Q2 2022 Audit Committee Newsletter: Helping You Prepare for Your Next Meeting

Maria Moats is a Leader; Stephen Parker is a Partner; and Gregory Johnson is a Director at the Governance Insights Center, PricewaterhouseCoopers LLP. This post is based on their PwC memorandum.

1. “Dear CFO” letter spotlights disclosures related to war in Ukraine

The war in Ukraine continues to have a profound impact on business operations within the conflict zone as well as on markets worldwide. In May, the SEC’s Division of Corporation Finance issued an illustrative letter with sample comments the Division may issue to registrants, reinforcing disclosure obligations related to matters that directly or indirectly impact a company’s business. The letter provides a useful reminder of the SEC’s disclosure expectations as companies prepare their quarterly disclosures and could be relevant more broadly to matters such as supply chain disruptions, inflation, and market volatility.

While not an exhaustive list, topics addressed in the letter include the following:

  • Direct and indirect impact of the Russia’s invasion on a company’s business, such as government actions (including expropriation), reaction of investors, employees, and/or other stakeholders
  • The extent and nature of the board of directors’ role in overseeing risks related to the war
  • Changes in the risk of potential cyberattacks
  • Disclosure of known trends or uncertainties, including impairment of tangible and intangible assets, contract modifications, and recoverability and collectability issues
  • Enhancements needed to critical accounting estimates disclosures
  • Disclosure of any material import or export bans
  • How supply chain disruptions have impacted segments, products, lines of service, projects, or operations
  • Non-GAAP adjustments related to the invasion and/or supply chain disruptions
  • The impact on disclosure controls and procedures and internal control over financial reporting (ICFR)

The audit committee will want to understand from management how the company’s operations have been or may be impacted by this geopolitical crisis, regardless of whether the company has operations in Russia, Belarus, or Ukraine. When applicable, the audit committee will want to understand management’s process to ensure the financial statements reflect all relevant impacts, such as impairment of assets and those related to inventory valuation, deferred tax asset valuation allowance, and disposal or exiting of a business in the region.

The audit committee should also understand how these matters affect management’s evaluation of disclosure controls and procedures and management’s assessment of the effectiveness of ICFR.

2. Navigating the accounting for business disposals

Business disposals continue to be a hot topic as companies reevaluate their portfolios. Further, the war in Ukraine, as well as the economic sanctions imposed on Russia, has caused many businesses to reconsider the feasibility of their operations within these jurisdictions. Decisions to dispose of assets and business operations may have significant accounting and reporting implications.

Held-for-sale criteria

Long-lived assets are classified as “held for sale” only once they meet certain criteria, including management’s commitment to a disposal plan. The criteria also state that a transfer that qualifies for accounting recognition as a completed sale must be probable within one year, which is a frequent area of judgment.

Recognition and measurement considerations

An asset (or group of assets) that meets the held for sale criteria should be recorded at the lower of its carrying value or its fair value less cost to sell, beginning in the period the held-for-sale criteria are met. Once classified as held for sale, depreciation and amortization should not be recorded for any long-lived assets included in the disposal group.

Other reminders

Discontinued operations: Depending on the significance of the assets or group of assets that meet the held for sale criteria and whether the disposition constitutes a strategic shift in the company’s operations, the disposal may qualify as a discontinued operation. This triggers additional presentation and disclosure requirements, including recasting prior periods to separately present discontinued operations on a net-of-tax basis and calculating a separate earnings per share amount.

Income tax considerations: A decision to sell the shares of a subsidiary could require the recognition of additional deferred tax assets or liabilities associated with the difference between the seller’s carrying amount of the subsidiary’s net assets in the financial statements and the seller’s basis in the shares of the subsidiary (otherwise known as “outside” basis differences). There could also be impacts on a company’s valuation allowance analysis even before committing to a plan of disposal. Listen to our podcast for more details.

Given the evolving impacts of the war in Ukraine, the audit committee will want to understand the impacts on the company’s financial reporting of any contemplated business disposals in the region. The audit committee will also want to understand management’s significant judgments, how management’s evaluation of disclosure controls and procedures might be impacted, and management’s assessment of the effectiveness of ICFR.

3. Global regulators make progress on ESG proposals

The International Sustainability Standards Board (ISSB) and European Financial Reporting Advisory Group (EFRAG) have issued key ESG disclosure proposals. Audit committees of US companies, especially multinationals, will want to stay attuned to global developments in jurisdictions in which the companies operate or have subsidiaries.

ISSB proposes two sustainability standards

In March, the ISSB issued its first two proposals for new sustainability standards, addressing general and climate-related disclosures. The ISSB sits alongside the IASB and works in close cooperation to establish complementary standards. The standards are intended to provide a global baseline for ESG reporting, and the ISSB will work with other international organizations and jurisdictions to support the inclusion of the global baseline into jurisdictional requirements. Each country will determine whether and when ISSB standards should be adopted locally. Comments on the proposals are due by July 29, and final standards are expected before the end of the year.

EFRAG begins public consultation on its draft sustainability reporting standards

In April, the EFRAG announced the start of public consultation on its first set of exposure drafts developed under the Corporate Sustainability Reporting Directive (CSRD). The exposure drafts cover the full spectrum of sustainability matters: environment, social, and governance. As currently proposed, the CSRD will require certain companies in the EU, including certain EU subsidiaries of US companies, to report in granular detail on: (1) how sustainability issues affect their business and (2) the impact of their activities on people and the environment. This is referred to as “double materiality” and differs from the SEC’s and ISSB’s definitions of materiality that are viewed through an investor lens. Comments on the proposals are due by August 8.

Given evolving reporting requirements in various jurisdictions, the audit committee will want to understand how management is staying up to date on, and evaluating the impacts of, global ESG reporting developments as well as the types of ESG information its key stakeholders want. The audit committee should determine how it will stay educated on evolving developments and the level and types of resources it needs to fulfill its oversight responsibilities.

4. SEC proposes rules for SPAC and de-SPAC transactions

Audit committee oversight is critical prior to, during, and after a special purpose acquisition company (SPAC) merger transaction, as these transactions often raise complex accounting, financial reporting, and governance issues. After the recent surge in SPAC activity, the SEC proposed new rules and amendments that would impact SPAC IPOs and the subsequent merger between a SPAC and private operating company (de-SPAC transaction). The proposed rules seek to provide SPAC investors with the same level of protection as traditional IPOs and would require enhanced disclosures. Comments on the proposal were due June 13.

As part of its oversight, the audit committee should understand management’s plan for complying with the proposed disclosure requirements. The audit committee should also stay abreast of developments as deliberations on the proposal continue.

5. New ESG-related proposals for investment companies and advisers

On the heels of announcing its first major enforcement action related to ESG investment disclosures, the SEC issued two new proposals for funds and investment advisers. The first proposal would enhance disclosures for certain registered investment companies and investment advisers that consider ESG factors in their portfolios. The proposed amendments would require disclosures about ESG strategies in fund prospectuses, annual reports, and adviser brochures, and would require certain environmentally focused funds to disclose the greenhouse gas emissions associated with their portfolio investments.

The SEC also proposed amending its Rule 35d-1 under the Investment Company Act of 1940, commonly referred to as the “Names Rule,” which currently requires certain funds to invest at least 80% of their assets in the type of investment, or in investments in the industry, country, or geographic region, suggested by its name. The proposed amendments would significantly expand the scope of the rule to any fund name with terms suggesting the fund focuses on investments with particular characteristics, including any term that suggests the fund meets certain ESG criteria, such as “sustainable” or “green.”

Comments on both proposals are due August 16.

Audit committees of entities that would be impacted by the proposed changes should consider how their oversight of management will change and how they will get comfortable with management’s compliance with the new rules.

The audit committee may want to consider discussing the above topics with management to understand how they are being addressed. See PwC’s The quarter close—Second quarter 2022.

6. What the SEC’s climate-related and cyber proposals mean for audit committees

In March, the SEC issued highly-anticipated proposals on climate-related and cybersecurity disclosures. Although the rules are not yet finalized, audit committees would be wise to pay attention now. While the final requirements are likely to differ from the proposed rules in some respects, we expect them to generally reflect the same key principles. Both sets of rules call for expanded disclosures of board oversight in these specific areas.

Climate-related disclosures

As proposed, the new rules would require additional attention from audit committees in three key areas:

  • Form 10-K: The proposed rules would add significant disclosure to a company’s Form 10-K. This includes greenhouse gas (GHG) emissions (scope 1 and scope 2; scope 3 in certain circumstances). It also covers quantitative disclosure of climate-related financial statement metrics, and details on board and management oversight. Because the audit committee is responsible for overseeing the financial reporting and financial statements, it would want to gain comfort with the accuracy, completeness, and consistency of the disclosures made in the Form 10-K.
  • Controls: Depending on their location, disclosures made in the Form 10-K would be subject to internal control over financial reporting (ICFR) or disclosure controls and procedures (DC&P). Since the audit committee has oversight responsibility for the financial statements, committee members will want to understand what controls and processes will need to be in place to meet the proposed requirements.
  • Assurance: As the audit committee is charged with overseeing the external auditor, it will want to assess the auditors’ ability to provide assurance over the new disclosures of certain climate-related financial statement metrics in a note to the financial statements. The proposed rules also include an attestation requirement for the disclosure of scope 1 and scope 2 GHG emissions. The audit committee would need to assess if it wants to retain the current external auditor to provide attestation for the new requirement or if it would consider an alternate independent service provider.

The proposed requirements are expansive and would represent a dramatic change in the nature and extent of climate reporting for SEC registrants. The transition period may also be short. See our In the loop for additional details and frequently asked questions.

Cybersecurity disclosures

The proposed rules would impact the audit committee in significant ways, particularly if the committee is charged with oversight of cybersecurity.

  • Form 10-K: New required information in the Form 10-K would impact the audit committee’s oversight of disclosure controls and procedures. As drafted, the rules will require board-related disclosures related to its oversight role, including the frequency of management reporting to the board. They also require information on the company’s cyber risk management, including, for example, policies and procedures to identify cyber risks at third-party service providers. Additionally, the audit committee will want to understand whether members of management tasked with overseeing cybersecurity are included in the DC&P process.
  • Incident reporting: Under the proposed rules, companies will be required to report cybersecurity incidents via a Form 8-K within four days of determining the event is material. For those audit committees responsible for cybersecurity oversight, it will be important to understand the process for escalating cyber events to the board, as well as the process by which materiality is determined.
  • Controls: As with the proposed climate-related disclosures, since cybersecurity information will now be reported in the Form 10-K, the audit committee will want to pay attention to management’s ICFR and DC&P as it relates to those matters.
  • Governance and oversight: The audit committee will want to consider its own cyber expertise and how it gets comfortable overseeing this area. Getting “cyber-smarter” can take a few different paths—adding a member with direct cyber expertise, adding additional education sessions, attending external events, obtaining a cybersecurity certificate, or retaining the services of a third-party adviser.

For each set of proposed rules, the audit committee will want to understand how the company is preparing for the new disclosures, including how management interprets the proposed requirements. The audit committee will also want to ask how management plans to ensure that related processes and controls are operating as designed, and whether there are plans to increase the company’s (or the board’s) cyber or climate-related risk expertise. The audit committee may also request an early preview of the draft disclosures.

7. Preparing for the next phase of human capital management disclosure

Many companies have now completed the second year of required human capital management (HCM) disclosures. While the audit committee may not be responsible for overseeing HCM, it will want to ensure that the information and related metrics made available in sustainability reports and in regulatory filings are subject to appropriate DC&P.

An analysis of a sample of Form 10-K filings of S&P 500 companies shows that, in general, the most prevalent topics covered by companies were largely unchanged since year one. They included disclosure relating to hiring and retaining talent, DE&I, employee engagement, and health and safety.

While the topics were similar, companies expanded their disclosure from the prior year. They generally provided more in-depth information, particularly related to DE&I. For example, disclosure of quantitative data on gender or race/ethnic breakdown more than doubled in year two. However, overall, the disclosures continued to show little quantitative information.

In 2021, the SEC added HCM management disclosure to its rulemaking agenda, and statements and a tweet by SEC commissioner Gensler suggest the forthcoming rules may require disclosure of more prescriptive HCM metrics (e.g., workforce turnover, engagement metrics). At the same time, investors continue to call for more detailed information on HCM. Several large US institutional investors have expanded their shareholder engagement priorities to focus on HCM. Given the continued regulatory and investor focus in this area, the audit committee should stay current on the evolving regulatory landscape and stay abreast of how stakeholder expectations are evolving.

8. Leading practices to enhance audit committee effectiveness

Audit committees are known to have full agendas, and the number of topics they are overseeing continues to expand due to a volatile geopolitical environment, continuing impacts from the pandemic, emerging regulations, and other matters. This is a great time of year for audit committees to revisit their agenda-setting and meeting protocols to ensure they function efficiently and effectively. Key actions the audit committee may want to consider to ensure optimal performance include the following:

Review the agenda plan. The agenda plan for the year should cover every item in the committee’s charter. The audit committee should look at how much time is allotted to sessions/presentations. Has the time allotment historically been adequate? Does it make sense given the topic or level of risk?

Consider a consent agenda. Look for reports and routine agenda items where little discussion may be needed and add a consent agenda item (e.g., meeting minutes, minor policy changes, reports provided for information only). Audit committee members can review the pre-read materials and have an opportunity for questions, if any. The expectation would be that only a review of the prepared materials would be necessary for most of the consent agenda items.

Enhance pre-read materials. Streamlining reporting to focus on issues, trends, and themes continues to be a top priority for audit committees. Executive summaries and dashboard reporting can be particularly helpful in communicating information. In addition, highlighting changes from prior packages can make pre-read materials more effective.

Provide comments in advance of meetings. Having audit committee members provide significant comments/questions on pre-read materials in advance can add efficiency to the meeting. This gives management and other presenters the opportunity to respond during the meeting. Of course, the audit committee would need to receive the materials far enough in advance to respond (leading practice is seven days).

Implement a pre-meeting executive session. Given the volume and complexity of agenda items, scheduling time in advance of or at the beginning of the meeting can be helpful. It provides a chance for audit committee members to pinpoint the areas that may require deeper discussion during the meeting. In turn, this can lead to a more efficient allocation of time.

Expand the use of internal audit. Increasingly, audit committees lean heavily on internal audit for assurance and insight on risks well beyond the traditional scope of operational audits and financial controls—and they should. Leveraging internal audit in “non-traditional” ways can help the audit committee effectively execute its oversight responsibilities. Some areas of leverage include enterprise resiliency, health and safety, ESG, human capital management, cybersecurity, and data protection.

9. Communicating with the external auditor

This year, audit committees will again be overseeing companies’ financial reporting under less-than-ideal circumstances. Given the challenging business environment and associated risks, the audit committee will want to ensure it has a robust process in place to get the most value from the external auditor.

Communication is key. Beyond the required items, audit committees should seek the auditor’s perspectives on matters like broader business risks and the impact on culture of the company’s return to office policies. The audit committee will want to understand the status of the audit plan, including an update on the audit risk assessment and how it might have changed. The audit committee will also want to ask about how the plan might be impacted by the current geopolitical environment (e.g., supply chain disruptions, asset valuations), emerging standards and regulations, and the auditor’s implementation of new technologies (e.g., AI).

Given changes in ways of working over the past two years, the audit committee will also want to understand changes in the auditor’s work plan.

Which types of work will be performed onsite versus remote or hybrid? How could this potentially impact the audit? How much turnover has the external auditor experienced on its team? How might this impact execution of the audit plan?

Lastly, more audit committees are starting to oversee non-financial disclosures, such as ESG metrics and KPIs. Depending on where the disclosure is made (e.g., sustainability report, website) the audit committee should understand that the external auditor may have either limited or no responsibility over the information. As the role in overseeing these metrics evolves, the audit committee may want to ask the auditor about its point of view on these items. As a leading practice, it is best to flush out these discussions with the auditor early in the year and establish a cadence for updates over the course of the year.

10. Recurring items for the audit committee agenda

Every audit committee should ensure that these important items are on the agenda of every audit committee meeting, or at least at scheduled intervals:

  • Hotline complaints and code of conduct violations
  • Changes in the regulatory environment
  • Private and executive sessions
  • Related-party transactions
  • Internal and external audit plan reviews
  • Discussions with CIO, CISO, and GC as needed
Trackbacks are closed, but you can post a comment.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>