished with permission from KPMG's Audit Committee Institute. Visit boardleadership.kpmg.us/audit-committee.html for more.

MORE ARTICLES

Board composition +
Refreshing Your Board of Directors
Patrick R. Dailey, Ph.D. and Joel M. Koblentz
Battle For the Boardroom
Ludo Van der Heyden and Chris Howells
Night of the Living Board
Matt Palmquist
Strategy & innovation +
The "Third Team" Approach to Board Effectiveness
Denis Mowbray and Coral Ingley (both from Auckland University of Technology)
Tapping The Strategic Potential of Boards
Chinta Bhagat, Martin Hirt, and Conor Kehoe
Board supervision +
Best Practices: Non Profit Governance
McDermott Will & Emery
Value-Focused Corporate Governance
Christian Orglmeister, Marcos Aguiar, and Daniel Azevedo
The Trouble With Too Much Board Oversight
Olubunmi Faleye, Rani Hoitash and Udi Hoitash
Culture +
Team building +
Collaborate Better
Leigh Thompson
Five Things Every CEO Must Do in the Next Era of Globalization
Hans-Paul Bürkner, Arindam Bhattacharya, and Jorge Becerra
Outgoing CEOs Shouldn't Pick Their Replacements
David F. Larcker, Stephen A. Miles, and Brian Tayan
Compliance +
Leadership +
Risk management +
Exec. evaluation & comp +
Surviving the Sophomore Slump: Moves That Matter The Most
Roselinde Torres, Judy Johnson, James M. Citrin, and Susan S. Hart
Leapfrog Succession: Trend in Appointing CEOs
Roselinde Torres, Gerry Hansell, Kaye Foster, and David Baron
Cyber security +
Why Senior Leaders Are On The Front Line Against Cyberattacks
Tucker Bailey, James Kaplan, and Chris Rezek
Are You In the Dark about Shadow IT?
Ryan Shadle and Brian Turley
Corporate Governance in the Age of Cyber Risks
In collaboration with RANE (Risk Assistance Network and Exchange)
The Board’s Role in Managing Cybersecurity Risks
Ray A. Rothrock, James Kaplan, and Friso Van Der Oord
Featured +
Planning Ahead – The Board’s Role in Crisis Management
M. Hill Jeffries, Kyle G. Healy, Marshall M. Chalmers
Agitators and Reformers: How to Respond to Activist Investors
Josh Hinkel, Henrik Poppe, Martin Toner and Chuck Whitten

Your library is currently empty. Browse the Boardspan Library to get started.