Audit committees will be dealing with new accounting standards and tax reform this year
Audit committees at public companies will have plenty on their agendas this year, according to a pair of new reports from KPMG, including new accounting standards, the new tax law, cyber security and more.
The reports, On the audit committee agenda and On the 2018 board agenda, from KPMG LLP’s Board Leadership Center, recommend audit committee members help keep their companies focused on long-term performance, but they should expect disruptions from technology and other areas. The tone at the top of an organization and reputational risks are especially important this year after a string of revelations over the past year of sexual harassment in Hollywood, Washington and beyond.
With the revenue recognition standard taking effect this year, accounting will be a big topic of concern.
“I think audit committees, between now and the filing of the 10-K’s, are going to focus on disclosures relating to the impact of the accounting standard along with having really frank discussions with both management and the external auditors about controls, changes that are going to have to be made, and how robust are the disclosures in accordance with the SEC Staff Accounting Bulletin 74 for this year’s 10-K,” said Jose R. Rodriguez, partner in charge and executive director of the KPMG Audit Committee Institute.
Another important concern is the Tax Cuts and Jobs Act, the far-reaching tax legislation that President Trump signed into law last month. Even though it lowered the top corporate tax rate to 21 percent, it also contains some important provisions that aim to encourage multinational companies to repatriate the profits they have been holding in foreign subsidiaries.
“Depending on the company, it could have a tremendous effect on this year’s results because a lot of deferred tax assets and other things need to be revalued,” said Rodriguez. “They’re going to have to deal with that, not only from a disclosure perspective, but trying to assure that they’ve got the best possible information. It’s not a disclosure matter alone. It will impact the 12/31/17 results, because under the accounting standards you deal with that when it’s enacted. It was enacted in December. Therefore they have to deal with it in the accounting quarter ending December 31. I think that’s going to add significant complexity to the financial statements.”
Companies will also need to get ready for the accounting standards that will be taking effect in the next few years, including the leasing and credit loss standards.
Cybersecurity will also be a big concern, especially after revelations last week about a vulnerability discovered in Intel chips. While some large financial institutions have risk committees or cyber committees set up to deal with cybersecurity, it often falls under the purview of audit committees at many corporations.
“My advice to them would be to get a good understanding of their CIO or CISO [chief information officer or chief information security officer],” said Rodriguez. “What are they doing to deal with cyber risk? Do they really have the expertise within the organization? Should they be going out to hire a third-party expert to help the audit committee to assess whether they’re heading in the right direction and if management is doing what they need to be doing? That will continue to take a tremendous amount of time out of the audit committees’ agendas. A week ago, you would never have thought about an issue with chips. It gives you an idea of how cyber intrusion and cyber security have an effect on the company, everything from your iPhone to your computer. Most computers and smartphones have Intel chips in them.”
Audit committees will also be dealing with the new audit reporting standard that the Public Company Accounting Oversight Board approved last year.
“That’s going to be phased in,” said Rodriguez. “This year, the audit report still will be a pass/fail opinion, as historically auditors have done. The ordering of the paragraphs will be different. There is required language explicitly stating you’re independent. The other requirement in this year’s report is the auditor tenure. When did the auditor become the auditor for the company? That’s going to have to be disclosed. Next year will be the bigger challenge, which is the auditor has to report on critical audit matters, what the PCAOB refers to as CAMs. My suggestion to the audit committees is to get ahead of the curve. Start having discussions with management and your external auditors as to what the wording will be in those CAMs. You could be in a situation where you may be in the same industry, but you may have different CAMs. You need to get an understanding as to why it is a CAM, why is the auditor including it, what kind of language is going to be used, and management needs to agree with it and the board. My suggestion to any audit committee is to start having that conversation early with the external auditors, and that’s what I’m doing with my clients.”
Internal auditors will also be facing some extra responsibilities this year, which could include dealing with the fallout from the wave of sexual harassment allegations sweeping the country in recent months.
“The other thing I would focus in on is the role of the internal auditor at the company,” said Rodriguez. “Are they focusing on the company’s key risks just beyond the traditional financial reporting and compliance aspect? The other thing that I’ve seen internal auditors getting more and more involved is issues that lead to reputational risk. They need to think about all of the things we’ve read about it in the papers, some of the terminations, [Harvey] Weinstein and others. Internal audit can help in assessing the true tone at the top, and how they deal with whistleblowers and how the company looks at internal investigations.”
Tone at the top also needs to extend to the middle management level.
“One of the things that I’ve seen audit committees start focusing on is what is the tone in the middle of the organization,” said Rodriguez. “For a lot of companies, the CEO or the C level sends out the right messages, but what’s going on in the middle of the organization? The internal auditor and audit can play a role in assessing the company’s culture. That’s going to continue to be a hot spot, and audit committees are going to continue to spend time on that. It’s not necessarily the financial exposure, but it’s reputational damage to the organization. How do they interact with the audit committee? How do they interact with the board and really assess what the key risks in the organization are, and the potential damages or reputational damages to the company?”