Cybersecurity Tool
On April 12, 2018, the CAQ released a new tool, “Cybersecurity Risk Management Oversight: A Tool for Board Members,” that board members can use to enhance their oversight of enterprisewide cybersecurity risk management. The tool includes questions that boards can ask management and financial statement auditors (or other CPA firms, depending on the engagement type).
The tool is organized into four sections:
- Understanding how the financial statement auditor considers cybersecurity – in the context of financial statement and, if applicable, internal control over financial reporting audits
- Understanding the role of management and responsibilities of the financial statement auditor related to cybersecurity disclosures – of both cybersecurity incidents and cybersecurity programs
- Understanding management’s approach to cybersecurity risk management – including whether a framework has been used to design a cybersecurity risk management program
- Understanding how CPA firms can assist boards of directors in their oversight of cybersecurity risk management – including independence considerations for entities subject to SEC independence rules and their financial statement auditors
Also, the CAQ released, on May 15, 2018, a one-page overview of how CPAs can help companies as they seek to manage cybersecurity risks. On June 6, 2018, the CAQ hosted a webinar, “Putting Cyber Risk in Context.”
Lease Accounting Tool
On April 4, 2018, the CAQ released a new tool, “Preparing for the Leases Accounting Standard: A Tool for Audit Committees,” that audit committees can use to enhance their oversight of management’s implementation of Accounting Standards Codification Topic 842, “Leases,” which begins to take effect for many public companies in January 2019. The tool includes questions that audit committees can ask management and their auditors, and is organized into four sections:
- Understanding the new leases standard – identifying all contracts with leases and, for lessees, measurement of the new right-of-use asset and lease liability
- Evaluating the company’s impact assessment – addressing disclosure of the expected impact on the financial statements as well as the impact on debt covenants, income tax effects, investor relations, regulatory compliance, and other considerations
- Evaluating the implementation project plan – including an evaluation of the timeline, the corporate culture and resources, involvement of key stakeholders, accounting policies and judgments, and systems and controls
- Other implementation considerations – including transition methods and disclosure requirements
Revised Auditor’s Reporting Model (ARM) Insights
In an April 3, 2018, post on the National Association of Corporate Directors’ Board Leaders’ Blog, CAQ Executive Director Cindy Fornelli summarized insights about the updated ARM gleaned from participation in the “Challenges Facing the Audit Profession” panel during the American Accounting Association’s 2018 Auditing Section Midyear Meeting. In the post, Fornelli presented opportunities, challenges, and strategies for success related to the updated ARM.
The possibility for investor insight is identified as one of three opportunities for the revised auditor’s report. Challenges of the updated ARM include the potential for boilerplate language, the temptation for management to interfere with audit committee and external auditor communication, and the tension between management and the auditors based on what they want to disclose.
Finally, strategies for implementing the revised ARM successfully include maintaining an open dialogue between auditors and audit committees, doing preliminary testing of the revised model, and paying close attention to the post-implementation review.
CAQ Highlights of SEC Regulations Committee Meeting
On May 22, 2018, the CAQ released highlights from its SEC Regulations Committee meeting held on March 13, 2018, with SEC staff. At the meeting, the SEC’s Corp Fin staff provided a staffing update for Corp Fin’s Office of the Chief Accountant (Corp Fin OCA).
Financial reporting updates discussed at the meeting included:
- Disclosure of the impact of tax reform legislation using non-GAAP and pro forma financial information
- Waivers of financial statements required by Rule 3-09 of Regulation S-X (for equity method investees)
- Certain SEC presentation and disclosure requirements for the revenue and lease accounting standards
- Financial statements used in an initial public offering to assess significance when a draft registration statement is submitted
- Certain audit requirements for a reverse merger involving two operating companies
Monitoring Inflation in Certain Countries
The CAQ released a discussion document, “Monitoring Inflation in Certain Countries,” dated May 16, 2018, which includes inflation data that its International Practices Task Force (IPTF) accumulated to facilitate a discussion among IPTF members. The discussion document does not represent formal views of the IPTF or any accounting or regulatory body.
Learning Opportunities
Deterring Fraud and Restatements – Self-Study
The Anti-Fraud Collaboration – comprised of the CAQ, Financial Executives International (FEI), the National Association of Corporate Directors (NACD), and the Institute of Internal Auditors (IIA) – released a self-study Continuing Professional Education (CPE) program. The program, “What Is Your Role? When Accounting Policy Meets ICFR,” covers how improvements to accounting policies and internal controls can be made in an effort to deter fraud and limit financial reporting restatements.
Non-GAAP Measures – Webcast
To expand on information in the CAQ’s March 2018 report, “Non-GAAP Measures: A Roadmap for Audit Committees,” the Anti-Fraud Collaboration is hosting a free CPE webcast, “Non-GAAP Measures – What Do They Say About Fraud Risk?,” on July 18, 2018. Cindy Fornelli will moderate the panel discussion on how to deter fraud and misconduct in the development and presentation of non-GAAP measures.