PCAOB Adopts New Requirements for Related Party and Significant Unusual Transactions, and Executive Officer Financial Relationships/Transactions

Some VERY significant news from the PCAOB: Earlier this month, the board adopted a new auditing standard and various amendments to other auditing standards to strengthen auditor performance requirements in three challenging areas:

  • Related party transactions;
  • Significant unusual transactions; and
  • A company’s financial relationships and transactions with its executive officers.

In a just-released Flash Report from Protiviti, we summarize the PCAOB’s new auditing standard and the board’s various amendments, along with the implications for auditors and companies.

The PCAOB’s intent in addressing these transactions and relationships is to improve existing standards by requiring additional procedures in each of these areas and provide direction to ensure the auditor’s approach to these areas is sufficiently risk-based and appropriately coordinated.

Of particular note, the requirements will be effective for calendar year 2015 audits, including interim periods (e.g., required for fiscal years beginning on or after December 15, 2014). They will apply to audits of companies listed on exchanges in the United States.

The significance of these requirements is that they address what the PCAOB considers to be insufficient work by auditors in these areas, based on the board’s inspections process. Accordingly, we can expect continued attention on the part of the inspections process, which will drive auditors to increase audit emphasis in these areas. In addition, these areas are quite pervasive, meaning every public company is likely to be affected.

Jim

It’s Not the Time for Banks to Abandon Vendors

Ed Page - Protiviti Chicagoby Ed Page
Managing Director – Leader, Protiviti’s National Financial Services IT Consulting Practice

 

A recent article in American Banker Bank Technology News raises the prospect that stiffer vendor risk management requirements may push banks to bring more IT work in-house. Given the rigor being demanded these days, it’s hard to argue against that position, but banks and regulators alike need to be aware that this could have unintended consequences, particularly at midsize and smaller banks.

Large banks generally have the scale and skills to run IT services in-house, so insourcing to reduce the overhead of vendor management may be a viable approach. However, driving IT services in-house at smaller institutions may create a whole different set of risks. Many midsize and smaller institutions have long depended on outsourced relationships to provide essential IT services, both as a means of acquiring technical competencies and to reduce costs related to IT operations. Consequently, many lack the core competencies, experience and expertise needed to run things in-house.

I liken this a little to the do-it-yourself (DIY) phenomenon in home improvement. Although there are certainly a lot of DIY projects that people can undertake, a project such as upgrading the 1940s era knob and tube electrical wiring currently in your home to current standards is better left to the professionals (unless, of course, you are an electrical wiring expert!).

Insourcing may also pose a secondary risk for the industry as a whole. At a time when banks need to innovate to stay competitive, banks may be discouraged from working with vendors – particularly smaller vendors – who may be creating breakthroughs. This may lead to financial institutions missing opportunities to either drive down costs or introduce new products and services, which in turn creates risk from those institutions and non-bank competitors who are more willing to work with outside providers.

Technology and data are the life blood of banking, so the regulatory intent to ensure accountability and governance over these critical services is undeniably correct, but banks must guard against overreacting in ways that create other equal or even greater risks. The industry needs to retain both insourcing and outsourcing as viable alternatives. Ultimately, organizations should develop an IT strategy based on their business priorities and competencies. That strategy should be supported by a well-defined IT architecture, strong IT and data governance, and – where outsourcing is dictated – sound vendor management.

And for more insights into vendor risk management, I encourage you to read the benchmark report that the Shared Assessments Program and Protiviti recently released on the maturity of vendor risk management in organizations today.

More on the New Revenue Recognition Rules

Many of my Protiviti colleagues and I have received numerous questions from clients and contacts about the new revenue recognition standard issued by the Financial Accounting Standards Board and International Accounting Standards Board. Therefore, I thought I’d comment further on the new standard and share some notable commentary and insights from others in the market.

The objective of the new standard, according to FASB and IASB, is to “establish the principles to report useful information to users of financial statements about the nature, amount, timing and uncertainty of revenue from contracts with customers.” In practice, it’s intended to:

  • Remove inconsistencies and weaknesses in existing revenue requirements;
  • Provide a more robust framework for addressing revenue issues;
  • Improve comparability of revenue recognition practices across entities, industries, jurisdictions and capital markets;
  • Provide more useful information to users of financial statements through improved disclosure requirements; and
  • Simplify the preparation of financial statements by reducing the number of requirements to which an organization must refer.

My colleagues and I have stated repeatedly that this is a big deal. Others agree:

The American Institute of Certified Public Accountants blog calls revenue recognition “the most pervasive and across-the-board important topic that the issuers could have tackled,” and notes that the new standard “eliminates transaction- and industry-specific guidance and replaces it with a principle-based approach that applies to all public, private and not-for-profit entities.”

The Wall Street Journal’s blog notes that public companies have until 2017 to prepare for it, and adds that software makers and wireless providers, among others, could record revenue more quickly than before, while, for example, auto and appliance makers may see the opposite trend.

A terrific article in CFO magazine points out that the new standard was “strongly opposed by many finance and accounting executives,” and adds that its changes could have a ripple effect on loan covenants, compensation packages, discounts, rebates taxes, and even new company start-ups.

Simply stated, the literature was all over the place. It was hard to know where to look when confronted with new and different revenue recognition situations.

The issuers’ bottom line is a contract-based approach to revenue recognition. Their core principle is to “recognize revenue in a manner that depicts the transfer of promised goods or services to customers in an amount that reflects the consideration to which the entity expects to be entitled in exchange for those goods or services.” To achieve the core principle, they outline these five steps:

  • Identify the customer contract(s).
  • Identify the separate performance obligations therein.
  • Determine the transaction price.
  • Allocate it to separate contract performance obligations.
  • Recognize revenue when the entity satisfies each one.

Naturally, it’s going to be more complex than that. To help with the changeover, the FASB and IASB have set up a joint Transition Resource Group that will meet publicly until the standard goes fully into effect. In the meantime, preparers worldwide need to get themselves educated on the new standard.

As a reminder, we published a detailed Flash Report on the new standard that I encourage everyone in an accounting/finance role to review. Let the transition process begin!

Jim

Take It From the Top: How Effective AML Messaging Impacts Front-Line Personnel

Most everyone would agree that the right tone from the top is crucial in enlisting the support and cooperation of the rank and file in any organization on any risk-related issue. This fundamental concept of internal control is particularly important in AML compliance, where lower-level personnel provide the first defense against money laundering activities. But here is an interesting question: What makes the tone form the top “right?” A just-released Protiviti white paper takes a look at the issue, analyzing the elements of effective messaging and concepts that stick, as well as the challenges presented by a diverse, multi-generational workforce.

The paper combines the views of our top AML consultants and training and communication specialists, for a well-rounded overview of what works, what doesn’t, and how to recognize important gaps in an organization’s AML communication so they can be fixed. It discusses key tactics and tools for effective communication: message relevance, respect for employees and their learning styles, multi-sensory learning, use of appropriate technology and understanding of the generation gap.

For example, something as simple as feeling valued and playing a meaningful part in a bigger battle with a personal element in it, such as human trafficking, can be much more effective in increasing cooperation among employees than receiving punishment for not following rules. Similarly, delivering a compliance message through technology already in the hands of the user, such as a smartphone, will work better than a bulky online course that takes away precious time from other duties of front-line employees. Applying these and other tactics to a customized communication plan tailored to the organization can spell the difference between an AML compliance program that works and one that fails.

AML compliance is equal parts art and science. We hope this paper sheds some light on the art of delivering effective AML messaging that is embraced and not ignored by the people working the front lines.

Jim

It’s Here, Are You Ready? – Transitioning to the New Revenue Recognition Standard

There is some BIG news that was just announced in the world of accounting – game-changing news, as a matter of fact. The long-awaited new FASB Accounting Standards Update No. 2014-09, Revenue from Contracts with Customers, was finally issued on May 28, 2014. This new guidance is the result of a collaborative effort by the FASB and the IASB to agree on a global standard based on common principles that can be applied across industries and regions.

In the United States, this new guidance will replace most of the industry-specific GAAP requirements that have become complex and cumbersome to apply in practice. These requirements have developed over a long period of time and consist of myriad disparate requirements for specific transactions and industries including, for example, software, real estate and construction contracts. Prior to the issuance of the new standard, over 200 specialized and/or industry-specific revenue recognition requirements could be found in the accounting literature under U.S. GAAP. Despite this overwhelming volume of requirements, new and emerging transactions sometimes lack explicit guidance. Therefore, differences in reporting may arise as a result of inconsistencies and weaknesses in the literature. All of these disparate revenue recognition requirements have been superseded by the new standard.

Outside the United States, the new revenue recognition requirements will replace the IFRS standards for revenue recognition that provide limited implementation guidance and can be difficult to understand and apply.

For all companies, wherever they are domiciled, the impact of the new standard could be far-reaching and potentially disruptive. While no industry will be totally exempt, the industries that are likely to experience significant changes are software, telecommunications, asset management, airlines, real estate, aerospace, and construction. Changes won’t be limited to these industries, of course, so all companies should consider the need to assess the implications of the new standard and develop implementation plans to address those implications.

Companies with a longer delivery cycle, or those with non-standard and complex contract terms, will be the most affected. These aspects will require greater resources from systems or processes to provide the necessary information to meet the data requirements to account for and describe revenue recognition.

That is why organizations should examine their processes and systems around the order-to-cash cycle data requirements and revenue recognition reporting, and make certain that data flowing from transaction reporting to financial reporting is accurate and complete. Long-term projects, such as system changes and employee education, will be unavoidable for firms that must adapt to the revenue standard convergence, and require early planning to be successful and cost-efficient.

Today we published a comprehensive Flash Report that offers a detailed overview of the new revenue recognition standards and the steps companies should begin undertaking to plan for adoption of these new standards. For those of you immersed in accounting and revenue recognition standards for your organization, I encourage you to read it and educate yourself on its requirements. And good luck. This is not an easy read. The good news is I am sure there will be plenty of conferences out there to consider.

Jim