I just spent three days in Washington, D.C. at the 2022 AICPA and CIMA Conference on SEC and PCAOB developments. Days were filled with presentations from various regulators such as the SEC, the PCAOB, the FASB, the IASB, and other stakeholders within the industry. Topics were varied but certainly there was a consistent theme: we are living in unprecedented times filled with an incredible amount of uncertainty and with ever-increasing rates of change; exponential evolution some might say. As the old adage goes: the only constant is change.
Tone at the Top
Having attended many of these AICPA conferences, what I thought was perhaps most notable this year was a significant shift in tone, and I saw this in two distinct manners. First, whether the SEC, the PCAOB, the FASB or any other industry group, presenters repeatedly emphasized the importance of acting on behalf of investors and stakeholders and the significance of seeking input from stakeholders. All regulators have processes designed to incorporate feedback on proposed standards and almost every group has various oversight and investor stakeholder committees to ensure the investor public is represented and heard. The other major shift in tone was the emphasis on quality: quality financial reporting, quality disclosures, and perhaps most notably, quality audits. Last year, the SEC enforcement division started that tone shift with a bold statement that auditors are the gatekeepers. This year, the PCAOB’s new board continued that messaging; the Chair of the PCAOB, Chair Williams, made it very clear that the PCAOB is holding auditors accountable and is pursuing strong enforcement actions, as evidenced by the significant increase in both the number of enforcement cases closed in 2022 and the dollar amount of monetary penalties imposed on individuals and registered firms through enforcement actions.
Economic Uncertainty
Though perhaps sensationalized in the media, the reality is that we are indeed living in unprecedented times. Inflation in the US (and most of the world) is the highest it has been in almost 40 years. To combat inflation, interest rates have also been rising to levels not seen in decades. Compounding these factors, there are continued supply chain disruptions partially resulting from effects of the global pandemic, there is Russia’s war in Ukraine, and amongst other variables, there is the unexpected labor shortage (from the Great Resignation). All these factors beg the question: are we in a recession? If not yet, when? How bad will it be? How long will it last?
While these developments make for “interesting” political rhetoric, they also pose real challenges to the accounting and audit professions. For example, rising interest rates (which means higher discount rates) and rising inflation, particularly on costs (which translates to challenging cash flow projections and potentially lower margins), likely implies lower fair values when performing asset valuations for potential impairment. Rising interest rates also indicates higher incremental borrowing rates which equates to lower values for leased assets (and to be fair, lower liabilities as well).
Disclosures and Disaggregation
While many in the audit and accounting profession focus on the numbers in the financial statements themselves, the resounding message from the SEC was simply this: disclosures matter, so get them right! The SEC (Corp Fin, Enforcement, and OCA) spent most of its sessions discussing the significance of disclosures in the financial statements, including disclosures outside the financial statements, but required in the filing such as MD&A. For instance, the SEC made clear that registrants need to revisit risk disclosures and ensure that they are accurate and up to date considering the evolving economic landscape. In fact, though risk disclosures often read as hypotheticals, currently, many of the risks are now actual realities. There is no risk of inflation; inflation is real and relevant. There is no risk of rising interest rates; interest rates have gone up significantly over the past year.
In addition, the SEC and FASB discussed the increasing demand for disaggregation of disclosures. The FASB is currently considering increased disaggregation and disclosure related to segment reporting and income statement line items (such as further disaggregation of expenses and income taxes) and further disclosure related to statements of cash flows. The SEC is similarly releasing additional guidance and interpretations around further disaggregation over disclosures, or perhaps stated differently, around further depth and clarity. Don’t just tell the users “what” but give them more color as to “why.”
Finally, the SEC continued their focus on non-GAAP disclosures and ensuring these are a) labeled appropriately (clearly identified as non-GAAP and not using titles or labels similar to those used in GAAP metrics), b) are NOT more prominent than GAAP disclosures and c) are NOT misleading. The SEC does thorough reviews of SEC filings, but it’s important to know that the SEC also reviews anything available in the public domain including all press releases, earnings reports and issuers’ and management’s social media activity.
Recurring Hot Topics
Just as revenue recognition, leases and credit losses were the subject of recurring discussions for an almost three- or four-year period, the new hot topics included ESG, crypto, and cybersecurity.
Environmental, Social and Governance (or ESG)
Unsurprisingly, ESG was front and center in almost every discussion during the conference. It would be an understatement to say that huge changes are coming. While the fate of the 550-page SEC proposal is undetermined, the future of the US ESG movement is still inextricably linked to the forward progress in Europe. Global multinational firms as well as companies that are in any way a part of the European supply chain will have to start some form of ESG reporting and compliance in the coming years. The discussions at the conference further delved into the potential changes and challenges facing ESG. It seems all major corporations are struggling to find where to house this emerging department, though many agree that financial reporting will house and/or have significant involvement in this area given the current processes and controls in place. Consensus indicates that the biggest struggle will be in two facets:
Crypto
The recurring joke amongst presenters was that you couldn’t sit up on stage and not mention crypto…and sure enough, almost every presenter discussed crypto currency and digital assets. There appears to be a lot of demand for additional guidance (at least the questions submitted to the panels seemed to indicate that); I believe that stems from perhaps a lack of understanding of the emerging technology. Although the SEC and FASB have released interpretations and limited guidance on how to account and report digital assets, both entities seemed to indicate that the current accounting and financial reporting frameworks provide sufficient guidance. The PCAOB also includes crypto as a risk factor when selected risk-based audits for inspection; although there continue to be deficiencies in the audit space, the PCAOB also believes its standards are currently sufficient. So, while there was always mention of crypto, there was actually very little in-depth discussion of crypto.
Cybersecurity
Surprisingly (in this author’s humble opinion), there was far less discussion of cybersecurity than one might expect. That said, one of the panelists, Pete Cordero, former FBI and current cybersecurity advisor/consultant, also emphatically stated that cybersecurity is “THE risk of the decade.” And I don’t disagree. Specific to audit and accounting, cybersecurity poses a risk to the integrity of financial reporting systems which in turn poses a pervasive threat to the entire financial reporting process. Cybersecurity also poses a greater risk to society at large whether threatening utilities, financial institutions, or as many learned from Colonial Pipeline, general supply chains, including oil and gas.
Although there was only one hour devoted to cybersecurity, the discussion was robust and informative. The SEC requires disclosures around cybersecurity risks (if they are real and relevant, which given email, inherently applies to every company) and cybersecurity breaches. By its very nature, given the pervasiveness of technology, it’s difficult to determine “what constitutes a material breach?”
Perhaps most indicative of how future regulation may develop, Mr. Cordero discussed some of the proposed amendments to the New York Department of Financial Services’ DFS Part 500 Cybersecurity Rules including the requirement for certain companies with heightened risk to conduct an annual, independent audit of cybersecurity programs. Stop and digest that for a minute. In a realm of ever-changing and unlimited potential risk, what is the appropriate threshold to assert that controls are sufficiently designed, implemented and operating effectively to prevent and/or detect cybersecurity threats and breaches? There’s a lot to unpack here, but for another time.
Resources Abound
There is a significant amount of change in the industry and we’re all feeling it. There is a sense of overwhelm at times and we didn’t even touch on the labor shortages and the new quality management standards impacting audit firms. We get it and we feel the pressure many of our clients are facing. Despite the number of changes and emerging topics, I took comfort in seeing just how much the regulators seem to understand the evolving landscape. While they are there to represent their stakeholders, they also want to support the accountants and auditors to empower quality financial reporting and auditing. There is an abundance of resources on almost every topic covered at the conference including publications from the FASB, SEC, PCAOB, AICPA, CAQ, IASB, ISSB, Big 4, industry groups, etc. In addition, as evidenced in the hallways and the underwriter booths, there are literally dozens of companies out there to support you whether in data analytics, scheduling and temporary staffing, knowledge experts and training, etc. And yes, we here at JGA have our fingers on the pulse of the audit industry and are ready to help however we can.
Johnson Global Advisory
700 Flower Street #1000
Los Angeles, CA 90017
USA
+1 (702) 848-7084