How Audit Committees Can Prepare for 2021 Q1 Reporting

Steve W. Klemash is Americas Leader and Jennifer Lee is Audit and Risk Specialist at the EY Center for Board Matters. This post is based on their EY memorandum.

As companies navigate ongoing global volatility, an uneven economic recovery and changes in the US administration, audit committees continue to focus on reviewing scenario plans, stress tests and enterprise risk management (ERM) information while overseeing high-quality financial reporting.

They are working to keep pace with the uncertain and fluid business landscape and continually re-evaluating key risks while reviewing financial statements and disclosures, systems of internal controls and other regulatory filings.

Audit committees must also determine whether appropriate processes are in place to monitor macroeconomic changes and evaluate new and emerging legislative, administrative and regulatory developments for impacts on reporting and disclosure.

Additionally, they are working to keep abreast of the continued evolution of the ESG reporting landscape (including the SEC’s recent principles-based requirements around human capital disclosures).

We summarize the following matters for consideration to aid audit committees as they enhance oversight and approach the Q1 reporting period.

Risk management

While the US economy continues to recover with support from fiscal stimulus and the vaccines, the economic conditions continue to rapidly change. Audit committees should continue to stay on top of these trends and other critical drivers of risk (e.g., political, economic, societal, technological, legal and environmental) to better assess the near- and longer-term risk implications to companies. As management teams continue to recalibrate operations to align with these ongoing forces and changing market dynamics (including those stemming from the change in administration and other regulatory developments), some key actions to take include:

  • Assess how the ERM program and risk assessments are being regularly updated to reflect the changes to the internal and external operating environment
  • Determine whether the organization has access to reliable sources of real-time data, tools and talent to timely identify risks and related issues. Consider how identified risks (including those around the ongoing pandemic and recovery) and external data are incorporated into business decisions, scenario planning, stress testing, prospective financial information and models (e.g., impairment analyses and goodwill assessments), resources and timelines
  • Continue to review updates to scenario plans, stress testing and contingency planning. Assess whether an appropriate range of extreme (and even improbable) scenarios, as well as compounding effects, are being evaluated
  • Evaluate whether the organization has re-assessed its risk governance structures and processes to achieve more effective alignment, collaboration, accountability and objectives in light of the Institute of Internal Auditors’ recently released “The Three Lines Model”
  • Evaluate how audit plans are being adjusted to address changes in the risk profile, risk appetite and tolerances identified by the company’s ERM program and how internal audit’s risk coverage has been adjusted due to ongoing travel restrictions. Consider whether the frequency and validation process of key controls have materially changed and assess any impacts on the effectiveness of the overall control environment
  • Determine whether the organization has assessed and modeled the effects of potential tax changes to US, state and foreign tax laws on overall business operations. Consider how evolving tax policy and new tax laws may impact any significant transformations (e.g., workforce changes, digital and supply chain transformation, M&A)
  • Consider whether information security measures and other controls have been reviewed and adapted to be responsive to ongoing digital acceleration efforts, technology changes and the shifting business environment
  • Assess how the organization is maintaining a consistent level of diligence and cyber hygiene to defend against the continued wave of ransomware and cybersecurity attacks. Evaluate plans
    to monitor, evaluate, communicate and disclose cyber attacks
  • Consider whether the organization has tested its refreshed business continuity plans and incorporated recent learnings from peers and postmortems
  • Consider what additional metrics the board and audit committee should monitor in light of the changing environment

Global risk outlook for 2021, according to The World Economic Forum

COVID-19 has disrupted the business landscape and continues to protract uncertainty in the environment and present ongoing challenges. The World Economic Forum recently released its Global Risks Report 2021, which highlights some of the disruptive implications of major risks that may impact companies in 2021 and beyond. The report notes the prevalence of environmental-related risks as high in consequence and likelihood for 2021.

As companies build enterprise resiliency, audit committees should evaluate whether management has considered these global risks in its risk assessments and risk mitigation strategies to be adaptive to the changing external environment.

Accounting and disclosures

As organizations consider how the economy will recover, audit committees should assess the key accounting and disclosure implications arising from the ongoing impacts of the pandemic, changing business environment and macroeconomic conditions. In particular, we anticipate audit committees will continue to evaluate the company’s

estimates related to the expected recovery and the impact on prospective financial information. While the accounting and disclosure implications may range from narrow to extensive, some key considerations include:

  •  Asset realizability and impairment (e.g., inventory, indefinite‑lived intangible assets including goodwill, long‑lived assets and other investments)
  • Signs of distress with significant business partners (e.g., industry constraints, abnormal payment activity, changing trade terms, derivative counterparties) and possible revisions to estimates and reserve methodology for credit risk and customer concentrations
  • Revenue recognition, with a focus on material modifications to existing contracts and arrangements, variable consideration and changes in estimates, and collectability assessments
  • Accounting for additional incentives to adjust to customer demand and needs, such as free goods and services
  • Impact of the current economic conditions on the determination of impairments for loans and investments carried at cost
  • Impacts of recent changes in interest rates and inflation expectations on estimates, forecasts, impairment analyses and other financial statement areas
  • Accounting effects of material lease modification(s) as companies rethink their existing leased space footprint and accounting for concessions granted or received and deferral of lease payments
  • Compliance with financial and other contractual covenants (e.g., material adverse change clauses)
  • Debt modifications, changes to encumbrances and draws on committed credit lines
  • Evaluation of going concern and the need to consider management’s plan to alleviate the conditions that gave rise to the consideration of a going concern assessment
  • Loss contingencies, changes in assumptions and ranges in estimates related to contractual commitments, guarantees, indemnifications, self-insurance, legal exposures and other contingencies
  • Changes to sale and purchase commitments
  • Fair value measurements for financial and nonfinancial assets and liabilities
  • Hedge accounting, including the impact of changes in expectation on forecasted transactions in a hedging relationship
  • Accounting related to employee transition matters (e.g., termination, severance, furlough) and changes to employment benefits
  • Accounting for idle operations and facilities
  • Valuation of defined benefit and other post-retirement plans’ assets and liabilities
  • Accounting for modification to share-based payment and other incentive-based compensation arrangements and changes in estimates
  • Bankruptcy, liquidations and quasi-reorganizations

Financial reporting

Audit committees should continue to monitor information from the SEC and other regulatory authorities and assess the impact on reporting requirements and related disclosures.

Key actions for the audit committee may include:

  • Evaluate the implications arising from a change in SEC leadership and the potential changes in the regulatory environment
  • Consider the implications of the timing of filing with the SEC in relation to the company’s public earnings release, such as the likelihood of adjustments having to be recorded in the financial statements subsequent to earnings release and the likelihood of material subsequent events that may have a bearing on the fairness and completeness of the financial statements included in the earnings release
  • Discuss implications to operations, liquidity and financial condition. Consider enhancements to MD&A disclosures, including any known material events and uncertainties related to forward-looking information as it relates to the company’s ability to meet its short-term and long-term cash needs
  • Determine how management is preparing to implement the November 19, 2020 amendments to Regulation S-K Items 303, MD&A, before the mandatory compliance date (i.e., fiscal year ending on or after August 9, 2021). In particular, the amendments require much more robust and quantitative disclosures about significant inputs to critical accounting estimates, sensitivity analysis and changes since the last reporting period. The amended rules also require disclosure of all expected material cash requirements in the short term (12-month period after the most recent fiscal period presented) and the long term (beyond the 12 months)
  • Continue to monitor how the company is addressing the requirements for disclosures about human capital resources, including a consideration of any existing, voluntary human capital-related disclosures in the company’s public communications (e.g., in a sustainability report), widely‑accepted market frameworks and standards that may guide company reporting, and the evolving expectations of key stakeholders
  • Evaluate SEC updates and more expansive disclosures in areas such as changes in internal control over financial reporting, risk factors, critical accounting policies and estimates, liquidity and current vulnerabilities due to certain concentrations (e.g., customer, supplier, geographic)
  • Continue to re-evaluate earnings and other performance or financial position guidance previously provided and the ability to provide future guidance
  • Re-evaluate the use of non-GAAP measures — consider whether any new COVID-19-related adjustments are appropriate and whether any changes in non-GAAP financial measures (or key performance indicators) are appropriately disclosed and consistently applied in all periods
  • Consider whether material events necessitate the filing of a Form 8-K or 6-K (for foreign private issuers) to address material events, such as new or revised debt arrangements, restructurings, curtailed operations or material impairments
  • Evaluate whether other regulatory filings need to be similarly evaluated (e.g., bank and insurance regulators, foreign jurisdictions in which the company operates)
  • Obtain an update on how management communicates, monitors and enforces insider trading and Regulation FD policies, including whether those policies have changed or may need to change to address material undisclosed business developments

Growing ESG expectations

Recent market-driven and regulatory developments are accelerating standardized ESG reporting and impacting the expectations of stakeholders, particularly investors. With the Biden Administration making climate change a focus of its policy agenda (including the recent creation of the SEC’s Climate and ESG task force in the Division of Enforcement), we anticipate that expectations around ESG disclosures and communications will increase and evolve.

While ESG reporting has historically taken place outside of SEC submissions, companies may consider whether to integrate material ESG metrics into regulatory filings to tell a more holistic and integrated value creation story. Sustainability factors reasonably likely to materially affect the financial condition or operating performance of a company are of particular interest to investors, and when financially material or present a material risk factor, may be required to be disclosed. To the extent ESG metrics are key performance indicators in an SEC filing, it is critical that audit committees consider and understand:

  • Data quality and controls
  • Disclosure processes and controls
  • Consistency in disclosures and communications across the company’s various external reporting outlets (e.g., SEC filings, earnings releases, annual report and shareholder letter, and sustainability report)
  • The role of internal and external audit

As companies carefully navigate evolving expectations for ESG performance and reporting, audit committees and boards should continue to monitor the ESG reporting landscape and assess the implications to the company. The implications could include the need to understand the source of data, how the company will consider disclosure processes and controls, and how they will communicate with stakeholders broadly.

Inquiries with management, compliance personnel and auditors

In discussions with management, compliance personnel and auditors, audit committees should consider the following in addition to standard inquiries:

  • What material changes were made to scenario plans, stress testing results and prospective financial information during the current quarter?
  • What are the nonrecurring events and circumstances that have transpired during the interim period and what are the related financial reporting implications?
  • What accounting, internal control, cybersecurity, business continuity, legal and compliance, and auditing matters are of concern?
  • How have management and the auditors adjusted their approach to physical inventories and cycle counts?
  • Can financial reporting, compliance and auditing procedures (internal and external) continue to be adequately performed through a combination of physical and remote working procedures? What options are there to perform alternative procedures to facilitate timely collection, processing and reporting of information for internal use and to prepare regulatory filings?
  • What are the accounting, reporting and disclosure matters specifically related to actions taken and being contemplated relative to the company’s workforce?
  • Are there any resource concerns and, if so, what are the mitigating plans? Has management confirmed whether specialists routinely used by the company to assist in complex financial reporting inputs (e.g., valuation, impairment, pension) or in internal audits (e.g., IT, cybersecurity) have the bandwidth and ability to meet the company’s financial reporting needs?
  • Does the organization have any cultural challenges to address as a result of social unrest and the racial justice movement? Are there new risks stemming from the changing environment?
  • Are there any concerns with the company’s culture given the ongoing remote environment?
  • How is management understanding and monitoring the effectiveness of risk management of critical third parties with respect to financial and operational resiliency, IT security, data privacy, culture and environmental, social and governance factors?
  • Has the organization revisited and updated its training programs to consider the current and changing business landscape, new controls, new systems and revised regulations?
  • What more should and can be done through technology, training and manager support to optimize remote working, connectivity, engagement, security and productivity?
  • How is the organization monitoring compliance with federal, state and local regulations and guidelines around reopening of businesses, employee/customer health and safety, privacy and confidentiality?
  • Have there been any meaningful changes to the company’s key policies, any material exceptions granted or any unusual allowances to any compliance provisions?
  • Have the organization’s tax planning strategies been re-evaluated to address possible shifts in tax policy changes stemming from the change in administration, supply chain, workforce (including tax implications of workforce changing locations) and capitalization?
  • How is the company accounting for and disclosing governmental relief and/or assistance received under various stimulus packages?
  • What, if anything, is management doing to plan for potential tax policy changes under the Biden Administration, including the possible acceleration of revenue or deferral of expenses if an increased corporate tax rate becomes more imminent?
  • External auditors: What changes are anticipated with materiality, scope, physical inventory counts and additional procedures? How has the engagement team considered the potential increase in errors due to work-from-home distractions or changes to the incentive, opportunity and rationalization of the fraud triangle?
  • Internal auditors: How should audit plans be adjusted to address changes in risk appetite and tolerances as identified from the company’s ERM program? Are there any audit plans that are not being executed or has the scope of the work been changed (e.g., no physical access to paper documentation evidencing control execution)?
  • Have there been any material changes to internal controls over financial reporting or disclosure controls and procedures to address the changing operating environment? Have any cost saving initiatives and related efforts impacted resources and/or processes that are key in internal controls over financial reporting? If so, has management identified mitigating controls to address any potential gaps?
  • What changes to disclosure of ESG-related matters are anticipated in the near term and how are processes and controls being evaluated and adapted?
  • Is the company taking the same approach to nonfinancial data as it is to financial data in terms of disclosure processes, controls and obtaining external assurance? Is internal audit providing any type of audit coverage on ESG-related data?
  • Is there consistency in disclosure on ESG-related matters across the company’s various external reporting outlets (e.g., SEC filings, earnings releases, analyst communications, annual report and shareholder letter, sustainability report)?
  • How is the organization proactively assessing opportunity to enhance stakeholder communications, including corporate reporting, to address changes in operations and strategies, as well as changing stakeholder expectations?
Both comments and trackbacks are currently closed.