Takeaways from the AICPA’s 2018 Conference on Current SEC and PCAOB Developments

Takeaways from the AICPA’s 2018 Conference on Current SEC and PCAOB Developments

In mid-December 2018, speakers and panelists representing regulatory and standard-setting bodies as well as auditors, registrants, securities counsel and other industry experts gathered in Washington D.C.  for the 2018 AICPA Conference on Current SEC and PCAOB Developments (the “Conference”).  As in prior years, the Conference focused on financial reporting, accounting and auditing topics and emerging issues.  The overarching theme this past year was the importance of the shared responsibility for the promotion of transparency and quality financial reporting among all participants and stakeholders in the financial reporting process.

We set forth below some of the key topics of discussion and comment by the SEC staff that registrants should keep in mind when preparing their next SEC disclosures.

Disclosure Effectiveness and Future SEC Proposals

The Director of the SEC’s Division of Corporation Finance, William Hinman, discussed the SEC’s ongoing efforts to simplify and streamline SEC disclosure requirements.  In 2018, the SEC issued:

• the Disclosure Update Simplification Technical Release (“DUST-R”), which eliminated or modified certain redundant or outdated disclosure requirements and integrated other disclosure rules into existing SEC requirements; among other things, the DUST-R eliminated the requirement for a foreign private issuer (“FPI”) to obtain a waiver from the 12-month age of financial statements requirements in an initial public offering (“IPO”), provided that the FPI includes certain representations in the registration statement; and
• proposed rules that would simplify and streamline financial disclosure requirements of Rule 3-10 of Regulation S-X, for guarantors and issuers of guaranteed securities, and of Rule 3-16 of Regulation S-X, for affiliates whose securities collateralize a registrant’s securities, by focusing disclosures on material information aimed at reducing the cost of compliance and encouraging issuers to offer guaranteed or collateralized securities on a registered basis or on a private basis with registration rights.

The SEC staff noted that it also has a number of ongoing projects on its near-term agenda, which include:

• a request for comment on the nature, content and timing of earnings releases and quarterly reporting requirements, to determine whether quarterly reporting should be eliminated for certain types of companies; the SEC published an invitation for comment on this subject on December 18, 2018;
• proposed rules that would simplify the disclosure requirements relating to financial statements of businesses acquired or to be acquired, real estate operations and pro forma financial information (SEC Regulation S-X, Rule 3-05, Rule 3-14 and Article 11); and
• a proposed amendment to the definition of an accelerated filer aimed at reducing a number of registrants that are subject to the requirement to provide the auditor attestation report on internal control over financial reporting (“ICFR”) under Section 404(b) of the Sarbanes-Oxley Act of 2002.

Non-GAAP Financial Measures

Non-GAAP financial measures remained the top area of focus in SEC staff comment letters in 2018, with registrants encouraged to provide more transparent and robust disclosures regarding the usefulness of their non-GAAP financial measures to investors. During the Conference, Chairman Clayton and SEC Chief Accountant Wesley Bricker reminded registrants of the importance of having disclosures on non-GAAP measures and key performance indicators that are complete, accurate and consistent with the objective of communicating operating results through the eyes of management. The SEC staff may request information provided to registrants’ boards to support statements that non-GAAP financial measures are used to assess business or operating performance.

Registrants were also reminded of the need to have appropriate disclosure controls and procedures in place to ensure non-GAAP measures are not misleading and that they do not involve individually tailored accounting principles that may not be appropriate under Regulation G. To help registrants determine whether a non-GAAP financial measure would be viewed as an unacceptable individually tailored accounting principle, the SEC staff has prepared questions that management and audit committees can use as a guide when developing and reviewing their non-GAAP financial measures. These include:

• Does an adjustment shift the measure from an accrual to a cash basis?
• Does the adjustment include transactions also accounted for in another company’s financial statements?
• Does the adjustment reflect a portion, but not all, of an accounting concept?
• Does the adjustment render a measure inconsistent with underlying economics or ignore certain components of the economics?

EGC Transition Issues

One of the accommodations granted to emerging growth companies (“EGCs”) under the JOBS Act is the ability to elect to defer compliance with new or revised accounting standards until private company adoption dates for as long as they qualify as EGCs. Private company adoption dates for the new revenue accounting standard have started to apply for annual periods beginning on January 1, 2019 and for interim periods within the annual period beginning on January 1, 2020. Accordingly, calendar year-end EGCs that elected to take advantage of the extended adoption period applicable to private companies are required to adopt the new standard as of January 1, 2019.  However, if a registrant lost its EGC status after the standard adoption date for the new revenue standard (i.e., January 1, 2018), it will not be permitted to delay the adoption of the standard by using the private company adoption date.  If a registrant adopted the new revenue standard before losing its EGC status, the SEC staff would not expect the registrant to revise its financial statements for a different adoption date.

Modifications and Waivers under Regulation S-X Rule 3-13

The SEC staff continues to encourage registrants to seek financial statement waivers and modifications under Regulation S-X Rule 3-13 in instances where the strict application of the rules would result in a requirement to provide more information than the registrant believes is necessary to reasonably inform investors. Under Rule 3-13, the SEC staff is granted the authority to permit the omission or substitution of certain financial statements “where consistent with the protection of investors.”

At the 2017 Conference, the SEC staff briefly highlighted certain areas that would likely benefit from greater staff flexibility (essentially situations that would produce anomalous results). This past year, the staff again addressed areas of potential flexibility:

• when an acquisition is significant solely due to the income test, the SEC staff may permit the omission of financial statements for the acquired business for certain or all periods based on consideration of other measures of operating activity, such as revenue and gross operating margin;
• when an acquisition is significant only under the investment test, the SEC staff may consider why the registrant is paying a premium for the acquired business and, if the acquisition includes highly valuable assets, it may allow the registrant to provide an abbreviated statement of assets acquired and liabilities assumed at fair value in lieu of full historical financial statements of the acquired business;
• in an IPO scenario, where businesses acquired in an earlier period may have been significant at the time of the acquisition but may no longer be material to the registrant’s current operations, the SEC staff may permit the omission of one or more financial statement periods;
• acquisitions of related businesses generally have to be evaluated as a single business combination, but the SEC staff may grant a waiver for individual related businesses that are not significant to an overall transaction; and
• in acquisitions of a foreign entity that meets the definition of an FPI but not a “foreign business” under Regulation S-X, the SEC staff may allow the registrant to file IFRS financial statements for the acquired business (rather than U.S. GAAP statements) without reconciliation to U.S. GAAP.

Emerging Disclosure Trends – Brexit and LIBOR

At the Conference, both Brexit and LIBOR featured as areas of significant focus by the SEC staff, which expects that disclosures in both of these areas will evolve over time.

Chairman Clayton and Mr. Hinman both expressed concerns regarding the quality of Brexit-related disclosures. They are of the view that the potential impact of Brexit on financial performance and business prospects have thus far been underestimated by many registrants, despite the fact, for example, that the uncertainties surrounding Brexit have led to reduced levels of hiring and investment in the United Kingdom. Chairman Clayton noted that some registrants address Brexit in the form of general risk factors while others include more granular, company-specific disclosures.  As discussed in more detail in our earlier client alert, going forward the SEC expects to focus more closely on registrants’ Brexit disclosures and on Brexit’s impact on market utilities and infrastructure.   Hinman recommended that registrants involve their auditors and other relevant parties in discussions regarding contingency planning for Brexit and that disclosures address these contingency plans.  The SEC does not expect to provide any transition relief with respect to Brexit-related disclosures, meaning the implications need to be addressed in relation to the periods during which they occurred.

The London Interbank Offered Rate (LIBOR) is expected to be phased out and replaced with a different benchmark in the coming years.  The SEC staff encourages registrants to start planning for the potential effects of this transition, and suggests registrants prepare relevant disclosures in the MD&A, particularly in the liquidity and capital resources disclosure, and risk factors if the impact is expected to be material.

Cybersecurity

In the area of cybersecurity, the SEC staff continues to remind registrants about the SEC staff’s continued focus on cybersecurity disclosure in light of the ever increasing threat of cyber incidents. Chairman Clayton noted the value of having cybersecurity expertise at the board level and of focusing not just on prevention of cyber breaches but also on the way in which data are collected to optimize the level of protection. Hinman addressed:

• the importance of identification and escalation of cyber breaches at the appropriate levels within the company, which would ensure that all relevant parties (meaning, for example, not just the IT department) are involved in assessing a cyber-incident’s potential effects and related disclosure requirements;
• the need for insider trading policies to take into account cyber risks; and
• the need for more fulsome disclosure regarding the role of the board of directors in cyber risk oversight when the risk of cyber-incidents is material.

Registrants should consider company-specific cyber disclosures, in particular how the board oversees cyber risk and the controls and procedures in order to ensure that relevant information about cyber incidents is promptly communicated to those in management responsible for public disclosures. Registrants should reassess their cyber-related disclosures on an ongoing basis given the evolving nature of the threats. The SEC staff also reiterated a general principle for risk factors, namely that it is not appropriate to refer to hypothetical risks when that risk has in fact come to fruition.

In 2018, the SEC issued interpretive guidance on cybersecurity risks (CF Disclosure Guidance: Topic No. 2) as well as a report of investigation that highlight the SEC’s increased focus on cybersecurity issues and caution registrants to consider cyber threats when implementing and maintaining their internal controls. The guidance and the report are discussed in more detail in our earlier client alert.

Role of the Audit Committee

The SEC staff believes that the effectiveness of audit committees can be strengthened in a number of ways, and offered various suggestions.

• Boards should carefully consider who serves on the audit committee. Possessing financial literacy may not be sufficient to fully understand the financial reporting requirements or to challenge senior management on major, complex decisions.  Audit committees must stay abreast of these issues through adequate, tailored and ongoing education.
• Audit committees must be fully committed to the financial reporting oversight role and to understanding the inter-relationships among accounting, ICFR and reporting requirements. Bricker noted that “[f]or example, as business, technology, accounting, and reporting requirements change, it is crucial that the audit committee understand management’s approach for designing and maintaining effective internal controls.  To illustrate, does the audit committee understand management’s approach to attract, develop, and retain competent individuals who have responsibility for the design and operation of manual control activities, which are applicable when reasonable judgment and discretion is required, such as may arise in the application of the revenue recognition standard? The audit committee can take insights from the conversation with auditors about whether, where, and why they were unable to rely on internal controls.”
• Bricker further believes that an audit committee’s “expectations for clear and candid communications from the auditor should not be taken lightly, particularly when it is time to evaluate the relationship with the auditor. Just the same, the auditor should expect appropriate support and tone from the audit committee when issues arise.”
• Audit committees, particularly those of smaller companies, are encouraged to provide enhanced disclosure regarding their role in overseeing the external auditor and, in particular, how stock exchange listing rules in respect of appointing, compensating and overseeing the work of the auditor are complied with.
• While cybersecurity remains an important area of SEC staff focus, emerging technologies more broadly present significant opportunities as well as risks. Audit committees should work with management to understand how management is addressing the financial reporting risk of the use of emerging technologies such as artificial intelligence, robotic process automation, drones and blockchain.  The Center for Audit Quality has published several resources, including a report entitled “Emerging Technologies: An Oversight Tool for Audit Committees,” intended to assist audit committees in fulfilling their oversight responsibilities for financial reporting affected by emerging technologies.

Internal Control over Financial Reporting

Properly designed and functioning ICFR is seen as critical to the timely prevention and detection of material errors or fraud in financial reporting. As noted by Mr. Bricker, the cooperation among audit committees, auditors and management in all ICFR areas (from risk assessment to design and testing of controls) is essential since any internal control deficiencies that are left unidentified or unaddressed could lead to higher financial reporting restatement rates and higher cost of capital. Registrants should strive to identify and communicate material weaknesses before they manifest themselves in the form of a material restatement.

Other SEC staff comments in the area of ICFR focused on the evaluation of operating effectiveness of ICFR, the adequacy of material weakness disclosures and the adequacy of the evaluation of control deficiencies. The SEC staff noted that when assessing the effectiveness of internal controls, management should pay attention to both the operation of the internal controls as designed (for example, via assessment of the consistency with which the controls operate throughout the period) as well as the level of evidence required to evaluate the control to ensure that procedures used are adequate to the related risks. This is particularly important where there are close calls in assessments of whether a deficiency is a significant deficiency (and reported to the audit committee) or a material weakness (and reflected in public disclosure).  Material weakness disclosure requires management to focus on providing meaningful detail that does more than just describe the existence of the weakness, in order to allow for an understanding of not only the cause of the deficiency (namely, what went wrong) but also of its impact on the financial statements (for example, is the material weakness isolated or pervasive), as well as the timing and detail of any remediation plan. 

The SEC staff emphasized that registrants should focus not just on a material misstatement but also on whether an identified control deficiency rises to the level of material weakness by assessing whether there was a reasonable possibility that the material misstatement would not have been prevented or detected on a timely basis as a consequence of the identified control deficiency. The SEC staff also reminded participants of an SEC enforcement action in September 2018 (Primoris Services Corporation) alleging failure of a registrant to devise and maintain a sufficient system of internal accounting controls and adequately evaluate the effectiveness of its ICFR.

Critical Audit Matters

Mr. Bricker offered the following observations and suggestions regarding implementation of the new requirement for auditors to discuss critical audit matters (AS 3101, The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion):

• “Conduct (or participate in) a dry run this year especially for those engagements that will be adopting the critical audit matter requirements in 2019 – practice builds confidence and improves results. These dry runs are occurring with constructive dialogue among auditors and audit committees about the value of starting the conversation early in the audit cycle, keeping the discussion current for changes and close calls throughout the year, and building into the plan how and to whom a draft of the report will be provided in advance of completing the audit.  This dialogue should help prevent mistakes in reports prepared for investors next year.
• Share implementation questions and other observations with the PCAOB staff and us. Information sharing allows the PCAOB to consider whether any additional communications or guidance is needed and contributes to a post-implementation review the PCAOB is undertaking.
• Understand similarities and differences in different disclosure requirements and standards. For example, management is required to provide disclosures of critical accounting estimates in MD&A – accounting estimates and assumptions that may be material due to the levels of subjectivity and judgment necessary to account for highly uncertain matters or the susceptibility of such matters to change, and that have a material impact on financial condition or operating performance.  Critical audit matters are not designed to duplicate management’s disclosures.”

New Accounting Standards

As of January 1, 2018, most public companies have adopted the new revenue recognition standard. The SEC staff’s initial comments on the new standard have focused on significant judgments in the selection of accounting policies, in particular, the identification of performance obligations, principal versus agent assessments, the timing of revenue recognition and disaggregated revenue disclosures. The SEC staff is likely to comment if the nature, amount, timing and uncertainty of revenue being recognized is unclear or conflicts with other publicly available information.

As for the new lease accounting (ASC 842) and the current expected credit losses standards that most companies will need to adopt in early 2019 and 2020, respectively, a number of panelists spoke about the implications of the adoption of these standards (internal controls, availability of practical expedients) and the need for regulators and businesses to communicate with one another to ensure robust implementation. The SEC staff highlighted for registrants certain disclosure requirements in advance of the adoption of the new standards, such as disclosure of the impact of the new standards on ICFR, including the impact on the risk assessment component of the COSO framework.

*       *       *

Securities practice management attorney Monika G. Kislowska contributed to this client memorandum.