I recently saw the results of a PwC survey on where IT oversight resides at the board of directors’ level.  In more than 50% of the companies it was with the audit committee, while 25% had it with the entire board and 8% had no oversight at the board level at all.  It’s hard to imagine a business that does not use IT today.  We may laugh at the commercials, but even the neighborhood kids’ lemonade stand is often publicized on Facebook (even if it is on Mom’s page). So, putting the 8% who live in the dark ages aside (and the 17% who didn’t even know what IT stood for?) I wondered about the implications of having IT oversight with the audit committee by 2/3’s of the companies who had board level oversight.

Using the audit committee seems to be a natural outgrowth from the way IT has been handled historically.  CFO’s were often the officer that IT reported to before CIO’s started proliferating.  In addition, boards often first deal with IT when something goes wrong – either with an access breach or a system failure which then impacts the financial results.  Either way, the knee jerk reaction is IT is a “control problem” and that is what audit committees are supposed to handle.  And of course, as is their nature, audit committees will treat IT as a control and compliance issue.  Do our general IT controls work well enough for pass muster for the audit of our controls?  Do we have the right protocols in place to comply with the HIPPA regulations over access?  Are we doing enough to prevent breaches of our systems and the unauthorized release of sensitive customer information in order to prevent reputational damage from the next hacking attack?

These are all very important issues, but the problem is that in today’s world where business models can be disrupted by the next drunk college student writing code in his or her dorm room at two in the morning, IT can’t be viewed solely or even predominantly as a “control issue” (or is that an issue to be controlled).   The use of IT is, or should be, a critical strategic issue for every company, and critical strategic issues should be the domain of the entire board of directors.

Am I saying that the entire board should be dealing with the minute details of IT?  Of course not.  In fact, that is what management is supposed to do, but the entire board should be very interested in any organization’s IT strategy, plans, risks and opportunities.  The problem with sending IT oversight to the audit committee is that the risks will get a lot of attention while the other three areas will get less then they deserve or need.  The solution for the twenty-first century company is to rethink who has responsibility for IT oversight at the board level.  Maybe this is a case where the majority has it wrong.

The PCAOB has also been looking at potential audit report modifications and had previously released a request for comments on potential changes to the report ranging from more information on how the audit was conducted to an auditor’s discussion and analysis.  The FRC proposal seems to be somewhere between these two extremes, but it would definitely seem to not be in alignment with the comments from most preparers in U.S. that said information about the company should come from the preparers not the auditors.

Written by: Bill Schneider

If the PCAOB decides to go down this path as well, I can see several significant issues from a preparer perspective.  First, in the U.S. management is required to provide an assessment of its system of internal controls to prevent material misstatements of the financial statements and the auditor then provides its opinion on that assessment.  If the auditor were then required to also comment on specific risks and what they did about them in the audit would this lead to either (1) questioning of managements assessment about the effectiveness of its internal controls or (2) management feeling compelled to specifically address their response to those risks as well in their report on internal controls.  And this doesn’t even address what might happen if management and the auditor have serious differences in opinion about what the risks really are in the first place.

I am also very concerned about the impact the required disclosure on how the concept of materiality was applied would have on the auditor’s evaluation of materiality.  Will auditors feel compelled to use lower than necessary materiality levels to prevent lawsuits that say if they had only used a slightly lower level of materiality problems that lead to the investor losses in the stock market would have been discovered?  If you don’t believe that would happen, then let me tell you about a recent development.

Previous to this audit cycle, most audit firms used a different dollar threshold of materiality for the income statement and the balance sheet.  I can hear the purest out there saying materiality is a qualitative measure, not a quantitative measure and they are correct, but when it comes down to it we have to measure whether potential misstatements are material so we have to quantify materiality in order to measure. The PCAOB decided that the auditing literature did not support separate materialities for the balance sheet and income statement so all of the auditing firms started using the lower of the two materiality measures for their evaluations.  This meant that many preparers had to change their controls to support a more precise measurement requirement – probably beyond the true cost-benefit trade off if materiality had been appropriately defined.

The point is that as firms lower materiality levels in defensive response to perceived threats, then the whole concept of materiality will be distorted as preparers find they must pay for more precise systems and controls then are necessary hurting the whole economy in the process.  So let’s hope cooler heads prevail in the U.S. and we don’t follow the U.K. lead in this case.

I read a great blog on AICPA Insights about giving tax season a different perspective (it can be found at http://blog.aicpa.org/2013/01/tax-season-our-time-to-shine.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+AicpaInsights+%28AICPA+Insights%29#tp )

The blog takes the position that instead of whining about the long hours and other problems of tax season, maybe we should view it as a time to shine – a time when we can really show everyone what we can do and show how valuable we are to our employers and clients. I think the attitude this blog suggests applies to more than tax season.  I think it applies to any other “busy season” by CPAs – be that annual reporting, the budget cycle, periodic forecasts, or any of the myriad of other things we CPAs spend considerable time doing very well.

I for one have felt for a long time that we CPAs spend too much time grossing about the problems of our job rather than highlighting the benefits.  I don’t see lawyers wearing all of the hours they have to put in as young associates out of law school as some sort of red badge of courage.  Instead they see that as a time to show everyone what they can do so then can move up the ladder and get recognized for the value they provide.  The same could be said about doctors doing their residency.

Face it, if you want to be a valuable professional it is going to take some extra effort on your part on a recurring basis.  Instead of complaining about it and turning off the best and brightest we need to celebrate how the busy seasons provide great opportunities time and again to show off our talents.  One of the highest rated (non-compensation related) reasons people stay, or leave jobs is the feeling of doing something that matters and is valued.   We CPAs do many things that matter and are valued by many people.  Why don’t you take the time to point that out instead of the number of hours you worked last week?

A lot has been written about the (not quite so) final agreement to avert the fiscal cliff and extend existing income tax rates for most citizens of the United States.  Lost in most of the media coverage, mainstream of otherwise, was a significant development regarding the Alternative Minimum Tax (AMT).  Congress finally “permanently fixed” the AMT by upping the exemption amount and then indexing it for inflation.  At least it is as permanent as anything done in Washington these days.

The most important feature of the AMT change is that it will end the ongoing joke of extending the AMT for 1 year each year-end.  I say joke because the way the Federal Government budget (and accounting) rules worked, they only had to count the reduction in AMT revenue for the one year they extended the higher exemptions.   They were able to assume that in future years AMT revenue would be back and this would make projections of budget deficits smaller.

Let’s compare this to a couple of accounting standards those of us in the corporate world have to deal with.  The first is around accruals for vacation pay.  The standard starts off simply enough with the concept that if your vacation plan results in people earning vacation in one year that will be paid (either in the form of time or dollars if the employee leaves the company) in the next year, then you have to accrue for the vacation earned as of the end of year 1.  But the standard does not stop there.  In this case if there is no plan or even if there is, but the company makes a practice of doing something different that results in payment for unused vacation , then the company has to accrue the “substantive” practice rather than whatever the policy says in writing. A second standard that has the same concept is accounting for pensions.  In that standard, if you have a practice of giving increases in the pension benefit periodically, then the standard requires you recognize that “substantive” plan even if it is not part of the official written plan.

So, in the corporate world, if you have a practice of doing something you have to recognize the results of that recurring practice.  In Washington that rule does not apply.  There, you can ignore something everyone knows you are going to do as long as you haven’t actually put it into law. I guess we can’t call it a lie, but it certainly was misleading.  At least from now on deficit projections will be closer to reality and isn’t that the first step in dealing with a problem – recognizing what the actual problem is.

The on again off again battle on the potential U.S. adoption of IFRS took a couple of interesting turns last week. The first interesting turn was the nomination of a former prosecutor to head the SEC.  All the stories talk about how the appointment  of Mary Jo White is sending a clear signal about bolstering the SEC reputation for enforcement.  I’m not here to dispute that, but if the focus is going to be on enforcement then I am guessing IFRS will continue to be down the list of SEC priorities for at least a while which means we will continue down the path of U.S. GAAP for U.S. public companies, IFRS for Foreign Issuers filing with the SEC and lots of continuing rhetoric about the U.S. not adopting IFRS from everybody.

The second interesting turn was a study released by the U.K. that showed how IFRS Impairment rules were being used inconsistently across Europe.  This supported a similar SEC finding in its work plan report.  The lack of consistency puts a major dent in the argument that the U.S. needs to adopt IFRS so that everyone will be reporting results the same way.  If IFRS is not being used consistently then what difference does it make if there are also a few differences between U.S. GAAP and IFRS, or so the anti-IFRS argument goes.

But that wasn’t what really bugged me about the whole issue.  The part that bugged me was what Hans Hoogervorst, Chairman of the IASB said in defense of IFRS.  I agreed with his statement ”that even an unevenly applied global standard provides much more global comparability than an equally unevenly applied multitude of diverging national standards,” but I disagreed with his next statement strongly.  He went on to say 735 restatements required by the SEC in 2010 show that even U.S. GAAP has issues with consistent application of standards.  I say that statistic is at best totally irrelevant to the issue of comparability and at worst, might prove just the opposite of what Mr. Hoogervorst was trying to say.  By requiring restatements the SEC was, in fact, forcing consistency in the application of the standards.  What the U.K. and SEC studies found were inconsistent application of standards that were apparently perfectly acceptable to the various regulatory organizations responsible for enforcing consistency in IFRS.

So, a statistic is used to purported prove that application of U.S. GAAP is just as inconsistent as the application of IFRS, but it actually may prove just the opposite if you are really informed about the subject.  It certainly brings to mind that old saying about statistics being the biggest lies of all.

I was reading a publication produced by our auditor, Ernst & Young on all of the standard setting activity for 2012 and I realized I have good reason to feel like I can’t keep up with everything going on.

The FASB only issued 3 final standards (now called ASUs for all of us who grew up with FAS’s for all those years).  Of course, maybe it’s really 4 because they issued separate ASUs for technical corrections to the ASC in general and technical corrections to the SEC portion of the ASC, but who am I to quibble with my auditor on such things. Either way, not too bad so far, but the FASB also issued or worked actively on 12 exposure documents.  Now were starting to get up in the numbers.  Of course 12 documents would not be so bad if they covered specific topics related to different industries so everyone is not impacted by all 12, but that is not the case here.  We’re talking about messing with revenue leases and impairment of customer receivable which means just about every business that exists will be impacted by many of these proposed standards.  Of course it doesn’t stop there, the FASB launched the PCC to look into private company accounting issues and started two other projects on disclosures and going concern.  The EITF was also busy reaching 3 consensus opinions and exposing documents on 4 other issues.

Not to be outdone, the SEC issued 3 final rules including rules on reporting on conflict minerals (if you think you are not impacted, you may need to think again as some reports expect that thousands of companies – public and private – will be impacted by the reporting requirements).  The SEC also issued 16 proposed rules and other releases in 2012 and that doesn’t include any of the work on IFRS, XBRL or work to be done under the JOBS act.  The PCAOB also started to get busy again and issued one final auditing standard as well as one audit practice alert document.  The PCAOB also released 9 other documents outlining proposed rules or asking for input on concept releases.  These include the now infamous release on mandatory auditor rotation as well as an equally important release on potentially significant changes to the auditor report.

Of course the ASB also issued a new standard as well as several other documents and the GASB issued 4 new standards, 2 exposure drafts and at least 3 other significant documents.  The AICPA also issues its proposed framework for private company reporting and COSO issued 2 exposure drafts to revise its Internal Control framework which is the de facto internal control standard for 85% of public companies that have to comply with Sox section 404.

And that’s just the U.S. accounting and auditing standards.  It doesn’t include all of the IRS changes, the new developments in the valuation world (didn’t you know the SEC expects all of you public company preparers to be valuation experts now), and international standards for accounting from the IASB and auditing from the IAASB.  I must admit I have to laugh when people tell me they can’t get enough CPE done to maintain their license.  You could spend 140 hours on CPE and not keep up let alone only the 40 required in most jurisdictions. I want to look at them and ask, then how do you plan to keep your job because you are expected to know about all of these changes and more!

A lot has been written about the (not quite so) final agreement to avert the fiscal cliff and extend existing income tax rates for most citizens of the United States.  Lost in most of the media coverage, mainstream of otherwise, was a significant development regarding the Alternative Minimum Tax (AMT).  Congress finally “permanently fixed” the AMT by upping the exemption amount and then indexing it for inflation.  At least it is as permanent as anything done in Washington these days.

The most important feature of the AMT change is that it will end the ongoing joke of extending the AMT for 1 year each year-end.  I say joke because the way the Federal Government budget (and accounting) rules worked, they only had to count the reduction in AMT revenue for the one year they extended the higher exemptions.   They were able to assume that in future years AMT revenue would be back and this would make projections of budget deficits smaller.

Let’s compare this to a couple of accounting standards those of us in the corporate world have to deal with.  The first is around accruals for vacation pay.  The standard starts off simply enough with the concept that if your vacation plan results in people earning vacation in one year that will be paid (either in the form of time or dollars if the employee leaves the company) in the next year, then you have to accrue for the vacation earned as of the end of year 1.  But the standard does not stop there.  In this case if there is no plan or even if there is, but the company makes a practice of doing something different that results in payment for unused vacation , then the company has to accrue the “substantive” practice rather than whatever the policy says in writing. A second standard that has the same concept is accounting for pensions.  In that standard, if you have a practice of giving increases in the pension benefit periodically, then the standard requires you recognize that “substantive” plan even if it is not part of the official written plan.

So, in the corporate world, if you have a practice of doing something you have to recognize the results of that recurring practice.  In Washington that rule does not apply.  There, you can ignore something everyone knows you are going to do as long as you haven’t actually put it into law. I guess we can’t call it a lie, but it certainly was misleading.  At least from now on deficit projections will be closer to reality and isn’t that the first step in dealing with a problem – recognizing what the actual problem is.

Another area of coverage at the AIPCA SEC and PCAOB Developments Conference in December that surprised me was the focus on internal control.  I knew the last session of the conference was going to be on the forthcoming update to the COSO Internal Control Integrated Framework, but I did not expect other presentations to hit on the topic as well.

Paul Beswick, Acting SEC Chief Accountant, got the ball rolling by reminding everyone that internal control has five components, not just control activities.  The implication is that the SEC is seeing too much focus on the Control Activities component when it asks questions about Sox 404 compliance.  As a reminder the five components of internal control are:

1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information and Communication

5. Monitoring Activities

The COSO framework, which is used by 85% of the companies complying with section 404, requires all five components to be present, functioning and operating together in an integrated manner to have an effective system of internal control.  While many companies do address all five components, the weighting of the work is often tilted toward control activities and monitoring activities when it comes to documenting and testing of key controls. These are only 2 of 5 components (and 5 of 17 control principles in the proposed update to the framework).

And it was not just the SEC that discussed internal controls.  James Doty, Chairman of the PCAOB also brought up the issue when discussing auditors work on internal controls.  While he did not specifically get into the component issue, he questioned the adequacy of the documentation to reach a conclusion about the effectiveness of internal control.  Putting two and two together, it seemed clear he was also talking about the need to properly emphasize all five components

The new framework, scheduled to be released on March 31, 2013 is going to provide a renewed emphasis on all of the components of internal control as well as the 12 principles of control in the control environment, risk assessment and information and communication components. This really provides a great opportunity to revisit your control documentation and make sure you have everything you need to prove your assertion that you have an effective system of internal control with all five components present, functioning and operating together.

…or you can wait for that SEC comment letter.

It’s that time of year for many in business and industry – time for those annual performance reviews.  After completing these reviews for 20 years at AT&T I have learned a few things that work and a few things that don’t.  Rather than talk about the whole theory and strategy of evaluations, I’m going to cover what I consider the more tactical things that have worked for me over the years.  For many of you reading this blog it may be too late to incorporate these ideas for your 2012 evaluations, but it is a great time to start doing them so that 2013 will be a much easier year for you.

1)      Take notes regularly.  Twenty years ago I had a file set up for each of my direct reports and I added hand written notes to the file each week.  Now I maintain my notes electronically, but it is the same idea.  I set up a reminder in outlook for me to write up notes on my staff each week.  Sometimes it occurs in the middle of the week when I get a great email complimenting one of my staff on something they did, or maybe something didn’t go right and I write it up after discussing it with my staff member.  Other times it is just something I think of on a Friday afternoon.  With eight direct reports I don’t write something about ever person every week, but I write something about someone each week, and if I haven’t written anything down in a month for a person then I need to think about why that has happened. When it comes time to fill out the evaluations you have a treasure trove of real examples to use in the evaluation from your notes.  Believe me, your staff will notice the difference – and so will your colleagues and boss if you have to defend your ratings to them.

2)      Complete the evaluations before the end of the year.  If your financial year-end occurs at the same time as your performance year-end it is imperative to get those evaluations done before the end of the year.  Once year-end hits you will (and should) be spending all of your time on the annual financial statements, completing tax filings, issuing W-2’s, loading budgets, or whatever else you need to do.  You won’t have time to do a decent job on the evaluations once that happens so the best thing to do is complete them before the end of the year.  I make it a policy for my staff to complete their self-evaluations before they leave for the holidays.  I then complete my evaluations of their performance as they come in.

3)      Set a meeting with yourself before the meeting with your employee to go over the evaluation.  As I already said, this time of year is extremely busy.  You don’t want to be fumbling through the evaluation as you go over it with your employee.  The best way to prevent this is to be prepared.  I do that by setting aside some time to review the evaluations I am covering during the day before the evaluations occur.  It works best if I can do it immediately before the performance review, but it also works if I do it any time that day before the review.  I find it most effective to set a ½ hour meeting with myself, if it is an especially busy day I might even take a paper copy of the evaluation to a conference room somewhere so I can concentrate on it without interruption.

Those are my three tips.  There are many others, but these basic steps have stood the test of time in making the evaluation process a success for me.

If you’re like me, you loathe getting numerous emails, because you are fearful of losing that ever important email in your inbox. I would receive daily updates or e-newsletters that I told myself that I’d read later, but eventually they would end up deleted or left unread in my inbox.

Then I discovered a way to consolidate these non-critical emails into one spot, and not clog up my inbox…rss feeds. Granted, some sites don’t offer feeds as an option, but many do, such as AICPA or GSCPA. You can gather articles/blog posts on topics YOU care about in one place, without mucking up your inbox or visiting an actual web site.

So, how do you start using these newfangled feeds? It’s pretty simple. First, you have to decide which type of reader do you want to use. I suggest, if you have Outlook, and are constantly reading client emails, that you use its reader. But, if you want to see your options, take a look at this wiki comparison.

To subscribe to an rss feed in Outlook, I’ve included instructions. I suggest just uploading one, and try getting used to it.  Then, after you feel more comfortable, you can add others. You can even create different folders within your RSS feed folder for each topic/subject. For example, I created folders for Accounting, HR, & Marketing/Social Media.

I hope you’ve found this post helpful. Let me know if you have any other questions.