Health Check on Emerging Growth Companies: PCAOB Reports High Incidence of Material Weaknesses

By Charles Soranno, Managing Director
Financial Reporting Compliance and Internal Audit

 

 

 

A new white paper from the Public Company Accounting Oversight Board (PCAOB) and an April increase in qualifying revenue limits have put emerging growth companies (EGCs) in the news recently.

The EGC designation, established under the Jumpstart Our Business Startups (JOBS) Act of 2012, makes it easier for small and growing businesses — specifically those on track for an initial public offering — to attract investors and access capital by relaxing regulatory requirements and cutting some red tape. There are a number of benefits to a registrant being classified as an EGC – see Protiviti’s Guide to Public Company Transformation for what they are.

The original law established a revenue cap of $1 billion for a company to qualify as an EGC, but provided for that cap to be adjusted every five years for inflation. The Securities and Exchange Commission (SEC) made the first adjustment in April 2017, raising the revenue cap to $1.07 billion.

Another provision of the JOBS act was a mandate for the PCAOB to report via white papers, semiannually, on the extent to which EGCs actually benefitted from regulatory relief, and any unintended consequences stemming from the more permissive environment. The purpose of the PCAOB’s white papers is to provide general data about EGCs to inform the analysis contained in PCAOB rulemaking releases regarding the impact of applying new standards to the audits of EGCs.

The latest white paper, published in March 2017, found that of 1,951 companies reporting as EGCs in the 18 months prior to the reporting period, more than half (51 percent), received an explanatory paragraph in their most recent auditor’s report expressing substantial doubt about the company’s ability to continue as a going concern. Equally important, within that group of 1,951 EGC filers, 1,262 provided a management report on internal control over financial reporting in their most recent annual filing, and 47 percent – nearly one-half of all EGC filers – reported material weaknesses.

Protiviti explores the findings in the PCAOB’s March white paper at length in a recent Flash Report, but I wanted to highlight a few of the takeaways here.

First and foremost, while certain regulatory exemptions and benefits may be attractive, they do not mean that EGCs should accept or minimize issues surrounding potential findings of material weaknesses. These deficiencies in internal control over financial reporting may undermine a company’s reputation and reduce company value, to say the least.

The risk is real and should be addressed proactively. Protiviti has developed a financial reporting risk profile (FRRP) to identify financial reporting issues in advance and manage them to avoid potential financial restatements.

An effective FRRP focuses on six areas: accounting principle selection and application, estimation processes, related-party transactions, business transaction and data variability, sensitivity analysis, and measurement and planning. The underlying objective is to identify the most likely areas of potential misstatements and apply the appropriate oversight and control.

Second, EGCs should take the steps necessary to document key business processes so that these processes are well-defined and repeatable, reducing reliance on ad hoc activity by key employees. These processes may include a fair amount of financial reporting; related policies and activities, such as those that aid in the preparation of financial schedules for external auditors in the support of audits; filings; executive compensation; and employee benefits. Pre-public companies should design and implement a process for documenting conclusions on reporting and accounting matters.

Internal controls and documentation are critical because they minimize the risk of material weaknesses in the organization’s financial reporting. Consider the effects of just one material weakness: erosion of shareholder confidence, potential share price reduction, a fair amount of distraction throughout the organization, reduced brand quality, and significant remediation costs.

The high incidence of material weaknesses among EGCs is disappointing but, in many cases, generally preventable. It is important not to wait until the first auditor attestation to address potential issues. Many of the preventive measures – governance protocols, fraud controls, internal controls over financial reporting – should be in place prior to the company’s first public filing (e.g., 10Q filings, 302/906 certifications), and others should be in place prior to the initial management assertion on the effectiveness of internal control over financial reporting, as required by Sarbanes-Oxley Section 404(a). If these areas have not been addressed and the first public filing is upcoming, the organization should prepare itself by putting in place a robust remediation program. See the Protiviti Flash Report for additional points and information.

 

PCAOB White Paper Calls Attention to the Risk of Material Weaknesses at Emerging Growth Companies

Last week, the Public Company Accounting Oversight Board (PCAOB) released its semi-annual white paper providing general information about certain characteristics of emerging growth companies (EGCs). The PCAOB’s white paper provides a number of observations regarding EGCs, which we summarize in a just-released Flash Report published on Protiviti’s website. In our Flash Report, we also review the implications for EGCs that report material weaknesses in their internal control over financial reporting and offer guidance to affected organizations to help them avoid or overcome such findings.

Setting the 2015 Audit Committee Agenda

What is top of mind for senior executives and directors this year? Regulatory changes and heightened regulatory scrutiny, succession challenges, economic conditions and cyber threats – this according to the latest Protiviti and North Carolina State University ERM Initiative’s survey, Executive Perspectives on Top Risks in 2015.

You can get a preview of the insights from the survey and more in the latest issue of The Bulletin, our electronic newsletter on corporate governance and risk management. The issue is chockfull of collective wisdom culled from the interactions of Protiviti’s professionals with client audit committees, roundtables we’ve conducted, and discussions with directors at conferences and other forums.

As part of an ongoing effort to help you find the signal amid the noise of a busy and information-rich world, we’ve distilled this information into 10 actionable steps we call The 2015 Mandate for Audit Committees. The first five items relate to enterprise, process and technology issues. The remaining items pertain to financial reporting.

Here, then, are our recommendations for setting the 2015 audit committee agenda:

Enterprise, Process and Technology Issues

  • Update the company’s risk profile to reflect changing conditions – Consider emerging risks and changes in existing risks and address the adequacy of risk management capabilities.
  • Oversee the capabilities of the finance organization and internal audit to ensure they can deliver to expectations – Capabilities should be continuously aligned with the company’s changing needs and expectations.
  • Pay attention to risk culture to address the risk of dysfunctional behavior undermining risk management and internal control – The tone at the top and in the middle affects risk management and internal control performance.
  • Understand how new technological developments and trends impact the company – Be mindful of the implications of technological innovations to security and privacy, financial reporting processes, and the viability of the company’s business model.
  • Assess committee efficacy – The committee’s composition, expertise and engagement should keep pace with the company’s changing business environment and risk profile.

Financial Reporting Issues

  • Pay attention to revenue recognition – The Financial Accounting Standards Board’s (FASB’s) new standard may affect financial reporting systems.
  • Determine the Public Company Accounting Oversight Board (PCAOB) impact on the audit approach – PCAOB inspections, standards and guidance have raised concerns regarding the adequacy of public company auditing processes and have led to changes.
  • Understand the impact of COSO’s updated Internal Control – Integrated Framework – The new framework has the potential to affect internal control reporting, internal audit activities and other areas.
  • Understand and evaluate management’s significant accounting estimates – Ensure an adequate focus on the financial reporting processes requiring the most judgment.
  • Stay current on audit reforms – An expanded report, auditor rotation and other measures are being considered in various countries.

I hope you find time to read the latest Bulletin in its entirety. These are interesting times. The new year is already off to an exciting start, and I can’t wait to see what challenges and triumphs await us all in the months ahead. I’m sure it will be interesting.

Jim

PCAOB Adopts New Requirements for Related Party and Significant Unusual Transactions, and Executive Officer Financial Relationships/Transactions

Some VERY significant news from the PCAOB: Earlier this month, the board adopted a new auditing standard and various amendments to other auditing standards to strengthen auditor performance requirements in three challenging areas:

  • Related party transactions;
  • Significant unusual transactions; and
  • A company’s financial relationships and transactions with its executive officers.

In a just-released Flash Report from Protiviti, we summarize the PCAOB’s new auditing standard and the board’s various amendments, along with the implications for auditors and companies.

The PCAOB’s intent in addressing these transactions and relationships is to improve existing standards by requiring additional procedures in each of these areas and provide direction to ensure the auditor’s approach to these areas is sufficiently risk-based and appropriately coordinated.

Of particular note, the requirements will be effective for calendar year 2015 audits, including interim periods (e.g., required for fiscal years beginning on or after December 15, 2014). They will apply to audits of companies listed on exchanges in the United States.

The significance of these requirements is that they address what the PCAOB considers to be insufficient work by auditors in these areas, based on the board’s inspections process. Accordingly, we can expect continued attention on the part of the inspections process, which will drive auditors to increase audit emphasis in these areas. In addition, these areas are quite pervasive, meaning every public company is likely to be affected.

Jim

Keeping Pace with SOX Compliance – COSO, Costs and the PCAOB

Every year, one of Protiviti’s most highly anticipated studies is our Sarbanes-Oxley Compliance Survey, in which we assess the current state and maturity of SOX compliance in public companies, along with factors influencing their efforts and costs. In our 2014 survey, the results of which we released today, there are a number of notable takeaways suggesting that, as a result of the new COSO framework and PCAOB inspection reports, among other factors, new hurdles are emerging in the SOX compliance process.

Infographic-2014-SOX-Compliance-Survey-Protiviti

Our key findings:

  • Companies are getting started, albeit slowly, with implementing the new COSO framework.
  • There is measurable fallout from the PCAOB’s inspection reports.
  • Compliance costs are going up but are still manageable for many.
  • Organizations continue to automate more processes and controls.

For more information and detailed survey results, I invite you to visit www.protiviti.com/SOXsurvey. Also, you can check out our infographic and video here.

Jim

https://www.youtube.com/watch?v=VnTnYi2NzAs