Never, in all my years of writing about corporate mismanagement and governance gone awry, have I seen unhappy investors survey the wreckage and then holler, “Why the hell was the audit committee’s role so poorly defined?” Instead, they always holler, “What the hell was the audit committee doing?”
And in our hyper-capitalist society, where so much of your fortune depends on the value of the assets you own, investors have a right to know.
So I strongly suspect that as we wade into the governance debate of the summer—how the Securities and Exchange Commission should reform required disclosures for corporate audit committees—we’ll hear quite a lot about that idea. The SEC even says as much in its 55-page concept release on audit committees, published July 1. Smack in the middle of Page 18 (emphasis added): “While current audit committee reporting requirements provide information about the role of the audit committee … these disclosures do not describe how the audit committee executes its responsibilities.”
Think about what that means; about what changes would be necessary to achieve that goal of more transparency into how the audit committee is doing its job. Then think about what else is happening in the world of corporate auditing and oversight of the audit process—specifically, how the Public Company Accounting Oversight Board is reviewing required disclosures for audit firms at the same time the SEC is looking at changes for audit committees. When you do, a few things become clear.
First, we’re going to spend a lot of time debating what companies should disclose about communication between audit firm and audit committee. The PCAOB is pressuring audit firms to be more aggressive, to be more skeptical, to raise more concerns to the audit committee, and to do that sooner. While the fine points of that overhaul are still in development, the SEC must act on audit committees within that context. If audit firms are bringing more matters to the audit committee earlier, investors have a greater interest in knowing what those conversations were about.
Little surprise, then, that the SEC’s concept release asks at least 10 questions about audit firm-audit committee communications. (Maybe more, depending on how you characterize some of the dozens of questions the SEC asks in total.) To my thinking, the most controversial proposal is Question 11: Should there be disclosure regarding the nature or substance of the required communications between the auditor and the audit committee?
Now we’re getting into the messy part, because lots of investors would answer that question with a “yes.” Compliance officers, audit executives, audit firms, and senior corporate managers will probably answer with something closer to “ugh.” All sides have solid grounds to argue their case.
The communications audit firms must provide to audit committees are spelled out in the PCAOB’s Auditing Standard No. 16. The juicy stuff is near the bottom of the standard: difficulty in performing the audit, disagreements with management, complaints about accounting that have come to the audit firm’s attention, and the like. Anything along those lines should be communicated to the audit committee “in a timely manner” rather than waiting to include it in the audit firm’s report.
Yuck. Almost by definition, communication on those matters is going to be sensitive stuff brimming with litigation and enforcement concerns. What’s more, resolving delicate audit issues correctly takes patience, a quality most investors do not have. Audit firms and corporations alike are well within bounds to argue that more disclosure of those communications won’t do much more than stir up investor hysteria prematurely, adding uncertainty into the share price and distraction into corporate governance precisely when the company needs the audit committee’s full attention.
At the same time, investors can argue that right now too much advice arrives too late to be useful. Investors do not want a thorough report at the annual shareholder meeting outlining all the financial failures the audit firm has documented. They want to know (they need to know, they would say) when the company is carrying more financial reporting risk than expected. Maybe that risk can be explained by managers; maybe the company will melt down. Either way, a better sense of the quantity of risk at any given time is what investors want. And let’s not forget, they are the ones who own the company. They are within bounds to argue this position too.
I don’t know what the SEC’s final answer should be here. I only cite it as one example of the difficulty that lies ahead for the compliance and governance communities as we try to figure this out—and there are many more examples in that concept release, too. Still, we already know one fact. The SEC cannot do nothing on this subject. The current disclosure regime for audit committees is obsolete, and we need to find a better one.
Comment on this post on LinkedIn.