Issuer Reporting and Disclosure Remains Focus of SEC and Other Regulators

Perkins Coie
Contact

Perkins Coie

In a recent speech, SEC Enforcement Director Andrew Ceresney confirmed the SEC’s continued pursuit of investigations and enforcement actions relating to issuer reporting and disclosure, an area that remains a high priority for the SEC and other regulators.  Given the regulators’ focus and increased resources in this area, public companies and their auditors should assess their current practices, incorporate the regulators’ expectations in their planning, and take steps to reduce their risks.

SEC Increases Risks in Financial Reporting and Disclosure

Beginning in 2007, the percentage of SEC cases relating to issuer reporting and disclosure declined steadily from 33% to 10% in 2013.  To stem the decline, the SEC created the Financial Reporting and Audit Task Force in July 2013, a group that became permanent in 2015 and is now known as the Financial Reporting and Audit (or FRAud) Group.  As Ceresney noted in his speech, the SEC’s renewed focus in this area has resulted in an increase in enforcement actions.  The SEC Enforcement Division’s Focus on Auditors and Auditing, Andrew Ceresney, September 22, 2016.  The SEC more than doubled its actions in the issuer reporting and disclosure area from fiscal year 2013 to fiscal year 2015.  We expect that the numbers for 2016, scheduled for release at the end of October, will be approximately the same as 2015.  The increased number of enforcement actions, and the developments discussed below, reflect heightened regulatory scrutiny of accounting, financial reporting and disclosure issues, creating risks for issuers and their accountants.

SEC Enforcement Director Remains Bullish

Ceresney, the keynote speaker at ALI’s Accountants’ Liability 2016 conference in Washington, D.C., directed his remarks primarily to the SEC’s actions against auditors and accountants.  He observed that a common thread involved deficiencies in the “indicators of good auditing” practices, such as lack of due professional care and professional skepticism, insufficient appropriate audit evidence to support the audit opinion, and improper documentation of all work.  Ceresney observed that recent cases also highlight inadequate audit planning, insufficient training or supervision of staff, over-reliance on management representations without sufficient corroborating evidence, failures in auditing valuation estimates by management, and failures in understanding and appropriately auditing related party transactions. 

Ceresney and a number of other conference speakers also discussed independence issues, which continue to be a major concern of regulators at the SEC and the Public Company Accounting Oversight Board (PCAOB).  Ceresney noted the settlement of two recent cases alleging independence violations against Ernst & Young and several of its partners that arose from close personal relationships between senior management of audit clients and senior audit engagement personnel.  Ernst & Young LLP, et al., AP File No. 3-17552 (Sept. 19, 2016); Ernst & Young LLP, et al., AP File No. 3-1755 (Sept. 19, 2016).  One case involved a romantic relationship and the other entertainment and gifts from an auditor to a client with a value of more than $100,000.  To settle the charges, Ernst & Young agreed to pay $9.3 million in combined disgorgement, interest, and penalties.

One troubling aspect of Ceresney’s speech was his characterization of auditors as “essential partners” of the SEC and “public watchdogs.”   However, the applicable accounting standards on independence do not require auditors to act as the SEC’s agent: “independence does not imply the attitude of a prosecutor but rather a judicial impartiality that recognizes an obligation for fairness. . . .”   PCAOB General Auditing Standard (AS) 1005: Independence.  Assuming a role as an “essential partner” of the SEC would be at odds with the requirement that an accountant remain “capable of exercising objective and impartial judgment on all issues encompassed within the accountant’s engagement.”  17 CFR 210.2-01(b).

SEC Continues to Refine Enforcement Tools

A number of other regulators from the SEC and the PCAOB also provided their views during the conference.  Margaret McGuire, chair of the SEC Enforcement Division’s Financial Reporting and Audit Group, participated on a panel with Perkins Coie partner Lou Mejia, the former Chief Litigation Counsel of the SEC.  In her remarks, McGuire touched on seven important takeaways relating to the group’s priorities:

  1. The group has increased in size and is composed of 36 attorneys and accountants nationwide.  Among other things, the group identifies emerging issues, provides training and offers guidance within the SEC.
  2. The SEC is continuing its Issuer Monitoring initiative by which it uses a methodology to review the data of selected issuers for areas of high-risk and anomalous financial results.  Last year, the SEC identified 250 issuers of interest, and audit firms for these issuers were also under review.
  3. The SEC remains focused on gatekeepers as an outgrowth of its 2013 Operation Broken Gate initiative, by which it scrutinized individuals it considers to be the “gatekeepers” for protecting investors.  These gatekeepers include auditors who are responsible for helping ensure fair financial presentation and disclosure by public companies.
  4. The SEC continues to use internal data analytics tools under the Corporate Issuer Risk Assessment program (CIRA), which enable the SEC to review combined data from financial statements, corporate reports, auditors, third-party databases, market data, and XPRL data.
  5. Internal Control Over Financial Reporting (ICFR) continues to be a focus of the SEC.  McGuire said the SEC looks for signs that an issuer’s control environment may be weak, including insufficient staffing, as was cited in a recent SEC enforcement action.
  6. The SEC continues to rely on tips from whistleblowers, which have served as a rich source of leads for SEC enforcement.  On a related note, McGuire commented on the significance of a case brought last spring in which the SEC took an issuer to task for its alleged inadequate response to the allegations of a whistleblower.
  7. The question of whether the SEC will seek admissions of wrongdoing, a recent trend, is determined on a case-by-case basis, despite two high profile cases in 2015 against audit firms involving admissions.  Grant Thornton, LLP, AP File No. 3-16976 (December 2, 2015); BDO USA, LLP, AP File No. 3-16800 (September 9, 2015).

What to Do Now to Reduce Risk

Issuers

Based on recent SEC cases and the remarks of enforcement officials, issuers should consider the following factors to reduce risks:

  • An issuer’s public filings are being closely scrutinized through the SEC’s use of data analytics and the CIRA program.  Companies should pay particular attention to any results or information that could be construed as anomalous with the issuer’s peer group.
  • Expect your auditors to focus more closely on management representations and estimates.
  • The SEC considers internal control issues as low hanging fruit, which can expose issuers to a broader investigation.  Now may be a good time for an internal control review, including an assessment of resources and staffing, which the SEC has been scrutinizing lately.
  • Robust policies and procedures for the proper handling of whistleblower complaints are imperative.  While an inadequate review of a whistleblower complaint is not a securities law violation per se, it can be an aggravating factor in determining the type of charges and the amount of any civil penalty.  Of course, taking any steps to impede or retaliate against a whistleblower will result in an independent securities law violation.
  • High-level executives, including CEOs, CFOs and general counsels, are increasingly named as individual respondents in SEC enforcement actions for financial reporting or disclosure failures.  Such executives must be attuned to the SEC’s expectations of them, even if the finer points of accounting transactions and disclosure issues are properly delegated to others.

Auditors

Ceresney offered “key lessons and takeaways” for the auditing profession.  While some of these points might seem obvious, the list puts auditors on notice of the SEC’s expectations:

  • Ensure that the firm and its assigned personnel have sufficient capacity and competence to audit the client in accordance with professional standards. 
  • Plan and execute audits properly, identifying and addressing significant risks through adequate audit procedures.
  • Ensure auditors exercise appropriate professional skepticism, gather sufficient appropriate audit evidence, adequately document work and, particularly when troubling issues arise, require more audit evidence in addition to appropriate reliance on representations from management.
  • Ask auditors to consult internally when particularly troublesome issues arise.
  • Instruct firms to have robust monitoring processes and training on independence issues so that firms and individual auditors comply with independence requirements and are aware of areas of potential independence violations.

The SEC Enforcement Division’s Focus on Auditors and Auditing, Andrew Ceresney, September 22, 2016 at 8.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Perkins Coie | Attorney Advertising

Written by:

Perkins Coie
Contact
more
less

Perkins Coie on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide