David R. Evanson
Privately Published, Summer, 2004
Audit Committee Symposium
Sponsored by PricewaterhouseCoopers
Highlighting Critical Issues at the Dawning of a New Day
On March 8-9, PricewaterhouseCoopers LLP brought together a select group of panelists and participants to address the critical and evolving issues facing audit committee members–as well as the public companies they serve–as a result of the Sarbanes-Oxley Act of 2002.
Dennis Nally, Chairman and Senior Partner of PricewaterhouseCoopers, along with P. Gregory Garrison, US Assurance Leader, opened the session. Addressing the group were a slate of speakers straight from the trenches – Representative Michael G. Oxley (R-OH); Cynthia A. Glassman, SEC Commissioner; William J. McDonough, Chairman and CEO of the Public Accounting Oversight Board (PCAOB), and William R. McLucas, Partner of Wilmer Cutler Pickering LLP and Group Leader in the firm’s Securities Section.
The session was extremely interactive, with speakers and participants getting the issues out in the open and candidly exchanging their respective points of view. Broadly speaking, the issues discussed fell among several “hot spots” in the ongoing public debate about how to restore investor confidence. These were, predictably, corporate governance, risk management, and the future of the accounting profession.
Corporate Governance Issues
[Callout text for this section: 1) “Specifically, many felt that boards today now function ‘95%’ in a monitoring role, leaving less time available for examining the strategy of the company.” ; 2) The implication for attracting talent to the boards of companies may become a serious issue, participants and panelists alike agreed.” ]
With respect to corporate governance, discussion leaders and audit committee members focused on tactical as well as strategic issues.
Tactically, many at the symposium were concerned that corporate boards were becoming too compartmentalized. Participants were concerned that the trend toward committee-ization was introducing new challenges about keeping all board members informed on relevant issues, how such boards serve the interest of smaller companies, and how board members with new constraints and greater exposure to legal liability could function in a manner that was productive.
Compounding these problems is that fundamental changes in the structure of the board are coming about at a time when new requirements, which many believe to be excessive in light of the final 404 standards, appear to be allocating resources such as money, management’s time, and the board’s time away from more fruitful endeavors of examining, questioning and helping to execute the company’s strategy [italicize strategy].
Many in attendance openly wondered if the more traditional role of the board, acting as a sounding board for management, would disappear. If so, it may be more difficult to attract talent to the boards of companies, participants and panelists alike agreed. When combined with the potential legal liability of being a board member, the question becomes, who will serve?
Participants felt the immediate fallout of Sarbanes-Oxley was a corporate governance framework that, while appropriate for our times, is nonetheless stilted and uncertain. True reform will require that corporations, executives, audit committee and board members and regulators actively work to strike a balance over time.
The Evolving Role of Accounting Profession
[Callout text for this section: 1) “For internal audit, it’s not just new responsibilities related to internal control standards, but assuming a more strategic role in the organization . . .” ; 2) “The new environment offers the opportunity to close one of the great expectation gaps that prevailed during the nineties and the beginning of this decade . . .”]
In a symposium attended largely by audit committee members, it was no surprise that a significant portion of the day’s discussion focused on the changing role of external and internal auditors.
Clearly the new environment has changed expectations regarding the roles and responsibilities of internal and external auditors and how they will work together with Public Company Accounting Oversight Board (PCAOB) and other regulators.
For instance, with limited staff and resources, participants wanted to know what exactly could the PCAOB accomplish and what was its true role? Unlike the SEC which is charged with enforcement, the PCAOB functions much more like a bank supervisor, getting to know the personalities involved, and fixing problems behind the scene very quietly.
But the PCAOB is also charged with setting the tone for the way internal and external auditors carry out their new responsibilities. For internal audit, this means not just taking on new responsibilities related to internal control standards, but also assuming a more strategic role in the organization as the source of objective, timely information that management, the board, the audit committee, and the external auditors must have.
But this discussion led to the group toward considering the changing roles and responsibilities of the external auditor, and how the new environment offers the opportunity to close one of the great expectation gaps that prevailed during the nineties and the beginning of this decade. Specifically, the public assumed that external auditors were focused on the internal control environment, and held the profession accountable for allowing lapses in this crucial area. Now, thanks to the Section 404 standards, they will in fact be focusing much more rigorously on detailed auditing of internal controls.
These new roles and responsibilities, however, raised new issues in the minds of audit committee members. For example, can the external auditor truly evaluate the audit committee’s oversight, when in fact the audit committee selects the auditor? And how can external auditors bring about change in the way an audit committee functions? Where does one draw the line between the responsibility to disclose weakness and improving the internal control process? Addressing these very legitimate concerns is challenging. While the new regulatory environment is rule-based and compliance driven, panelists urged audit committee members as well auditors to engage in a more proactive, dialog-based process that places a premium on communication.
Risk Taking & Risk Management
[Callout text for this section: 1) “There is some evidence that the new rules and regulations are keeping companies from taking business risks . . .”; 2) “A more integrated risk profile becomes essential in an environment that has shifted regulatory liability squarely on the plate of the Audit Committee.” ]
While the Sarbanes-Oxley bill was crafted to address some very specific shortcomings in public company oversight and financial reporting, panelists and participants agreed that within a political context and under pressure from the fallout of white hot scandals such as Enron and Worldcom, the end result may have been more aggressive and far reaching than even the original architects of the bill had envisioned.
One speaker noted that there is some evidence that the new rules and regulations are keeping companies from taking business risks. This represents a particularly daunting challenge of regulation, and if true, an unintended and undesirable by-product of the legislation. After all, an important element of maintaining global competitiveness rests with an organization’s willingness to take and benefit from appropriate risks.
Yet this new reality gives currency and renewed importance to the notion of Enterprise Risk Management or ERM. Within an ERM framework, companies measure, prioritize and respond to risks in an integrated, holistic way.
A more integrated risk profile becomes essential in an environment that has placed regulatory liability squarely on the plate of the Audit Committee. Thus, audit committee members wanted to know, when, why and how does the committee mitigate its risk, and the risk to the company, by conducting a special investigation? And consistent with the precepts of the ERM framework, what are the risks associated with avoiding internal investigations?
The ensuing discussion centered on the daunting challenges of investigations. Specifically, they often lead to unexpected results that are a surprise to audit committee members and can also create problems elsewhere in the company. This prompted further discussion on why outside counsel, rather than the Audit Committee itself, is the best candidate to conduct an investigation. The primary advantages cited were that, with external people, the process is more discreet relative to the markets, employees and the media, and external investigations involve people less concerned about the consequences of pursing the problem.
The downside to this approach, and one of the real risks that needs to be measured and evaluated, is that using outside counsel exposes the government to problems that were heretofore internal matters. Panelists noted that while this approach may be unappealing to members of the audit committee, it must be weighted against penalties that could total hundreds of millions of dollars.
Participants and panelists agreed that one key element of mitigating compliance risk had to do with what they referred to as the “Tone at the Top.” Noting it’s importance, one participant mentioned that even if Sarbanes-Oxley were in effect, it may not have prevented what happened at Enron because of the signals that were flowing through the organization from the executive suite.
Citing ways to set the tone, panelists and participants alike suggested that open access to C level executives, ethics training and education, and, interestingly, a conservative posture on accounting treatment issues by the chief executive were all important in establishing a frame of mind among all employees that is consistent with the spirit of Sarbanes-Oxley.
Committed to Improvement
The symposium ended with a lively question and answer period moderated by Dennis M. Nally.
What are other people doing to fulfill the hot line requirement?
What about expensing stock options?
What if there is an internal control failure that you cannot attest?
What should I be asking my people about their readiness for 404?
How do you say, ‘I would like to strengthen your audit committee?’
And while there are still many more questions than answers, the desire for more information among participants was earnest. Audit Committee members at the symposium seem motivated not just by a desire to comply, but by a determination to improve a process that was in badly need of repair.