Kpmg - ACI`s Directors Quaterly

QUARTERLYDIRECTORSACI’s

Insights and Developments Shaping Corporate Governance

© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 287093

October 2014

This quarter, we’ll conclude KPMG’s annual Global Audit Committee Survey (kpmg.com/ACIsurvey), exploring the most pressing issues on audit committee (and board) agendas across the U.S. and in more than

30 countries around the world. The complete results will be published in January, but initial findings clearly reflect a business and risk environment that’s in flux and increasingly difficult to navigate. “Uncertainty and volatility” tops the list of challenges facing companies in the months ahead. It’s also clear that audit committees continue to shoulder heavy risk agendas and are devoting more time—in many cases, “significantly” more time—to their role, including overseeing major risks beyond financial reporting—from cyber security to global compliance to risks in the supply chain. All of which puts a premium on the audit committee’s efficiency.

As the audit committee chair at Apple and Chevron, Dr. Ronald Sugar, notes in our Q&A, “The challenge for the audit committee and its chairman is to step back and try to figure out what’s most material to the fortunes of the company, and make sure that between the audit committee, the financial management team, and the external auditor, everyone’s focusing their efforts on those things.” To be sure, in a slow-moving economy, where staying competitive and profitable increasingly requires smart risk-taking—innovation, strategic pivots, tapping international markets—the audit committee’s efficiency and effectiveness will be vital.

In this edition of ACI’s Directors Quarterly, we explore how audit committees can make the most of their time in meetings and outside of the boardroom (see Q&A with Dr. Sugar, page 7); key challenges in overseeing management’s key judgments and estimates; and how auditing is evolving to provide greater insight into the company’s performance and prospects. We also cover timely financial reporting and audit-related developments to keep on your radar as we approach year-end.

Watch for our 2015 Global Survey report in January—and we hope to see you at our Fall Roundtable Series—“Tapping International Markets: Key Governance Challenges,” and KPMG’s Annual Audit Committee Issues Conference in Miami, February 2–3.

Dennis T. Whalen Partner in Charge & Executive Director KPMG’s Audit Committee Institute

Financial Reporting & Auditing Update

Page 4 The Future of Audit

Page 6 Getting Accounting Judgments and Estimates “Right”

Page 7Q&A with Ronald Sugar

Page 12 Upcoming Events & Resources

CONTENTS

Financial Reporting & Auditing Update

A number of developments impacting financial reporting—including implementation of the new revenue recognition standard—will

need to be front and center for audit committees this quarter, and in the months ahead. The following updates and reminders are intended to help audit committees stay apprised of current financial reporting issues and changes on the horizon, and to support timely discussions with the financial management and audit teams supporting the financial reporting process. (For more detail about the issues covered below, see KPMG’s Quarterly Outlook and related KPMG Defining Issues.®)

Implementing the New Revenue Recognition Standard. Since the new revenue standard was issued in May, companies have begun to analyze its effect on their business and accounting processes and internal controls, as well as the pros and cons of each of the transition methods available. Because the new standard generally eliminates transaction- and industry-specific revenue recognition guidance, many companies are finding that there are more

continued on pg 2

The Efficiency Factor

http://kpmg.goglobal.com/ACI-2015/

http://www.kpmg-institutes.com/institutes/financial-reporting-network/articles/2014/09/quarterly-outlook-september-2014.html

http://www.kpmg-institutes.com/institutes/financial-reporting-network/articles/2014/09/quarterly-outlook-september-2014.html

http://www.kpmg-institutes.com/institutes/financial-reporting-network/articles/pubs/defining-issues.html

October 2014 | 2



implementation questions than answers at this stage. To help consider some of these questions, the FASB and IASB created a Joint Transition Resource Group (TRG).

The purpose of the TRG is to solicit and analyze stakeholder issues arising from implementation of the new standard; to inform the FASB and the IASB about those implementation issues and help the Boards determine what, if any, action will be required to address them; and to provide a forum for stakeholders to learn about the new guidance from others involved with implementation. While the TRG advises the Boards, it does not have standard-setting authority.

In addition to the TRG, the AICPA and others have set up task forces to discuss potential implementation issues. The AICPA task forces are organized by industry and will raise issues to the AICPA’s Financial Reporting Executive Committee.

While the new standard is not effective for calendar year-end public companies until January 1, 2017 (and early adoption is not permitted before that date), companies may adopt the guidance retrospectively for all years presented (with three options available) or make a cumulative-effect adjustment to retained earnings on the date of adoption.

An efficient implementation plan requires making the transition method decision early because a broad range of business considerations will likely arise beyond the effects on reported revenue and related costs. These considerations may include IT capabilities, business contracting practices, and stakeholders’ expectations.

Regardless of the transition option elected, companies will need adequate processes and internal controls to ensure the information used in transition and post-adoption is complete and accurate. Companies may want to consider the cost and time needed to design, implement, and evaluate these processes and internal controls when choosing a transition method and their ongoing reporting requirements.

Going Concern. The FASB recently issued a new going concern standard, which requires management to assess, at each interim and annual reporting period, whether substantial doubt exists about the company’s ability to continue as a going concern. The new standard substantially aligns the accounting requirements with current auditing requirements (except that auditing standards require a one-year assessment from the balance sheet date rather than from the financial statement issuance date, and the accounting standard defines “substantial doubt”).

The new standard is effective for all entities for the first annual period ending after December 15, 2016, and interim periods thereafter, with early adoption permitted.

continued from pg 1

Financial Reporting

continued on pg 3

SEC Staff Comments. Continuing areas of SEC staff comment include:

• Revenue recognition

• Deferred taxes, including the rate reconciliation, valuation allowance, and indefinitely reinvested foreign earnings

• Pensions and other post-retirement benefits, including significant accounting policies, expected return on plan assets, and unusual or unexpected relationships

• Business combinations, including asset versus business determinations and measurement period adjustments versus error corrections

• Goodwill impairment indicators and disclosures

• Cybersecurity

• Aggregation of operating segments

• Non-GAAP financial measures

• Internal control over financial reporting

• Disclosure for China-based issuers

The SEC is also focused on streamlining disclosures while assessing the need for additional disclosure requirements. The staff acknowledged that some registrants may be reluctant to rewrite existing disclosures due to cost and concern that changes will prompt SEC comment. The SEC staff also is seeking opportunities to align reporting requirements to make it less burdensome for companies to access the markets without sacrificing investor protection.

Other Major FASB Projects

Leases. The FASB and IASB continue to redeliberate their 2013 exposure drafts. While the Boards remain committed to finalizing the project and continue to express a desire to minimize differences in their standards, convergence on some key aspects of the project now appears unlikely.

Financial Instruments. While financial instruments began as a joint project, the FASB and IASB will not converge on classification and measurement or impairment. While the FASB continues to redeliberate both classification and measurement and impairment, the IASB recently issued its final financial instruments standard. The FASB is expected to issue its final standards for classification and measurement and impairment in late 2014 or early 2015.

October 2014 | 3



continued from pg 2

Financial Reporting

Insurance. The FASB has limited its insurance project’s scope to insurance entities and is focusing on targeted improvements to the accounting for long-duration contracts and disclosures for short duration contracts. The FASB also decided not to pursue development of additional accounting guidance for reinsurance contracts.

Audit Update

Transitioning to COSO 2013. Many public companies have been planning their transition to COSO’s 2013 Internal Control-Integrated Framework since its release in May 2013. The 2013 Framework contains 17 principles and the related points of focus which bring additional structure and rigor to the five components of internal control under COSO’s 1992 Framework. COSO requires that for effective internal control, all components and principles must be present and functioning and the components must operate together in an integrated manner. The 2013 Framework also includes other updates to reflect changes in the business environment since the 1992 Framework was released.

While many public companies are making the transition to the COSO 2013 Framework in connection with their 2014 assessments of the effectiveness of ICOFR, other companies are delaying their transition date as they continue to consider the updated Framework.

The COSO Board announced that the 2013 Framework will supersede the 1992 Framework on December 15, 2014. It is our understanding that there will be a period of time beyond December 15, 2014, during which the SEC staff does not intend to question the use of the 1992 Framework by SEC registrants. SEC registrants should clearly disclose which framework they are using to evaluate the effectiveness of ICOFR if the COSO Framework is used for regulatory reporting purposes.

For our list of Top Ten areas that may require additional effort in the transition to the COSO 2013 Framework, see KPMG’s Quarterly Outlook.

PCAOB and International Audit Reform Initiatives. In addition to the PCAOB’s ongoing projects that may affect audits and audit reports, regulators in a number of different countries, including EU countries, have undertaken initiatives that are also focused on audits and audit reports. As a result, many of the same topics and issues—e.g., auditor reporting, auditor tenure/mandatory rotation, restrictions on non-audit services—are being considered by regulators in different countries. There is a risk that regulators may take different approaches, generating inconsistencies across jurisdictions, and could affect certain subsidiaries of U.S. multinationals. Because complying with these reforms may be challenging and require careful planning, we recommend that companies stay abreast of these developments.

https://www.kpmg-institutes.com/institutes/financial-reporting-network/articles/2014/09/quarterly-outlook-september-2014.html

https://www.kpmg-institutes.com/institutes/financial-reporting-network/articles/2014/09/quarterly-outlook-september-2014.html

October 2014 | 4



continued on pg 5

The Future of Audit

Every year, spring signals the end of another audit season for many companies and their auditors. It’s a cycle that has remained essentially unchanged for more than 80 years since the advent of the classic audit.

While this relative stability continues to stand as a pillar of confidence for investors and the capital markets, it is becoming increasingly clear that audits can and must do more.

Advances in technology and the massive proliferation of available information have created a new landscape for financial reporting. With investors now having access to a seemingly unlimited breadth and depth of information, the need has never been greater for the audit process to evolve by providing deeper and more relevant insights about an organization’s financial condition and performance—while maintaining and continually improving audit quality.

Does this mean that core elements of the audit such as the current “pass/fail opinion” that external auditors are mandated to provide—and that have served investors well for years—need to expand? Absolutely.

While robust dialogue between public company boards, regulators, investors and the capital markets to appropriately set expectations and manage concerns is already well underway, there is no question that the promise of a new normal for auditing is real and will result in substantial benefits.

For instance, consider the potential for more effective audits done by auditors with more dynamic tools and skill sets. Today, in many cases we perform procedures over a

relatively small sample of transactions—as few as 30 or 40—and extrapolate conclusions across a much broader set of data. In the future, using high powered analytics, auditors will have the capacity to examine 100 percent of a client’s transactions. We will be able to sort, filter and

analyze tens of thousands or millions of transactions to identify anomalies, making it easier to focus in on areas of potential concern and drill down on those items that may have the highest risks.

This will enable us more than ever before to help assess risks and identify trends

through the audit process. With smart data, each year’s audit will also “learn” from prior years, exposing areas of possible risk and building a self-enriching knowledge base to better inform companies and their investors.

Over time, external auditors will be able to benchmark the companies they audit against broad sets of data from across an industry or geography, giving us better information about potential risks and providing leaders of large organizations with valuable perspectives and insights they can use in their business. When combining all aspects of a data-driven audit, it will allow auditors to spend more of their time on the estimates, judgments and unique transactions that require more rigor and attention. This will provide greater value for companies and the capital markets, while building confidence and more exciting careers for auditors.

Future audits will also use advanced data and analytics capabilities to look beyond an organization’s walls and understand the impact of broader forces in ways we never could before.

Future audits will use advanced data and analytics capabilities to look beyond an organization’s walls and understand the impact of broader forces in ways we never could before.

Providing Deeper, More Relevant Insights about an Organization’s Financial Condition and Performance

October 2014 | 5



continued on pg 6

For example, how do weather, traffic patterns, economic conditions, unemployment in select demographics, or other business elements affect the financial performance of a retail operation? Advances in data science allow us to integrate “unstructured” data from a wide variety of sources—from weather reports to unemployment filings to commodity prices—to gauge potential impacts on a company’s performance and its risk profile. And the ability to mine this data and incorporate it into the audit will provide for enhanced audit quality.

Change will not come without challenges. Addressing concerns over auditor independence, data security, transparency and more will require an intense dialogue between companies and their auditors about how much data to share, and how information should be housed and protected. It will also require extensive engagement with regulators, to demonstrate how this data and analytics revolution will first and foremost strengthen

audit quality. We must ensure that this is a journey of shared goals and mutual benefits for investors, regulators, and companies themselves.

For external auditors, this future will also require deeper training in areas outside their historic skill sets. While the practice of audit already draws on other disciplines like risk management, supply chain, forensic and IT, the

auditors of tomorrow will need to increase their understanding of these non-traditional disciplines and work more closely than ever before with data and analytics specialists.

It is clear that auditors must embrace this evolved approach to understanding

an organization’s most critical information to ensure that all stakeholders in the capital market system continue to be well served by the audit profession. We must collectively strive to ensure that the audit remains an unambiguous pillar of confidence, and at the same time, provides greater value, relevance and utility around financial reporting analysis than has been seen before.n

continued from pg 4

The Future of Audit

When combining all aspects of a data-driven audit, it will allow auditors to spend more of their time on the estimates, judgments and unique transactions that require more rigor and attention.

This article, by James P. Liddy, KPMG LLP U.S. Vice Chair, Audit, and Regional Head of Audit, Americas, first appeared in Forbes, in August 2014.

October 2014 | 6


Getting Accounting Judgments and Estimates “Right” Over the past year, regulators have stepped-up their efforts on a number of fronts to ensure that significant accounting judgments and estimates applied by management—fair value estimates, impairments, revenue recognition, etc.— present a fair and accurate picture of the company’s financials. Typically, these estimates are subjective, require assumptions about matters that are highly uncertain, and can vary widely (a slight change in assumptions can have a big impact)—so the focus by regulators is not unexpected.

The message from regulators is clear: Quality financial reporting requires a disciplined, robust, and unbiased process to develop accounting judgments and estimates. The PCAOB has announced a renewed focus on auditing significant accounting estimates, and expressed concern about the number and frequency of adverse inspection findings pertaining to estimates. The SEC continues to emphasize the importance of disclosures regarding critical accounting estimates, and its Division of Enforcement has formed the new Financial Reporting and Audit Task Force, which will use data analytics to analyze MD&As—a clear sign that the SEC will heighten its scrutiny in this area.

All of this points to the importance of having a robust audit committee discussion about management’s processes for establishing significant accounting judgments and estimates, as well as the audit committee’s related oversight processes. We recommend the following areas of focus:

• Understand management’s processes for establishing significant judgments and estimates. A disciplined, robust, and unbiased process for establishing key judgments and estimates—followed consistently—is an essential component of the company’s financial reporting process. What are the company’s key judgments and estimates and how are they developed? What are the key inputs? What models are used? Who is involved in the process—do we have the right skills and resources? To what extent are experts involved? Are controls around these processes adequate?

• Consider the audit committee’s process for evaluating significant judgments and estimates. Given the complexity of many financial reporting issues, including judgments and estimates, many audit committees periodically take a deep dive into a particular area most critical to their company.

And, as a matter of routine—at least annually—audit committees evaluate the range of significant judgments and estimates that impact the company’s current financial statements. How? By challenging the assumptions that underlie the judgments and estimates. How have

the assumptions been impacted by recent events and economic conditions? What is the range of potential impact on future financial results? Have we stress-tested the assumptions? Are the assumptions consistently applied? Were there any significant changes in accounting estimates or models used in making the estimates during the past year? If yes, why were the changes made and what impact did they have on the financials and the company’s compliance with regulatory requirements or loan covenants?

• Benchmark the company’s disclosures regarding critical accounting estimates against peers. The SEC has repeatedly stressed the importance of explanations regarding the company’s most critical judgments and estimates, and the likelihood that materially different amounts would be reported under different conditions or using different assumptions. Are the company’s critical accounting estimates consistent with others in the industry? Are they more or less aggressive? Do the company’s disclosures provide incrementally useful information, such as sensitivity data about the estimates, or are they boilerplate or redundant?

• Tap the external auditor’s resources and expertise across industries and segments to help put issues in context. Is the auditor satisfied with management’s resolution of important judgment issues relating to the financial statements and disclosures? In light of the PCAOB’s criticism regarding the sufficiency of audit procedures related to significant accounting estimates, has the auditor addressed the PCAOB’s concerns?


The message from regulators is clear: Quality financial reporting requires a disciplined, robust, and unbiased process to develop accounting judgments and estimates.

continued on pg 7

October 2014 | 7


Finally, given the formidable challenges of making sound judgments in a business environment that is increasingly complex and uncertain, audit committees need to be sensitive to management biases and other common


“judgment traps”. Indeed, many audit committee members continue to cite “groupthink” and the “rush to solve” as significant concerns, and express the need to hear more dissenting views.n

continued from pg 6

Getting Accounting Judgments and Estimates “Right”

KPMG’s Audit Committee Institute (ACI): In our work with audit committees, one of the biggest challenges they point to is an ever-expanding agenda. The combination of compliance requirements and responsibilities for significant areas of risk—beyond financial reporting—seems to be pushing audit committee agendas toward a tipping point. Is that what you’re seeing?

Ronald Sugar: Well, let’s start with where we’ve been. Going back a decade or so, as we all know, audit committees were just deluged, dealing with significant issues associated with financial accounting—think Enron, WorldCom, and subsequently Sarbanes-Oxley. At Northrop Grumman, our audit committee meetings in those days were often four hours or longer, with added sessions in between.

Dr. Ronald Sugar served as Chairman and CEO at Northrop Grumman Corporation from 2003 until his retirement in 2010. Previous to Northrop, he held executive positions at Litton Industries and TRW Inc., where he

was chief financial officer. He serves on the boards of Amgen Inc. and Air Lease Corporation, as well as Apple Inc. and Chevron Corporation, where he serves as audit committee chair. Dr. Sugar is a senior advisor to the private investment firm Ares Management LLC, a member of the National Academy of Engineering, and a former chairman of the Aerospace Industries Association.

The good news today is that for most major corporations in this country, the rules are clearly understood. We have a well-defined body of controls and certifications. We’re all playing from the same rule book, and our independent auditors are expert in helping us with that. So the chances of finding a WorldCom or an Enron today is significantly diminished.

That said, there’s clearly a creeping set of must-do’s and regulatory box-checks that audit committees have to take care of to fulfill as part of their charters. And if you’re not careful, those activities can crowd out other important issues.

ACI: As an audit committee chair, how are you tackling all the regulatory must-do’s without getting deluged?

Sugar: In my view, the audit committee has to develop a high level of comfort with both management and the external auditor that the basic mechanics of the company’s financial reporting and controls are, in fact, under control.

Q&A with Ronald Sugar

Keeping the Audit Committee’s Eye on the Ball

continued on pg 8

This article, by Dennis T. Whalen, Partner in Charge & Executive Director of KPMG’s Audit Committee Institute, first appeared in Directorship, September/October, 2014.

October 2014 | 8


I’m a big fan of the 80-20 rule—focus on those few things with greatest impact. If you try to focus on everything equally, you just get overwhelmed. You end up with audit committee meetings that go on and on, which is when you can lose focus and miss important things.

ACI: How does the 80/20 approach play out in terms of the audit committee’s interaction with management and auditors?

Sugar: For example, we try not to let the management team brief us with PowerPoints. We ask for pre-reads that are thorough but focused, so at the meeting we can say—okay, assume we’ve all read the pre-reads, now help us zero-in on the two or three most critical things that we should really understand better. What issues concern you the most? What should we be watching? We want to

hear their narrative—so no PowerPoint.

And later on, in private executive sessions with various individuals, I always start out by saying—great presentation, I think we got it. What else would you like to share with the committee? What’s bothering you? What’s keeping you up at night? What do you need help on? Where do you think we should be spending our time?

And what’s interesting is that occasionally they’ll say—“Well, you know, this could be a bigger problem than we said.” And as a committee, that’s what you want to hear, because it helps sharpen your focus.

ACI: Given that oversight of financial reporting risk is such a major undertaking in itself, is there a point at which the audit committee needs to push back on the board and rethink how significant risks—like cyber security or regulatory compliance—are allocated among its committees?

Sugar: Absolutely. How risks are assigned to board committees, of course, depends on the company. If you’re a financial institution of any scale, most likely you’ll have a dedicated risk committee, which appropriately offloads the audit committee from certain duties.

And while we don’t want to give short shrift to that part of it, we want to be in a position that I would call “process routine,” so that we can apply most of our work capacity and our focus as a committee to those things which could be more material and important to the fate of the company going forward.

But this approach means that you have to have good processes in place and the right people in the finance function. You need to feel confident about that.

ACI: How does “process routine” work in terms of meeting mechanics?

Sugar: I’m not sure there’s a magic elixir, but first we try to address all the mandatory things on our charter—we move through those items relatively quickly, unless there’s something which requires special discussion. For example, at one company I was involved with a couple of years ago, revenue recognition had become a big deal—it was material to the way the financial statements were presented. So every quarter, with the 10-Q and the 10-K, we would do a deeper dive on revenue recognition. And over time, that settled down into a routine practice that we became comfortable with. So we didn’t need to spend much time on that anymore, and we could focus on things that were more seriously impactful to the company.

This was a company specific example of course, but the audit committee needs to make sure it has surge capacity to deal with more complex issues beyond financial reporting. Cyber-security—if that’s assigned to the audit committee’s charter—is a good example. Compliance with the ever-increasing set of governmental regulations in the U.S. and around the world is another example.

I think the challenge for an audit committee and its chairman is to step back and try to figure out what’s most material to the fortunes of the company, and make sure that between the audit committee, the financial management team, and the external auditor, everyone’s focusing their efforts on those things.


continued from pg 7


continued on pg 9

The good news today is that for most major corporations in this country, the rules are clearly understood. We have a well-defined body of controls and certifications. We’re all playing from the same rule book, and our independent auditors are expert in helping us with that.

October 2014 | 9


In a pharmaceutical company, you may have a compliance committee, which would be focused on the full range of issues associated with all the U.S. and global regulations around pharmaceutical compliance—how you sell your drugs, how you do clinical trials, and so forth.

I’ve mentioned cyber security. Few boards in the U.S. have board members who are experts in this area. So, to which committee do you assign it? Do you put it in the governance committee? The public policy committee? The compliance committee? Very often it lands in the audit committee.

The one thing you cannot debate is that financial reporting risk clearly belongs to the audit committee. But even there, you need to be clear about financial reporting versus finance. One of the committees I chair is an Audit and Finance Committee, which covers both. So not only do we look at the company’s financial reporting historically—through the rearview mirror—we also try to look at upcoming financial decisions through the front windshield. If the company makes an unsound investment—even though it’s all accounted for and reported correctly—then we really haven’t done our job.

Other companies elect to separate the finance committee and audit committee functions. Every company is different. The point here is that the board needs to be conscious about where risk oversight responsibilities are assigned, and that it’s all covered.

ACI: Our surveys show that quite a few audit committees have responsibility for oversight of cyber security, and that additional technology expertise would be a big help to the committee. Is this an issue for your audit committees? And does it point to the broader question of the committee’s composition?

Sugar: Yes, we’ve talked about both of those issues—and I think a lot of audit committees are probably thinking about the expertise they have on the committee and what they might need going forward.

I think it’s helpful to have at least one member of the committee who, if not an expert, at least has a familiarity with and an interest in information technology. For


example, I’m not an expert in cyber security—I certainly can’t go toe to toe with the hackers—but because I ran Northrop Grumman, and we were deeply involved in cyber defense issues, I do have a sense of the landscape here.

The committee needs to be able to ask the right questions. The committee has to have confidence that management is not only adequately supported with internal talent and skills, but is also using the right outside advisors.

In the worst case scenario, if you begin to lose confidence in the company’s IT security function, then I think it’s fully appropriate for the audit committee to engage outside experts

in the cyber world and ask them to do an independent assessment of where the company stands. But that should only be a last resort.

I also look to the company’s internal auditor as an additional resource. At one of the companies I’m involved with, our internal audit head brought

in some great resources and has taken a leadership role in the cyber risk area. You may have a chief information security officer (CISO) or a CIO playing the lead role on cyber security, but having internal audit as another set of eyes—with a direct reporting line to the audit committee—adds another level of comfort that the issue is being covered.

ACI: Can you talk about the work that happens in between audit committee meetings—and how that impacts the committee’s effectiveness?

Sugar: I think it’s entirely appropriate and desirable for the committee chair to meet with members of management and the outside auditor in between regularly scheduled committee meetings, to have more in-depth discussions on some issues that are developing.

I like to say it’s good to sit down with key folks in their ‘native habitat,’ without an agenda. Just visit them in their office and have a conversation about things that are on their radar or yours. Treasury is a good example. The company has X millions of dollars of cash on-hand, a lot of it is overseas, and treasury has a certain level of desired return they’re looking for. Are they comfortable with the risks they’re seeing out there? How are they dealing with those risks? How are they ensuring adequate liquidity? Informal discussions like that can be really insightful. You often get a much clearer picture of the issues.

continued from pg 8


continued on pg 10

I think it’s helpful to have at least one member of the committee who, if not an expert, at least has a familiarity with and an interest in information technology.

October 2014 | 10



continued from pg 9

Q&A with Ronald SugarA special privilege of being an audit chairman is that you can go anywhere in the company at any time. You’re paid a little extra to be the chairman, so you ought to do a little more work—and then make sure the other committee members are exposed to what you’ve learned. Committee members will appreciate the chairman’s leadership in this regard, and it certainly helps take some of the pressure off the entire committee’s workload.

ACI: How well an audit committee juggles its workload speaks to its overall efficiency and effectiveness, but in your experience, do committee self-evaluations get to this issue?

Sugar: Well, that’s a little tricky. I’ve seen committee self-evaluations approached in different ways. There are committee self-assessments that are done perfunctorily, and the committee determines that they’re absolutely awesome—any questions? In some cases, the committee goes through an elaborate checklist of the committee’s charter, which typically shows that everything we said we’d do in the charter was in fact done—and therefore we must be a very effective committee. It’s a necessary approach, but not necessarily a sufficient one.

Certainly, you don’t want to have any gaps between what your charter says you were supposed to do, and what you actually did over the course of the year. What I’ve found to be very effective is to sit down with my committee members and just have a good, thoughtful conversation. How are we feeling about the company? How are we feeling about the financial function? How are we feeling about ourselves as a committee? It seems like a high level discussion, but it can actually be pretty deep and introspective.

In one case, this sort of introspective discussion turned up an important issue. For example, one member said, you know, I think overall we’re okay, but I’m concerned that we’re doing a lot of swaps and forward contracts.

We think the company is in good shape there, but are we really? Do we have potential risks or a surprise lurking here? It was a great point, I made note of it, and we dove deeper into it during the next several committee meetings.

I also like to ask our outside auditor and our CFO to tell me how our committee can be more effective. So, from my perspective, a good committee assessment is about getting honest feedback from all sides, and then turning that feedback into actionable behaviors.

ACI: And that gets back to the 80-20 rule that you mentioned.

Sugar: Exactly, but there’s a distinction which I also used with my own management teams when I ran a company. There are lots of things that are urgent, and some things that are also truly important.

Urgent means you’re filing a 10-Q, you’re certifying, and you need to go through a set of all the checklist items to release the earnings in time, and if you don’t meet the deadline it’s a real problem for the company and the shareholders.

And then there are other things that are also truly important to the long-term

success of the company—for example, do we know what really differentiates us from our closest competitors? Are we really better than them, or are we just lucky? Do we have a concern about backdoors into our IT system through contractors? Those kinds of issues are what I would call important. And it may not be something you can solve immediately, but you need to put that challenge to your management team and make sure you have sufficient time for it on the agenda over the course of the year.

As an audit committee chair, seeing a really good company get surprised by a major problem is what keeps me up at night. I’m not management and I’m not running the company, but I do have an oversight responsibility—to hopefully prevent something from happening or to be positioned to respond quickly in a constructive way with management. And those become the important things, over and above the day-to-day urgent things.

continued on pg 11

We want to make sure that the key risks are appropriately being addressed... Where should we be focusing our attention as a committee and encouraging management and auditors to focus their attention?

October 2014 | 11



continued from pg 10

Q&A with Ronald SugarACI: What will your top priorities be as an audit committee chair in the year ahead?

Sugar: First and foremost is enterprise risk management—the risk overlay for the whole company. We want to make sure that the key risks are appropriately being addressed inside the company and oversight has been allocated to the appropriate committees. Where should we be focusing our attention as a committee and encouraging management and auditors to focus their attention? What could really ruin our day as a company? I would put cyber risk into that category, for example.

I also think there’s a growing set of political and regulatory risks out there, and I’m beginning to lump those together because, in many cases, there’s a political agenda associated with the regulatory enforcement. So it becomes not only a compliance issue, but a reputational and public policy issue as well.

These issues often go beyond the purview of the audit committee, certainly, but they’re risk management issues that may impact the company materially, so they’re two areas that I think should get more attention.

ACI: Other priority issues for 2015?

Sugar: One other issue that I’ll be focusing on is the increasing presence of activist investors—of all shapes and sizes—who come knocking with what they see as opportunities to improve shareholder value. While they are often disruptive, I’m not saying activists are inherently bad for a company. They are part of the natural functioning of a market system. I do think a board has to be thoughtful about the ideas activists are bringing to the table.

Investor activism probably touches at the edge of an audit committee’s charter. But to the extent that there are investor questions about the company’s valuation—for example, does our accounting methodology understate or overstate the company’s value?—the audit committee needs to help the board think about what makes most sense for the company and its shareholders.

October 2014 | 12

Mark Your CalendarNACD Board Leadership Conference, National Harbor, MD (October 12–14) KPMG is hosting the Audit Committee and Private Company Board Forums on Sunday, October 12, as well as a variety of sessions on October 13 and 14. These breakout sessions will include the board’s role in innovation; translating corporate culture across borders; big data answers; and audit committee hot topics. Find more information at NACDonline.org.

KPMG’s Fall Roundtable Series—Tapping International Markets: Key Governance Challenges (November–December) KPMG’s Fall Roundtable Series, to be held in over 20 cities, will explore key challenges companies face when tapping into international markets—from understanding the local culture and adapting the business model, to finding the right local talent, ensuring compliance, and having a clear exit strategy. The Roundtables will feature seasoned directors and business leaders

sharing their insights on how boards and audit committees are overseeing management’s efforts to make the most of major opportunities in new markets, while managing the associated risks. This series will be of interest to all directors, as well as senior management and other business leaders. Go to KPMG.com/ACRT for dates and locations.

KPMG’s Audit Committee Issues Conference, Miami (February 2–3, 2015) Our 11th annual conference brings together audit committee members and board directors—across industries, from small caps to blue chips—along with governance professionals, business leaders, and other luminaries for a timely, candid dialogue on the challenges and priorities shaping audit committee and board agendas in the year ahead. Register now at KPMG.com/ACIC.


Contact Us KPMG.com/ACI [email protected] 1-877-KPMG-ACI (576-4224)

Dennis T. Whalen Partner in Charge & Executive Director KPMG’s Audit Committee Institute

About KPMG’s Audit Committee Institute (ACI)

ACI champions outstanding corporate governance to help drive long-term corporate value and enhance investor confidence. Focusing on the audit committee and supporting the director community more broadly, ACI engages with directors and business leaders to help articulate their challenges and promote continuous improvement. With a presence in more than 35 countries worldwide, ACI delivers actionable thought leadership—on risk and strategy, talent and technology, globalization and compliance, financial reporting and audit quality, and more—all through a board lens. Learn more about ACI’s Audit Committee Roundtable Series, Annual Issues Conference, Quarterly Audit Committee Webcast, Peer Exchanges, and other educational resources for directors at KPMG.com/ACI.

© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A. The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 307536

ACI’s Board PerspectivesDeveloped from KPMG’s ongoing work with directors and subject-matter experts on a host of timely issues and emerging challenges—from cyber security to internal audit to globalization, Board Perspectives from KPMG’s Audit Committee Institute are designed to help spur discussion between audit committee members, other directors, and senior management. Find the ongoing series at KPMG.com/ACI.

Selected Reading• Shareholder Engagement: Investor Perspectives

(KPMG’s ACI)• Eyes Shut: The Consequences of Not Noticing

(HBS Working Knowledge)• Global Boardroom Insights: Audit Committee

Effectiveness (KPMG)• Why Senior Leaders are the Front Lines Against Cyber

Attacks (McKinsey)• New Revenue Recognition Standard: Potential Tax

Implications (KPMG Defining Issues)

(To receive articles like these in ACI’s weekly Audit Committee Insights, go to KPMG.com/ACIregister, click “Register Now” to create an account, and choose “Audit Committee and Board Governance.”)

http://www.nacdonline.org/conference/

http://www.kpmg.com/acrt

http://www.kpmg.com/acrt

http://www.kpmg.com/acic

http://www.KPMG.com/ACI

mailto:auditcommittee%40kpmg.com?subject=ACI%27s%20Directors%20Quarterly%20Information

http://www.KPMG.com/ACI

http://www.kpmg-institutes.com/institutes/aci/articles/2014/04/cyber-risk-areas-of-focus-for-the-audit-committee.html

http://www.kpmg-institutes.com/institutes/aci/articles/2013/04/is-internal-audit-properly-focused-and-fully-utilized.html

http://www.kpmg-institutes.com/institutes/aci/articles/2013/04/strengthening-the-boards-global-lens.html

http://www.kpmg-institutes.com/institutes/aci/articles/pubs/aci-s-board-perspectives.html

http://www.kpmg-institutes.com/institutes/aci/articles/2014/08/shareholder-engagement-investor-perspectives.html

http://www.kpmg-institutes.com/institutes/aci/articles/2014/08/shareholder-engagement-investor-perspectives.html

http://hbswk.hbs.edu/item/7554.html

http://hbswk.hbs.edu/item/7554.html

http://www.kpmg.com/global/en/issuesandinsights/articlespublications/pages/acis-global-boardroom-ace.aspx

http://www.kpmg.com/global/en/issuesandinsights/articlespublications/pages/acis-global-boardroom-ace.aspx

http://www.mckinsey.com/insights/business_technology/Why_senior_leaders_are_the_front_line_against_cyberattacks

http://www.mckinsey.com/insights/business_technology/Why_senior_leaders_are_the_front_line_against_cyberattacks

http://www.kpmg-institutes.com/institutes/financial-reporting-network/articles/2014/08/defining-issues-14-36-revenue-tax-implications.html

http://www.kpmg-institutes.com/institutes/financial-reporting-network/articles/2014/08/defining-issues-14-36-revenue-tax-implications.html

http://www.kpmg.com/aciregister

Kpmg - ACI`s Directors Quaterly

Documents

Transcript of Kpmg - ACI`s Directors Quaterly