* Solutions for Chapter 2 * Corporate Governance Review Questions: 2-1. Corporate governance is defined as: “a process by which the owners and creditors of an organization exert control and require accountability for the resources entrusted to the organization. The owners (stockholders) elect a board of directors to provide oversight of the organization’s activities and accountability back to its stakeholders. ” The key players in corporate governance are the stockholders (owners), board of directors, audit committees, management, regulatory bodies, and both internal and external auditors. -2. In the past decade, all parties failed to a certain extent. For detailed analysis, see exhibit 2. 2 in the chapter and repeated here: Corporate Governance Responsibilities and Failures Party | Overview of Responsibilities| Overview of Corporate Governance Failures| Stockholders| Broad Role: Provide effective oversight through election of Board process, approve major initiatives, buy or sell stock. | Focused on short-term prices; failed to perform long-term growth analysis; abdicated all responsibilities to management as long as stock price increased. Board of Directors| Broad Role: the major representative of stockholders to ensure that the organization is run according to the organization charter and there is proper accountability. Specific activities include: * Selecting management. * Reviewing management performance and determining compensation. * Declaring dividends * Approving major changes, e. g. mergers * Approving corporate strategy * Overseeing accountability activities. | * Inadequate oversight of management. * Approval of management compensation plans, particularly stock options that rovided perverse incentives, including incentives to manage earnings. * Non-independent, often dominated by management. * Did not spend sufficient time or have sufficient expertise to perform duties. * Continually re-priced stock options when market price declined. | Management| Broad Role: Operations and Accountability. Managing the organization effectively and provide accurate and timely accountability to shareholders and other stakeholders. Specific activities include: * Formulating strategy and risk appetite. * Implementing effective internal controls. * Developing financial reports. Developing other reports to meet public, stakeholder, and regulatory requirements. | * Earnings management to meet analyst expectations. * Fraudulent financial reporting. * Pushing accounting concepts to achieve reporting objective. * Viewed accounting as a tool, not a framework for accurate reporting. | Audit Committees of the Board of Directors| Broad Role: Provide oversight of the internal and external audit function and the process of preparing the annual accuracy financial statements and public reports on internal control. Specific activities include: * Selecting the external audit firm. Approving any non-audit work performed by audit firm. * Selecting and/or approving the appointment of the Chief Audit Executive (Internal Auditor), * Reviewing and approving the scope and budget of the internal audit function. * Discussing audit findings with internal auditor and external auditor and advising the Board (and management) on specific actions that should be taken. | * Similar to Board members – did not have expertise or time to provide effective oversight of audit functions. * Were not viewed by auditors as the ‘audit client’. Rather the power to hire and fire the auditors often rested with management. Self-Regulatory Organizations: AICPA, FASB| Broad Role: Setting accounting and auditing standards dictating underlying financial reporting and auditing concepts. Set the expectations of audit quality and accounting quality. Specific roles include: * Establishing accounting principles * Establishing auditing standards * Interpreting previously issued standards * Implementing quality control processes to ensure audit quality. * Educating members on audit and accounting requirements. | * AICPA: Peer reviews did not take a public perspective; rather than looked at standards that were developed and reinforced internally. AICPA: Leadership transposed the organization for a public organization to a “trade association” that looked for revenue enhancement opportunities for its members. * AICPA: Did not actively involve third parties in standard setting. * FASB: Became more rule-oriented in response to (a) complex economic transactions; and (b) an auditing profession that was more oriented to pushing the rules rather than enforcing concepts. * FASB: Pressure from Congress to develop rules that enhanced economic growth, e. g. allowing organizations to not expense stock options. Other Self-Regulatory Organizations, e. g. NYSE, NASD| Broad Role: Ensuring the efficiency of the financial markets including oversight of trading and oversight of companies that are allowed to trade on the exchange. Specific activities include: * Establishing listing requirements – including accounting requirements, governance requirements, etc. * Overseeing trading activities,| * Pushed for improvements for better corporate governance procedures by its members, but failed to implement those same procedures for its governing board, management, and trading specialists. Regulatory Agencies: the SEC| Broad Role: Ensure the accuracy, timeliness, and fairness of public reporting of financial and other information for public companies. Specific activities include: * Reviewing all mandatory filings with the SEC, * Interacting with the FASB in setting accounting standards, * Specifying independence standards required of auditors that report on public financial statements, * Identify corporate frauds, investigate causes, and suggest remedial actions. * Identified problems but was never granted sufficient resources by Congress or the Administration to deal with the issues. | External Auditors| Broad Role: Performing audits of company financial statements to ensure that the statements are free of material misstatements including misstatements that may be due to fraud. Specific activities include: * Audits of public company financial statements, * Audits of non-public company financial statements, * Other accounting related work such as tax or consulting. | * Pushed accounting concepts to the limit to help organizations achieve earnings objectives. Promoted personnel based on ability to sell “non-audit products”. * Replaced direct tests of accounting balances with a greater use of inquiries, risk analysis, and analytics. * Failed to uncover basic frauds in cases such as WorldCom and HealthSouth because fundamental audit procedures were not performed. | Internal Auditors| Broad Role: Perform audits of companies for compliance with company policies and laws, audits to evaluate the efficiency of operations, and audits to determine the accuracy of financial reporting processes.
Specific activities include: * Reporting results and analyses to management, (including operational management), and audit committees, * Evaluating internal controls. | * Focused efforts on ‘operational audits’ and assumed that financial auditing was addressed sufficiently by the external audit function. * Reported primarily to management with little effective reporting to the audit committee. * In some instances (HealthSouth, WorldCom) did not have access to the corporate financial accounts. | 2-3.
The board of directors is often at the top of the list when it comes to responsibility for corporate governance failures. Some of the problems with the board of directors included: * Inadequate oversight of management. * Approval of management compensation plans, particularly stock options that provided perverse incentives, including incentives to manage earnings. * Non-independent, often dominated by management. * Did not spend sufficient time or have sufficient expertise to perform duties. * Continually re-priced stock options when market price declined. 2-4.
Some of the ways the auditing profession was responsible were: * Too concerned about creating “revenue enhancement” opportunities for the firm, and less concerned about their core services or talents * Were willing to “push” accounting standards to the limit to help clients achieve earnings goals * Began to use more audit “shortcuts” such as inquiry and analytical procedures instead of direct testing of account balance. * Relied on management representations instead of testing management representations. * Were too often ‘advocates’ of management rather than protectors of users. 2-5.
Cookie jar reserves are essentially liabilities or contra-assets that companies have overestimated in previous years to use when times are tougher to smooth earnings. The rationale is that the funds are then used to “smooth” earnings in the years when earnings need a boost. “Smooth” earnings typically are looked upon more favorably by the stock market. An example of a cookie jar reserve would be over-estimating an allowance account, such as allowance for doubtful accounts. The allowance account is then written down (and into the income statement) in a bad year. The result is to increase earnings in the subsequent year. 2-6.
Users should expect auditors to have the expertise, independence, and professional skepticism to render an unbiased and justified opinion on the financial statements. Auditors are expected to gather sufficient applicable evidence to render an independent opinion on the financial statements. 2-7. The Sarbanes-Oxley Act was designed to “clean-up” corporate America, especially in the realms of financial reporting. The overall intent was to encourage better corporate governance; to make the audit committee the auditor’s client; encourage the independence and oversight of the board, and improve the independence of the external audit profession.
There were certainly many factors that led to the Sarbanes-Oxley Act, but the failures at Enron and WorldCom will probably be pointed to in the future as the major factors that led to the act being passed when it was. The Congress intended to develop a new reporting process that would provide just cause for the public to again trust financial statements and the audit processes leading up to the audit opinion. 2-8. The PCAOB is mandated by Congress to set standards for audits of public companies and perform quality control inspections of CPA firms that audit public companies.
In order to carry out these responsibilities, the PCAOB requires all firms that audit U. S. listed (public) companies to register with it. It performs annual inspections on all audit firms that audit more than 100 public companies each year. It performs less frequent inspections, usually once every three years, for audit firms that audit less than 100 companies annually. The PCAOB issues Inspection Reports for each inspection that is performed. The first part describes problems they encountered in their reviews of audits and that part is made public.
The second part describes problems that the firms have with their quality control process. The second part is not issued publicly unless the firms fail to address the problems pointed out within a reasonable time frame – usually no more than a year. 2-9. Management has always been responsible for fairness, completeness, and accuracy of financial statements, but the Sarbanes-Oxley Act goes a step further by requiring the CEO and CFO to certify the accuracy of financial statements with criminal penalties as a punishment for materially misstated statements.
The CEO and CFO must make public their certifications and assume responsibility for the fairness of the financial presentations. It thereby encourages organizations to improve their financial reporting functions. 2-10. Whistle blowing enables violations of a company’s ethical code to be reported to appropriate levels in an organization, including the audit committee. Because of its presence, potential violators know that there is a real possibility and simple avenue by which inappropriate actions may be revealed.
As such, it contains a preventive component that is indirectly helpful to the audit committee in fulfilling its corporate governance role. 2-11. There are a number of provisions that are designed to increase auditor independence. First, Rule 201 of the Act prohibits any registered public accounting firm from providing many non-audit services to their public audit clients. Second, the audit committee became the “client” instead of management, and only the audit committee can hire and fire auditors. Third, audit partners are required to rotate every five years.
Finally, the auditors are expected to follow fundamental principles of independence that have been enacted by the SEC (more details in Chapter 3). 2-12. Management is responsible for issued financial statements. Although other parties may be sued for what is contained in the statements, management is ultimately responsible. Ownership is important because it establishes responsibility and accountability. Management must set up and monitor financial reporting systems that help it meet its reporting obligations. It cannot delegate this responsibility to the auditors. 2-13.
An audit committee is a subcommittee of the board of directors that is composed of independent, outside directors. The audit committee has oversight responsibility (on behalf of the full board of directors and its stockholders) for the outside reporting of the company (including annual financial statements); risk monitoring and control processes; and both internal and external audit functions. 2-14. An outside director is not a member of management, legal counsel, a major vendor, outside service provider, former employee, or others who may have a personal relationship with management that might impair their objectivity or independence.
The audit committee is responsible for assessing the independence of the external auditor and engage only auditors it believes are independent. Auditors are now hired and fired by audit committee members, not management. The intent is to make auditor accountability more congruent with stockholder and third-party needs. 2-15. The primary point of this question is for students to understand that the audit committee’s role is one of oversight rather than direct responsibility. For example, management is responsible for the fairness of the financial statements.
Auditors are responsible for their audit and independent assessment of financial reporting. The audit committee is not designed to replace the responsibility of either of these functions. The audit committee’s oversight processes are to see that the management processes for financial reporting are adequate and the auditor’s carry out their responsibilities in an independent and competent manner. 2-16. The audit committee has the ability to hire and fire both the internal auditor and the external auditor.
However, in the case of the internal audit function, the audit committee has the ability to hire and fire the head of internal audit as well as set the audit plan and budget. The audit committee does not control regulatory auditors, but should meet with regulatory auditors to understand the scope of their work and to discuss audit findings with them. 2-17. The Sarbanes-Oxley Act applies only to public companies. Therefore, the Act does not require non-public companies to have audit committees. That is not to say that it does not happen or is not a good idea, however.
Most stakeholders want an independent party to ensure that their interests are being considered. The AICPA recommends audit committees for smaller public companies. 2-18. The external auditor should discuss any controversial accounting choices with the audit committee and must communicate all significant adjustments made to the financial statements during the course of the audit. In addition, the processes used in making judgments and estimates as well as any disagreements with management should be communicated.
Other items that need to be communicated include: * All adjustments that were not made during the course of the audit, * Difficulties in conducting the audit, * The auditor’s assessment of the accounting principles used and overall fairness of the financial presentation, * The client’s consultation with other auditors, * Any consultation with management before accepting the audit engagement, * Significant deficiencies in internal control. 2-19. The audit committee needs to ensure that the auditor is independent with respect to the annual audit.
In order to ensure that independence, the audit committee must consider all other services that might be performed by the external auditor and approve any such services, in advance. If the audit committee approves the services, they are in essence saying that the provision of the services will not impair the auditor’s independence. 2-20. Good governance is important to the external auditor for a number of reasons, including, but not limited to the following. Good governance * usually leads to better corporate performance, reflects a commitment to a high level of ethics, integrity, and sets a strong tone for the organization’s activities, * requires a commitment to financial reporting competencies and to good internal controls, * reduces the risk that the company will have materially misstated financial statements. If a client does not have good governance, there are greater risks associated with the client. For example, their poor performance may lead to financial failure and lack of payment of the audit fee.
Or their poor governance may lead to improprieties in financial reporting, which puts the auditor at risk in terms of litigation (if the improprieties go undetected by the auditor). 2-21. The auditor might utilize the following procedures in determining the actual level of governance in an organization: * observe the functioning of the audit committee by participating in the meetings, noting the quality of the audit committee questions and responses, * interactions with management regarding issues related to the audit, e. g. * providing requested information on a timely basis, quality of financial personnel in making judgments, * accounting choices that tend to ‘push the limits’ towards aggressiveness or creating additional reported net income, * the quality of internal controls within the organization. * review the minutes of the board of directors meetings to determine that they are consistent with good governance, * review internal audit reports and especially determine the actions taken by management concerning the internal auditor’s findings and recommendations, * review the compensation plan for top management, review management expense reimbursements to determine (a) completeness of documentation, (b) appropriateness of requested reimbursement, and (c) extent of such requests. * review management’s statements to the financial press to determine if they are consistent with the company’s operations. 2-22. Good corporate governance is correlated with increased corporate performance as measured by return on equity, or return on capital. Generally, good corporate governance reduces audit risk as it is less likely that the organization will suffer from problems of management integrity, or would have an environment that might allow or permit fraud.
Less audit risk implies that the amount of work to render an opinion on the financial statements would also be less than that required for a company with poorer corporate governance. 2-23. The three categories of audit standards are general standards, fieldwork standards, and reporting standards. General standards cover the characteristics of the auditor – technical training and proficiency, independence, and due professional care. Fieldwork standards provide guidance concerning planning and performing the audit.
Reporting standards cover the essential elements of the auditor’s communication, including the opinion, the criteria against which the assertions were tested, and an explanation of the basis for the attestor’s opinion. 2-24. Due professional care is the expectation that an audit will be conducted with the skill and care of a professional. The standard of due professional care plays a role in litigation against auditors. Plaintiffs will try to show that the auditor did not do what a reasonably prudent auditor would have done.
To evaluate the standard, a third-party also decides whether someone with similar skills in a similar situation would have acted in the same way. 2-25. There are three important dimensions identified in Exhibit 2. 5: * Scope of Information on which assurance is provided, * Nature of Organizations on which assurance is provided, * Domicile of Company being audited. These three dimensions influence the identification of applicable auditing standards as follows: * A U. S. public company filing annual reports follows PCAOB standards. A U. S. non-public company issuing financial statements, follows AICPA standards, * A foreign company filing financial statements in a different country follows International Standards or the standards of that country, * U. S. companies reporting on other than financial information follows AICPA Attestation or Assurance Standards. 2-26. For the most part, the standards issued by the IAASB are quite similar to that of the two U. S. based audit standard setters. They differ in the following major ways: The auditor must assess the appropriateness of the accounting framework against which the audit opinion will be given (U. S. standards require only that the auditor communicate if the accounting is not consistent with U. S. GAAP. ) * IAASB utilizes a concept of Professional Skepticism rather than independence. * The IAASB utilizes a concept of ‘reasonable assurance’ compared with the U. S. evidence on sufficiency of audit evidence and due professional care, * The IAASB standards include both audit standards and assurance standards. 2-27.
The IAASB Audit Standards are quite consistent with that of the PCAOB as well as that of the AICPA. Most of the concepts are the same, but are stated differently. They are very similar in the following ways: * Requirement of independence, * Gathering and evaluation of sufficient evidence, * Documentation of audit work, * Audit designed to minimize audit risk, * Due professional care vs. reasonable assurance, * Nature of the audit report The AICPA and the IAASB have announced a plan to work towards convergence of existing and future standards. The PCAOB has not yet announced a plan for convergence. 2-28.
An audit engagement applies to the development of an opinion on an organization’s financial statements. It is planned that the financial statements will be used by third parties who do not have direct access to client data. The audit engagement is a form of ‘positive assurance’ in which an opinion must be rendered. An assurance engagement differs from an audit in a number of important dimensions: * It can apply to almost any assertion that management wants to make as long as there is agreed-upon criteria by which to test management’s assertion. It is preferable that the criteria are generally accepted. An assurance engagement generally requires a third party (although assurance can also be provided to the audit client), but it is an identified third-party as opposed to a potential user of financial statements, * Assurance can be given on individual items of a company’s financial statements, rather than the full set of statements. 2-29. Assurance engagements are designed to provide ‘positive assurance’, i. e. the item being attested to is either properly presented, or is not properly presented. For example, one of the Big 4 firms provides assurance to the audience that the votes are properly maintained and counted for the Emmy Awards.
A ‘limited assurance engagement’ does not contemplate a full audit or assurance engagement such that sufficient information (evidence) is gathered to warrant a positive statement about whether the item being assured is, or is not, properly presented. Rather, based on a more limited amount of work, the auditor either states that ‘nothing came to his or her attention – based on the limited procedures – that indicates something is not fairly presented’. This is often referred to as ‘negative assurance’. An even more limited assurance engagement is one in which the accountant expresses ‘no assurance’ whatsoever on the item being reported. -30. * Auditing Standards apply to the auditor’s task of developing and then communicating an opinion on financial statements and, where applicable, independent opinions on the quality of an organization’s internal control over financial statements to the board, management, and outside third parties. * Assurance Standards apply the auditor’s task of developing and communicating an opinion on financial information outside of the normal financial statements, or on non-financial information to management, the board, and outside third-parties.
Assurance services are engagements in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users about the outcome of the evaluation or measurement of a subject matter against criteria. * Attestation Standards is a term used by the AICPA to describe assurance services that involve gathering evidence regarding specific assertions and communicating an opinion on the fairness of the presentation to a third party. Compilation and Review Standards refer to AICPA Standards that apply only to non-public companies where the board or a user has requested some assurance on the fairness of presentation of financial statements. These are referred to as negative assurance standards because the auditor does not gather enough evidence to support a statement as to whether the financial statements are fairly presented. 2-31. Independence means objectivity and freedom from bias. The auditor can favor neither the client nor the third party in evaluating the fairness of the financial statements The auditor must be independent in fact and in appearance.
Independence in fact means the auditor is unbiased and objective. An auditor could be independent in fact if he or she owned a few shares of common stock in an audit client, but might not appear independent to a third party. Independence in appearance means that a third party with knowledge of the auditor’s relationship with the client would consider the auditor to be independent. Professional skepticism, as used in the standards promulgated by the IAASB, has a broader meaning in that it refers to all of the factors that would affect an auditor’s ability to exercise proper skepticism in an audit engagement.
The factors to be considered vary from those associated with the individual, such as objectivity, to those associated with the structure of the firm. These are similar to the independence standards that emphasize both audit firm relationships to the client as well as objectivity. However, the IAASB emphasis on professional skepticism goes a bit further: an auditor could be objective, but not necessarily exercise professional skepticism, i. e. being open to potential explanations of events that are not consistent with the auditor’s prior experiences. Professional skepticism appears to be a broader term than independence. 2-32.
PCAOB – sets audit standards for the audits of all public companies that are registered with the SEC AICPA * sets audit standards for audits of non-public companies * sets attestation standards for areas other than public company reports on internal control sets standards for assurance services that are less in scope than an audit, such as reviews and compilations IAASB – sets standards for financial statement audits on an international basis. Right now, the international standards are being increasingly accepted by all political jurisdictions, but particularly in Europe and many developing countries. Harmonization with U.
S. will continue to be an objective. GAO - sets the standards for financial audits of governmental entities within the U. S. and certain other organizations that receive Federal financial assistance. Goes beyond financial statement audits and also provides standards related to program audits for economy and efficiency of operations. IASB – sets standards for the professional practice of internal auditing around the world. Incorporates other standards by reference where applicable. 2-33. General Standards: The audit and attestation standards both require adequate technical training, expertise, and knowledge.
They also both require independence and due professional care. The attestation standards differ in that they explicitly require links between assertions and reasonable criteria and a reasonably consistent estimation process; the audit standards implicitly assume this link. Fieldwork Standards: The audit and attestation standards both require planning and sufficient evidence. The audit standards go a step further in requiring an understanding of the entity and its environment. Reporting Standards: The reporting standards are completely different. Each reflects the underlying purpose of the engagement, i. . , the audit is designed to test whether the financials adhere to GAAP, whereas the attestation is designed to test a broader and more diverse set of assertions. 2-34. An audit program follows good corporate governance in the following way: Good governance is critical to the development of sound controls in an organization. The stronger the controls, the less risk that the financial statements will be misstated. The development of audit programs follow the standards in determining that sufficient evidence is gathered in order to evaluate the assertions being addressed in the audit engagement.
Further, the gathering and evaluation of that evidence must be done by auditors who are independent of the client – in both fact and in appearance. Finally, the work must be carried out by auditors that understand the standards and exercise due professional care in the conduct of the audit engagement. 2-35. The major planning steps are: * Meeting with the audit client * Developing an understanding of the client’s business and industry * Develop an understanding of the client’s financial reporting processes and controls * Develop an understanding of materiality Develop a preliminary audit program that identifies the audit objectives defined in chapter 1. 2-36. Materiality is defined as the “magnitude of an omission or misstatement of accounting information that, in light of surrounding circumstances, makes it probable that the judgement of a reasonable person relying on the information would have been changed or influenced by the omission or misstatement. ” Materiality guidelines usually involve applying percentages to some base, such as total assets, total revenue, or pretax income and consideration of qualitative factors such as the impact on important trends or ratios.
The base should be a “stable” account however, making total assets a better choice than pretax income. 2-37. The auditor would take a sample of all additions to PP&E and verify the cost through reference to vendor invoices to determine that cost is accurately recorded and that title has passed to the company. If the company was considered high risk, the auditor might choose to physically verify the existence of the asset. Multiple Choice Questions: 2-38. d. 2-39. d. this is part of the profession’s problem, but not a cause of the failure. 2-40. a. 2-41. d. 2-42. a. 2-43. . 2-44. d. 2-45. b. 2-46. a. 2-47. f. Discussion and Research Questions: 2-48. a. The auditor might use the following approaches to determine whether a corporate code of ethics is actually followed: * observe corporate behavior in tests performed during the audit, e. g. approaches the company takes to purchasing goods, promoting personnel, and so forth, * observe criteria for promoting personnel; for example does performance always take on greater importance than how things are done, * observe corporate plans to communicate the importance of ethical behavior, e. g. ebcasts, emails, and so forth to communicate the importance of ethics, * review activity on the client’s whistleblowing website, or a summary of whistleblowing activities reported by the internal auditor, * read a sample of self-evaluations by corporate officers, the board, and the audit committee and compare with the auditor’s observations of behavior, * examine sales transactions made during the end of quarters to determine if the sales reflect ‘performance goals’ as opposed to the company’s code of ethics. b. Are auditors equipped to make subjective judgments?
This should be a great discussion question because many young people are attracted to the accounting profession because there are rules and relative certainty as to how things are done. However, as the profession is evolving, more judgments are required in both auditing and accounting. Audit personnel need to be equipped to make judgments on whether the company’s governance structure operates as intended and whether there are deficiencies in internal control when it does not operate effectively. The profession believes that auditors can make such judgments. . Assessing the competence of the audit committee can occur in a number of ways. Fortunately, the most persuasive evidence comes from the auditor’s direct interaction with the audit committee on a regular basis. The auditor can determine the nature of questions asked, the depth of understanding shared among audit committee members, and the depth of items included in the audit committee agenda. Many audit committees have self-assessment of their activities using criteria developed by CPA firms, or by the National Association of Corporate Directors.
The auditor should also review the minutes of the audit committee meetings and determine the amount of time spent on important issues. An external auditor should be very reluctant to accept an audit engagement where the audit committee is perceived to be weak. There are a number of reasons including: * The lack of good governance most likely influences the organization’s culture and is correlated with a lack of commitment to good internal control. * The auditor has less protection from the group that is designed to assist the auditor in achieving independence. The company may be less likely to be fully forthcoming in discussions with the auditor regarding activities that the auditor might question. d. Internal auditing is an integral part of good corporate governance. It contributes to corporate governance in three distinct ways: * It assists the audit committee in its oversight role by performing requested audits and reporting to the audit committee, * It assists senior management in assessing the continuing quality of its oversight over internal control throughout the organization, * It assists operational management by providing feedback on the quality of its operations and controls. -49. a. Corporate governance is defined as: “a process by which the owners and creditors of an organization exert control and require accountability for the resources entrusted to the organization. The owners (stockholders) elect a board of directors to provide oversight of the organization’s activities and its accountability to stakeholders. ” The key players in corporate governance are the stockholders (owners), board of directors, audit committees, management, regulatory bodies, and auditors (both internal and external). b.
In the past decade especially, all parties failed to a certain extent. For detailed analysis, see exhibit 2. 2 in the chapter and reproduced below: Corporate Governance Responsibilities and Failures Party | Overview of Responsibilities| Overview of Corporate Governance Failures| Stockholders| Broad Role: Provide effective oversight through election of Board process, approve major initiatives, buy or sell stock. | Focused on short-term prices; failed to perform long-term growth analysis; abdicated all responsibilities to management as long as stock price increased. Board of Directors| Broad Role: the major representative of stockholders to ensure that the organization is run according to the organization charter and there is proper accountability. Specific activities include: * Selecting management. * Reviewing management performance and determining compensation. * Declaring dividends * Approving major changes, e. g. mergers * Approving corporate strategy * Overseeing accountability activities. | * Inadequate oversight of management. * Approval of management compensation plans, particularly stock options that provided perverse incentives, including incentives to manage earnings. Non-independent, often dominated by management. * Did not spend sufficient time or have sufficient expertise to perform duties. * Continually re-priced stock options when market price declined. | Management| Broad Role: Operations and Accountability. Managing the organization effectively and provide accurate and timely accountability to shareholders and other stakeholders. Specific activities include: * Formulating strategy and risk appetite. * Implementing effective internal controls. * Developing financial reports. * Developing other reports to meet public, stakeholder, and regulatory requirements. * Earnings management to meet analyst expectations. * Fraudulent financial reporting. * Pushing accounting concepts to achieve reporting objective. * Viewed accounting as a tool, not a framework for accurate reporting. | Audit Committees of the Board of Directors| Broad Role: Provide oversight of the internal and external audit function and the process of preparing the annual accuracy financial statements and public reports on internal control. Specific activities include: * Selecting the external audit firm. * Approving any non-audit work performed by audit firm. Selecting and/or approving the appointment of the Chief Audit Executive (Internal Auditor), * Reviewing and approving the scope and budget of the internal audit function. * Discussing audit findings with internal auditor and external auditor and advising the Board (and management) on specific actions that should be taken. | * Similar to Board members – did not have expertise or time to provide effective oversight of audit functions. * Were not viewed by auditors as the ‘audit client’. Rather the power to hire and fire the auditors often rested with management. Self-Regulatory Organizations: AICPA, FASB| Broad Role: Setting accounting and auditing standards dictating underlying financial reporting and auditing concepts. Set the expectations of audit quality and accounting quality. Specific roles include: * Establishing accounting principles * Establishing auditing standards * Interpreting previously issued standards * Implementing quality control processes to ensure audit quality. * Educating members on audit and accounting requirements. | * AICPA: Peer reviews did not take a public perspective; rather than looked at standards that were developed and reinforced internally. AICPA: Leadership transposed the organization for a public organization to a “trade association” that looked for revenue enhancement opportunities for its members. * AICPA: Did not actively involve third parties in standard setting. * FASB: Became more rule-oriented in response to (a) complex economic transactions; and (b) an auditing profession that was more oriented to pushing the rules rather than enforcing concepts. * FASB: Pressure from Congress to develop rules that enhanced economic growth, e. g. allowing organizations to not expense stock options. Other Self-Regulatory Organizations, e. g. NYSE, NASD| Broad Role: Ensuring the efficiency of the financial markets including oversight of trading and oversight of companies that are allowed to trade on the exchange. Specific activities include: * Establishing listing requirements – including accounting requirements, governance requirements, etc. * Overseeing trading activities,| * Pushed for improvements for better corporate governance procedures by its members, but failed to implement those same procedures for its governing board, management, and trading specialists. Regulatory Agencies: the SEC| Broad Role: Ensure the accuracy, timeliness, and fairness of public reporting of financial and other information for public companies. Specific activities include: * Reviewing all mandatory filings with the SEC, * Interacting with the FASB in setting accounting standards, * Specifying independence standards required of auditors that report on public financial statements, * Identify corporate frauds, investigate causes, and suggest remedial actions. | * Identified problems but was never granted sufficient resources by Congress or the Administration to deal with the issues. External Auditors| Broad Role: Performing audits of company financial statements to ensure that the statements are free of material misstatements including misstatements that may be due to fraud. Specific activities include: * Audits of public company financial statements, * Audits of non-public company financial statements, * Other accounting related work such as tax or consulting. | * Pushed accounting concepts to the limit to help organizations achieve earnings objectives. * Promoted personnel based on ability to sell “non-audit products”. Replaced direct tests of accounting balances with a greater use of inquiries, risk analysis, and analytics. * Failed to uncover basic frauds in cases such as WorldCom and HealthSouth because fundamental audit procedures were not performed. | Internal Auditors| Broad Role: Perform audits of companies for compliance with company policies and laws, audits to evaluate the efficiency of operations, and audits to determine the accuracy of financial reporting processes. Specific activities include: *
Reporting results and analyses to management, (including operational management), and audit committees, * Evaluating internal controls. | * Focused efforts on ‘operational audits’ and assumed that financial auditing was addressed sufficiently by the external audit function. * Reported primarily to management with little effective reporting to the audit committee. * In some instances (HealthSouth, WorldCom) did not have access to the corporate financial accounts. | c. There is an inverse relationship between corporate governance and risk to the auditor i. e. he better the quality of corporate governance, the lower the risk to the auditor. This relationship occurs because lower levels of corporate governance implies two things for the auditor: * There is more likelihood that the organization will have misstatements in its financial statements because the commitment to a strong organizational structure and oversight is missing, * There is greater risk to the auditor because the governance structure is not designed to prevent/detect such misstatements, and will likely not be as forthcoming when the auditor questions potential problems. -50. Element of Poor Corporate Governance| Audit Activity to Determine if Governance is actually Poor| Risk Implication of Poor Governance| The company is in the financial services sector and has a large number of consumer loans, including mortgages, outstanding. | This is not necessarily poor governance. However, the auditor needs to determine the amount of risk that is inherent in the current loan portfolio and whether the risk could have been managed through better risk management by the organization. The lack of good risk management by the organization increases the risk that the financial statements will be misstated because of the difficulty of estimating the allowance for loan losses. The auditor will have to focus increased efforts on estimating loan losses, including a comparison of how the company is doing in relation to the other companies in the financial sector. | The CEO and CFO’s compensation is based on three components: (a) base salary, (b) bonus based on growth in assets and profits, and (c) significant stock options. This is a rather common compensation package and, by itself, is not necessarily poor corporate governance. However, in combination with other things, the use of ‘significant stock options’ may create an incentive for management to potentially manage reported earnings in order to boost the price of the company’s stock. The auditor can determine if it is poor corporate governance by determining the extent that other safeguards are in place to protect the company. In combination with other things, the use of ‘significant stock options’ may create an incentive for management to potentially manage reported earnings in order to boost the price of the company’s stock. The auditor should carefully examine if the company’s reported earnings and stock price differs broadly from companies in the same sector. If that is the case, there is a possibility of earnings manipulation and the auditor should investigate to see if such manipulation is occurring. The audit committee meets semi-annually. It is chaired by a retired CFO who knows the company well because she had served as the CFO of a division of the firm before retirement. The other two members are local community members – one is the President of the Chamber of Commerce and the other is a retired executive from a successful local manufacturing firm. | There is a strong indicator of poor corporate governance.
If the audit committee meets only twice a year, it is unlikely that it is devoting appropriate amounts of time to its oversight function, including reports from both internal and external audit. There is another problem in that the chair of the audit committee was previously employed by the company and would not meet the definition of an independent director. Finally, the problems with the other two members is that there is no indication that either of them have sufficient financial expertise. This is an example of poor governance because (1) it signals that the organization has not made a commitment to independent oversight by the audit committee, (2) the lack of financial expertise means that the auditor does not have someone independent that they can discuss controversial accounting or audit issues that arise during the course of the audit. If there is a disagreement with management, the audit committee does not have the expertise to make independent judgments on whether the auditor or management has the appropriate view of he accounting or audit issues. | The company has an internal auditor who reports directly to the CFO, and makes an annual report to the audit committee. | The good news is that the organization has an internal audit activity. | The bad news is that a staff of one isn’t necessarily as large or as diverse as it needs to be to cover the major risks of the organization. The external auditor will be more limited in determining the extent that his or her work can rely on the internal auditor. The CEO is a dominating personality – not unusual in this environment. He has been on the job for 6 months and has decreed that he is streamlining the organization to reduce costs and centralize authority (most of it in him). | A dominant CEO is not especially unusual, but the centralization of power in the CEO is a risk that many aspects of governance, as well as internal control could be overridden. The auditor should look at policy manuals, as well as interview other members of management and the board – especially the audit committee. The centralization of power in the CEO is a risk that many aspects of governance, as well as internal control could be overridden. This increases the amount of audit risk. | The Company has a loan committee. It meets quarterly to approve, on an ex-post basis all loans that are over $300 million (top 5% for this institution). | The auditor should observe the minutes of the loan committee to verify its meetings. The auditor should also interview the chairman of the loan committee to understand both its policies and its attitude towards controls and risk. There are a couple of elements in this statement that carries great risk to the audit and to the organization. First, the loan committee only meets quarterly. Economic conditions change more rapidly than once a quarter, and thus the review is not timely. Second, the only loans reviewed are (a) large loans that (b) have already been made. Thus, the loan committee does not act as a control or a check on management or the organization. The risk is that many more loans than would be expected could be delinquent, and need to be written down. The previous auditor has resigned because of a dispute regarding the accounting treatment and fair value assessment of some of the loans. | The auditor should contact the previous auditor to obtain an understanding as to the factors that led the previous auditor to either resign or be fired. The auditor is also concerned with who led the charge to get rid of the auditor. | This is a very high risk indicator. The auditor would look extremely bad if the previous auditor resigned over a valuation issue and the new auditor failed to adequately address the same issue.
Second, this is a risk factor because the organization shows that it is willing to get rid of auditors with whom they do not agree. This is a problem of auditor independence and coincides with the above identification of the weakness of the audit committee. This action confirms a generally poor quality of corporate governance. | 2-51. a. External auditors are supposed to perform audits of financial statements to ensure that the statements are free of material misstatements. They work for each of the parties to a certain extent and since they are independent, they will not favor any party over the other.
The auditors are an independent and objective attestor that evaluates the quality of financial reporting and conveys an opinion to all parties involved in corporate governance. b. Some of the ways the accounting profession was responsible were: * Were too concerned about creating “revenue enhancement” opportunities, and less concerned about their core services or talents * Were willing to “push” accounting standards to the limit to help clients achieve earnings goals * Began to use more audit “shortcuts” such as inquiry and analytical procedures instead of direct testing of account balance. Relied on management representations instead of testing management representations. c. The term “public watchdog” implies that auditors will look over the business world and stop bad things from happening. In terms of financial statements, Arthur Levitt said, “We rely on auditors to put something like the good housekeeping seal of approval on the information investors receive. ” The term “public watchdog” places a great deal of responsibility on the shoulders of auditors to protect the public’s interests. 2-52. b&c. Cookie jar reserves are essentially funds that companies have “stashed away” to use when times get tough. The rationale is that the reserves are then used to “smooth” earnings in the years when earnings needs a boost. “Smooth” earnings typically are looked upon more favorably by the stock market. An example of a cookie jar reserve would be over-estimating an allowance account, such as allowance for doubtful accounts. The allowance account is then written down (and into the income statement) in a bad year.
Auditors may have allowed cookie jar reserves because they are known to smooth earnings, and smooth earnings are rewarded by the market. On the flip side, fluctuating earnings are penalized, and present more risk to the company of bankruptcy or other problems. The Sarbanes-Oxley Act addressed the issue by creating an oversight body, the PCAOB, but also addressed the issue in other ways. For example, Congress felt that creating more effective Boards would decrease the use of earnings management. Allowing improper revenue recognition is one thing that auditors may have done in their unwillingness to say “no” to clients.
For example, companies shipped out goods to customers at the end of the year for deep discounts and allowed returns at the beginning of the next year. This practice is known as channel stuffing. Since the goods had a great chance of being returned, it would be improper to recognize all as revenue. Again, auditors were unwilling to say “no” to clients. Greed is probably the reason here. If companies claim more revenue, their stock would grow in the short-term, making management richer, and making management more willing to give pay raises to their auditors.
With the establishment of stronger audit committees and certification of financial statements in the Sarbanes-Oxley Act, this kind of accounting trickery will certainly decrease. Creative accounting for M&A included the use of the “pooling” method of accounting. Pooling allowed acquiring companies to value existing assets at historical costs and did not require the recognition of goodwill for the acquisition. Because true costs (values) were not shown on the financial statements, management was often encouraged to bid up prices for acquisitions with the result that many of them were not economic.
The creative accounting also shielded the income statement from charges that would have otherwise hit income including: goodwill amortization, depreciation, and depletion expenses. Greed, the same reasons as the revenue recognition issue, was most likely the motivation for this creative accounting. Discussion between an educated audit committee and auditor plus certification of financial statements required by Sarbanes-Oxley will certainly address this issue. Assisting management to meet earnings.
Too often, auditors confused ‘financial engineering’ with value-adding. In other words, auditors often sought to add value to their clients by finding ways to push accounting to achieve earnings objectives sought by management. These earnings objectives then played a major role in escalating stock prices – all desired because of the heavy emphasis of management compensation on stock options. Incentives were misaligned. Most of management compensation came in the form of stock options.
Better audit committees, increased auditor responsibility, identification of users as the client of the auditor, and management certification of statements will address the issue via requirements of the Sarbanes-Oxley Act. 2-53. a. Some ways that the impact of the Sarbanes-Oxley Act affects the external audit profession: * The creation of the PCAOB puts a watchful eye on the accounting industry. * Reporting on internal controls is required by the external auditor, adding to their workload but also strengthening their value to organizations and giving them more assurance when giving an audit opinion. Auditors can now feel more comfortable taking issues to the audit committee * Audit partners must rotate off every five years. This will create a difficult transition at every client every five years. * With the cooling off period, audit partners or managers cannot take jobs with clients as easily. b. The Sarbanes-Oxley Act encourages effective internal audit functions for all public companies. The internal audit profession has been active in assisting companies in complying with the internal control provisions of the Act. c. This could be argued either way.
On one side, the legislation clearly creates a “watchdog” of the accounting industry, which decreases the power and prestige as the profession is no longer self-regulated. On the other hand, the Act and recent business press has brought a lot of attention to the accounting industry, which has educated the world about the role of accountants in the economy, and possibly increased their power and prestige. Now, there is a general feeling that the public accounting profession has reestablished itself as a watchdog for investors and see the audit committee as their primary client.
Overall, the consensus seems to be that the profession has regained a great deal of its prestige. 2-54. a. The Sarbanes-Oxley Act changed responsibilities of management in the following ways: * Requirement that CEO and CFO certify the financial statements and disclosures * Requirement that companies provide a comprehensive report on internal controls over financial reporting * Requirement to describe whether they have implemented a Corporate Code of Conduct, including provisions for whistleblowing, and processes to ensure hat corporate actions are consistent with the Code of Conduct. b. Under The Sarbanes-Oxley Act, management is no longer the “client. ” The auditor reports to the audit committee, who is independent of management. With these changes, the auditor should be able to be “tougher” on management because the audit committee will be demanding it. However, the auditor still has to work with management to gain access to needed information, as well as understanding management intent as management intent drives some accounting treatments. . The CEO and CFO, as members of management, are ultimately responsible for the financial statements. The chair of the audit committee and the external auditor are then responsible to a certain extent, probably more in the minds of the public than in reality. Finally, the Director of Internal Audit is the least responsible of the group, as they are essentially employees of management and the audit committee. 2-55. a. The audit committee must be comprised of “outside” independent directors, one of whom must be a financial expert.
The audit committee now has the authority to hire and fire the external auditor, and will therefore serve as the auditor’s primary contact, especially for accounting and audit related issues. In addition, the audit committee sets the scope for and hires internal auditors. They must review the work of both parties. b. The audit committee certainly takes on much more responsibility with the new standard. They will now be much more informed about the audit function and financial reporting processes within their company. The auditor must report all significant problems to the audit committee.
For auditors, the reporting relationship should reinforce the need to keep the third-party users in mind in dealing with reporting choices. c. The audit committee is basically in a position of mediator, but not problem solver. One member must be a financial expert, but all members must be well versed in the field. This financial knowledge can help the audit committee to understand the disagreement. Ultimately, the auditor has to be able to give a clean audit opinion. If they believe a certain accounting treatment to be wrong, they do not have to give that clean opinion.
In this way, neither the audit committee nor management can necessarily solve a dispute. d. The accounting choice is acceptable, and thus, the financial statements are fairly presented in accordance with GAAP. The fact that the auditor believes there is a better treatment should be communicated to important parties as follows: * Management – the communication should be made directly, and the rationale for the auditor’s opinion should be explained to management and documented in the working papers. The working papers should also include the client’s rationale for the chosen accounting treatment. Audit Committee – Both management’s chosen treatment and the auditor’s preferred treatment should be communicated to the audit committee. Preferably the communication would include both verbal communication and written communication. The rationale for accepting management’s accounting treatment should also be communicated. * Users of the Financial Statement – There is no required communication to the outside users of the financial statements as long as the auditor has concluded that the financial statements are fairly presented in accordance with GAAP. 2-56. . An audit committee is a subcommittee of the board of directors; it is responsible for monitoring audit activities and serves as a surrogate for the interests of shareholders. Audit committees should preferably be composed of outside members of the board, that is, members who do not hold company management positions or are closely associated with management. b. The following information should be discussed with the audit committee: * A summary of the auditor's responsibilities under GAAS. Auditor responsibilities change over time as new standards are issued.
The audit committee should always be aware of the nature of the audit function within the organization. * Initial selection or major changes in significant accounting policies that could have a material affect on financial statement presentation. The audit committee needs to know how the choice may affect both current reports and future financial reports as well as the rationale for the choice because it is presumed that companies select the accounting principles that best reflect the economic substance of their transactions and are thus changed only when dictated by standard-setting bodies or when the economics of the situation change. The process utilized by management to make significant estimates and other management judgments such as loan loss reserves in banks and savings and loans and insurance reserves in insurance companies. * Significant audit adjustments that may reflect on the stewardship and accountability of management, even if management agreed to make the adjustments. * The auditor's review of and responsibility for other information contained in an annual report (outside of the audited financial statements). * All major accounting disagreements with management, even if such disagreements are eventually resolved to the auditor's satisfaction. The auditor's knowledge of management's consultation with other auditors regarding accounting or auditing issues. * Any significant accounting or auditing issues discussed with management prior to the acceptance of the audit engagement - in particular, any positions taken regarding the proper accounting of controversial areas should be disclosed. * Any difficulties encountered in performing the audit, especially any activities undertaken by management that might be considered an impairment of the audit function. * Internal audit plans and reports and management’s responses to those reports. The extent to which the client has implemented a comprehensive plan of risk assessment and the organization’s plans to mitigate, share, control, or otherwise address those risks. * Any known internal control weaknesses that could significantly affect the financial reporting process. The rationale for this communication is that the board of directors through