Category: Audit

A Seminal Challenge for the Audit and Compliance Committee

Published by

Michael Peregrine

Federal deregulation efforts are taking place while at the same time we are witnessing heightened expectations of governance accountability. The rapid convergence of these two trends is creating a seminal challenge for the audit and compliance committee of many corporate boards.

At the surface, it is hard to spot any corporate negatives to the administration’s deregulation initiatives. Indeed, boards may well embrace the expectation of relaxed regulations and more limited civil and criminal enforcement activity.

Yet, there is a legitimate concern that executives and line managers who are ordinarily prone to “push the edge of the envelope,” may interpret deregulation as a “green light” to pursue   business strategies that may be legally problematic. This attitude could threaten the authority and influence of the committee’s compliance agenda.

This relaxing of executive attitudes towards legal boundaries would come at the worst possible time, with emerging expectations of fiduciary obligations heading in exactly the opposite direction. Rather than relaxing expectations of compliance program oversight, these trends (reflected in court decisions, regulatory actions, and academic commentary) would hold directors more directly accountable for corporate compliance failures. “Where was the board when all this was going on?”  Now especially, the audit and compliance committee is well advised to be pro-active in asserting its oversight powers.

These converging initiatives are highlighted by several recent developments.

Deregulation Developments

The “Brand Memorandum” from the Department of Justice (DOJ) is the most recent compliance extension of administration-driven deregulation. The specific focus of the Brand Memorandum is to (i) confirm that the DOJ may not use its enforcement authority to effectively convert agency guidance into binding rules; and (ii) prohibit DOJ attorneys from using noncompliance with guidance documents as a basis for proving legal violations in civil enforcement actions, including but not limited to actions brought under the False Claims Act.

Examples of such guidance include documents such as preamble commentary, manuals, bulletins, fraud alerts, policy guidance, advisory opinions, and national and local coverage determinations. Often times, such guidance is woven into corporate compliance programs and risk guidelines, as may be relevant to a particular industry sector.

The Brand Memorandum provides defendants with a valuable tool in defending FCA actions—whether brought by the DOJ or relator’s counsel—that attempt to use alleged noncompliance with agency sub-regulatory guidance as support for a False Claims Act theory. It does not, however, suggest any relaxation of existing DOJ enforcement practices.

The pending release of long-anticipated revisions to the controversial Yates Memorandum would likely add to the audit and compliance committee’s burden. According to Deputy Attorney General Rod Rosenstein, the changes to Yates will be “modest,” and are intended to address possible ambiguities and potentially inconsistent applications of policy.

The main idea of the Yates Memorandum, holding individuals accountable for corporate wrongdoing where appropriate, is expected to be kept in place. But the corporate compliance concern is the potential for organizational misperceptions that because of the Brand Memorandum, “Yates has been repealed,” and that individual accountability is no longer a focus of government enforcement policies.

Board Accountability Developments

The Delaware Supreme Court requires a very high burden of proof to sustain a claim for breach of the director’s Caremark compliance program oversight duty. However, leading governance observers acknowledge the potential that, given harsh fact patterns (e.g., material harm to consumers or shareholders), courts may less strictly apply the Caremark standard in the future. A recent decision of the Federal District Court in Northern California, involving a derivative action against the officers and directors of a financial services firm for breach of fiduciary duty, lends credence to this concern.

There, the court denied a motion to dismiss filed by the defendant officers and directors. The court was sufficiently persuaded by the totality of red flags of which the board was allegedly aware, and the fact that many of them were presented in the form of direct communications and reports to the board. The court also appeared persuaded by the fact that many of the defendant officers and directors also served on committees with direct oversight over the alleged conduct that was the source of the losses cited in the complaint. Thus, the case continues.

The Federal Reserve Bank’s February enforcement action against Wells Fargo & Co., with its concurrent impact on officers and directors, is the most recent indication that regulatory agencies may be willing to hold directors personally accountable for serious corporate compliance and conduct failures occurring during the period of their board service. The Fed clearly sought to hold governance responsible for the weakness of the company’s risk management and legal compliance programs. It is conceivable that this enforcement action may serve as a model for other regulatory agencies confronting issues associated with corporate compliance breakdowns.

More generally notable are efforts such as the New York City Comptroller’s Boardroom Accountability Project 2.0, which is intended to improve the quality of boards of directors.

A Possible Approach

Boards may need to take proactive steps in order to counter the consequences of the convergence of deregulation and accountability. It may be important to send a clear message throughout the organization that corporate policies on legal compliance, corporate conduct, and legal risk evaluation of business initiatives will not change—and may even be strengthened.  This action would build upon the elements of director accountability increasingly identified by courts and regulatory entities; i.e., that compliance committees should be particularly engaged in monitoring the legal risks of business strategies.

The committee may thus choose to increase its focus on, among other steps, ensuring that (i) the business strategies approved by the board are consistent with the risk management capabilities of the company; (ii) the company’s risk management and legal compliance programs are sufficiently robust to prevent improper behavior; (iii) the board has sufficient information to carry out its responsibilities; (iv) robust inquiry and demand for further information is made about serious compliance issues that come to the board’s attention; and (iv) corporate culture recognizes the importance of adherence to internal policies, and awareness of regulatory agency guidance documents.

Michael W. Peregrine, a partner at the law firm of McDermott Will & Emery, advises corporations, officers, and directors on matters relating to corporate governance, fiduciary duties, and officer and director liability issues. His views do not necessarily reflect the views of the firm or its clients. Mr. Peregrine thanks his partner, Tony Maida, for his contributions to this post.

Updating the Auditor’s Report: Opportunities and Challenges

Published by

Scott Zimmerman, Phillip Austin, Marty Baumann, Dan Sunderland, and the author discuss “Challenges Facing the Audit Profession” at the AAA’s 2018 Auditing Section Midyear Meeting.

“The new audit report is a great opportunity for the profession.” So spoke Marty Baumann, chief auditor and director of professional standards at the US Public Company Accounting Oversight Board (PCAOB), at a panel during the American Accounting Association (AAA) Auditing Section’s midyear meeting this past January.

I agree wholeheartedly with Marty.

Updating the auditor’s reporting model in the United States represents an extraordinary opportunity, as it has in the United Kingdom and elsewhere. Yet as we discussed on that January panel, with opportunities come challenges—and I have put together some strategies for addressing those challenges.

The Standard

To understand the opportunities and challenges associated with updating the auditor’s report, it helps to start with the basic elements of the new PCAOB auditing standard.

The standard features a phased implementation approach. The first phase—which affects PCAOB audits of companies with fiscal years ending on or after December 15, 2017—includes disclosing auditor tenure and other changes to the form and content of the auditor’s report.

The second phase of implementation requires communication of critical audit matters (CAMs). The standard defines a CAM as any matter arising from the audit of the financial statements that meets all the following criteria:

  • was communicated or required to be communicated to the audit committee;
  • relates to accounts or disclosures that are material to the financial statements; and
  • involved especially challenging, subjective, or complex auditor judgment.

The effective dates for CAMs to be included in the auditor’s report are (1) fiscal years ending on or after June 30, 2019 for audits of large accelerated filers and (2) fiscal years ending on or after December 15, 2020 for audits of all other companies to which the requirements apply.


What opportunities will these changes bring? Conversation at the AAA panel covered a range of possibilities.

  1. Possible insights for investors. Scott Zimmerman, a partner at EY and its Americas Assurance Innovation division said that each audit should result in “some type of meaningful insight.” Baumann suggested that such insights can “add to the total mix of information that investor use in making decisions,” and offered his view that the audit report could, for some investors, even become “the first place to go in a very big 10-K with a complex set of financial information.”
  2. Differentiation via technology. As a digital expert, EY’s Zimmerman knows how technology can be a competitive differentiator for audit firms, particularly as use of data analytics and artificial intelligence grows. He noted that EY, like many firms across the profession, is examining how technology can be leveraged in the context of the CAMs that will be communicated in an expanded auditor’s report.
  3. Future academic research. As each audit generates insights, academics can sift through the data to track broader patterns in financial reporting. Baumann noted that researchers might investigate possible correlations between CAMs and stock prices, for example, or financial disclosures.


While acknowledging the excitement around these and other opportunities, panelists also recognized challenges.

  1. Boilerplate potential. In December 2017, US Securities and Exchange Commision Chair Jay Clayton quipped that it would be a “bummer” if CAMs devolved into boilerplate language of little or no use to investors. At the AAA meeting, panelist Dan Sunderland, chief auditor and national leader for Audit and Assurance Services at Deloitte & Touche LLP, noted that the nature of the disclosure in CAMs would be the “keys to the kingdom”—and that auditors are well aware of the importance of avoiding boilerplate.
  2. Interference with audit committee communication. Panelist Phillip Austin, the national managing partner of Auditing at BDO USA, noted that, with the new disclosure of CAMs, some company executives might be tempted to “manage” communication between the auditors and the audit committee.
  3. Disclosure tension. In the discussion, panelists contemplated scenarios where auditors may disclose in CAMs information that management is not obliged to disclose. “That’s going to be tricky,” said Austin. Baumann indicated this would be an area that the PCAOB would track carefully.

Strategies for Success

To make the most of the opportunities presented by the new report, panelists discussed strategies to address the challenges of implementing the new reporting models. Audit committee members should become familiar with the following strategies for success.

  • Maintain open dialogue between auditors and audit committees. As with many items related to the financial reporting process, strong and ongoing communication will be critical around the new auditor’s report. Baumann cited the importance of dialogue around challenging issues, such as revenue recognition or significant and unusual transactions that a company might have, that could be critical audit matters. To foster this dialogue, the Center for Audit Quality (CAQ) has produced a tool for audit committees regarding changes to the auditor’s report.
  • Pilot-testing. For auditors, “the critical thing is to try to pilot things in the short run,” said Sunderland. This pilot-testing should involve auditors talking through the process with the audit committee, he added.
  • Pay close attention to the post-implementation review. For regulators, it will be vital to monitor implementation of the standard, particularly given risks such as creeping boilerplate. Marty Baumann voiced the PCAOB’s strong commitment to robust post-implementation review, starting with the implementation of CAMs.

What challenges, opportunities, and necessities do you see regarding updating the auditor’s report? I welcome your thoughts in the comments. And be sure to visit the CAQ’s resource page on auditor reporting for more information.

Cindy Fornelli is a securities lawyer and has served as the Executive Director of the Center for Audit Quality since its establishment in 2007.

What to Look for in an Effective Audit Committee Chair

Published by

Paula Loop

The entire board relies on the hard work of the audit committee to meet its overall objectives. But audit committees today are faced with the heavy burden of regulatory mandates and growing investor expectations. Workloads are increasing, and they have to oversee more complex areas. Many audit committees are asking whether they have the right approach to meet the demands.

One way to ensure the effectiveness of the audit committee is to have a strong chair. Good leadership and effectiveness go hand in hand, and a strong chair can get the most out of the committee members. By choosing a strong leader for this essential role, your entire board will be able to have greater confidence that the audit committee is on top of the issues.

So what makes a strong audit committee chair? Audit committee chairs need to have experience, healthy skepticism, integrity, and strong communication skills. And to be a truly effective, he or she has to take the time to really work on the committee agenda and make sure meetings run well. They also need to be able to effectively coordinate with other board committees, such as the risk and compensation committees.

Here are six other attributes that I have observed in great audit committee chairs:

  • Highly experienced: Strong audit committee chairs need to have a good understanding of the business, its risks, and controls. They also know what topics to elevate to the full board, and when to do so.
  • Professionally skeptical: They’re willing to provide an independent point of view and are intellectually curious. They will look for additional information when they aren’t happy with the answers they get frommanagementand
  • Possesses integrity and confidence: They promote a strong “tone at the top” for the company and for the committee. They also need to ensure that all elements of the charter are being addressed.
  • Organized and proactive: They’re able to prioritize the most important items on the agenda. They’re good discussion facilitators and know when to cut off low-value discussions.
  • Strong communication and interpersonal skills: They provide clear updates of issues to the full board. They’re not afraid to ask difficult questions and have uncomfortable conversations with members of management, service providers, and even other committee members.
  • Willing to devote the time and energy: Chairing the audit committee requires a big time commitment—agendas are denser, filings are more voluminous, and compliance is more time-consuming. So the chair has to be ready, willing, and able to dedicate the time to the job. Strong chairs take the time to develop the agenda and effectively execute meetings. They also make themselves available to management and other board members. The time commitment of the audit committee chair goes well beyond just the meeting time dedicated to that committee, not to mention meetings of the full board.

Strong audit committee chairs understand that an effective audit committee means more than simply meeting stock exchange composition requirements. They recognize the importance of having a diverse committee made up of members with the right experience, expertise, and both hard and soft skills. They keep the committee refreshed and use the assessment process to ensure that all committee members are functioning effectively.

Having a strong audit committee chair at the helm can help ensure that the audit committee not only keeps up but excels.

For more on this topic, read the latest in our Audit Committee Excellence Series, Audit committee effectiveness: practical tips for the chair. You can also find more audit committee resources on our website.