Audit Committee Checklist: Good Disclosure

Confession is good for the soul, and likewise, disclosure is good for the audit committee. And unfortunately, knowing exactly what to say can be difficult for both.

Traditionally, the audit committee was responsible for disclosure of financial data: quarterly and annual reports, statements on internal control, compliance risks, and the like. Those chores are still the committee’s priority, to be sure, but today the audit committee has a role in monitoring—and disclosing—many other corners of company operations.

McCarthy

“Audit committees are more involved in review and discussing all disclosures—particularly in light of the continuing uncertainty in the business and regulatory environments, and in light of demands by investors and regulators … for greater transparency,” says Mary Pat McCarthy, executive director of KPMG’s Audit Committee Institute.

For example, earlier this year the Securities and Exchange Commission enacted a new rule for more disclosure of the board’s role in overseeing risk, particularly the risk that the company’s executive compensation policies might tempt senior executives to be reckless with company resources. While board oversight of risk isn’t a new concept unto itself, governance experts say the new rule has stirred fresh discussion among boards about how that duty is carried out and where overall responsibility for it lies.

Many companies have assigned that job to the audit committee simply because stock exchange listing standards “talk about audit committees overseeing risk assessment and management,” says Amy Goodman, a partner in the law firm Gibson Dunn & Crutcher. But that doesn’t automatically mean the audit committee is the correct choice; the job could also fall to a risk committee, or be shared among several committees, or handled by the full board.

Bromilow

It also raises the broader question for audit committees worried about disclosing the right information: how to track all those risks in the first place, and then boil them down into something appropriate to disclose to investors. Catherine Bromilow, a partner in the corporate governance practice at PricewaterhouseCoopers, laments that the volume of disclosures companies must make “just keeps growing.” Whatever the concern, she says, “the answer is more disclosure.”

Reviewing all that disclosure is no small task. Besides the time and effort necessary to craft each disclosure, many rules overlap and attack the same problem from different perspectives (like the risks of poorly crafted compensation packages). That gives the audit committee yet another risk, Bromilow says: that the disclosures a company makes are inconsistent.

No single solution exists for all audit committees. Instead, Goodman and others say, audit committees need ways to ensure they understand management’s process for overseeing risk, as well as management’s assessment and mitigation of those risks.

Go back to the earlier example of disclosing “executive pay risk.” Clearly, executive compensation is still primarily the domain of the board’s compensation committee, but thanks to the SEC’s new disclosure rule, it’s also now an issue to which audit committees also have to devote some time.

Lipman

Frederick Lipman, president of the Association of Audit Committee Members and a partner in the law firm Blank Rome, says audit committees should grill management for details about how they came to conclude whether or not company compensation policies create any material risk. For example, he says, committees should ask what that process was and what information management considered.

Audit committees should ‘look at what management is briefing the committee about, and the risk factors the company is disclosing, and ask if the two are consistent.’

—Amy Goodman,

Partner,

Gibson Dunn & Crutcher

Bromilow notes that some companies are volunteering “negative assurance” that their pay policies don’t create any material risks. (Such disclosure isn’t required under the new SEC rule.) A few companies trying this route did get comment letters from the SEC staff asking them to explain how they reached that assurance. In that situation, she says, the audit committee should discuss the company’s response with management, review the process management used, and decide whether that is sufficient going forward.

Young

Audit committees should also step up their talks with the compensation committee. Previously, says Michael Young, a partner at the law firm Willkie Farr & Gallagher who often represents audit committees, the two groups might have met separately “and come to their own determinations in their respective areas.’ That is no longer the case. Recognizing that compensation decisions can have a significant effect on financial reporting and accounting, more companies now integrate the deliberations of the two committees, “so that comp decisions can take into account the potential for risk exacerbation regarding the company’s financial reporting.”

Beyond Compensation

Those same basic practices—reviewing any new required disclosure, and stepping up talks with those on the board or in the company who know the most about the topic—apply well beyond the SEC’s focus on executive pay. For example, newly required disclosure about the qualifications of board directors means that the audit committee must now spend more time talking with the nominating and governance committee, says Dan Konigsburg, a senior manager in Deloitte’s Center for Corporate Governance.

Konigsburg

“They need to think about how the people who serve on the audit committee add value, the qualifications they have, and the signals they’re sending with that disclosure,” he says. Konigsburg recommends that audit committees study the International Corporate Governance Network’s Global Corporate Governance Principles; they were recently revised to include questions investors should ask directors to gauge whether the board is effectively overseeing risk.

PROXY RULE AMENDMENTS

Below are some of the expanded disclosures companies must include in their proxy statements to comply with the latest SEC proxy rules.

To the extent that risks arising from a company’s compensation policies and practices

for employees are reasonably likely to have a material adverse effect on the company,

discussion of the company’s compensation policies or practices as they relate to risk

management and risk-taking incentives that can affect the company’s risk and

management of that risk;

Reporting of the aggregate grant date fair value of stock awards and option awards

granted in the fiscal year in the Summary Compensation Table and Director

Compensation Table to be computed in accordance with Financial Accounting

Standards Board Accounting Standards Codification Topic 718, Compensation—Stock Compensation, rather than the dollar amount

recognized for financial statement purposes for the fiscal year, with a special

instruction for awards subject to performance conditions;

New disclosure of the qualifications of directors and nominees for director, and the

reasons why that person should serve as a director of the company at the time at

which the relevant filing is made with the Commission; the same information would

be required in the proxy materials prepared with respect to nominees for director

nominated by others;

Additional disclosure of any directorships held by each director and nominee at any

time during the past five years at any public company or registered investment

company;

New disclosure regarding the consideration of diversity in the process by which

candidates for director are considered for nomination by a company’s nominating

committee;

Additional disclosure of other legal actions involving a company’s executive officers,

directors, and nominees for director, and lengthening the time during which such

disclosure is required from five to ten years;

New disclosure about a company’s board leadership structure and the board’s role in

the oversight of risk;

New disclosure about the fees paid to compensation consultants and their affiliates

under certain circumstances; and

Disclosure of the vote results from a meeting of shareholders on Form 8-K generally

within four business days of the meeting.

Source

SEC (Dec. 16, 2009).

“The things they’re asking about—who has oversight of risk, how often it’s looked at, risk tolerance, risk appetite, how it connects with strategy—they’re what we see leading audit committees thinking about,” he says.

Goodman

Audit committees should also be asking management about any changes to the company’s disclosure controls and procedures in light of the SEC’s new disclosure rules, Goodman says. (And if any disclosure controls have changed, how is management monitoring and auditing those controls to ensure that they work?)

Then there are the basic risk disclosures every company must include in its annual Form 10-K. Those are often drafted by staffers in the legal and finance departments and reviewed by the entire board before the 10-K goes off to the SEC. Still, Goodman says, audit committees should “look at what management is briefing the committee about, and the risk factors the company is disclosing, and ask if the two are consistent.”

Audit committees should also be mindful of disclosures about liquidity, impairments, and other issues influenced by the economy. While those disclosures are mainly in the Management’s Discussion & Analysis of the 10-K, Goodman notes that companies have to keep that disclosure updated in their quarterly Form 10-Qs as well.

Another looming concern will be changes to U.S. accounting standards, as the Financial Accounting Standards Board continues its long march toward converging U.S. rules with International Financial Reporting Standards. Young says audit committees will need to devote the most attention to financial reporting standards where “the words behind the numbers are more in the spotlight than the numbers themselves.”

He cites two examples: disclosures about the fair market value of assets, and how a company measures fair value; and the accounting treatment used to record “repos,” or repurchasing agreements. Repo deals are particularly notorious right now, since they were the transactions that helped drive Lehman Brothers into bankruptcy in 2008.

A key objective for the audit committee, Young says, will be overseeing disclosure of how fair value is determined. “That’s a real challenge because the whole area of determining fair values and disclosing the process is so judgmental,” he says. Audit committees will want to craft “understandable descriptions of how fair values were put together” and objectivity in presenting the information.

Repo deals are also expected to get plenty of scrutiny in coming quarters, as the SEC continues to probe just how many other financial institutions used the transactions to polish their balance sheets.