The Bulletin Vol 5 Issue 5 Setting 2014 Audit Committee Agenda Protiviti

8/12/2019 The Bulletin Vol 5 Issue 5 Setting 2014 Audit Committee Agenda Protiviti

1/6

The Bulletin

Setting the 2014 Audit Committee Agenda

The profile of macroeconomic, strategic and operational riskscontinues to evolve in terms of significance and complexityfor many organizations. The risks companies face in todaysglobal business environment create uncertainty for executivemanagement and the board of directors. This issue of The

Bulletinprovides observations regarding these risks andideas for consideration by audit committees as they formulatetheir 2014 agendas.

Ten Major ChallengesThe following summary of major business challengesprovides a context for many of the top-of-mind risks anduncertainties companies are facing in these dynamic times aswe move forward into 2014. This list is derived from theresults of a survey of nearly 400 C-level executives, a majorityof whom represent organizations that operate globally, and isdesigned to identify the most significant risks theircompanies face.1While different industries face different

issues and priorities and the applicability and prioritization ofthe following challenges will vary by industry, we ranked therisks in order of priority on an overall basis (to provide greatercontext, last years rankings2are noted parenthetically).

1. Regulatory changes and increased regulatory scrutinymay affect operations (1) Although not rated as highas last year, this risk once again tops the list. The paceof regulatory and legislative change has been significantin recent years, affecting the operating model used by acompany to produce or deliver products or services, alter-ing its costs of doing business and its positioning relativeto its competitors. Even marginally incremental regulatory

change can add tremendous cost to a corporation. Themere threat of change can create significant uncertaintythat can hamper hiring and investment decisions.

2. Economic conditions in current markets may not presentsignicant growth opportunities (2) While ranked

Volume 5, Issue 5

1 Protiviti and North Carolina State Universitys ERM Initiative partnered to conduct

this survey, which will be available atwww.protiviti.comin January 2014.

2 See Setting the 2013 Audit Committee Agenda, The Bulletin,Volume 5, Issue

1, Protiviti, 2012:www.protiviti.com/en-US/Documents/Newsletters/Bulletin/The-

Bulletin-Vol-5-Issue-1-2013-Audit-Committee-Agenda-Protiviti.pdf.

Ten Major Challenges Facing Businesses

1. Regulatory changes and increased regulatoryscrutiny may affect operations.

2. Economic conditions in current markets may notpresent significant growth opportunities.

3. Uncertainty surrounding political leadership maylimit growth opportunities.

4. Succession challenges and the ability to attract andretain top talent may constrain efforts to achieveoperational targets.

5. Organic growth through existing customers presentsa significant challenge.

6. Ensuring privacy/identity management andinformation security protection (in response to socialbusiness, cloud computing, mobile computing andother developments) could require resources theorganization may not have; also, cyber threats couldsignificantly disrupt core operations.

7. Resistance to change could restrict the organizationfrom making necessary adjustments to the businessmodel and core operations.

8. Uncertainty surrounding costs of complying withhealthcare reform legislation will limit growth.

9. Anticipated volatility in global financial markets andcurrencies may create challenges.

10. Other challenges: The organizations operations maybe unable to meet performance expectations as wellas its competitors; new technologies may disrupt theorganizations business model; and the organizationcould be impacted by an unexpected crisis.

1 | protiviti.com

second again on our list, this risk is not rated as highlyas it was last year. Economic growth makes businessplanning easier. Growth across the globe has been
http://www.protiviti.com/http://www.protiviti.com/http://www.protiviti.com/en-US/Documents/Newsletters/Bulletin/The-Bulletin-Vol-5-Issue-1-2013-Audit-Committee-Agenda-Protiviti.pdfhttp://www.protiviti.com/en-US/Documents/Newsletters/Bulletin/The-Bulletin-Vol-5-Issue-1-2013-Audit-Committee-Agenda-Protiviti.pdfhttp://www.protiviti.com/en-US/Documents/Newsletters/Bulletin/The-Bulletin-Vol-5-Issue-1-2013-Audit-Committee-Agenda-Protiviti.pdfhttp://www.protiviti.com/http://www.protiviti.com/http://www.protiviti.com/en-US/Documents/Newsletters/Bulletin/The-Bulletin-Vol-5-Issue-1-2013-Audit-Committee-Agenda-Protiviti.pdfhttp://www.protiviti.com/en-US/Documents/Newsletters/Bulletin/The-Bulletin-Vol-5-Issue-1-2013-Audit-Committee-Agenda-Protiviti.pdfhttp://www.protiviti.com/


2/6

somewhat mixed and uneven from region to region. Thesurvey participants appear to be expressing concern thatprospects for growth in 2014 present a challenge forthem in selected markets. Needless to say, the economicdynamics of the past several years also suggest that thepace of economic growth could shift, dramatically andquickly, in any region or all regions of the global market.

3. Uncertainty surrounding political leadership may limitgrowth opportunities (3) Political uncertainties remainimportant. Divided government in the United States andgeopolitical dynamics continue to present a complex anduncertain environment.

4. Succession challenges and the ability to attract and retaintop talent may constrain efforts to achieve operationaltargets (4) Acquiring, developing and retaining the bestand brightest has been elevated as a priority, drivingcompanies to focus on their processes for hiring, train-ing, evaluating and rewarding their people. Executivesare finding that motivating and equipping the growingnumber of younger workers the so-called millennials

may require different tactics. With members of the babyboomer generation already entering retirement, successionplanning is now front and center on the agenda.

5. Organic growth through existing customers presentsa signicant challenge (5) Participating executivessee challenges in 2014 with respect to increasing theirorganizations overall customer base, increasing outputper customer or generating new sales. This could be dueto a number of factors, such as increased competition,the challenge of retaining customers, or reducedconsumer spending due to lower disposable income.

6. Ensuring privacy/identity management and informa-

tion security protection (in response to social business,cloud computing, mobile computing and other develop-ments) could require resources the organization maynot have; also, cyber threats could signicantly disruptcore operations (6) These risks continue to be top-of-mind. Together, they present a moving target in termsof changing technology that makes security and privacymore complex and tougher to manage and control. Whilenew developments (e.g., social business, cloud comput-ing, mobile computing, new platforms and devices,workplace virtualization) present opportunities forcompanies to create new markets and business models,they also present fresh venues for cyber attacks and

mischief that can harm an organization significantly.7. Resistance to change could restrict the organization

from making necessary adjustments to the businessmodel and core operations (7) Yet another issuethat has risen in importance for 2014, this risk pointsto the priority executives are placing on positioning theorganization as agile, adaptive and resilient in the face ofchange in the marketplace. Early movers to exploit marketopportunities and respond to emerging risks are more likelyto survive and prosper in a rapidly changing environment.

8. Uncertainty surrounding costs of complying with healthcare reform legislation will limit growth (NR) This riskended up on our global top 10 list on the strength of theassessments of companies based in the United Statesand companies headquartered outside the United Stateswith operations in the United States. With the delay ofthe employer mandate, as well as other uncertaintiesaround the implementation of healthcare reform in the

United States, companies are unsure of the operationalimpact at this time. These uncertainties are impactinghiring plans and investment decisions for all sizes ofcompanies. Not surprisingly, companies domiciledoutside of the United States with no U.S. operationsdid not consider this risk to be relevant.

9. Anticipated volatility in global nancial markets andcurrencies may create challenges (3) On the economicfront, central bank policies, most notably the policies of theFederal Reserve in the United States, create risk of suddenand dramatic volatility in financial markets, which couldadversely affect rates, credit availability and currencies.

Last year, we combined this risk with political uncertainty(see No. 3 on this list); this year, we broke it out.

10. Other challenges: The organizations operations may beunable to meet performance expectations as well as itscompetitors (8); new technologies may disrupt the organi-zations business model (NR); and the organization couldbe impacted by an unexpected crisis (9) In tenth place arethree risks that were rated at the same level by the surveyparticipants. First, there is the risk the organizations operations may not be able to meet performance expectations aswell as its competitors. Improving quality, time, innovationand cost performance continue to be a priority. Second,there is the risk of disruptive innovation and/or new

technology within the industry outpacing an organizationsability to compete without making significant changes tothe business model. Finally, there is the risk of an unexpected crisis having a significant impact on the organizationsreputation due to its lack of preparedness.

Note that the inability to utilize data analytics and big datato obtain needed market intelligence and increase operation-al efficiency was ranked tenth last year and fell out of the top10 risks this year. That said, the impact of big data andbusiness intelligence is implicit in many of the risks thatmake up the top 10 list this year.

The survey results show that the ranking of the first seven risks

did not change from last year. However, all of the risks in ourtop 10 list were rated lower than last year, except for the risksrelated to succession and talent retention, resistance to changeand an unexpected crisis, which were rated at the same levelas last year, and the risk of disruptive technologies, which wasrated higher than last year.

The challenges identified in our survey that companies acrossthe globe face as they approach 2014 are significant and meritboard attention. They frame the environment within whichaudit committees must formulate an appropriate agenda.

2 | protiviti.com
http://www.protiviti.com/http://www.protiviti.com/


3/6

to healthcare regulations, looming major changes toU.S. tax laws and other business regulations.

While the finance functions specific priorities may varyaccording to the organizations industry, structure,culture, business performance issues, and internal andpublic reporting requirements, the above areas areconsistent themes for many organizations.

The 2014 AgendaBelow, we have summarized an audit committee agenda witheight items for 2014 based on our interactions with client auditcommittees, roundtables we have conducted, and discussionswith directors at conferences and other forums. The first fouritems relate to enterprise, process and technology risk issues.The remaining four items relate to financial reporting issues.

ENTERPRISE, PROCESS AND TECHNOLOGY RISK ISSUES

1. Update the companys risk prole to reect chang-ing conditions Given the changing environment, asillustrated through our discussion of major challengesabove, the audit committee should take a close lookat the companys risk profile at least annually. Ideally,this evaluation should be supported by an updated riskassessment by management. For those organizationswith a formal risk appetite statement, the annual riskassessment provides an opportunity for using that state-ment to evaluate the current risk profile in light of chang-ing markets and conditions. For the most significant

risks, either the audit committee or another committeeof the board should determine that appropriate actionplans are in place to manage them. With respect tosignificant risks with financial reporting implications, theaudit committee should understand them, how they arebeing managed, and their potential financial impact. Forfinancial institutions and other highly regulated entities,the audit committee should ensure the company under-stands the evolving regulatory framework and its impacton the companys operations.

2. Oversee the capabilities of the nance organizationand internal audit The CFO organization and internalaudit face a demanding and changing environment.Because both are fundamental to the discharge of theaudit committees oversight responsibilities, they requiresupport from the committee to ensure the skill sets theyneed to meet expectations are in place. With respect tothe finance organization, new and changing regulations,evolving international and domestic tax laws, and ongoingdemands to deliver strategic contributions to the organi-zation in the form of business intelligence, data analy-sis and effective forecasting frame the landscape. Keyfindings from the results of our latest Finance PrioritiesSurvey3include the following priorities, capabilities andkey areas of emphasis for many companies:

Managing cash flow and working capital efficientlyand effectively

Streamlining the financial close process

Harnessing business intelligence and big datafor strategic planning, forecasting, budgeting andprofitability analysis

Managing the impact of regulations for example,in the United States, managing the effect of changes

3 | protiviti.com

3 Further information about Protivitis 2014 Finance Priorities Survey, including

the survey report, is available atwww.protiviti.com/financesurvey.

The 2014 Mandate for Audit Committees

Enterprise, Process and Technology Risk Issues

1. Update the companys risk prole to reect changingconditions Are there emerging risks or changes inexisting risks requiring improvement in risk manage-ment capabilities?

2. Oversee the capabilities of the nance organiza-tion and internal audit These capabilities must bealigned with the companys changing needs, bothinternal and external.

3. Contribute to board oversight of the ve lines ofdefense Watch for the warning signs that the tone ofthe organization, risk management, internal control andescalation processes are not functioning effectively.

4. Understand how new technological developmentsand trends are impacting the company Understandthe implications of technological innovations tosecurity and privacy, financial reporting processes,and the viability of the companys business model.

Financial Reporting Issues

5. Continue to enhance the external auditors commu-nications with the audit committee Inquire whetherPCAOB inspections are having an impact on the auditapproach and manage the external auditor relation-ship so that the company receives value for its auditfees through enhanced communications from theaudit process.

6. Pay attention to the PCAOB initiative to expandthe auditors report A new auditing standard andrelated amendments have been proposed to enhancethe auditors reporting model.

7. Understand the impact of COSOs 2013 updateof the Internal Control Integrated Framework Understand the effect of the update on the companysinternal control reporting, internal audit activities andother affected areas.

8. Provide oversight on efforts to comply with newreporting requirements Inquire about the impact ofnew accounting standards (e.g., revenue recognitionand accounting for leases in the United States) andthe status of the companys due diligence with respectto the conflict minerals disclosure, if applicable.
http://www.protiviti.com/http://www.protiviti.com/financesurveyhttp://www.protiviti.com/financesurveyhttp://www.protiviti.com/financesurveyhttp://www.protiviti.com/


4/6


5/6

5 | protiviti.com

5 We use the phrase no less than here because we are aware of audit committees

applying more restrictive criteria.

The five-lines-of-defense model is an integratedapproach through which an organization responds torisk. It provides direction to executive management andthe board as to how the organization should approachrisk management. The audit committee should watchfor the warning signs that these lines of defense are notfunctioning effectively.

4. Understand how new technological developments andtrends are impacting the company Last year, we pointedto the emergence of a new era of business-to-peoplecommunications and social media peer groups provid-ing an alternative model for connecting and interactingwith markets, prospects and customers in the digital age a model that places the customer in the drivers seatin terms of dictating the conversation. Social business,cloud computing and mobile technologies are continuingto spawn disruptive change and increased privacy andsecurity risks, including further exposure to cyber threats.

On the horizon, other technological innovationspromise improvements in and even further disruptive

change to designs, processes and business models:increasing diversity and capability in mobile devices,ever-expanding mobile apps and applications, and anexponential interconnection of Internet applicationssupporting smart grids, smart factories, and even smartcities in an app-centric world.

As these developments unfold, audit committees mustunderstand the implications for security and privacy,financial reporting processes and the viability of thecompanys business model. The ongoing effectivenessof the overall IT entity-level control environment andIT process-level controls (general IT processes andapplication-specific processes) continue to warrant theaudit committees attention.

FINANCIAL REPORTING ISSUES

While financial reporting issues were not included among thetop risks in our survey, they are nonetheless relevant to theaudit committee agenda. Following are four issues forconsideration:

5. Continue to enhance the external auditorscommunications with the audit committee The auditcommittee should look to the auditor to comment onmatters such as: the companys significant risks; itscritical accounting policies, practices and estimates (and

any expected changes that might be looming due tostandard-setting activity); the quality of the companysfinancial reporting; difficult or contentious matters;significant unusual transactions that either are outsidethe normal course of business or unusual in timing, size ornature, and the business rationale for such transactions;going concern issues, if any; and the auditors concernswith respect to critical accounting and auditing matterswhen he or she is aware that management consulted withother accountants about such matters.

The committee should expect the auditor to communicatean overview of the overall audit strategy, including timingof the audit, significant risks identified by the auditor,significant changes to the planned audit strategy or identi-fied risks, and other matters. The committee should inquirewhether Public Company Accounting Oversight Board(PCAOB or the Board) inspections of the firm are havingan impact on the audit approach in any way.

Note that the PCAOB requires the auditor to provide theaudit committee with the schedule of uncorrected misstate-ments related to accounts and disclosures the auditorpresented to management. The committee should discusswith the auditor and management the basis for the deter-mination that the uncorrected misstatements were immate-rial, including the qualitative factors considered. It alsoshould discuss whether the uncorrected misstatements ormatters underlying those uncorrected misstatements couldpotentially cause future-period financial statements to bematerially misstated, even though they are immaterial tothe financial statements currently under audit.

Another important matter is the auditors communica-tions regarding non-audit services performed. Giventhe audit committees ultimate responsibility to overseethe qualifications, independence and performance ofthe external auditors of public companies in the UnitedStates, the committee must approve in advance the natureof non-audit services and the related fees, using no lessthan the U.S. Securities and Exchange Commissions (SEC)criteria for evaluating auditor independence.5Directorsalso should pay attention to the activities of the PCAOBinsofar as they relate to ensuring auditor independence.

6. Pay attention to the PCAOB initiative to expand theauditors report This year, the Board proposed a newauditing standard and related amendments to enhancethe auditors reporting model. Among other things, theproposals would require:

Communication of critical audit matters asdetermined by the auditor, including a description,the reasons the matter is considered critical,and the relevant financial statement accounts anddisclosures relating to the critical audit matter;

Addition of new elements to the auditors report relatedto auditor independence, auditor tenure, and theauditors responsibilities for, and the results of, evaluating other information outside the financial statements;

Enhancements to existing language in the auditorsreport related to the auditors responsibilities forfraud and notes to the financial statements;

Reporting on the auditors evaluation of informationbeyond the financial statements for potential errorsor misstatements that conflict with informationobtained during the audit.
http://www.protiviti.com/http://www.protiviti.com/


6/6

7 The Updated COSO Internal Control Framework: Frequently Asked Questions,

Second Edition, September 2013: www.protiviti.com/en-US/Documents/Resource-

Guides/Updated-COSO-Internal-Control-Framework-FAQs-Second-Edition-Protiviti.pdf .

8 SEC Adopts New Rule Requiring Disclosure of Conflict Minerals in Supply Chains,

SEC Flash Report,Protiviti, August 24, 2012: www.protiviti.com/en-US/Docu-

ments/Regulatory-Reports/SEC/SEC-Flash-Report-Conflict-Minerals-Disclosure-

082412-Protiviti.pdf.

The Boards proposed changes represent significantchange. In a survey of 74 corporate directors of publiccompany boards, 45 percent did not think the Boardsproposed changes will improve the usefulness of theauditors report, 27 percent believed the changes willimprove the auditors report and the remaining 28percent were not sure. Almost eight of 10 directors are infavor of the report disclosing the length of the external

auditors tenure, whereas 67 percent are opposed tothe auditors report evaluating information beyond thefinancial statements, and 52 percent are opposed to thereport containing a discussion of critical audit matters.6

Audit committees should be mindful of these develop-ments as they unfold, particularly if the company isfaced with issues likely to be considered critical auditmatters by the auditor. With the comment period forthis proposed auditing standard expiring in December2013, look for the Board to schedule a public roundtableto discuss the proposal and the comments received inearly 2014 before finalizing a new standard.

7. Understand the impact of COSOs 2013 update ofthe Internal Control Integrated Framework Whilethe new framework may be used for a wide variety ofpurposes, it is likely to be used by many (if not most)companies as a suitable framework in conjunction withthe evaluation of the effectiveness of internal controlover financial reporting in accordance with Section 404of the Sarbanes-Oxley Act. For companies planning onusing the framework in this manner, the audit committeeshould understand the following:

The major changes COSO has made to the InternalControl Integrated Framework

How the 2013 New Framework impacts managementsapproach to complying with Section 404

Managements transition plan to the 2013 version,including how management is complying with Section404 in 2013 and the disclosure ramifications ifmanagement intends to use the 1992 version in 2013

6 Public Company Boards Skeptical of PCAOB Auditors Report Proposal,

Jason Bramwe ll,AccountingWEB,October 9, 2013: www.accountingweb.com/ar-

ticle/public-company-boards-skeptical-pcaob-auditors-report-proposal/222532 .

This article cited results from a study conducted by BDO USA.

The new updated internal control framework is importantas it will impact the companys internal control reportinginternal audit activities and other areas. Protiviti haspublished a frequently asked questions guide to assistexecutives and directors in understanding the updatedframework and the related transition requirements.7

8. Provide oversight on efforts to comply with new report-ing requirements Understanding the financial report-ing impact of new accounting standards is a necessaryfunction of an audit committee. For example, in theUnited States, final revenue recognition standards areimminent, requiring significant planning and implemen-tation issues for many companies. Companies will needto assess the impact and plan for transition during 2014And if that isnt enough, significant new leasing rulesarent far behind.

There also may be new disclosure requirementsrequiring consideration. In the United States, forexample, the SEC conflict minerals disclosures beginin 2014.8The audit committee should inquire about

the pending and new standards in the pipeline, theireffective dates and financial statement impact, andmanagements implementation plans (including, forconflict minerals, any plans for addressing applicableaudit requirements).

SummaryThe 2014 agenda items we have suggested are significantmatters that warrant audit committee oversight. In additionto these agenda items, the audit committee should assessits composition, industry knowledge and financial reportingexpertise from time to time in view of the growing complexity ofthe business environment, company risk profile, and continuedevolution of financial reporting standards. Understanding thebusiness and industry is critical for the audit committee so itcan be positioned to ask the appropriate questions on toughissues, either in regular committee meetings or during executivesessions with the external and internal auditors, chief financialofficer, or other company executives.

Protiviti is not licensed or registered as a public accounting firm and does no

issue opinions on financial statements or offer attestation services

2013 Protiviti Inc. An Equal Opportunity Employer PRO-121
http://www.protiviti.com/en-US/Documents/Resource-Guides/Updated-COSO-Internal-Control-Framework-FAQs-Second-Edition-Protiviti.pdfhttp://www.protiviti.com/en-US/Documents/Resource-Guides/Updated-COSO-Internal-Control-Framework-FAQs-Second-Edition-Protiviti.pdfhttp://www.protiviti.com/en-US/Documents/Regulatory-Reports/SEC/SEC-Flash-Report-Conflict-Minerals-Disclosure-082412-Protiviti.pdfhttp://www.protiviti.com/en-US/Documents/Regulatory-Reports/SEC/SEC-Flash-Report-Conflict-Minerals-Disclosure-082412-Protiviti.pdfhttp://www.protiviti.com/en-US/Documents/Regulatory-Reports/SEC/SEC-Flash-Report-Conflict-Minerals-Disclosure-082412-Protiviti.pdfhttp://www.accountingweb.com/article/public-company-boards-skeptical-pcaob-auditors-report-proposal/222532http://www.accountingweb.com/article/public-company-boards-skeptical-pcaob-auditors-report-proposal/222532http://www.accountingweb.com/article/public-company-boards-skeptical-pcaob-auditors-report-proposal/222532http://www.accountingweb.com/article/public-company-boards-skeptical-pcaob-auditors-report-proposal/222532http://www.protiviti.com/en-US/Documents/Regulatory-Reports/SEC/SEC-Flash-Report-Conflict-Minerals-Disclosure-082412-Protiviti.pdfhttp://www.protiviti.com/en-US/Documents/Regulatory-Reports/SEC/SEC-Flash-Report-Conflict-Minerals-Disclosure-082412-Protiviti.pdfhttp://www.protiviti.com/en-US/Documents/Regulatory-Reports/SEC/SEC-Flash-Report-Conflict-Minerals-Disclosure-082412-Protiviti.pdfhttp://www.protiviti.com/en-US/Documents/Resource-Guides/Updated-COSO-Internal-Control-Framework-FAQs-Second-Edition-Protiviti.pdfhttp://www.protiviti.com/en-US/Documents/Resource-Guides/Updated-COSO-Internal-Control-Framework-FAQs-Second-Edition-Protiviti.pdf

The Bulletin Vol 5 Issue 5 Setting 2014 Audit Committee Agenda Protiviti

Documents

Transcript of The Bulletin Vol 5 Issue 5 Setting 2014 Audit Committee Agenda Protiviti