quarterly 23 - kpmg€¦ · aci: what are some “must-do’s” for audit committees to be...

Quarterly 23

Audit Committee InstituteSponsored by KPMG

Global Boardroom Insights – Audit committee effectiveness

Revenue – A new global standard

Is it time to re-focus business reporting?

Assessing external audit effectiveness

The new necessity: Finding ROI from GRC

EU directive on disclosure of non financial information

Resources

Audit Committee Institute Sponsored by KPMG

2

About the Audit Committee Institute

The Audit Committee Institute (ACI) champions good corporate governance to help drive long-term corporate value and enhance investor confidence. Focussing on the audit committee and supporting the director community more broadly, ACI engages with directors and business leaders to help articulate their challenges and promote continuous improvement. Sponsored by KPMG, ACI delivers actionable thought leadership – on risk and strategy, technology, compliance, financial reporting and audit quality – all through a board lens.


3

For more information on the work of the ACI, please utilize our Website: www.audit-committee-institute.be

Contact us:

Wim Vandecruys Audit Committee Institute

Bourgetlaan - Avenue du Bourget 40B-1130 Brussel - Bruxelles

Tel.: +32 3 821 18 06 E-mail: [email protected]

Contents

Global Boardroom Insights – Audit committee effectiveness 6

Revenue – A new global standard 16

Is it time to re-focus business reporting? 18

Assessing external audit effectiveness 22

The new necessity: Finding ROI from GRC 24

EU directive on disclosure of non financial information 28

Resources 30

Audit Committee Institute in Belgium

@ACI_BE


4

Welcome to the twenty-third edition of the Audit Committee Institute Quarterly, a publication

designed to help keep directors and audit committee members abreast of regulatory matters,

risk, financial reporting, audit quality and other changes in the corporate governance arena.

Welcome


5

We kick-off this issue of the Audit Committee Institute Quarterly revisiting the fundamentals of audit committee effectiveness with seasoned audit committee chairs of leading global companies around the world.

On financial reporting, we first zoom in on how the new global standard on revenue will impact your company’s top-line, systems and processes before devoting an article on the need to re-focus business reporting to better support investor decision making.

With audit quality being subject to increased regulator and investor focus, we provide the essentials for audit committees and boards to consider when assessing external audit effectiveness, together with a series of key questions to consider.

Next, we touch on the value-add of Governance, Risk and Compliance

(GRC) and what boards should be doing to ensure their companies stay on top of things in the current business environment.

This is followed by a summary of the recently voted EU directive on disclosure of non-financial information from the European front.

We finish this edition with our Resources series with other news, analysis and insights from around the globe.

I trust this publication serves its intended purpose of briefing you on some of the important developments affecting your role as audit committee member or director.

If you require further information, please contact us at [email protected] with any comments, or suggestions of topics you would like to see receive attention.

Also, our ACI website (www.audit-committee-institute.be) provides additional information, including the previous editions of the Audit Committee Institute Quarterly, our Audit Committee Toolkit and other useful ACI publications, surveys and content.

I hope you continue enjoying the benefits of ACI membership

Sophie BrabantsChairwoman ACI Belgium

Sophie Brabants Chairwoman ACI Belgium, Certified Auditor Wim Vandecruys Director ACI Belgium


6

vMembership – Ensuring that the audit committee has the expertise and experience to provide robust oversight of financial reporting, audit quality, and other risks on the committee’s agenda.

vGetting the right information – Information provided to the audit committee must be relevant, concise, and timely.

vActive involvement – In-depth knowledge of the company gained from (pro)active engagement and genuine interest in the company (beyond the boardroom).

vInformal meetings – Informal and ad-hoc meetings (in between regularly scheduled meetings) are essential to stay fully informed.

vDriving the audit committee’s agenda – The audit committee must shape its own agenda to ensure that it’s risk-based, focused, and manageable. v

Tone at the top – Sensitivity to the tone at the top of the company – and, indeed, throughout the organization.

vEffective communication – Open lines of communication with senior and middle management, internal and external auditors, and the full board based on mutual trust and constructive debate.

vLeadership – The attitude, skill set, and engagement of the audit committee chair are essential to achieving all of the above – which collectively drive audit committee effectiveness.


6

Global Boardroom Insights – Audit committee effectivenessAudit committee effectiveness clearly hinges on some fundamentals, including the right committee composition and dynamics; an up-to-date charter with well-defined responsibilities; a risk-based approach to setting the committee’s agenda; an understanding of current and emerging issues; and proactive, engaged oversight - beyond the boardroom.

In this issue of Global Boardroom Insights, we revisit the fundamentals of audit committee effectiveness with seasoned audit committee chairs of leading global companies around the world; but we’ve gone a step further to explore the practices and nuances that these audit committee chairs consider vital to being truly effective in a complex and rapidly changing environment.

Global fundamentals of audit committee effectiveness While the structure and operations of audit committees may vary by country (and company), it is interesting to note common themes that emerged from our interviews from around the world. Audit committee effectiveness, they all said (in their own words), ultimately hinges on getting these things right:

The full texts of the interviews in this article are included in the separate publication ACI Global Boardroom Insights – Audit Committee Effectiveness which can be found on the Global Boardroom Insights section of our ACI Website at www.audit-committee-institute.be.


7Audit Committee Institute Sponsored by KPMG

7

ACI: What are the “must-do’s” for an audit committee, and audit committee chair, to be truly effective? Yves-Thibault de Silguy: Before broaching the topic of “must-do’s”, it is important to discuss the “must-haves” or “must-be’s” for audit committees. Members must: (1) have common sense, (2) be questioning and independently-minded, (3) be hard-working and (4) have appropriate financial expertise.

ACI: And in terms of “must-do’s”? Yves-Thibault de Silguy: In my view, audit committees have three main areas of responsibility: (1) financial reporting issues, (2) internal control and risk management and (3) various “other matters” that are increasingly tabled at the top of audit committee agendas, such as CSR, corporate tax and insurance coverage.

Audit committees need to allocate time efficiently to cover all these issues, and here the committee chair has a vital role to play.

There are no hard and fast rules, but in my experience a “50%-30%-20%” breakdown of time is close to the norm.

One of the greatest challenges for audit committees and boards is handling a large number of key issues in a limited time (audit committees in Europe meet on average only four or five times each year).

To be efficient, each meeting needs to be well prepared. Again, the chair plays a key role. It means ensuring that audit committee members receive supporting working documents sufficiently in advance. More importantly, it is vital for the chair to interact regularly with the CFO, his main contact.

Other key contacts for audit committees are the external auditors. With their professional insight and know-how of accounting and financial issues, they provide assurance to the Group’s management, audit committee, board and stakeholders.

Their assurance covers compliance with accounting standards and regulations, and the reliability (consistency and relevance) of the financial statements and financial information as a whole.

The external auditors’ presentation to the audit committee of the audit plan, the main risks identified, and their findings and recommendations, is of paramount importance, so it needs to be carefully planned and structured.

ACI: Are there certain things that your audit committee does particularly well (e.g., practice or behaviour) that other audit committees might consider? Yves-Thibault de Silguy: Before discussing financial aspects, which are the traditional “core duties” of audit committees, I would like to share my experience of good practices in the other two areas I mentioned earlier.

First, with regard to internal control and risk management, it is essential for the head of Group internal control to provide the audit committee with a presentation of the annual audit plan, a summary of the main findings (with detailed reports if needed) and follow-up on action points previously identified.

In terms of risk management and mapping, risks should be clearly identified and ranked, with the most significant highlighted and closely monitored. As you know, too much information leads to information overload!

Yves-Thibault de Silguy is chairman of the audit committee of LVMH group. He also acts as vice-president and lead director for Vinci, where he is in charge of corporate governance, and as non-executive director for Solvay and VTB Bank. He served 20 years as a top-ranking civil servant (notably at the French Department of Foreign Affairs and for the Prime Minister’s office) and European Commissioner for Economics, Financial and Monetary Affairs (1995 1999), before joining industry (working for Suez as CEO in the early 2000s and Vinci as chairman of the board during 2006-2010).

“Clearly, it is now vital—more than ever before—for the CFO, audit committee chair and external auditor to interact well and play their respective complementary and clearly-

defined roles together in harmony.“

Yves-Thibault de Silguy

Louis Vuitton Moët Hennessy (LVMH) Group and Vinci (France)


8 Audit Committee Institute Sponsored by KPMG

8

It may seem like a good idea to prepare highly-detailed, sophisticated risk maps, but if they are difficult to use and monitor, then they are inappropriate for providing input to management and governance bodies.

The audit committees I chair pay close attention to such pragmatic aspects. Getting a global view of the Group is good, but having a detailed presentation at operating division level is even better. I believe that it is of utmost importance that the heads of operating and financial divisions and branches present their activities, main challenges and internal control and risk management

systems to the audit committee, on a rotating basis. I’ve introduced this practice in the Groups where I work. It provides the audit committee with valuable insight, while forcing management of the major operating divisions to step back and review their operations. While putting a healthy degree of pressure on managers of the major divisions and branches, it also brings them into the limelight. So it’s a “win-win” situation for the entire Group.

(...)

ACI: What are some “must-do’s” for audit committees to be effective in today’s environment—versus five or 10 years ago? Sandy Warner: The biggest change—and this is a fundamental difference today versus yesterday—is the degree of engagement. Today, the breadth and depth of the audit committee’s engagement has made oversight a full-time activity. While technically not a full-time job, I can’t imagine being effective in this role if I had another executive job and couldn’t be actively engaged and readily available to deal with issues as they come up.

ACI: Can you elaborate on that—the difference between full-time engagement, while not being a full-time job? Sandy Warner: Well, the difference is that I didn’t have on my calendar this morning talking to GE at all. But I had a call from the head of the GE Capital audit group on a regulatory matter that just came up and they wanted to brief me on it. And then I had another discussion with the general counsel on other issues—and it won’t do to say ‘I’m not available until next week.’ This is about being engaged and available, even when it’s not planned.

ACI: Are there other practices that differentiate effective audit committees today? Sandy Warner: Another thing that’s different, and really important at GE—and I expect at other companies as well—is that this job used to be 90 percent inside the building. We still have meetings at headquarters where we have people come in and present, and we look at metrics and discuss the information we’ve reviewed or that’s being presented. But today, 70 percent of the GE audit committee’s time on the job—and this is not just the chair, it’s the full committee’s time—is spent outside the building, visiting GE locations, going out and seeing things and talking to people on their own, in their own offices and workplaces. And we do this all over the world. Tomorrow I’m going to a GE facility to hear about cyber security issues. We just got back from Brazil. We’ve been in Puerto Rico doing some work there. We were recently in China, and Houston, and Milwaukee. We’re everywhere that GE is— and that never used to be the case.

I would respectfully offer that you can’t do this job well sitting at headquarters. To be truly effective, the audit committee needs to get up and out of the corporate headquarters.

ACI: What kinds of information and insights are you getting from your visits to facilities and interactions with employees? Sandy Warner: One is that you see the whole team, not just the senior folks who present regularly to the committee or the board. You see a whole team in their own setting—which is where non-routine things happen. They can’t script the day, so you see how the organization works and holds together. You see how the controllership function fits with the other pieces of the business puzzle in a way that isn’t possible when you’re listening to a prepared presentation. You see them without senior management present because when we go on these trips we don’t take the CFO and the controller and other senior management. We go on our own.

Another benefit is that you develop your own, first-hand point of view, and you can ask unconventional people questions about audit-related matters. From an audit perspective, we’re able to bring our impressions back and say to our auditor, you might want to be thinking about this, or we’re thinking more about this risk and you need to consider that when you’re auditing. This is really a big deal. It’s a big change in how an effective audit committee functions today, particularly in a global operating environment.

When you start getting on the plane and spending two or three days in China or in Brazil with the local management team, having lunches and dinners with them, you become integrated into the controllership framework in a way that you don’t in the sterile headquarters setting, listening to PowerPoints. It just changes the dynamic completely.

Local contact also creates important relationships and opens lines of communication. Based on my travels and interactions, I get notes from employees in far-flung locations, like Timbuktu. “Dear Mr. Warner, Chairman of the Audit Committee, I thought you’d be interested in this...” It’s incredibly valuable.

Again, audit committees are most effective when they integrate themselves into the rhythm of the company. Management and employees know that you’re engaged, that you’re watching, that you bring something to the party.

(...)


9

“At the end of the day, financial integrity is our number one mission—and the only way to stay on top of that is to be actively

engaged and really integrated into the rhythm of the organization.“

Douglas A. Warner III

General Electric (U.S.)

Douglas “Sandy” Warner is the audit committee chair at General Electric (GE). Following graduation from Yale University in 1968, Mr. Warner joined Morgan Guaranty Trust Company of New York, a wholly owned subsidiary of J.P. Morgan Chase & Co. (formerly J.P. Morgan & Co.). He was elected president and a director of the bank and its parent in 1990, serving as chairman and chief executive officer from 1995 to 2000, when he became chairman of the board of J.P. Morgan Chase & Co., The Chase Manhattan Bank and Morgan Guaranty Trust Company until his retirement in 2001. Mr. Warner has also served as a director at Anheuser- Busch Companies, Inc., Motorola Inc., and Motorola Solutions Inc.



10

ACI: What are some “must-do’s” for an audit committee, and an audit committee chair, to be truly effective?

Nicholas C. Allen: To be truly effective, it is crucial for an audit committee chair to be ‘hands on’ and active between meetings and to develop his awareness of the company through those that have a deeper knowledge of the company’s operations. The audit committee chair should have a direct relationship with the key executives within the organization and ensure he meets with them, internal audit, external audit, the legal counsel and other audit committee members privately well in advance of each audit committee meeting. This will help to limit unpleasant surprises and the presence of any unresolved issues at the audit committee meeting itself, with the intention that the audit committee meeting becomes the ratification of a cadence of discussions and any debate can be conducted by committee members who are well informed.

The second “must-do” is for the audit committee and audit committee chair to have a critical focus on the “tone at the top” and to consider how management responds to control failures and inappropriate behavior. The audit committee can encourage the development of an appropriate tone by challenging management when issues arise (i.e. not letting people off lightly when indiscretions occur) and can encourage a control mindset by ensuring executive meetings have controls as a standing item on their agendas. To help encourage the ownership of controls by management and ensure that control weaknesses are addressed promptly, it is useful to mandate that an overdue item must be explained to the audit committee in person by the executive responsible for its remediation.

Thirdly, it is essential that the audit committee has control of its own agenda and isn’t ”managed.” This also involves considering the number of meetings that are held during the year, and whether the themes for the meeting are appropriate. For example, it is not advisable to have the internal audit plan tabled in the same meeting that the annual report is considered, as sufficient attention is unlikely to be given to both items. Rather, they should be the primary focus of their own respective meeting.

Finally, it is imperative for the audit committee chair to have a clear one-on-one channel to both the board chair and the CEO. I’m also a believer in the role of internal audit to act as a consultant to the business, rather than a policeman, within the appropriate context and framework. A good relationship between the head of internal audit and the audit committee chair is very important to ensure that both are able and available to have productive discussions on appropriate areas.

Underpinning these “must-do’s” is the requirement for the audit committee chair to have credible expertise that is relevant to the company. It is also important to acknowledge that whilst a career in a professional firm is good preparation for the role, a director’s skill set is unique and must be developed.

ACI: Are there certain things that your audit committee does particularly well (e.g., practices or behaviours) that other audit committees might consider? Nicholas C. Allen: There are a number of good practices that I’d recommend to other audit committees. Two I’ve already raised, namely to put control issues on leadership agendas and to have management attend audit committee meetings when there are issues relevant to their departments.

Mr. Nicholas C. Allen is an independent non-executive director of three listed companies on the Hong Kong Stock Exchange: Lenovo Group Limited, CLP Holdings Limited and Hysan Development Company Limited. Mr. Allen is the audit committee chairman for Lenovo and Hysan Development and a member of the audit committee for CLP Holdings. Mr. Allen is also an independent non-executive director of VinaLand Limited (London Stock Exchange AIM listed) and Texon International Group Limited. Mr. Allen received a Bachelor of Arts degree in Economics/Social Studies from Manchester University, United Kingdom. He is a Fellow of the Institute of Chartered Accountants in England and Wales and a member of the Hong Kong Institute of Certified Public Accountants. Mr. Allen has extensive experience in accounting and auditing and was a partner of PricewaterhouseCoopers until his retirement in June 2007.

“Underpinning all ‘must-do’s’ is the requirement for the audit committee chair to have credible expertise that is relevant to the company.“

Nicholas C. Allen

Lenovo and Hysan Development (China)


1111

It’s also very useful to have a good line of sight into the management representation process. The CEO and CFO can’t make their representations in isolation and representations must be cascaded into the business to ensure that there is good awareness and ownership of risk and control. When an issue arises, it is useful to follow the cascade and identify areas that need to be tightened up and to use this to provide management with continuous feedback and education on the importance of their roles. In this regard, it is not a bad thing to have a few exceptions from time to time to encourage a risk and control mindset. Internal audit should also be involved to help advise on the design of effective controls.

It is important for senior management to attend audit committee meetings and for the audit committee to

provide feedback to management and to place emphasis on management’s responsibility. It is also worth bearing in mind that the responsibility that the board has delegated to the audit committee is not negative assurance and is not management by exception. The absence of comments from external audit or internal audit does not equate to good controls.

Site visits are also a useful way for an audit committee to develop its understanding of the business, whilst at the same time engaging instead of engagement with management and reminding management of the audit committee’s role.

(...)


12

ACI: What are the essential elements of an effective audit committee? Mike Wareing: First you need the right people around the table and that means having the right mix of experiences and backgrounds rather than just finance people. This is particularly true where the role of the audit committee has expanded beyond the traditional finance role into a wider risk oversight role where you clearly benefit from having people who are well grounded in operational and other issues.

Having the right internal and external audit team is imperative, and then I think the other thing which is becoming increasingly important is getting the right people to talk to the committee in specialist areas, such as cyber security or environmental risk and other issues.

I find it useful to have a formal twelve month rolling forward agenda programme which addresses not only the more obvious financial issues that align with the financial reporting calendar and the various updates from the audit and compliance functions; but two other important areas as well. First, I try to group connected issues together. By this I mean that I try to look at (say) the forward plan for internal audit at the same time that we are looking at the forward plan for external audit and, if there are any other assurance functions within the group, the future plan for that as well. In this way the total assurance is visible to the committee in a way that is not possible with a piecemeal approach.

The second important area is to make sure that there is enough time to cover all the other issues that fall outside the traditional finance oversight areas, for example cyber

security, health and safety, business continuity and all the other issues that audit committees seem to increasingly have to deal with nowadays. As with the board itself, one of the big challenges for audit committees today is simply finding the time to do justice to all the issues on the audit committee agenda. So, being quite thoughtful about how the committee spends its time outside of the two “reporting” meetings (or four if you are on a quarterly reporting cycle) is actually very important.

ACI: What about the time commitment between meetings? Mike Wareing: To have effective audit committee meetings you really have to put the time in between meetings. It’s essential and I really don’t think that you can do the job properly nowadays unless you put quite a bit of time in between meetings.

You have to understand what the issues are and to go through things before they actually come to the committee to make sure the papers are right and that things have been properly thought through. But also, you have to make sure you are exposed to the right individuals within the organisation so making sure you actually have a constructive relationship with (say) the head of internal audit is really important. Such individuals need to be able to feel that they can talk freely to you about any issue they feel uncomfortable about - and that clearly can only be outside of a formal committee meeting.

I would say exactly the same about the lead partner from the external audit firm as well. I spend quite a bit of time with them deliberately outside of times when I have to be with them, obviously with everything that has been

Mike Wareing CMG is the senior independent director and audit committee chairman of Cobham Plc and Intertek Group Plc; and the audit committee chairman of Wolseley plc. He has major international and board level knowledge gained during an extensive global career at KPMG (and predecessor firms), including being Global Chief Executive Officer of KPMG International from October 1, 2005 to September 2009. He is, and has been, closely involved with a number of charities/public bodies, including his appointment in 2007 as the Prime Minister’s Special Envoy for the reconstruction of Southern Iraq and UK Government Commissioner and Chairman of the Basra Development Commission. He is also the International Investment Advisor to the Ministry of Mines and Petroleum, Islamic Government of Afghanistan.

“One of the big challenges for audit committees today is simply finding the time to do justice to all the issues on the audit

committee agenda.”

Mike Wareing

Wolseley Plc, Cobham Plc and Intertek Group Plc (U.K.)

happening on the audit committee agenda regulation wise in the last two or three years, there has been plenty to talk about and there is plenty to keep updated on from both a technical and regulatory point of view – and that’s actually been a good opportunity to engage and build relationships with people like the lead partner from the external audit firm as well.

ACI: To what extent do you get exposure of the audit team below the lead partner? Mike Wareing: I tend to see the number two person quite a lot. Usually that would be the second partner but it’s often helpful to speak to someone a bit further down the audit team (a director or a manager) if there are issues where quite detailed granular knowledge is important. In such cases, I encourage that person to speak-up. I think meetings full of people that just sit there is not a good use of anyone’s time and there are so many people around the table in an audit committee nowadays that not actually having the contribution from everyone around the table is a mistake.

The other thing which I am finding is increasingly important is access to both specialists on the audit team and those responsible for auditing significant geographies or segments. In the case of the latter, it is useful for them to attend the full year results meeting (at least every two years if not every year) because it makes enormous sense to give the audit committee the opportunity to eyeball the person who is the lead partner for a significant part of the group and to ask them very open questions about matters like the style of the management culture and the robustness of internal controls – as well as about the year-end numbers.

(...)


13



14

“Finding out the topics that matter most and setting the right agenda is the key responsibility of the audit committee chair.”

John Cryan

Deutsche Bank and Temasek (Germany)

ACI: What is in your opinion essential for an audit committee chair to lead an effective audit committee? John Cryan: To be effective, an audit committee should never be a box-ticking exercise. Finding out the topics that matter most and setting the right agenda is the key responsibility of the audit committee chair.

Deutsche Bank is currently in a special situation with a significant number of legal proceedings ongoing. That situation is very demanding for an audit committee. Setting the right agenda for an audit committee in that situation goes far beyond all the formal work that an audit committee is required to perform. Finding the right balance regarding the information that an audit committee needs to know and the critical distance to the business issues requires a considerable amount of preparation.

Particularly relevant are the different roles between the single and two-tier board systems. There is an inherent conflict between the SEC requirements and expectation —requiring strict oversight by the audit committee — versus the German corporate and banking law that requires a critical distance to management and the business issues.

According to our terms of reference, employee representatives are part of the audit committee. The complexity of the issues that our audit committee has to deal with is already difficult to understand for a financial expert, and all shareholder representatives of our audit committee are financial experts, but it is even more difficult for employee representatives. The preparatory meetings that our external auditor is organizing with each of the members of the audit committee are therefore very helpful in improving the effectiveness of the audit committee.

ACI: What does the Deutsche Bank audit committee do particularly well? John Cryan: Besides the audit committee, Deutsche Bank has—amongst others—a risk committee, an integrity committee and a compensation control committee. At Deutsche Bank we have been able to avoid overlaps between the various committees through intense discussion and preparation with the individual chairmen.

The audit committee also benefits from the general attitude implemented by the chairman of the supervisory board which can be described as “Führen durch Fragen” (“management by inquiry”) that has resulted over time in more transparency with regard to difficult topics.

ACI: What are the critical success factors in the oversight of financial reporting and the supervision of the work of external auditors? John Cryan: An audit committee should look not only at the financial statements but also at the effectiveness of the processes leading to those financial statements. Both internal and external auditors play an important role in understanding the quality of the processes leading to the financial statements. The audit committee at Deutsche Bank spends a significant amount of time looking at process weaknesses and their timely remediation.

The assessment of both the independence and quality of external auditors has become increasingly important. In the last year, the audit committee reviewed those aspects and the set-up of the audit team.

(...)

John Cryan is chairman of the audit committee of Deutsche Bank. At Temasek International Pte Ltd., Singapore, he is President Europe, Head of Africa, Portfolio Strategy and Credit Portfolio. Prior to Temasek, he was the Group CFO with UBS AG, where he has held other senior roles including Global Head of the Financial Institutions group at UBS’s Investment Bank and CEOof UBS Limited. He had also served as chairman and CEO at UBS AG (Europe, Middle East& Africa). Mr. Cryan has more than 20 years of experience in providing strategic and financial advice to a wide range of companies in the financial services sector globally.

ACI: What makes truly effective audit committees? Hong-Chang Chang: The most important factor that makes truly effective audit committees is its membership. To this, the role of the board chair is critical, together with his attitude and determination as he is the person in the driving seat to decide on appropriate audit committee membership. Although the management theory promotes the segregation of ownership and management, a board without enough ownership might disregard the importance of the monitoring function of audit committees easily.

ACI: What are some “must-do’s” for an audit committee, and an audit committee chair, to be truly effective? Hong-Chang Chang: Besides the statutory responsibilities of the audit committee, the audit committee should seek to ensure that appropriate independent assurance and advice is obtained in areas such as compliance, risk management, performance monitoring and evaluation, relevant parliamentary committee reports and recommendations. To this, it is a must to maintain routine meetings and effective communication lines with the management team, external auditors, and internal auditors.

From a best practice perspective, I suggest that the audit committee should establish and maintain lines of communication cross-functionally between the board, internal audit, financial, legal, compliance, and risk management departments.

Furthermore, to be truly effective as an audit committee, its members, and especially the chair, must have sound enthusiasm and curiosity in and for their job. Due enthusiasm and care is crucial in ensuring that the members of the audit committee take in sufficient information from all available resources – media, informal sources or even from rumors – to raise informed and probing discussions to ensure that the major risks to the company are properly identified, mitigated and monitored.

(...)

Q23

Hong-Chang Chang is the chair of the audit committee of Fubon Financial Holdings. He also serves as independent director at Taipei Fubon Commercial Bank and Fubon Securities. After serving as Dean of the College of Management at the National Taiwan University, Hong-Chang Chang is now Professor Emeritus at the Department of Accounting at the National Taiwan University.

“To be truly effective as an audit committee, its members, and especially the chair, must have sound enthusiasm and curiosity in

and for their job.“

Hong-Chang Chang

Fubon Financial Holdings (Taiwan)


15


16

How will it affect your top line?

The new revenue standard is likely to affect the way you account for revenue. Issued on 28 May 2014, it replaces existing IFRS and US GAAP guidance and introduces a new revenue recognition model for contracts with customers. For some, the new standard will have a significant impact on how and when they recognise revenue, but for others transition will be easier. For example, if your company has operations in telecommunications, software, real estate, aerospace and defence, building and construction or contract manufacturing, then you are more likely to be significantly affected by one or more of the new requirements. However, all companies will be subject to extensive new disclosure requirements.

One model, two approaches, five stepsThe standard contains a single model that applies to contracts with customers and two approaches to recognising revenue: at a point in time or over time. The model features a contract-based five-step analysis of transactions to determine whether, how much and when revenue is recognised. The five steps are as follows:

All companies will need to assess the extent of the impacts, so that they can address the wider business

implications, including communications with investors and analysts.

Revenue may be recognised over time, in a manner that best reflects the company’s performance, or at a point in time, when control of the good or service is transferred to the customer. For complex transactions with multiple components and/or variable amounts of consideration, or when the work is carried out under contract for an extended period of time, applying the standard may lead to revenue being accelerated or deferred in comparison with current requirements.

New estimates and judgementsNew estimates and judgemental thresholds have been introduced, which may affect the amount and/or timing of revenue recognised. They include:

• estimating and recognising variable consideration;

• identifying separate goods and services in a contract; and

• estimating stand-alone selling prices.

Significant judgement may be required to determine how these estimates and thresholds apply to you. The new estimates and judgements might be particularly difficult to apply if you are launching a new business line or new products, or entering a new market.

Stage-of-completion accounting retainedThe standard includes new criteria to determine when revenue should be recognised over time, addressing fact patterns such as construction contracts and contracts for services. Some contracts that are currently accounted for under the stage-of-completion method may now require revenue to be recognised on contract completion; but for other contracts, the stage-of-completion method may be applied for the first time under the new model.

Making this assessment based on the criteria provided will require a detailed review of contract terms and – for contracts to sell real estate – property law.

Revenue – a new global standard

For many organisations, the new standard will have a broad impact – not just changing the amounts and timing of revenue, but requiring an overhaul of the core systems used to produce the numbers.


17

Notable differences from current practice

v All guidance contained in a single standard

v Control-based model (‘risks and rewards’ concept is retained as an indicator of control transfer)

v Consideration measured as the amount to which the company expects to be entitled, rather than fair value

v New guidance on separating goods and services in a contract

v New guidance on recognising revenue over time

Limited guidance on costsNew judgements will be required when accounting for contract costs, as the new standard replaces existing cost guidance in IAS 11 Construction Contracts with limited new guidance on the costs of obtaining and fulfilling a contract. This will directly affect profit recognition, especially when revenue is recognised over time. You will need to evaluate the impact of the new guidance on the costs to be capitalised and also consider the period over which they can be amortised.

The standard includes extensive new disclosure requirements. You may have to redesign, and in many cases significantly expand, the information captured about unfulfilled performance obligations in order to draft the notes to the financial statements dealing with revenue. The new disclosures could convey important additional information about business practices and prospects to investors and competitors. No exemptions have been provided for commercially sensitive information.

Changes to systems and processesThe estimates, thresholds and disclosure requirements may lead to changes in systems and processes to capture and review the required data, for the current and, if applicable, comparative periods. These changes may be necessary even if there is no effect on the numbers.

You may need to reconsider your processes, to ensure that management judgement is exercised at the key points as financial information is prepared.

The standard may be adopted retrospectively, or as of the application date by adjusting retained earnings at that date and disclosing the effect of adoption on each line of profit or loss (the ‘cumulative effect approach’). Practical expedients are available to those taking a retrospective approach.

A first-time adopter of IFRS can choose to apply the standard using either the retrospective approach or the cumulative effect approach, from the date of transition to IFRS. Historical analysis or retrospective application may require you to introduce new systems and processes well in advance of the new standard’s effective date, and to run them in parallel with those already in place.

Impacts may be felt right across the organisation All of your financial ratios may be affected, which could impact your share price or access to capital. Changes to the timing of revenue recognition may affect the timing of tax payments and the ability to pay dividends in some jurisdictions. Staff bonuses and incentive plans might also need to be reconsidered. You may wish to reconsider current contract terms and business practices – e.g. distribution channels – to achieve or maintain a particular revenue profile. Investors, analysts and other stakeholders will want to understand the impact of the standard on your business. Q23

Basic facts

v IFRS 15 Revenue from Contracts with Customers was issued by the IASB on 28 May 2014.

v The standard replaces IAS 11 Construction Contracts, IAS 18 Revenue, IFRIC 13 Customer Loyalty Programmes, IFRIC 15 Agreements for the Construction of Real Estate, IFRIC 18 Transfer of Assets from Customers and SIC-31 Revenue – Barter Transactions Involving Advertising Services.

v The new standard applies to contracts with customers. However, it does not apply to insurance contracts, financial instruments or lease contracts, which fall in the scope of other IFRSs. It also does not apply if two companies in the same line of business exchange non- monetary assets to facilitate sales to other parties. Furthermore, if a contract with a customer is partly in the scope of another IFRS, then the guidance on separation and measurement contained in the other IFRS takes precedence.

v The standard is the result of a joint project between the IASB and the FASB and is v converged with FASB ASC Topic 606.

v The standard is effective for annual periods beginning on or after 1 January 2017, with early adoption permitted under IFRS.

Revenue – a new global standard


18

A key reason for this situation is that the focus of communication between managers and owners is principally on historical earnings performance. The extent of shareholder value creation is rarely visible in an annual report. As a result, investors have limited objective information with which to assess whether the longer term, value creating prospects of the business have been truly enhanced. The historical financial statements will tell you whether revenues are growing but they won’t necessarily tell you whether the customer base is getting stronger.

Said another way, the financials may tell you how much money the company made, but not necessarily how the company makes money. And more importantly, whether the current year earnings provide a long term sustainable proposition for value creation. Against this background, it is time to ask whether the historical focus of today’s annual reports is driving short term decision making, resulting in a bias against investment in longer term prospects.

In many parts of the world, investor presentations have developed as a means of providing a broader picture of performance. They can be more timely as they are not tied to the annual reporting cycle, but they still have a tendency to prioritise short-term earnings over long-term value. Businesses investing in the long term have an interest in moving their investor dialogue beyond this narrow picture. Good narrative reporting providing quantitative and qualitative information should give investors more confidence in the reliability and completeness of the picture presented in other more timely communications.

Delivering a more relevant reportThere have been a number of reporting initiatives in the wake of the global financial crisis aimed at finessing existing areas of financial reporting. There is no doubt that the quality of financial information is essential for effective investor decision making but we believe that a broader debate is required. It’s time to step back from the detail and

ask whether the current balance and focus of reporting is right for capital markets’ needs.

KPMG SurveyKPMG has looked at the reports of some 90 companies across ten countries over a five year period. The definition of an ‘Annual Report’ varies across regulatory environments. The survey looks at the primary reporting document used in each country (for example, the ‘10-K’ in the USA) and refer to this as the ‘annual report’ throughout. KPMG has looked at corporate responsibility information to the extent included in annual reports, on the basis that this should address those issues that the organisation considers to be material to shareholders and investors.

Is it time to re-focus business reporting?

“...it is time to ask whether the historical focus of today’s annual reports is driving short term decision making.”

Many corporate leaders are frustrated at the perceived short term focus of investors. On the other hand, it is also true that many investment managers are frustrated by the perception that management is too focused on driving value in the short term and are aware that company management can exchange long-term business prospects for short-term earnings performance.

You can read more about this in The KPMG Survey of Business Reporting (2014)


19

Over the last five years we have experienced a period of unprecedented business shocks that have led some to question the relevance of the annual report. At the same time, reports have become bigger (by around 15%), despite the emergence of ‘cutting clutter’ as an established part of the reporting agenda. Against this background, report preparers will be naturally wary of any incremental proposals to change reporting.Rather than looking at tweaks to reporting obligations, the aim of the survey was to look at the overall direction required for reporting improvement. With this in mind, we highlight four broad areas for reporting development.

Align performance measures with the drivers of shareholder valueEarlier this year, the our 2014 Global Audit Committee Survey asked audit committee members from around the world to identify what they considered to be the top three key performance drivers for their business. Comparing these responses to our survey findings, it

is striking how few companies report performance measures over the most commonly identified drivers of business value. The most frequently cited value driver by audit committee members (operating efficiency) was addressed at an operational level by only 21% of the companies in the survey. The second most common driver, customer focus, was addressed by 7%.

There are patches of good performance reporting – notably, the reporting of IP development in the pharmaceuticals industry; operating efficiency and capacity in the natural resources sector; and customer base in the telecoms sector. These examples show that good practice can evolve but the challenge is for other sectors to adopt a similar

attitude, and for businesses in all sectors to work towards providing a more complete picture of performance.

It may be tempting to approach this challenge by imposing a system of metrics to measure the business against.

But, the more relevant challenge lies in finding the right question to answer. For example, a number of reports now provide information on staff retention, but few answer the question: “is the business retaining its most important staff?”

How these questions are answered will depend upon the unique circumstances of each business and industry but ultimately boards have an

Identified as a top three value driver

Companies providing a related operating KPI

Operational efficiency 66% 21%

Customer focus 56% 7%

Supply chain 42% 8%

Brand & reputation 42% 2%

“It is striking how few companies report performance measures

over the most commonly identified drivers of business

value.”

Four suggestions to help reports support better investor decision making

Key findings

* Note: 2014 Global Audit Committee Survey


20

essential role to play in ensuring that the content oftheir reports address what they consider to be the most important drivers of their business.

Recognise that the financials are only the start of the storyFinancial statements make up a little under half of the average annual report. They have an important role to play in explaining how the business has been operated and they provide a base-line from which to assess the ability of the business to generate future earnings. Many report preparers seem to regard this as being the end of the story, though – despite the broader perspective intended for narrative reporting. One in five businesses provide no operating measures of performance other than corporate social responsibility and employee data that is typically required by statute.

Regulators in different countries have specified a variety of objectives for narrative reporting, mostly linked to a shareholder value theme. In reality, though many narrative reports are predominantly focused on explaining the financials rather than the

underlying operating performance and capability of the business.

Accounting measures comprise half of all key performance indicators reported.

The average report provides four measures of operating performance. This could be seen as a missed opportunity to provide a more complete perspective of performance and shareholder value creation. Non-financial operating measures can provide leading indicators of business prospects and communicate progress in managing key business drivers that financial indicators cannot. For example, customer acquisition rates and product quality measures can provide insight into the ability of a business to grow or maintain its revenue base.

The result is that, at present, the weight of reported information does not reflect the drivers of business value, and therefore could align better with investor perspectives of value.

Join up reporting content – Don’t leave unanswered questionsResponsibility for preparing an annual report is often delegated across a range of departments within the organisation. Unless these contributors start with a common vision, and work to bring their individual reporting strands together into a coherent whole, reports can become a series of disconnected issues, leaving the reader unable to assess the implications of the matters raised.

Nowhere is this better illustrated than with risk reporting. The survey found that risks were being identified but the level of supporting analysis was generally limited to high level mitigating actions that might apply to any business in the sector or beyond. The result is that these disclosures provide little information of value to the reader. KPMG did occasionally see supporting analysis in relation to exposure to commodity price fluctuations, with a small number of businesses providing sensitivity analysis showing how changes in commodity prices might have affected historical earnings. However, this is rare.

“Reports can become a series of disconnected issues, leaving the reader unable to assess the implications of the matters raised.”


21

Whilst the type of supporting analysis will vary according to the risk, it is advisable to adopt a similar approach to their other significant risks.

Refocus reporting cultureOne of the biggest barriers to change is the pervasive culture in reporting of focusing on compliance rules without looking at the bigger picture. Two related changes could help to address this:

1. Take a business-focused view Reporting rules can provide a starting point for explaining the business story. For some they also define the end point – the reader is left with the strong sense that the disclosure has been given to meet an obligation rather than to inform. Such reports can struggle to explain reported measures in the context of real-world business performance, and they frequently focus on the past business rather than the future. The lack of direction is sometimes also carried through into investor presentations.

For this reason, the alternative of building the narrative reporting around the business model provides a stronger foundation for the report than a compliance framework can. At present, however, many business model descriptions lack the detail to provide this foundation, and address only some aspects of the business. A business model based approach should be more natural for report preparers but it will require a ‘big-picture’ perspective to be introduced into report preparation processes that have traditionally been sub divided into specialist areas. To support this, business strategy leaders would need to play a more prominent role in contributing to the direction and content of the report.

2. Understand the audience If the issues that the report needs to address should be defined by the business model, the information needed to explain their implications should be defined by the audience. Reports prepared without an understanding of the reader’s needs

may address the right issues but are unlikely to provide information that is relevant to the reader’s decision making. For example, many business strategies are centred on developing a particular aspect of the customer base but performance measures are rarely segmented in this way, even though that is what a reader would need as a foundation for assessing the potential earnings impact of the strategy. Q23

“the central message from is that reports need to become more

business-centric”

Assessing external audit effectiveness


22

Audit committee oversight essentials …

Assessing and monitoring the effectiveness of the external auditor is usually a core audit committee responsibility – and an area which is receiving increased attention from both the investor community and regulatory bodies.

The audit committee is responsible for managing the relationship with the auditor and ensuring that the auditor is directly accountable to the audit committee. The audit committee should maintain a strong and candid relationship with the auditor – otherwise this will limit the oversight the audit committee has of the external audit process – and should review the relationship between the auditor and executive management to ensure that an appropriate balance exists. Effective audit committee oversight also requires that the audit committee be alert to any bias in the relationship between management and the audit committee.

The competence and qualifications of the auditor should also be addressed.

The evaluation should also assess the auditor’s independence, objectivity and professional scepticism.

By the time any disputed issues are alerted to the audit committee, these may have already been resolved by executive management and the auditor, therefore it may be difficult for the audit committee to observe this challenge. This is something that the audit committee should consider and question. The most effective way to understand this may be through holding private meetings with the auditor. The audit committee should also keep in mind the degree to which the relationship with executive management and the committee itself may affect the objectivity of the auditor.

Evaluation of the external auditor on an annual basis is considered best practice. The process not only helps to optimise the performance of the auditor, it also encourages

good communication between the auditor and the audit committee.

A questionnaire is often considered a good way of performing the evaluation, and this can also provide opportunities to track progress and improvements through the years. However, it is also good practice to deploy other mechanisms and to ensure all relevant views are considered.

As noted, the audit committee’s evaluation of external auditors is subject to increased regulatory and investor focus. Audit committees may want to consider the level of transparency they provide in regards to the evaluation process: how it is performed; who it includes; what areas of performance it covers; the results and any actions.

The following mechanisms for evaluating the effectiveness of the audit can be considered:

• Review of audit presentations and communications.

• Review of risk identification and delivery against the audit plan/ tender document.

• Assessment of professional skepticism throughout the audit.

• Survey of management’s views and other feedback.

• Review of quality of staff, resources, geographic footprint, etc.

• Reviewing the auditor’s internal quality control procedures and reports.

Download your softcopy version of the Audit Committee Toolkit from our website at www.auditcommitteeinstitute.be.

Check our Chapter 8 External Audit and Appendix 18 Evaluation of the External Auditor for detailed guidance and practice tools to assist you in assessing external auditor effectiveness.

Further reading and tools on auditor effectiveness …


23

Key questions for audit committees to consider:

Quality of service provided* Did the lead engagement partner discuss the audit plan and how it addressed company/industry-specific areas of accounting and audit risk (including fraud risk) with the audit committee?

If portions of the audit were performed by other teams in multiple locations, did the lead engagement partner provide information about the technical skills, experience and professional objectivity of those other audit teams?

Did the auditor meet the agreed upon audit plan and objective performance criteria? Did the auditor adjust the audit plan to respond to changing risks and circumstances? Did the audit committee understand the changes?

Did the lead engagement partner advise the audit committee of the results of consultations with the firm’s professional practice office or on accounting or auditing matters? Were such consultations executed in a timely and transparent manner?

Was the cost of the audit reasonable and sufficient for the size, complexity and risks of the company? Were the reasons for any changes in cost (e.g., change in scope of work) communicated to the audit committee? Did the audit committee agree with the reasons?

Sufficiency of audit firm resources*Did the lead engagement partner and audit team have the necessary knowledge and skills (company-specific, industry, accounting, auditing) to meet the company’s audit requirements?

Does the audit firm have the necessary industry experience, specialized expertise in the company’s critical accounting policies and geographical reach required to continue to serve the company?

Did the audit engagement team have sufficient access to specialized expertise during the audit?

Communication and interaction*Did the audit engagement partner maintain a professional and open dialogue with the audit committee and audit committee chair? Were discussions frank and complete?

Did the auditor adequately discuss the quality of the company’s financial reporting, including the reasonableness of accounting estimates and judgments? Did the auditor discuss how the company’s accounting policies compare with leading practices?

Did the auditor ensure that the audit committee was informed of current developments in accounting principles and auditing standards relevant to the company’s financial statements and the potential impact on the audit?

Independence, objectivity and professional scepticism* Did the audit firm report to the audit committee all matters that might reasonably be thought to bear on the firm’s independence, including exceptions to its compliance with independence requirements? Did the audit firm discuss safeguards in place to detect independence issues?

Were there any significant differences in views between management and the auditor? If so, did the auditor present a clear point of view on accounting issues where management’s initial perspective differed?

In obtaining pre-approval from the audit committee for all non-audit services, did the lead engagement partner discuss safeguards in place to protect the independence, objectivity and professional scepticism of the auditor? Q23

* Based upon Audit Committee Annual Evaluation of the External Auditor, NACD, October 2012


24

The new necessity: Finding ROI from GRC

The downturn changed a lot of things. But even with the economy firmly on the recovery path, budgets remain leaner and under greater scrutiny than ever before. The velocity of change in Governance, Risk, and Compliance (GRC) has increased, and organizations need to find ways to become cost effective to keep up with current and future demands. Leaders now seek to leverage their organizational power as they respond to regulatory challenges.


25

Making the most of the new realityTo begin with, management and directors alike should be asking themselves several important questions:

v How should our organization manage this process?

v What should we really expect in terms of ROI from GRC?

v Is there cost hidden in our compliance-related activities?

v What steps can we take to extract ROI from our GRC function?

v Do we need to spend more to save more?

The trick, of course, is to get all the right people on board.

Such fresh attention on areas that might otherwise be flying under the ROI radar comes with a host of potential pitfalls. But the bottom line is that any new attention is good attention, particularly when it comes to saving money and potentially leading other functional areas in the drive toward ROI.

What drives GRC?There are several key triggers for driving GRC in the post-recession era. These include board requirements, regulatory and compliance-related triggers, as well as the ability to make risk-based decisions align with organizational strategy. While each presents its own specific set of requirements, collectively, they fuel demands for a more unified approach to GRC. The goal should be to realize some commonalities among the diversity of demands.

Board requirementsBoards clearly are seeking a more enlightened view of risk. They are looking at how risk maps strategically to the rest of their business operations. When it comes to reputational risk, the board is rightly concerned with the organization. But does the board have the right information to effectively assess the impact of risks to the organization?

Regulatory triggersNot surprisingly, regulators have a lot to say about global risk and compliance in the post-recession era. Companies must factor in a myriad of legislation, as well as the velocity of regulatory change. It all comes down to balancing company needs with

regulatory realities. This is especially true in the financial services and manufacturing arenas, which are leading the drive to compliance. But in the end, organizations often struggle to keep pace with the speed of regulatory change.

Compliance activitiesOrganizations increasingly strive to understand the need for compliance. However, corporate compliance processes are often siloed and disparate. To extract value from an enterprise GRC program, companies need to break down these silos and understand the risk implications across their organization.

TechnologyThe capabilities of technology tools have evolved dramatically since the recession, enabling organizations to rely on more automated and less on manual controls. Technology provides a framework to standardize foundational elements around risk processes and control to drive value across the organization. This is evidenced, for example, in more automated transactions monitoring. The essential business requirements of the organization must drive the use of enterprise GRC


26

technology, not the reverse. As such, organizations must first identify the problems they need to solve. Many companies buy technology but never enhance ROI from their installed capabilities.

The evolution of GRCGlobal risk and compliance has evolved in the last 10 years. GRC evolved from something simple to something complex, and the level of complexity is accelerating. Even the definition of GRC has evolved dramatically over the years, and organizations today often define it very differently. GRC processes have developed in response to the velocity of change and the complexity of managing enterprise risk.

Innovations in GRC tools capabilities are advancing in areas such as corporate dashboards, data analytics, continuous control, and transaction monitoring. We believe such advances in GRC tools have largely

kept pace with new corporate information requirements.

Today, boards have higher expectations to understand the risk profiles of their organizations. As such, companies can ill afford to take siloed approaches to their data. In effect, this has spurred fresh interest in integrating information to improve efficiency and potentially unlock ROI.

Getting what you pay forCompanies with existing GRC processes should examine them to help ensure they are maximizing the functionality of existing implementations. Often organizations are wasting time and money on duplicative processes. Existing functionality might simply go unused as new tools are purchased that perform virtually the same tasks. This can be further compounded by entrenched information silos, which hamper effective communications that would help eliminate overlapping

functionality. Simple communications and more direct oversight can help different buyers create improvements in operations and expenditures, streamlining operations, and saving money.

Defining GRC for the modern enterpriseThe maturity range of automation stretches from organizations with no enterprise GRC to those with established or even duplicative technology. GRC has been evolving so rapidly in the past 10 years that organizations can find themselves struggling to keep up with all the changes. There is often pronounced organizational disparity in GRC.

Forward-thinking companies are working to keep current in their GRC technology or even bring it to the next level to stay ahead in the marketplace. Whether your organization is a leader in GRC technology deployment, a fast


27

follower, or even a laggard, there is value to be found today, tomorrow, and in the future. GRC technology and processes must be adaptable to rapidly respond to short- and long-term change. Understanding the requirements to select the best tool can help you uncover ROI and remain competitive on the GRC front. Today’s GRC leader could easily become tomorrow’s GRC laggard simply by not keeping up with the pace of technology evolution.

Leveraging data analytics as part of the GRC journeyWhat’s emerging in terms of capabilities and structure? Data and analytics are being used in a more dramatic way to extract risk and compliance information to meet the requirements of the board, senior management, and regulators. This trend is expected to continue. Data analytics gives organizations the ability to monitor the state of transactions and controls. A link

between analytics and sophisticated reporting will ultimately help enable better decision making. The ability of an organization to understand, track, and report on emerging risk areas is becoming increasingly important. Underestimating the dynamics of a risk environment can result in information security threats, data breaches, and social media/mobile device risks.

Assessing your data is a logical first stepROI can result from the convergence of external triggers. As companies respond to regulatory and organizational change - such as new laws, new businesses, and new expansion opportunities - an opportunity emerges to derive new value. Large-scale finance transformation implementations, for one, can be an opportune time for organizations to adjust their thinking about instead of around GRC. Q23


28

Large companies in the European Union must report on the social, environmental and human rights impact in their annual company report.

Large companies in the European Union must report on social, environmental and human rights impact in their annual company report.

The European Parliament adopted a directive on 15 April, under which major businesses across the EU will be required to report on social, environmental and human rights impact in their annual company report. The directive will enter into force once adopted by the Council of Ministers and published in the EU Official Journal.

Companies concerned will need to disclose information on policies, risks and outcomes as regards environmental matters, social and employee-related aspects, respect for human rights, anti-corruption and bribery issues and diversity in their board of directors. The new rules will only apply to large public interest entities with more than 500 employees. These large public-interest entities will be required to disclose certain non-financial information in their management report. This includes listed companies, as well as some unlisted companies, such as

banks, insurance companies and other companies that are so designated by Member States because of their activities, size or number of employees.

The scope includes approximately 6.000 large companies and groups across the EU. Currently, fewer than 10 percent of the largest EU companies regularly publish information about environmental, social and governance (ESG).

Under the new legislation, the number of companies undertaking ESG reporting will more than double compared to existing voluntary arrangements.

The Directive leaves significant flexibility for companies to disclose relevant information in the way that they consider most useful. Companies may use international, European or national guidelines, which they consider appropriate (for instance, the UN Global Compact, ISO 26000, or the German Sustainability Code).

For more information, visit: www.ec.europa.eu

EU directive on disclosure of non financial information


29

The ACI Roundtable is an exclusive event organized by the Audit Committee Institute (ACI) for selected members of audit committees

and board directors – providing a unique opportunity to exchange best practices and enjoy contacts with peers, free of charge.

Risk Management Dynamics and Corporate Culture

Over the last years, risk oversight responsibilities of boards and its committees have expanded rapidly – with companies facing a range of new risks that have become increasingly complex and challenging.

Clearly, more than ever boards and audit committees should seek to ensure that risk management dynamics are fit for purpose and that corporate culture is fully utilized as an effective weapon to manage risk.

We are delighted that our next Roundtable will feature the following guest speakers:

Audit Committee Institute Roundtable Thursday 23 October 2014

Duco Sickinghe

KPN: Member of the BoardFortino: Managing DirectorCentral Media Enterprises: Member of the BoardEuropean Asset Trust: Member of the BoardUnibreda: Member of the BoardGuberna: Member of the BoardCVC: Advisor

Franky Depickere

KBC Group: Chairman of the Audit, Risk and Compliance CommitteeMiko NV: Chairman of the Audit Committee Euro Pool System International B.V.: Chairman of the Audit CommitteeKBC Ancora & Cera: Chief Executive Officer

Our next ACI Roundtable will be organized over lunch on Thursday 23 October 2014 from 10h00 to 14h00 in Salons de Romree, Brusselsesteenweg 39, 1850 Grimbergen.

If you would like to attend our ACI Roundtable, please register before 6 October 2014 at [email protected].

Resources


30

Who cares about goodwill impairment?

How useful is the information obtained from annually assessing goodwill for impairment? Are improvements needed regarding the information provided by impairment tests? What are the main implementation, auditing and enforcement challenges in testing goodwill for impairment?

With this in mind, KPMG interviewed a sample of stakeholders to find out what they think about goodwill impairment testing – its relevance, its effectiveness, the difficulties and the disclosures.

Goodwill impairment testing is a complex area of financial reporting that requires careful judgment. In sector-based interviews, the impairment testing of goodwill is regularly cited a critical judgment and a key area of estimation uncertainty in preparing financial statements.

In brief, the analysis came to the following main findings:

• Although goodwill impairment testing was found to be relevant in assessing how well an investment has performed, its relevance to the market is in confirming rather than predicting value.

• The degree of subjectivity in goodwill impairment testing limits its effectiveness. And the high number of judgments and assumptions make goodwill impairment a complex and time-consuming exercise.

• Many companies think that the level of impairment-related disclosures is excessive, but others do not share that view. Analysts, in particular, would be in favour of more disclosures.

• There is considerable support to return to an amortization-based model of accounting for goodwill.

If the cost of compliance is high and the value relevance of goodwill impairment testing is less significant, could the model then be simplified? If a key benefit of goodwill impairment testing is accountability, how could that still be achieved in a simplified model? Why do users

want enhanced disclosures – is it related to goodwill impairment of something else?

KPMG performed this analysis related to the IASB’s post-implementation Review: IFRS 3 Business Combinations, which sought stakeholder feedback about many of the major aspects of IFRS 3, including goodwill impairment.

The full text of the paper is available for download from the Financial Reporting Network section of the KPMG Institutes website at www.kpmginstitutes.com.

In search for suspect accounting

Financial analysts and regulators know a lot about how companies falsify accounting and misrepresent earnings. For example, if a company moves items off the balance sheet or reports earnings that move in the opposite direction of cash flows, it’s time to pay close attention.

They also know that a large merger or acquisition is a common backdrop for earnings management. And they are familiar with the notion that a sudden jump in accruals suggests that a firm’s financial statements may not be a precise portrait of its economic health.

But what they and others know about accounting fraud or the misrepresentation of earnings is far outweighed by what they don’t know: Who’s manipulating earnings (legally or illegally) and how widespread is it? What percentage of accounting fraud do regulators and analysts miss? Is there any way to get better at catching the perpetrators?

In a study released in 2014, a group of nearly 400 CFOs said they believe that in a given period, one-fifth of companies are “distorting” earnings — that, is following the letter of generally accepted accounting principles but not necessarily the spirit. On average, the earnings distortion was found to be as large as 10 cents on every dollar of earnings, said the CFOs in the study. (The study, “The Misrepresentation of Earnings,” by Ilia Dichev of Emory University and John Graham and Campbell Harvey of Duke University, is based on an earlier survey of finance chiefs conducted with the assistance of CFO


31

magazine.) If the problem is half as prevalent as those finance chiefs think it is, it can represent a hefty premium on the cost of capital and hurt the careers of senior executives once the shady dealings of such companies come to light.

Read more on the accounting section of CFO.com at ww2.cfo.com/accounting/2014/04/search-suspect-accounting

The Intersection of Technology, Strategy and Risk: A Video Series Defining the Board’s Role

As information technology (IT) continues to evolve, so does the role of an effective corporate director.

From big data analytics to social media to cybersecurity, technology creates opportunities for companies to innovate, create operational efficiencies and develop a competitive advantage.

A new video series from KPMG featuring short discussions among corporate directors, technology experts and CIOs is designed to help boards understand:

• How emerging technologies impact directors’ responsibilities?

• Why the board must partner with the CIO in providing IT leadership?

• What boards should ask about big data, security and social media?

Watch the videos free of charge on the Advisory Institute section of the KPMG Institutes website at www.kpmginstitutes.com.

The Center for Audit Quality approach to audit quality indicators.

Following a two-year effort, the Center for Audit Quality (CAQ) has released the CAQ Approach to Audit Quality Indicators (AQIs), regarding which indicators may be most relevant and how and to whom they should be communicated.

Throughout the development of this approach, the CAQ has sought input from a variety of key stakeholders including investors, audit committees, regulators, academics and the audit profession.

The CAQ Approach to Audit Quality Indicators is based on a two-fold focus:

1. Communications of AQIs that are directed at audit committees. The CAQ Approach to communicating a set of potential AQIs recognizes the vital role the audit committee plays in providing oversight of the audit. These communications are intended to supplement other communications provided to the audit committee, including the auditor’s required communications under professional standards, as well as, information included in the audit firm’s audit quality and transparency reports.

2. Communication of AQIs that are focused largely on engagement-specific indicators. Communication of indicators at the engagement level could drive actions that might help maintain or increase audit quality on an engagement, and may also assist the audit committee in evaluating the effectiveness of the audit firm.

The CAQ Approach includes a set of potential AQIs that taken as a whole could aid audit committees in their oversight of the audit. This set of AQIs encompasses four key elements of audit quality:

1. Firm leadership and tone at the top

2. Engagement team knowledge, experience and workload

3. Monitoring (Internal and external) quality review findings

4. Auditor reporting

Read more in the Newsroom section of the Center for Audit Quality website at www.thecaq.org/newsroom

About ACI

The Audit Committee Institute (ACI) champions good corporate governance to help drive long-term corporate value and enhance investor confidence. Focussing on the audit committee and supporting the director community more broadly, ACI engages with directors and business leaders to help articulate their challenges and promote continuous improvement. Sponsored by KPMG, ACI delivers actionable thought leadership – on risk and strategy, technology, compliance, financial reporting and audit quality – all though a board lens.

ACI Professionals

Sophie Brabants, Chairwoman ACI BelgiumKPMG Bedrijfsrevisoren, Partner, Certified Auditor

Wim Vandecruys, Director ACI BelgiumKPMG Bedrijfsrevisoren, Senior Manager

Theo Erauw, Honorary ChairmanHonorary Certified Auditor

Contributing Editors

Gilbert Bombaerts, DirectorKPMG Bedrijfsrevisoren, Director

David A. Brown, DirectorKPMG LLP – U.S. Audit Committee Institute

Tim Copnell, PartnerKPMG LLP – U.K. Audit Committee Institute

Matt Chapman, PartnerKPMG LLP – Better Business reporting

Tony Torchia, PartnerKPMG LLP – GRC Technology Services

Contact us

Wim VandecruysAudit Committee InstituteBourgetlaan - Avenue du Bourget 40B-1130 Brussel - Bruxelles

www.audit-committee-institute.beE-mail: [email protected].: +32 3 821 18 06Fax: +32 2 708 43 99

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received, or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. While every effort has been taken to verify the accuracy of this information, neither the Audit Committee Institute, its sponsors, professionals nor contributing editors can accept any responsability or liability for reliance by any person on this quartely newsletter or any of the information, opinions or conclusions set out in this quartely newsletter.

© 2014 KPMG Support Services ESV/GIE is a Belgian firm providing services to local member firms of KPMG International, a Swiss cooperative. Responsible editor: Sophie Brabants, Avenue du Bourget - Bourgetlaan 40, B-1130 Brussels. All rights reserved. September 2014 . Printed in Belgium.

Audit Committee Institute in Belgium

@ACI_BE

quarterly 23 - kpmg€¦ · aci: what are some “must-do’s” for audit committees to be...

Documents