What Audit Committees Don’t Know

During the financial crisis, investors learned the hard way about financial liabilities of many institutions that were not previously disclosed. For example, many banks had large contingent liabilities to off balance sheet entities that they had sponsored. The extent of these liabilities surprised investors when the banks were forced in late 2007 and 2008 to take on their books these off balance sheet entities.

Outside directors on the audit committees of these banks were also surprised by the scope and size of these off balance sheet liabilities. To paraphrase Donald Rumsfeld, these directors did not know what they did not know. Their blissful ignorance shows that the SOX reforms for audit committees have not been effective and that a different approach is needed.

The audit committees of all these financial institutions complied with SOX and related exchange rules. All members of these audit committees were independent, and the committee’s chair was a financial expert. Each audit committee made sure that the company’s external auditor was truly independent, and met privately with the engagement partner of the audit firm without management present.

In all these financial institutions, management assessed their internal controls and these assessments were “attested” to by their external auditors. In 2007, none of the major financial institutions reported a material weakness in their internal controls.

Yet these audit committees do not seem to have understood the huge risks being taken by their financial institutions. The committee members were deluged with massive amounts of complex information, including detailed financial statements and lengthy SEC filings. This experience shows how difficult it is for audit committee members, no matter how intelligent, to pick out from this mass of data the key judgments made by management and the external auditors in preparing these statements and filings.

To become more effective, audit committees should request three specific pieces of information from the company’s external auditors. First, the auditors should highlight any set of transactions — such as sales or borrowings as well as tax-motivated deals — which occur repeatedly at the end of quarters or financial years. It is quite reasonable to design one complex transaction in response to a unique set of circumstances; it is more suspicious if similar transactions occur frequently near the end of a reporting period.

Second, the auditors should identify any material item where the accounting literature allows alternative methods of presentation and explain why the company believes its alternative is preferred. For example, the accounting literature allows, but not does not require, companies to use hedge accounting in certain circumstances. Committee members should be fully briefed on whether and why the company decided to use hedge accounting.

Third, and perhaps most importantly, the auditors each year should provide the audit committee with any material differences in significant accounting policies between the company and its four or five main competitors. This comparative analysis should cover polices such as revenue recognition, warranty obligations, retirement plan obligations, tax reserves, and valuation of goodwill or other intangibles. Some of the differences in accounting treatment will be due to differences in how the companies run their businesses; others will represent accounting judgments that the committee should fully understand.

Consider the accounting practices at Medco, a pharmaceutical benefits manager (PBM), before it was spun off from Merck. Medco counted as revenues the drug co-payments made by customers, and then expensed these co-payments since they were ultimately kept by a health insurer. The distinguished members of the Merck audit committee were not aware that Medco’s accounting treatment of drug co-payments was followed by only two of the four largest PBMs.

In addition, the company’s CFO should provide the audit committee with analyst reports discussing the accounting methods embodied in the company’s financials or criticizing the “quality” of its earnings. Analysts are quick to point out what they perceive as accounting gimmicks used by companies to improve their revenues or net income. They typically try to get to a company’s core earnings by stripping away these gimmicks as well as non-recurring items, changes in tax rates and gains/losses from currency movements.

All these pieces of information should be sent to the audit committee at least one week before the committee meets. During that week, the chairman of the audit committee should informally discuss with the auditor’s engagement partner any specific issues raised by this information and more generally any “close calls” in the financial reports.

All of these measures will not guarantee that audit committees will discover every fraudulent practice; a clever fraudster is hard to detect. However, these measures will help audit committees identify the key judgments made by management and the external auditors in preparing the company’s financial statements. Then the audit committee will be focused on the key issues in reviewing whether these statements present a complete and accurate picture of the company’s financial situation.