Certified Public Accounting Firm

Internal Control

Articles On This Page

Environmental, Social and Governance Risks - COSO and WBCSD Propose Guidance on ESG Risks NEW!

COSO ERM Framework Update

SEC Issues Staff Speech: Remarks before the Annual Life Sciences Accounting & Reporting Congress: "Advancing Effective Internal Control and Credible Financial Reporting" by Wesley R. Bricker, Chief Accountant, Office of the Chief Accountant

SEC Issues Staff Speech: Remarks before the Annual Life Sciences Accounting & Reporting Congress: "Advancing Effective Internal Control and Credible Financial Reporting" by Wesley R. Bricker, Chief Accountant, Office of the Chief Accountant


Articles

Environmental, Social and Governance Risks - COSO and WBCSD Propose Guidance on ESG Risks

Summary - The Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the World Business Council for Sustainable Development (WBCSD) have released a draft of proposed guidance, Applying Enterprise Risk Management to Environmental, Social and Governance-Related Risks (Draft Guidance). The comment deadline is June 30, 2018.

The existing COSO framework, Enterprise Risk Management - Integrating with Strategy and Performance, is an applied enterprise risk management frameworks (ERM). The goal of the COSO ERM Framework is to help organizations create, preserve, sustain and realize value while improving their approach to managing risk.
 
The purpose of the Draft Guidance, if adopted in its current form, is designed to help organizations respond to the increasing prevalence and severity of Environmental, Social and Governance (ESG)-related risks, ranging from extreme weather events to product safety recalls.
 
The Draft Guidance includes:
  • The evolving global risk landscape;
  • Common ESG issues and related risks and opportunities impacting business;
  • Examples of risk events and consequences of failure to manage them;
  • Principles of the COSO ERM Framework;
  • Methods to overcome ESG-related risk challenges, including identifying and assessing the severity of risks with uncertain financial consequences; and
  • Innovative responses for addressing ESG-related risks and seizing opportunities.

For more information, click here.

Back to Top

COSO ERM Framework Update

Summary - The Committee of Sponsoring Organizations of the Treadway Commission's (COSO's) updated ERM Framework: Enterprise Risk Management-Integrating with Strategy and Performance (ERM Framework) is now available on Accounting Research Manager. This updated ERM Framework builds on the prior version, Enterprise Risk Management-Integrated Framework. COSO designed the update to help organizations improve their approach to managing risk and at the same time create, preserve, and realize value.
 
Because risk influences strategy and performance throughout an organization, the updated ERM Framework emphasizes embedding ERM throughout an organization. It also highlights the importance of enterprise risk management in strategic planning.
 
The first part of the updated ERM Framework offers a perspective on current and evolving concepts and applications of enterprise risk management to meet the demands of an evolving business environment. The ERM Framework itself is organized into five components that accommodate different viewpoints and operating structures to enhance strategies and decision-making.
 
The update also focuses on challenges and evolving expectations of enterprise risk management that business leaders and boards are dealing with in today's landscape, including shifts in economic markets, evolving technologies, and changing demographics in supporting decision-making. 
For more information, click here.
 
© 2017 CCH Incorporated and/or its affiliates. All rights reserved. Used with permission.

SEC Issues Staff Speech: Remarks before the Annual Life Sciences Accounting & Reporting Congress: "Advancing Effective Internal Control and Credible Financial Reporting" by Wesley R. Bricker, Chief Accountant, Office of the Chief Accountant

Summary - Wesley R. Bricker, Chief Accountant of the SEC, recently spoke about accounting and auditing matters, including implementation of the revenue recognition guidance, the important role of the PCAOB, internal controls, and auditor independence.
 
Mr. Bricker reiterated previous remarks on the ongoing implementation of the new revenue recognition guidance. Mr. Bricker noted that "it bears mentioning that some companies have early adopted the standard (as permitted) and are now applying the new revenue standard. In those cases, investors are benefitting from the enhancements to revenue recognition. For those companies that anticipate applying the standard as required in 2018, robust transition disclosures as described in Staff Accounting Bulletin 74 and our related September 2016 staff announcement should be made to enable investors to understand the anticipated effects of the new standard."
 
Highlights of Mr. Bricker's remarks on other topics discussed included:
  • The PCAOB has completed nearly seven years of outreach and public comment in publishing a final auditor reporting standard. If approved by the SEC, the audit reports for public companies would retain a pass/fail opinion, while adding communication of critical audit matters, disclosure of audit firm tenure, and other revisions to clarify the auditor's role and responsibilities and make the auditor's report easier to read. The PCAOB's release is particularly relevant because investors are the primary beneficiaries of an audit and the auditor's report is the primary means by which the auditor communicates to them.
  • Regardless of where, or whether, prior years of service of an audit firm is disclosed, the years of experience may be one of the many factors considered by audit committees in their selection and oversight of the external auditor. An audit committee may want to incorporate prior auditor service into its oversight of the auditor's expertise, incentives and, ultimately, appropriate performance in the conduct of the audit.
  • In today's interconnected world economy, investors depend on high-quality auditing and auditing standards around the world. U.S. investors routinely invest in companies based outside the United States and listed in non-U.S. jurisdictions to diversify their portfolios. Oversight and governance of international audit and related standards is important so that standards and guidance for auditors support the delivery of high-quality audits.
  • Ultimately, management's ability to fulfill its financial reporting responsibilities depends on the effectiveness of internal control over financial reporting which are controls designed to provide reasonable assurance that the company's financial statements are prepared in accordance with GAAP. Over the next several years, updating and maintaining internal controls will be particularly important as companies work through the implementation of the significant new accounting standards. Companies' implementation activities will require careful planning and execution, as well as sound judgment from management.  
  • Companies that apply the COSO framework for assessing the effectiveness of internal control over financial reporting might find its five components and related concepts and principles useful in developing a structured approach for implementation and meeting related documentation expectations.
  • Public trust in financial reporting is also maintained by protecting the independence of the outside auditor from its audit client. The audit committee must own the selection of the audit firm, make the final decision when it comes time to negotiate the audit fee, and oversee the auditor's independence.
  • When selecting a successor auditor, an audit committee should request information to be satisfied that the successor is independent at the start of the audit and professional engagement period. Audit committees should consider circumstances that might require the company to make adjustments to prior period financial statements.
  • In both large and small public accounting firms, it is important to identify and then mitigate institutional and individual pressures, which if left unaddressed can have the potential to compromise the skepticism and professional judgment that are critical to audit quality and the detection of material misstatements.
  • Public accounting firms must work with the audit committee (and management) to agree on appropriate deadlines and audit fees to ensure that audit quality is consistently maintained.
For more information, click here.
 
© 2017 CCH Incorporated and/or its affiliates. All rights reserved. Used with permission.


SEC Issues Staff Speech: Remarks before the Annual Life Sciences Accounting & Reporting Congress: "Advancing Effective Internal Control and Credible Financial Reporting" by Wesley R. Bricker, Chief Accountant, Office of the Chief Accountant

Summary - SEC Chief Accountant Wesley R. Bricker recently spoke on advancing effective internal controls and credible financial reporting as it relates to the new revenue recognition standard. Mr. Bricker provided his thoughts on implementation of the new revenue recognition standard, including thoughts on transition disclosures and potential changes in internal controls.
 
Highlights of Mr. Bricker's remarks regarding implementation of the new revenue standard included:
  • Timely implementation of the new revenue standard is important. The standard, including the disclosures in accordance with the standard, is an important step forward in financial reporting, both domestic and foreign, and when implemented, it is designed to enhance the comparability of companies' reported revenues.
  • In the encouraging column, some public companies have indicated that they plan to apply the new revenue standard in preparing their first quarter 2017 financial statements, as permitted by the transition guidance in the new standard. In the worrisome column, however, some companies need to make significant progress this year in their implementations. In a survey of public companies released in October 2016, eight percent of respondents at that time had not started an initial assessment of the new revenue recognition standard, while an overwhelming majority of the others were still assessing the impact.
  • Particularly for companies where revenue recognition implementation is lagging, preparers, their audit committees and auditors should discuss the reasons why and provide informative disclosures to investors about the status so that investors can assess the implications of the information. Successful implementation requires the engagement of senior management throughout an organization.
  • A company must support its presentation, whether gross or net, according to the core principles in the standard, so that investors can understand the nature of the revenue transaction. The new revenue standard does not eliminate all of the judgment required in this area of financial reporting.
  • Today's revenue recognition guidance is primarily a risk and rewards based model, while the new standard is focused on control. While registrants may determine that, as a result of applying the new guidance, the presentation of revenue is the same as under today's revenue guidance, the evaluation will need to be based on the new standard, which has new concepts.
  • Additional judgments may be needed in applying the new standard, and in some cases those judgments may necessitate changes to internal control over financial reporting.
  • Regarding transition disclosures, if a company does not know, or cannot reasonably estimate the expected financial statement impact, that fact should be disclosed. But, in these situations, the SEC staff expects a qualitative description of the effect of the new accounting policies, and a comparison to the company's current accounting to aid investors' understanding of the anticipated impact. It should also disclose the status of its implementation process and significant implementation matters yet to be addressed.
  • From a preliminary look at recent Forms 10-K and 10-Q filings, a number of companies have enhanced their transition disclosures, although for others there is still more work to do. For example, some companies indicate that the impact of the new revenue standard is not expected to be material. The changes in the new standard will impact all companies. Even if the extent of change for a particular company is slight, the related disclosures to describe revenue streams may not be. The basis of any statement that the impact of the new standard is immaterial should reflect consideration of the full scope of the new standard, which covers recognition, measurement, presentation, and disclosure for revenue transactions.
Mr. Bricker also discussed potential impacts to internal controls as a result of the new revenue recognition standard and noted:
  • The new revenue standard may require changes to relevant business processes and the control activities within them. However, it might also require a refresh of the other components of internal control over financial reporting, including professional competence. Expectations related to the control environment and the other components of ICFR are reflected in the principles of the COSO (2013) framework.
  • An aspect of the COSO framework emphasizes the importance of being able to attract, develop and retain competent individuals in alignment with the financial reporting objectives. All companies must have appropriate resources to evaluate revenue arrangements and properly apply the principles of the new standard. While those resource needs might be satisfied, for example, through a designated accounting policy function or through a relationship with a qualified service provider, having resources with sufficient training and competence is fundamental to the effectiveness of a company's overall control environment. With a general movement towards more principles-based accounting frameworks, companies need to assess and continually reassess the impact to their existing accounting and financial reporting competencies and make adjustments as appropriate to their training, retention, and recruitment programs.
  • The new revenue standard will require judgments. This highlights the importance of another element of a company's control environment, setting the right "tone at the top" and expectations for responsible conduct throughout the organization. Appropriate tone at the top is the foundation for the consistent application of the sound judgments required by the new standard. Management should consider whether the existing controls support the formation and enforcement of sound judgments or whether changes are necessary.
  • Companies may also need to consider any changes they may make to their established business practices as they transition to the new standard. For example, companies may amend or tailor their contracts with customers. Application of the new standard, including preparation of the required disclosures, may also require gathering and analyzing new information and sharing such information with relevant parties. Management should consider whether its reporting systems are designed to accurately capture the effects of changes to customer contracts and other information required for compliance with the new standard and ensure the integrity of such information throughout the financial reporting process. Therefore, it will be important to take a fresh look at the information and communication component of ICFR and the related controls over a company's information technology.
  • It is important to keep in mind that the effectiveness of any changes to internal controls are predicated on a comprehensive and timely assessment of risks that may arise as a result of applying the standard. Such risks may exist at various levels and in different areas of a company and their appropriate identification and assessment may require involvement of management and employees from both the accounting and financial reporting function and other functional areas of a company.
For more information, click here.
 
© 2017 CCH Incorporated and/or its affiliates. All rights reserved. Used with permission.