Friday, July 14, 2017

Anti-Fraud Collaboration reviews accounting policies and internal controls

By Jacquelyn Lumb

The Anti-Fraud Collaboration hosted a webcast on effective accounting policies and internal controls as a means of preventing fraud and reducing the number of financial restatements. The panelists were experts in financial reporting and included moderator Cynthia Fornelli, the executive director of the Center for Audit Quality; Brian Croteau, formerly a deputy chief accountant at the SEC and now a partner at PricewaterhouseCoopers; Suzanne Hopgood, the president and CEO of consulting firm Hopgood Group; Karl Erhardt, executive vice president and chief auditor at MetLife; and Linda Zukaukas, executive vice president and corporate controller at American Express.

Accounting policies. Zukaukas noted that a lot of accounting guidance is emerging as a result of the new FASB standards with differing implementation dates. She said companies’ accounting policies should be aligned with the technical guidance but tailored to the specific business. Companies’ accounting policies should be understandable to non-accountants; aligned with business processes; reviewed periodically based on risk; tested in the field prior to implementation; integrated with internal control over financial reporting to monitor compliance; and clearly communicated to the auditors.

Croteau emphasized the importance of communication between management and the auditors. Auditors should be involved early for better planning and to avoid surprises when implementing the new standards. He cited statements by the SEC and the PCAOB in 2005 about accountants’ ability to assist in improving internal controls and determining the appropriate accounting.

Erhardt, who noted that MetLife is currently implementing about two dozen accounting policies under GAAP and international financial reporting standards, emphasized the importance of documenting policy decisions.

Hopgood described it as a learning process with input from both internal and external auditors and the chief financial officer. Audit committees must understand how the financial statements were developed, what the changes are, and if the policies are being followed. They must be willing to ask questions if it appears the policies are not being followed, she advised.

Reviewing accounting policies. Fornelli asked whether it is common practice to revisit existing accounting policies periodically. Zukaukas said that Amex views its critical accounting matters annually and has a refresh cycle based on the importance and materiality of an issue. Croteau said it is important to refresh accounting policies even when there are no new standards to take into account.

New accounting standards. Among the best practices for the new accounting standards are policies that are granular, include examples, are tested, have clear lines of responsibility and communication, and take into consideration industry guidance. It is also important to communicate with colleagues, specialists and advisers, early and often, according to the panelists.

With respect to the implementation of the new revenue recognition standard, Croteau said if it is not done well it will be a step backward and may result in more restatements. Companies should assess their systems and internal controls; revisit business models and contract terms, consider compensation plans early to avoid unintended consequences, and review debt agreements for any needs to modify covenants to avoid unintended constraints or violations.

Internal control over financial reporting. With respect to internal control over financial reporting, Croteau said the tone at the top is important. He recommended a risk-based approach and the development of controls for unusual or non-routine transactions. It is also important to be knowledgeable about the culture of company subsidiaries and to communicate regularly. He recommend that companies line up levels of evidence of control with financial reporting risk and tap external resources when needed.

Management override. The panelists also addressed the threat of management override which Hopgood called the Achilles heel of fraud prevention. Zukaukas said that among the mitigants were tone at the top, requiring all employees to take training and monitoring their training for compliance, centralizing control functions, and automating as many transactions as possible.

Among the warning signs of potential management override are an inappropriate tone at the top, unreasonable earnings pressure, an ineffective audit committee, bias in accounting estimates, and compensation structures that are heavily based on obtaining performance targets.

Audit committees. Erhardt described the qualities to look for in audit committee members, which include individuals who are independent minded, willing to challenge management when something doesn’t seem right, have critical thinking and communication skills, the ability to work with staff at different levels, business and industry knowledge, and the ability to navigate technological changes.