How does the American Institute of Certified Public Accountants define internal control?
|
The American Institute of Certified Public Accountants (the "AICPA") respectfully submits the following written comments on the Securities and Exchange Commission's (the "SEC" or the "Commission") proposed rules regarding management's reporting on the effectiveness of internal control over financial reporting (the "Proposed Rule"). The AICPA is the largest professional association of certified public accountants in the United States, with more than 350,000 members in business, industry, public practice, government and education. Show
The AICPA acknowledges the enormous effort put forth by the members and staff of the Commission to implement the provisions of the Sarbanes-Oxley Act of 2002 (the "Act"). We are firmly committed to working with the Commission in accomplishing the timely and effective implementation of the Act and rebuilding the faith of investors who depend on accounting professionals for accurate, clear, timely and relevant financial information. We further acknowledge the very technical nature of the Proposed Rule and our comments. As a result, we stand ready to meet with the Commission and its staff to further clarify any of our recommendations. Executive Summary The AICPA has long supported reporting on the effectiveness of internal control over financial reporting by public companies accompanied by auditor attestation because effective internal control is a critical component of reliable financial reporting. We believe that this practice will lead to increased quality in the preparation of financial statements and to improved investor confidence in the financial markets. We therefore support the Commission's proposal to issue rules to implement the requirements in Section 404, "Management Assessment of Internal Controls," of the Act. We believe that incorporating our recommendations into the Proposed Rules will enhance the reports for users in several significant ways and also improve implementation by companies and auditors. Our comments focus primarily on the need for the final rule to:
Internal Control Objectives The final rule should align the internal control objectives that are required in management's report on internal control with those required in the accountant's attestation report on internal control. We are concerned that inconsistencies between the required content of management's report as set forth in Section 404 and in the Proposed Rule, and of the auditor's report as set forth in Section 103, will lead to confusion among users of the reports, and misunderstanding between management and auditors, about the objectives of internal control over financial reporting. The Commission proposes to amend Item 307 of Regulations S-K and S-B, as well as Forms 20-F and 40-F, to require a company's annual report to include an internal control report of management as of the end of the company's most recent fiscal year that includes, among other matters, management's "conclusions about the effectiveness of the company's internal controls and procedures for financial reporting." This requirement is consistent with Section 404 of the Act. Section 103 of the Act, however, appears to require, pursuant to action by the Public Company Accounting Oversight Board (PCAOB), that the registered public accounting firm present in its audit report, or in a separate report, an evaluation of whether the company's internal control structure and procedures:
We believe that the Commission should require that the objectives stated above are included in management's assessment and report about the effectiveness of the company's internal control over financial reporting in order to promote comparability among issuers and to create alignment between management's and the independent auditor's reports. The Commission indicates in the Proposed Rule that to specify the content of management's report would result in boilerplate responses of little value. We disagree. Users of these reports need to be informed about the internal control objectives the entity's internal control is designed to achieve, and the statement of those objectives in issuers' reports needs to be consistent to afford comparability among issuers' reports. In the absence of a requirement that management's report specify the objectives stated above, we are concerned that issuers may tailor their reports by presenting various and different internal control objectives that may not satisfy the intent of the Act and that will be confusing to users. In addition, the objectives that form the basis of management's assessment and the independent auditor's examination must be in accord. The independent auditor must not be required to evaluate the entity's internal control against objectives that the entity's management is not required to use to perform their assessment, nor should the auditor be required to opine on objectives for which management takes no responsibility. Furthermore, it is important that management's and the independent auditor's reports disclose the same objectives to avoid confusion by users of these reports about the objectives encompassed by internal control over financial reporting. Appendix A attached hereto provides sample paragraphs from what might be management's and independent accountant's reports incorporating the objectives of internal control over financial reporting that are described in Section 103 of the Act. Portions of the reports are shaded to indicate how they mirror one another with respect to these objectives. We also note that the Commission indicates that they believe that the purpose of internal controls and procedures for financial reporting, which they believe is consistent with Section 103 of the Act, is:
We do not believe the Commission should adopt the bullets directly above as the required purpose or objective in management's report because we are concerned that there may be no flexibility to modify the language in the auditor's report to conform the purpose or objectives set forth in Section 103. The objectives that form the basis of management's report and the independent auditor's report must be in accord. A lack of alignment between management's and auditor's reports would lead to confusion among users of the reports and misunderstanding between management and auditors. The different language that is used to describe the purpose of internal control identified in the Proposed Rule and the purpose or objectives of internal control stated in Section 103 suggests that these purposes or objectives may not be consistent. Accordingly, we believe the final amendments to Items 307 of Regulations S-K and S-B, and Forms 20-F and 40-F, should at a minimum specify the internal control objectives that issuers' internal control over financial reporting are expected to achieve, and that the objectives specified should include those set forth in Section 103 of the Act so that management's and the independent auditor's reports disclose the same objectives. Required Use of Suitable Control Criteria Established through Due Process The final rule should require that management assess the effectiveness of its internal control over financial reporting using suitable, recognized control criteria established through due process. We also recommend that the Commission acknowledge, in its implementing order, that the criteria set forth in the COSO report meet that condition. Requiring the use of suitable criteria established by groups composed of experts that follow due-process procedures would provide benefits to users and to regulators similar to the benefits achieved by requiring the use of generally accepted accounting principles in the preparation of financial statements. In particular, requiring the use of such criteria would permit comparability among reporting entities. In addition, such established criteria are available publicly and thus easily accessible to users. The Commission proposes to refer to AU section 319 of the AICPA Codification of Statements on Auditing Standards to define internal control over financial reporting.1 We believe that the definition of internal control in AU section 319 is appropriate. That definition - "Internal control is a process-effected by an entity's board of directors, management, and other personnel-designed to provide reasonable assurance regarding the achievement of objectives in the following categories: (a) reliability of financial reporting, (b) effectiveness and efficiency of operations, and (c) compliance with applicable laws and regulations" - was incorporated by amendment into AU section 319 from the COSO report. However, because the objective of AU section 319 is to provide guidance on the auditor's consideration of internal control in planning and performing an audit of financial statements, AU section 319 does not set forth suitable control criteria for management's assessment of the effectiveness of internal control over financial reporting and the auditor's examination of internal control.2 We believe that the absence of evaluative criteria in AU section 319 is a crucial flaw in using that standard as a basis for evaluating and reporting on the effectiveness of internal control over financial reporting. Control criteria are more comprehensive than a definition of internal control because they are used to measure and evaluate controls and thus provide a basis for determining whether a control is effective or ineffective. Appendix B attached hereto presents an extract from the COSO report "Evaluation Tools" that illustrates how the use of criteria goes beyond definition. Criteria are an essential component for reporting on the effectiveness of internal control over financial reporting because, as indicated in Statement on Standards for Attestation Engagements (SSAE) No. 10, Attestation Standards: Revision and Recodification (AICPA, Professional Standards, vol. 1, AT sec. 101.24): "Criteria are the standards or benchmarks used to measure and present the subject matter and against which the practitioner evaluates the subject matter." Management's evaluation of the effectiveness of the entity's internal control using suitable criteria is also a required condition for an independent accountant to examine internal control effectiveness pursuant to the AICPA attestation standards. Criteria also must be suitable, as that term is used in the AICPA attestation standards. Suitable criteria are free from bias, permit reasonably consistent measurements, are sufficiently complete so that those relevant factors that would alter a conclusion about subject matter are not omitted, and are relevant to the subject matter [see AT section 101.24 for a complete discussion of the characteristics of suitable criteria]. AT section 101.25 states: "Criteria that are established by groups composed of experts that follow due-process procedures, including exposure of the proposed criteria for public comment, usually should be considered suitable." Footnote 6 of SSAE No. 10 (AICPA, Professional Standards, vol. 1, AT sec. 501, "Reporting on an Entity's Internal Control Over Financial Reporting") states that the COSO report "provides suitable criteria against which management may evaluate and report on the effectiveness of the entity's internal control." The COSO report presents a comprehensive framework of internal control that defines internal control as a process to achieve the entity objectives stated above. The COSO report further identifies five interrelated components that comprise internal control, and provides an in-depth conceptual discussion of each component, including factors that may be considered in evaluating the effectiveness of each component. The COSO report thus links the effectiveness of internal control to the implementation and operating effectiveness of its components, which are criteria for effective internal control. The determination of the effective functioning of the components provides reasonable assurance regarding the achievement of one or more of the objectives of internal control. Criteria developed by others, such as individual entities and industry associations that do not follow due process, also may be deemed "suitable" for the purposes of the attestation standards. However, internal control over financial reporting is a very broad and complex subject matter. Dozens of experts from the financial reporting community directly participated in the development of the COSO report, and many more studied the exposure draft of the proposed report and provided their thoughtful comments. We believe it would be very difficult for an individual entity or a non-accounting industry trade group to secure the necessary expertise and resources to develop internal control criteria that would meet the characteristics required for them to be suitable. In addition, although the use of criteria developed independently by entities would have the benefit of being tailored to the entity, we believe that the resultant loss of comparability among entities and understandability would significantly diminish the value of issuers' reports to users. Criteria developed by an individual entity generally also must be made available to all users through inclusion in a clear manner either in management's report or in the auditor's report. This will result in a much more complex report that will be difficult to understand. Finally, the use of such criteria would increase the cost of attestation reports because auditors would have to consider whether these criteria were suitable. Appendix B further illustrates the benefit of established criteria and the difficulty of assessing internal control outside of an established framework. This Appendix provides illustrative objectives, risks to their achievement, and actions to address the risks/control activities to ensure such actions are carried out with respect to the simple process of receiving goods. The "Evaluation Tools" in the COSO report provide a structured and consistent approach to evaluation of controls without dictating the approach at too specific a level. Use of such a structured and consistent approach ensures that the evaluation process considers all appropriate objectives while allowing the flexibility of tailoring to the organization's processes. For the reasons discussed above, we believe that the Commission should require that management assess the effectiveness of its internal control over financial reporting using suitable control criteria established by a group composed of experts that follow due-process procedures, including exposure of the proposed criteria for public comment. We also recommend that the Commission, in its final rule and amendments, indicate that the COSO criteria are suitable for management's assessment and the independent auditor's examination required by the Act. (The sample paragraphs from management's and independent accountant's reports in Appendix A indicate how these reports also mirror one another with respect to the criteria by which internal control over financial reporting has been evaluated). We believe that the COSO report provides the best framework for evaluation of internal control systems because of its robustness and completeness. COSO criteria also have served as an effective basis for the reporting required by the Federal Deposit Insurance Corporation Improvement Act ("FDICIA"). Furthermore, the GAO has endorsed and adopted the COSO framework for internal control evaluations by federal agencies. The COSO report is a widely accepted control framework and therefore we believe it provides a well-established and sufficient reporting basis for the investing public. In addition, COSO has demonstrated a continuing commitment to sponsor projects to enhance its internal control criteria and to promote their use. For example, in 1994 COSO amended its original report to incorporate guidance on controls pertaining to safeguarding of assets; in 1996, it issued Internal Control Issues in Derivatives Usage; and currently it has undertaken a study to provide guidance on assessing and managing enterprise risks. We acknowledge that there are other established criteria such as the Criteria of Control (CoCo) Framework established by the Canadian Institute of Chartered Accountants and the Turnbull Report issued by the Institute of Chartered Accountants in England and Wales and, accordingly, we would not object to the Commission permitting other control criteria used by foreign issuers as long as such criteria has been established by a group of experts that follow due process. Establishing Thresholds for Management's Reporting of Significant Deficiencies and Material Weaknesses The final rule should address the need for management to establish thresholds for determining significant deficiencies and material weaknesses in order to fulfill their reporting responsibilities. The Proposed Rule creates greater symmetry between the reporting requirements under Section 302 and Section 404 of the Act and requires that the principal executive and financial officers of reporting companies perform quarterly evaluations of, and report their conclusions about, the effectiveness of the issuer's internal control over financial reporting. In connection with this evaluation, the company's principal executive and financial officers are required to disclose to the issuer's auditors and to the audit committee or board of directors all significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which could adversely affect the registrant's ability to record, process, summarize and report financial information required to be disclosed by the registrant in the reports that it files or submits under the Act. In order to meet these various reporting requirements, management will need to determine the threshold for control deficiencies that are of such a magnitude, quantitatively or qualitatively or both, that they constitute "significant deficiencies" or "material weaknesses" in the context of their companies. We believe it is in the public interest that the Commission discusses in its final rule that a feature of management's process to evaluate the effectiveness of internal control over financial reporting is to determine the thresholds for determining significant deficiencies or material weaknesses that trigger a reporting obligation to the audit committee and to the auditor. In addition, we believe that the Commission should refer in the final rule to Statement on Auditing Standards No. 60, Communication of Internal Control Related Matters Noted in an Audit, as amended (AICPA, Professional Standards, vol. 1, AU sec. 325) for the meaning of the terms "significant deficiencies" and "material weaknesses" as is done in the Division of Corporation Finance's Sarbanes-Oxley Act of 2002 - Frequently Asked Questions. Disclosure of Significant Deficiencies and Material Weaknesses to the Public The final rule should require that management's reports on internal control over financial reporting publicly disclose significant deficiencies and material weaknesses. We believe that it is important that users of the reports be aware of significant deficiencies and material weaknesses that have not been corrected as of the evaluation date. Accordingly, the Commission should require that management's quarterly and annual reports on internal control disclose these matters to the public. This requirement would increase the transparency of the process and reports and encourage timely correction of significant deficiencies. We also believe that the Commission should explicitly state that a company's management cannot conclude that its internal control over financial reporting is effective if they have identified material weaknesses as of the evaluation date. Other Comments The Proposed Rule regarding management's disclosure of changes in internal control is inconsistent with the Sarbanes-Oxley Act, and should be modified. The Commission proposes that management's quarterly evaluation of the effectiveness of the entity's internal controls and procedures for financial reporting and disclosure controls and procedures be made as of the end of the period covered by the report, rather than within 90 days prior to the filing date of the report as originally required by the Act. We agree with the proposal to explicitly require the quarterly and annual evaluation of internal control over financial reporting as well as disclosure controls and procedures. In connection with this change, the Commission proposes to revise §240.13a-14 "Certification of disclosure in annual and quarterly reports" to require disclosure of "any significant changes in the registrant's internal controls and procedures for financial reporting or in other factors that could significantly affect internal controls and procedures for financial reporting made during the period covered by the report (underscore added) . . . including any actions taken to correct significant deficiencies and material weaknesses in the registrant's internal controls and procedures for financial reporting." We believe this proposed disclosure requirement is significantly inconsistent with the requirement in section 302(A)(6) of the Act that the signing officers disclose whether or not there were such changes subsequent to the date of their evaluation (underscore added). More importantly, we believe that the proposed requirement includes less relevant information for readers than the requirement of the Act. Organizations make changes to internal control all the time. The likely result of this proposed requirement is an enormous volume of disclosures that have very little value to readers of the report and will obscure the disclosures that are relevant and important to the public. We believe that users of the reports are interested in knowing what, if any, significant deficiencies and material weaknesses exist as of the evaluation date, and whether significant changes in the registrant's internal control over financial reporting, including any actions taken to correct significant deficiencies and material weaknesses, have occurred subsequent to the evaluation date. We believe that the Commission should modify the final rule accordingly. Even though management's assessment may be as of the end of the period being reported on, the disclosure requirement with regard to changes will still be meaningful, as it will relate to the period between management's assessment and the filing of management's report. The final rule should use the term internal control over financial reporting consistent with the COSO report. The AICPA's auditing and attestation literature (including AU section 319, which the Commission refers to in its proposal to define internal controls and procedures for financial reporting) has adopted the well-known COSO report term internal control over financial reporting to refer to that subset of controls that pertain to financial reporting objectives. We believe the term internal control over financial reporting is the most modern term, encompasses the internal control objectives specified both in the Act as well as those discussed in the Proposed Rule, and is well understood by the user community. Therefore, we recommend that the final rule use that term rather than internal controls and procedures for financial reporting. The final rule should provide guidance to issuers about the Commission's expectations regarding the optional content of management's report on internal control over financial reporting. The Commission has stated its belief that management should tailor its internal control report to the company's circumstances to avoid "boilerplate responses of little value." As discussed above, we believe that users would benefit if in its final rule the Commission expands the required minimum content of management's report to include a statement of the objectives of internal control over financial reporting and the criteria by which management made its assessment. We also believe that users would benefit if the Commission provides guidance, perhaps in the form of examples, of the type of incremental information that it is seeking from registrants in order to reduce the risk that unnecessary information is introduced into the report that may obscure more important disclosures. We concur with the Commission's proposal that companies should file the accountant's attestation report on internal control as part of the annual report. We propose that the Commission avoid drafting the final rule in a manner that precludes the auditor from issuing a combined report on the financial statements and on internal control. The Commission's proposed transition period for compliance with these new requirements is inadequate and should be extended to December 15, 2003. We believe the proposal that the rules under Section 404 would apply to companies whose fiscal years end on or after September 15, 2003 would be unduly burdensome. Compliance with the provisions of the Act will significantly expand management's documentation of controls, and the auditor's tests of controls, beyond what is currently necessary for the purposes of preparing, and auditing, financial statements, particularly for smaller entities. This is principally because the objective of the consideration of internal control in a financial statement audit - to plan the audit and assess control risk - is different than the objective of an examination of the effectiveness of internal control - to conclude and report on the effectiveness of an entity's internal control over financial reporting. We expect that companies and their independent auditors will require substantial time to develop processes under relevant standards and standards that are now being developed, and to train appropriate personnel, to ensure compliance with these requirements imposed by the Act. Similarly, companies and accounting firms likely will need additional time to actually perform these activities. Accordingly, we believe that the effectiveness of the final rules under Section 404 should apply to companies whose fiscal years end on or after December 15, 2003 or upon the PCAOB's adoption of relevant attestation standards, whichever is later. In addition, we believe the Commission should consider a delayed effective date for smaller entities. The final rule should recognize the costs associated with this requirement in a more realistic manner. We acknowledge that the Commission's estimates of the burden in time and costs imposed on companies by the evaluation of internal control over financial reporting are intended to be incremental to previous requirements for quarterly and annual evaluations of disclosure controls and procedures. Nonetheless, we believe the Commission's estimates grossly understate the amount of time that issuers will need to perform meaningful assessments of internal control over financial reporting. We are concerned that these estimates misrepresent the effort involved to such an extent that some issuers will read this as a signal that management's evaluation and report is of little import. The requirements of the Act significantly expand management's reporting responsibilities with regard to internal control. We believe that management will incur significant time and expense to perform quarterly and annual assessments of the effectiveness of internal control over financial reporting. Furthermore, we believe that companies will incur considerable additional expense to obtain the accountant's report on the effectiveness of internal control over financial reporting. As stated above, the objective of the consideration of internal control in a financial statement audit - to plan the audit and assess control risk - is different than the objective of an examination of the effectiveness of internal control - to conclude and report on the effectiveness of an entity's internal control over financial reporting. Auditors will need to perform substantially more tests of controls to opine on internal control over financial reporting, and as a result auditors' fees are likely to increase significantly. Thank you for the opportunity to comment on this Proposed Rule. Respectfully submitted, William F. Ezzell, CPAChairman, Board of DirectorsBarry C. Melancon, CPA President and CEO APPENDIX A Sample Paragraphs from Management's Report onIts Assessment of the Company's Internal Control over Financial ReportingManagement of W Company, Inc. (the Company) is responsible for establishing and maintaining adequate internal control over financial reporting. This internal control contains monitoring mechanisms, and actions are taken to correct deficiencies identified. Management assessed the Company's internal control over financial reporting as of December 31, 200X. Based on this assessment, management believes that, as of December 31, 200X, the Company maintained effective internal control over financial reporting, including maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the Company, and policies and procedures that provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with accounting principles generally accepted in the United States of America and that receipts and expenditures of the Company are being made only in accordance with authorizations of management and directors of the Company, based on the criteria for effective internal control over financial reporting established in Internal Control - Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission. Sample Paragraphs from Independent Accountant's Report We have examined management's assertion included in the accompanying [title of management's report] that W Company, Inc. maintained effective internal control over financial reporting as of December 31, 200X, including maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the Company, and policies and procedures that provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with accounting principles generally accepted in the United States of America and that receipts and expenditures of the Company are being made only in accordance with authorizations of management and directors of the Company, based on the criteria for effective internal control over financial reporting established in Internal Control-Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission. W Company's management is responsible for maintaining effective internal control over financial reporting. Our responsibility is to express an opinion on management's assertion based on our examination. In our opinion, management's assertion that W Company, Inc. maintained effective internal control over financial reporting as of December 31, 200X, is fairly stated, in all material respects, based on criteria established in Internal Control-Integrated Framework, of the Committee of Sponsoring Organizations of the Treadway Commission. APPENDIX B The following is an extract from the Evaluation Tools section of the report Internal Control-Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The extract is presented to illustrate how criteria - in this case the control activities component of internal control - go beyond definition to become the tools by which controls to achieve entity objectives are measured and evaluated. Extract from COSO Evaluation Tools Objectives Related to Receiving GoodsRisks to Achievement of ObjectivesPoint of Focus for Actions/Control ActivitiesAccept only items that were properly orderedPurchase order information is not made available to inbound activitiesCompare materials received, including verification of quantities received, to properly approved purchase orders. Do not accept materials not properly orderedMonitor instances of invoices presented for payment when materials were accepted without a valid purchase order (performance indicator) Accept only materials that meet purchase order specificationsPurchase order specifications are unclearMaintain current lists of specifications to be used in inspecting and testing goodsVerify specifications with purchasing or other appropriate personnel Monitor production problems related to substandard materials (performance indicator) Materials are not tested for specification complianceEstablish testing procedures, as appropriate, for all materials orderedMonitor production problems related to substandard materials and parts (performance indicator) Ensure that all materials transferred from the receiving activity to other activities are recordedTransfer procedures do not require preparation of supporting documentationRequire appropriate documentation of materials transferred from receiving to other business activitiesTransfer documentation may be lostPrenumber documents and investigate missing documentsPeriodically count materials on hand and reconcile with perpetual records; investigate any differences (performance indicator) Safeguard goods receivedInadequate physical security over goods receivedMaintain physical security over goods received Segregate custodial and record-keeping functionsEnsure that vendor, inventory and purchase order information is accurately updated to reflect receiptsReceiving information may be lostPrenumber receiving documents and investigate missing documents Periodically identify and investigate open purchase orders Periodically count inventory and reconcile with perpetual inventory records; investigate differences (performance indicator)Receiving information may be entered inaccurately in the information system, or may not be timelyPeriodically verify accuracy of vendor, inventory and open purchase order information Periodically ensure information is being entered into the information system on a timely basisReturn rejected items promptlyInadequate or untimely inspection of items receivedMaintain appropriate procedures for inspecting items receivedCompletely and accurately document all transfers to and from storageIncomplete or inaccurate information regarding materials transferred to/from storage Transfer documents may be lostTransfer documentation accompanies all transfers; stores or other activities personnel verify materials and quantities received Prenumber transfer documents and investigate missing documents Periodically count materials and reconcile with perpetual records. Investigate differences (performance indicator)Appropriately requisition all goods to be transferred to operationsInadequate transfer or requisition proceduresTransfer materials only on the basis of a properly approved requisitionProperly transfer all materials requisitionedRequisitions may be lostPrenumber requisitions and investigate missing documentsMaterials not requisitioned are transferredVerify that material received complies with approved requisitionMaintain safe working conditions and storage of hazardous materialsInadequate safety considerationsMaintain relevant policies consistent with Occupational Safety and Health Administration (OSHA) and other pertinent laws and regulations, approved by technical and legal personnel, and monitor compliance Follow up on reported safety concerns Maintain appropriate procedures for handling and storing hazardous materials____________________________ 1The AICPA recently issued for comment an Exposure Draft of proposed Statements on Auditing Standards (SASs) that, if issued, would supersede AU section 319, Consideration of Internal Control in a Financial Statement Audit. Guidance from that auditing section has been enhanced and reorganized into several of the proposed SASs.2Statement on Standards for Attestation Engagements (SSAE) No. 10, Attestation Standards: Revision and Recodification (AICPA, Professional Standards, vol. 1, AT sec. 501, "Reporting on an Entity's Internal Control over Financial Reporting") footnote 8 states: "AU section 319 is not intended to provide criteria for evaluating internal control effectiveness."November 27, 2002 Jonathan G. Katz Re: SEC File No. S7-40-02 (Section 406 of Sarbanes-Oxley Act) Members and Staff of the Commission: The American Institute of Certified Public Accountants (the "AICPA") respectfully submits the following written comments on the Securities and Exchange Commission's (the "SEC" or the "Commission") proposed rules regarding codes of ethics disclosure (the "Proposal").1 The AICPA is the largest professional association of certified public accountants in the United States, with more than 350,000 members in business, industry, public practice, government and education. The AICPA acknowledges the enormous effort put forth by the members and staff of the Commission to implement the provisions of the Sarbanes-Oxley Act of 2002 (the "Act"). We are firmly committed to working with the Commission in accomplishing the timely and effective implementation of the Act and rebuilding the faith of investors who depend on accounting professionals for accurate, clear, timely and relevant financial information. Our comments with respect to codes of ethics may be summarized in the following points. Detailed discussion follows.
Responses to Questions Posed in the Commission's Proposing Release Question Group 1 Should the rules address whether a company has a code of ethics that applies to its principal executive officer, as proposed, or should the rules track the language of Section 406 of the Sarbanes-Oxley Act and require a company only to disclose whether it has a code of ethics that applies to its senior financial officers? We recommend that the code of ethics apply to all individuals in the company, regardless of their function or position. The code should be available in a defined place on the company's website (for example, in the Investor Relations area) so all investors or potential investors have the opportunity for review. All employees should be required to review the code and evidence that review of the code by signing an annual statement of compliance. Should we expand the definition of "code of ethics," as proposed, or should the definition adhere to the language in Section 406(c) of the Sarbanes-Oxley Act? Are there other ethical principles that should be included in the definition? The definition of a code of ethics should be expanded as the Commission proposed. In addition, some element of a code of ethics in the company should define a path for employees at all levels of the company to follow if they have knowledge of or suspicions about a violation of the code of ethics by a person in the company. The AICPA created an Ethics Decision Tree (available at http://www.aicpa.org/download/ethics/bai/decision_tree_bai.pdf) that could be a model for organizations in defining a path for employees to follow when they are concerned about possible lapses in compliance with the ethics code in the company. Should the rules cover a broader group of officers? If so, which group of officers should they cover? Should the general counsel be covered? Should all executive officers be covered? We believe that all employees of the company should be covered by the same code of ethics. However, some additional elements of the code may be introduced depending on the level of employee or their function. For example, only senior level employees would need to sign-off on compliance with restrictions on stock trades based on inside information; or lower-level employees in the purchasing department might be required to sign a statement about conflicts of interest whereas their peers in other departments might not have to sign that statement. It is inconceivable to us that any employee, whether executive officers or the general counsel, would be exempt from compliance with the corporate code of ethics. Establishing a code of ethics for all employees supports a culture of high ethics in the organization, which is further bolstered by senior leadership respect for, and compliance with the code. Further, we believe that all employees of the company should annually document their review and compliance with the code of ethics. Should the proposed rules require a company to disclose whether it has a code of ethics that applies to its directors? Do most companies have a code of ethics that applies to the board of directors? Does the same code of ethics generally apply to the company's executive officers and its directors? Companies should disclose the existence of a code of ethics for its board of directors. Certain elements of the code for independent directors may be different than the code for full-time employees, but these differences should be minimal. As stated elsewhere in this paper, the code should be available for review on the company's website. Should we require the company to describe its procedures to ensure compliance with the code of ethics? Companies should not be required to describe its procedures to ensure compliance with its code of ethics, but should disclose that it has a process in place that is overseen by a board committee. A detailed disclosure of the company's process would contribute to information overload in financial reports. Should we require the company to describe its procedures for granting a waiver from a provision of its code of ethics? Companies should be required to disclose only whether any waivers of the code of ethics were granted and why the waiver was granted (de minimis waivers need not be disclosed). The company should disclose which board level committee considers such waivers and the principles guiding them in consideration of a waiver; however, the procedures in place need not be disclosed. Should we require the company to disclose the date of adoption of its code of ethics and the date of the most recent update or the company's frequency of review of the code? A company should not have to disclose the adoption date of its code of ethics. An alternative could be that the company would disclose that it "had a code of ethics for all employees in the company in effect for the entire year." Should the company have to file the code of ethics as an exhibit to its annual report as proposed? If not, should we also require the company to describe the principal topics that the code addresses? The code of ethics need not be an exhibit to its annual report. Companies should be required to put the code of ethics on its website for review by investors, employees and customers alike. As with all other web disclosures, there should be one central location on the company's website for all of this information. Should we require disclosure regarding the existence of a code of ethics in our other reports and registration statements, including our Securities Act and Exchange Act registration statements? Companies seeking to issue new securities to the capital markets should be required to make disclosure of the existence of a code of ethics in registration statements. This will provide ample notice to potential investors. After the registration statement becomes effective, and the securities are issued, other filing requirements addressed in this comment letter (that is, 8-K and website disclosures and the annual 10-K filing) should satisfy the continuing disclosure needs. Question Group 2 Should we require a company to also provide the proposed code of ethics disclosure in its quarterly reports? Should such disclosure be made in a company's proxy and information statements? Should it be disclosed in Securities Act registration statements? Companies should be required to disclose the existence of the code of ethics once per year in the 10-K report, but the code itself need not be reproduced. If the company provides a waiver of the code, that fact and reason for the waiver should be reported via Form 8-K within the required time frame. The existence of waivers of the code of conduct (other than de minimis), or changes to the code, should be reported via Form 8-K and in the first 10-K or 10-Q filing after the waiver or change is made. Notice should also be made in the Investor Relations section of the company's website. This is sufficient disclosure; additional disclosure will result in information overload. Should the requirement apply to foreign private issuers, as proposed? If not, why? In our opinion the requirement should apply to foreign private issuers. If the Commission's objective is to protect investors, then the requirement should apply to all issuers whether foreign or domestic. At the same time, we caution that additional thought needs to be given to the complexities of foreign private issuers, to ensure that new disclosure requirements do not impose conflicts with the issuer's home country filing requirements. Question Group 3 Are there any privacy concerns that we should consider that would warrant narrowing the disclosure requirements regarding a grant of a waiver from the code? While there may be times when a waiver of the code of ethics could be seen as a privacy issue for the person(s) concerned, we believe the greater good is served by disclosure. This disclosure could be generic enough to describe the person's position rather than using the person's name. Is a "waiver" a sufficiently distinct and formal event that the obligation to disclose will not present any difficulties of interpretation? Should we modify the requirement to ensure that "de facto, post hoc" waivers of codes-granted or acceded to after the occurrence of the "violation" are reported? We recommend that the Commission establish a principle that all waivers of the code of ethics (other than de minimis) be reported. In addition, we recommend that the existence of a violation (other than de minimis) be reported and the fact that the violation was addressed. To begin making rules about when waivers/violations must be reported and when they must not be reported is inviting the "engineering" of facts to fit a circumstance most favorable to the company. To be the most effective means of investor protection, all waivers (other than de minimis), whether "de facto, post hoc" or otherwise should be disclosed. Should companies that use the Internet for these disclosures also be required to have technology that allows investors to be notified by e-mail when new information is posted to the website? At some point, investors need to take responsibility for monitoring the companies they invest in. As such, we are opposed to requiring a company to employ a technology to notify investors by e-mail or any other means when new information is posted to the website. Doing so would put current investors at an advantage to potential investors because the latter would have no means available to it to know about the latest filings. This fact would not be consistent with the Commission's Regulation FD. Further, if such a requirement were enacted, investors would need to disclose their e-mail address to receive the information, and some investors might not wish to do that. Finally, investors that don't have an e-mail address would be at a disadvantage, which would also not be consistent with Regulation FD. Should we require the filing of a Form 8-K regardless of whether a company provides the proposed disclosure on its website? Do investors need access to this information for longer than 12 months? How can we permit Internet disclosure and maintain a lasting public record of the information? We support continuing the use of Form 8-K as the legal notification to the Commission of a significant change in filed information. This information should be retained for a sufficient period of time for a reader of this information to detect a pattern if one exists. A retention period of not less than three years from the end of the fiscal year in which the Form 8-K was generated should be sufficient for this to take place. Should we specify where and how this disclosure should appear on a company's website if the company opts for the website method of dissemination? Companies should be required to include the code of ethics on their website in the Investor Relations section. Are there other means of electronic dissemination that our proposed rules should permit? We suggest that the Commission leave open the opportunity for other means of information dissemination. The Commission may consider using language like: "any and all means of electronic information dissemination that is generally accepted in the typical investor community," or similar language. Such language will leave open the possibility for using technologies that are not yet available but may be in the near future, and avoid being locked-in to one method of distribution that could become antiquated. Should we require a company choosing to disclose information about ethics code changes or waivers through its Internet website to provide advance notice in the company's annual report of its intent to satisfy the disclosure requirements in this manner, as proposed? It is reasonable to expect a company to put readers of its financial statement filings on notice that additional information may be available on its website. We suggest that if disclosure in this manner is permitted that the Commission should require that the disclosures are made in a consistent place in every company's website; for example, in the Investor Relations section of the website. This will allow investors to easily access the information for any company, rather than requiring investors to search each website separately for the disclosure information. Should we require all Exchange Act reporting companies to disclose their website addresses? If so, should we specify the location of this disclosure? For example, should it have to appear on the front cover of all periodic and current reports, along with the company's street address? Should a company have to disclose its website address in, or on the front cover of, all of its Exchange reports? Proxy and information statements? Exchange Act registration statements? Securities Act registration statements? Given the ubiquity of the web, a company's web address is as important a piece of information as the street address of their corporate office, or the telephone number. As such, we recommend that all companies be required to list their URL as prominently as they list other contact information. Should we require foreign private issuers to file disclosure about ethics code changes and waivers within two days under cover of Form 6-K? Should we otherwise require a foreign private issuer to promptly disclose ethics code changes and waivers? While we agree that it is appropriate for all issuers to report changes and waivers to their code of ethics, additional thought must be given to foreign private issuers to ensure that such rules will not create conflicts with the filing requirements of their home country. Question Group 4 Is the proposed definition of a code of ethics appropriate? Are there any modifications that should be made to this definition in the case of investment companies? It is important for investment companies to be independent of the companies that they invest in. As such, investment companies should be required to disclose whether or not they are independent of the companies they have invested in. Do the code of ethics disclosure requirements cover the appropriate individuals at those entities? Should any of these individuals be removed, or should other individuals be added? Consistent with our comments elsewhere in this letter, we recommend that the code of ethics apply to all individuals in the company, regardless of their function or position, or for that matter, the type of company. For what period of time should we require an investment company to retain information about amendments to, or waivers from, codes of ethics, if it elects to post this information on its website? Should the retention period be not less than six years from the end of the fiscal year in which the amendment or waiver occurred, which would be consistent with the standard retention period for investment company records, or should it be some other period? We support the Commission's proposal. The required retention period for amendment to, or waivers from, the company's code of ethics should be a sufficient period of time for a reader of this information to detect a pattern if one exists. A retention period of not more than three years from the end of the fiscal year in which the amendment or waiver occurs is sufficient time for a reader to detect a pattern. Respectfully submitted, William F. Ezzell, CPAChairman, Board of DirectorsBarry C. Melancon, CPA President and CEO ________________________ 1See Proposed Rule: Disclosure Required by Sections 404, 406 and 407 of the Sarbanes-Oxley Act of 2002, (to be codified at 17 C.F.R. Parts 210, 228, 229, 240, 270, 274).November 27, 2002 Jonathan G. Katz Re: SEC File No. S7-40-02 (Section 407 of Sarbanes-Oxley Act) Members and Staff of the Commission: The American Institute of Certified Public Accountants (the "AICPA") respectfully submits the following written comments on the Securities and Exchange Commission's (the "SEC" or the "Commission") proposed rules regarding financial experts on audit committees (the "Proposal").1 The AICPA is the largest professional association of certified public accountants in the United States, with more than 350,000 members in business, industry, public practice, government and education. The AICPA acknowledges the enormous effort put forth by the members and staff of the Commission to implement the provisions of the Sarbanes-Oxley Act of 2002 (the "Act"). We are firmly committed to working with the Commission in accomplishing the timely and effective implementation of the Act and rebuilding the faith of investors who depend on accounting professionals for accurate, clear, timely and relevant financial information. Our position regarding financial experts on audit committees may be summarized in these key points:
Responses to Questions Posed in the Commission's Proposing Release Question Group 1 Would investors benefit from disclosure of the number of the financial experts serving on the company's audit committee? Or would it suffice to require disclosure only of whether at least one financial expert serves on the audit committee? We believe that the investor community is best served by knowing that ALL members of the audit committee of the company have experience in financial matters, for example as a CEO, analyst, regulator, or CFO, controller or auditor of a privately-held company. In addition, more than one and preferably a majority of audit committee members should have specialized in a role as preparer or auditor of financial information and financial reports of an issuer. Investors should be made aware through disclosure that all members of the audit committee have experience in financial accounting and reporting matters, and that more than one have specialized in that body of knowledge. Do investors need to know the names of the financial experts on the audit committee? Would disclosure of the names discourage people from serving as financial experts on an audit committee? We are concerned that naming particular individuals on the audit committee as "experts" will (1) create unwillingness on the part of the very people that meet the criteria to be audit committee members, and (2) increase the liability of people that are in that role in the event the company has financial problems. Investors should be satisfied that the Board, whom they have the power to elect, has appointed individuals with experience in GAAP and reporting issues as members of the audit committee. The names of the particular individuals that are considered to have a financial and reporting specialty should not be disclosed. Should the Commission specifically address the issue of the degree of individual responsibility, obligation or liability under state or federal law of a person designated as a financial expert as a result of the designation? If the Commission should address this issue, how should it do so? We are concerned that an individual who is the financial specialist on an audit committee would have increased liability in the event that the company, the Board of Directors, or specifically the audit committee, has action taken against them by regulators, shareholders or other parties in the event of a problem in the company's financial reporting or its viability as a going concern. In spite of the SEC's well intentioned statement that "the mere designation of the financial expert should not impose a higher degree of individual responsibility or obligation on a member of the audit committee", we are concerned that anyone so designated will be held to some higher standard than would have been intended by the Sarbanes-Oxley Act of 2002. The use of the term "expert" in the legal environment is problematic when applied here. An individual offering testimony in court as an "expert" witness must demonstrate their qualifications for each case. The expert is offering a third-party view of the situation and is subject to cross-examination by opposing counsel; however, this expert has the benefit of 20/20 hindsight. In the case of the audit committee expert, evaluation and decision-making is on-line real-time - there is no hindsight. We are concerned that experts as contemplated by the Act will be held to the same standard as experts in court, without the protections and benefits of courtroom experts. For these reasons, we are concerned that the very people that are most qualified to be the so-called financial experts on the audit committee will be unwilling to do so. This would not only hamper the protections that were intended by the Act, but also hampers a public company's ability to attract the best and brightest people to its Board. It is in contemplation of all these facts that leads the AICPA to make the following recommendation that we have also discussed elsewhere in this paper.
Should we use a term other than "financial expert"? For example, would the term "audit committee financial expert" be a more appropriate title? The proposed education and experience requirements for the "financial expert" on an audit committee are substantial. The proposed rules include five points which an individual should meet to be named as the financial expert. One of these points specifically states that the expert should have "experience applying such generally accepted accounting principles in connection with the accounting for estimates, accruals and reserves that are generally comparable to the estimates, accruals and reserves, if any, used in the registrant's financial statements." However, given the breadth and complexities of GAAP, estimates, accruals and reserves, to say nothing of financial instruments, transactions, investments, etc., can anyone be considered an "expert" in an area if they are not engaged in it full-time? We submit that the term "financial specialist" will achieve the Commission's objective of identifying the person or persons to serve on an audit committee that have a significant amount of education and experience in the area of GAAP finance, yet the term "specialist" could be more palatable to many of them than the term "expert." This term could also manage the expectation of others on the audit committee and the Board of Directors regarding the level at which other members should defer decision-making to this one "expert." It is of great concern to us that identifying one or more people on the audit committee, that other Board members will abdicate all financial decisions to them, and therefore minimize the effectiveness of the Board as a collection of executives with varied experiences to monitor management and maximize the strategic direction of the organization. Should we require disclosure of whether the financial experts are independent, as proposed? If so, should we define "independent" in the same manner as the term is used in Section 10A(m)(3) of the Exchange Act? Early in this document we proposed that all members of the audit committee be independent of the company and of management. We believe this should be affirmed in the company's annual 10-K filing. Should we incorporate an independence requirement into the definition of "financial expert" so that any designated financial expert must be independent to qualify under the definition? As stated earlier, we believe that all members of the audit committee should be independent of the company and of management. If the individual(s) that are considered the financial specialists are not independent of the company and of management, there will be a cloud over the audit committee for its reliance on a specialist for non-biased consideration of issues and decision-making. This will undermine the credibility of the audit committee and eventually the Board itself. Question Group 2 Should we modify the proposed definition of "financial expert" in any way? If so, how? The five point definition contained in the proposed rules should be modified to permit more people that have the necessary expertise to serve on audit committees of public companies. As currently proposed, the rule will limit the number of people qualified to serve on audit committees, and may cause public companies to be in violation of the Sarbanes-Oxley Act because they can't find qualified people to serve. We propose that the definition be simplified to be more inclusive rather than exclusive. In selecting members to serve on the audit committee, the board should be charged as follows: All members of the audit committee of a public company should be independent of the company and management, and have broad knowledge and experience in generally accepted accounting principles and financial reporting. In addition, more than one and preferable a majority of audit committee members should have significant experience in GAAP and financial reporting, internal controls and procedures for financial reporting, and an understanding of audit committee functions. In making its determination, the Board should consider the competencies of each individual in the context of the competencies of the entire audit committee, rather than focusing on one or two individuals. The Board should consider whether the audit committee as a whole has the experience to challenge management with insightful questions on the company's financial position and its financial reports, and be able to evaluate the appropriateness of management's answers to those questions. A tool to assess the competencies of audit committee members could be employed. The tool should define the various knowledge, skills and attributes necessary for work on an audit committee. The behaviors that describe the skill at various levels (basic, intermediate and advanced) should be defined to promote consistent evaluation of the skills to all individuals being considered for the audit committee. Such a tool would create an orderly means to help manage through the subjectivity of the behavioral assessment process. The AICPA has such an assessment tool and we would be happy to discuss applying it for use in assessing the competencies of audit committee members. Should we require a financial expert to have direct experience preparing or auditing financial statements of reporting companies? Should experience reviewing or analyzing such financial statements suffice? If so, why? We believe it is important that an individual being put in a position to challenge management on financial reporting issues should have direct experience as a preparer or auditor of financial statements of a publicly-held company. This experience will add to the specialist's credibility in dealing with management and the company's auditors. However, as noted below, there are certain others that, by the very nature of their experience, would be appropriate as a financial specialist. For example, individuals that have served in a regulatory function could, after ending their career as a regulator, be an effective financial specialist on an audit committee. Career internal auditors also bring experience in reviewing and analyzing financial statements. Members of the academic community who are often at the leading edge of developing concepts and practices could also bring unique and germane experience to the audit committee. Notwithstanding these suggestions, all individuals that are considered for positions on the audit committee should be held to the standard addressed below: (a) should be independent of the company and management, and have broad knowledge and experience in generally accepted accounting principles and financial reporting, (b) more than one and preferable a majority of audit committee members should have significant experience in GAAP and financial reporting, internal controls and procedures for financial reporting, an understanding of audit committee functions, and (c) the Board should consider the competencies of each individual in the context of the competencies of the entire audit committee, rather than focusing on one or two individuals. Should a financial expert have to possess all of the "attributes" listed in the proposed definition? Should we broaden the scope of individuals who may qualify as such an expert? If the recommendations contained herein are adopted, this list of attributes would become examples of how significant experience might be demonstrated. In such case, points (b) and (c) should be "and/or" to avoid limiting further the pool of available candidates. As mentioned previously, a tool to assess the competencies of audit committee members should be employed. The tool should define the various knowledge, skills and attributes necessary for work on an audit committee. The behaviors that describe the skill at various levels (basic, intermediate and advanced) should be defined to promote consistent evaluation of the skills to all individuals being considered for the audit committee. Such a tool would create an orderly means to help manage through the subjectivity of the behavioral assessment process. The AICPA has such an assessment tool and we would be happy to discuss applying it for use in assessing the competencies of audit committee members. Do the five attributes adequately describe the qualities that a financial expert should have? Should we add any attributes? The five attributes are examples of the kinds of experience that might indicate a financial specialist. We propose that the Commission consider adding a requirement that members of audit committees of publicly-held companies participate in some amount of relevant continuing professional education annually. The qualifying subject matter should be defined broadly. This will give audit committee members the opportunity to stay abreast of new developments in GAAP, financial instruments, contemporary accounting, auditing, regulatory and other issues that the registrant company might face. Programs in fraud deterrence and ethics are equally important. In addition, programs in strategy, leadership, technology, broad business issues and personal development should also be considered qualifying topics for the members of the audit committee. Although we do not intend for the list of factors that a company should consider in assessing a potential financial expert's qualifications to be exhaustive, should we add any factors to the list? If so, what other factors should we include? Conversely, should we delete any proposed factors from the list? If so, which factors should we delete? If this list were to survive to the final rules, there may be a pool of individuals that have no experience as preparers or auditors of financial statements of publicly-held companies but are eminently qualified to be members of audit committees of publicly-held companies. For example, career regulators may have significant experience in the review of financial statements and intimate knowledge of GAAP, filing requirements, contemporary issues, etc. We recommend that the five attributes detailed in the proposed rules be modified to specifically permit individuals with significant relevant experience to also qualify as members of audit committees. More important, we believe that list of factors should be assessed on the audit committee as a whole rather than on individual members. There is a lot of subjectivity and balancing necessary to create an effective audit committee, and all audit committee members should meet at least some of the factors defined in this list. Some members will meet more factors and some less, and the full Board should be making judgments about the degree each factor relates to each individual in creating a balanced audit committee. Should the proposed rules provide for a different standard or methodology for assessing a financial expert's qualifications? If so, describe the preferred standard or methodology. The proposed rules should approach the evaluation of an individual's qualifications from a principles-based approach. The Board should be given latitude in evaluating qualifications for each candidate, rather than forcing Boards to score candidates based on a set of rules that could become quickly outdated. As discussed above, we believe a competency-based approach (balancing the competencies of the audit committee as a whole rather than focusing on individuals) would be the most effective means to evaluate audit committee members. As important as it is to include people with a specialty in the financial area as members of the audit committee, it is also important that the non-specialists on the audit committee have a reasonable level of understanding of financial accounting, reporting, and internal controls for financial reporting. The level of experience of these individuals needs to be somewhere between the financial specialists discussed here and the financial literacy that was the old benchmark for audit committee membership as proposed by the Blue Ribbon Committee on the Effectiveness of Corporate Audit Committees in its 1999 report. Question Group 3 Will investors find this information useful? Is there more useful information on how financial experts are determined? Investors should have access to the qualifications about members of a corporate audit committee upon request; to the extent such information does not violate the privacy of the audit committee member. There is no need to require disclosure in public filings. The Commission could recommend that this kind of information be available to investors and other interested parties in a specific place on the company's website. This information is already available in the company's annual SEC filings. Should our rules require the company to disclose the persons who are responsible for making the financial expert determination on behalf of the company? Is the board of directors the appropriate body to make such determination? The Board of Directors is the appropriate body in the company to make this determination. No further disclosure should be necessary. Question Group 4 Should we create a bright-line test for the definition of "financial expert"? If so, what should the test be? There should be no bright-line test for the definition of a financial specialist. The SEC should produce guidance for Boards in determining the level of financial experience of an audit committee member and charge the board with the responsibility to comply with that guidance. Many factors must be weighed in making this determination; it should be reached with the guidance of a principles-based framework as proposed here. Judgments must be made, and it is the full board's responsibility to make those judgments. All members of the audit committee should be evaluated based on the criteria proposed by the Commission in Release 33-8138. These factors should be used in evaluating all members and candidates for positions on a company's audit committee. Question Group 5 Should we also require the proposed financial expert disclosure to appear in the company's proxy or information statement? Is this information relevant to a security holder's decision to vote for a particular director or to elect, approve or ratify the choice of an independent public accountant? As stated previously, we are opposed to identifying an individual as the financial expert on an audit committee. Proxy statements already include the curriculum vitae for all members of the board of directors, therefore, a security holder can evaluate the qualifications of audit committee members based on information currently available. No additional disclosure is necessary. Should we require the company to also disclose this information in its quarterly reports? As stated previously, we are opposed to identifying an individual as the financial expert on an audit committee. Board committee composition is reported through the 10-K and significant changes are reported through Form 8-K. In addition, this information could be made available at a specific place on the company's website, for example, in the Investor Relations section of the website. Should we also require such disclosure in registration statements filed under the Securities Act? Disclosure of this information should be required in a registration statement filed under the Securities Act. This will put investors and potential investors on notice initially that the company is in compliance with the requirements of the Commission regarding the use of financial experts/specialists on the audit committee. Should the company have to disclose specifically the arrival or departure of a financial expert promptly after the occurrence of the event? If so, should we modify our Form 8-K proposed item regarding the arrival and departure of a director to also require a company to disclose whether the departing director was, or arriving director will be, a financial expert serving on the company's audit committee? Should a company make appropriate disclosures if: a financial expert leaves the audit committee, but remains on the board of directors; or an existing director joins the audit committee as a financial expert? Should a company only have to file a Form 8-K if it previously disclosed in its annual report that it had a financial expert and now has none? An issuer is required to disclose when any member of the board or audit committee departs. As discussed throughout this paper, we are opposed to designating any individual(s) as audit committee experts. We support the current requirements where the departure of any member of the board or audit committee would trigger a required filing of Form 8-K with that information. A company currently may not have an audit committee member who qualifies as a financial expert under the proposed definition but may intend to seek one. In such a case, the proposed rules would require a company to disclose that it does not have a financial expert on its audit committee. However, the company could explain that it is searching for a qualified individual to serve on its audit committee. Should we provide companies with a transition period to find such a person? If so, what would be an appropriate transition period? A transition period should be provided to allow a company to engage an appropriate person to serve on its audit committee. The transition period should not exceed one year Question Group 6 Should the definition of "financial expert" be modified for investment companies? Are the factors that are relevant in determining whether someone is a "financial expert" different for investment companies? Investment companies add an additional element to this discussion. Not only would a specialist need to have familiarity with accounting practices of investment companies, but should also have familiarity with the accounting practices of investee companies to help the investment company study and reach conclusions about the financial condition of investee companies which will impact the strategy of the investment company. What are internal controls ACCA?'The policies, processes, tasks, behaviours and other aspects of an organisation that taken together: Facilitate effective operation by enabling it to respond in an appropriate manner to significant business, operational, financial, compliance and other risks to achieve its objectives.
What is internal control as per ICAI?Internal controls are a system consisting of specific policies and procedures designed to provide management with reasonable assurance that the goals and objectives it believes important to the entity will be met.
What are the 5 principles of internal control in accounting?As discussed in SAAM 0505, there are five (5) components of internal control: control environment; risk assessment; control activities; information and communication; and, monitoring. The principles and practices applicable with each of these components are discussed below.
What is the definition of accounting according to the American Institute of Certified public Accountant?According to the Committee of Terminology of American Institute of Certified Public Account:” Accounting is the art of recording, classifying summarising in a significant manner and in terms of money, transaction, and events which are, in part at least of a financial character and interpreting the results thereof.”
|
