To make sure you receive future emails,
please add {[EM-EMAIL ADDRESS]} to your address book or safe list.

Audit & Accounting Alert Newsletter

Issue 9 | November 2015

At-A-Glance

Gerry Herter

Materiality is in the eye of the beholder. Accountants have been wrestling for ages over what constitutes materiality and whether disclosure is required or desirable. The latest attempt to shed light on the matter is contained in two new exposure drafts issued by the Financial Accounting Standards Board (FASB). Our first article looks at how the proposed standards would redefine materiality and guide the process for assessing the need for disclosure.

Then we turn to the upcoming audit season in our second article. The Center for Audit Quality (CAQ) and the Public Company Accounting Oversight Board (PCAOB) have released their annual alerts, highlighting areas that warrant special consideration. Much of the focus may sound familiar, but repeated audit review deficiencies indicate that periodic reminders are a continued necessity.

 Cybersecurity is one of the highlighted audit areas calling for specific attention. The widespread use and versatility of mobile devices has expanded faster than the implementation of safeguards to protect from the diverse array of threats. Our third article seeks to heighten awareness to the unforeseen risks that come with incorporation of these innovative tools into the workplace.

Editor Gerald E. Herter, CPA

In This Issue 

Concept of Materiality up for Clarification

FASB proposes adoption of legal definition

When the mood for convergence of accounting standards was going strong, the IASB and FASB were on the way to jointly producing an updated conceptual framework for financial reporting. Alas, the momentum was lost when, in 2010, the project was suspended in deference to more pressing issues. However, two chapters of the framework had been completed. Included in Chapter 3, Qualitative Characteristics of Useful Financial Information, the following definition of materiality was agreed upon:

“Information is material if omitting it or misstating it could influence decisions that users make on the basis of financial information about a specific reporting entity. In other words, materiality is an entity-specific aspect of relevance based on the nature or magnitude, or both, of the items to which the information relates in the context of an individual entity’s financial report. Consequently, the Board cannot specify a uniform quantitative threshold for materiality or predetermine what could be material in a particular situation.”

In the following years, materiality has continued to raise concerns, both as to measurement and the implications for financial statement disclosures. Since materiality is at best a judgment call, the tendency has been to err on the side of recording and disclosing ever smaller, seemingly obscure items. This approach can lead to more important issues getting lost within the volume of data and verbiage, thereby defeating the purpose of the objective.

The FASB is addressing these concerns in two Exposure Drafts (ED) issued on September 24, 2015: Proposed Concepts Statement—Conceptual Framework for Financial Reporting Chapter 3: Qualitative Characteristics of Useful Financial Information and Proposed Accounting Standards Update, Notes to Financial Statements: Assessing Whether Disclosures Are Material.

In proposing the amendment to the Conceptual Framework, the ED replaces the above definition with the following: “Materiality is a legal concept. In the United States, a legal concept may be established or changed through legislative, executive, or judicial action. The Board observes but does not promulgate definitions of materiality. Currently, the Board observes that the U.S. Supreme Court’s definition of materiality, in the context of the antifraud provisions of the U.S. securities laws, generally states that information is material if there is a substantial likelihood that the omitted or misstated item would have been viewed by a reasonable resource provider as having significantly altered the total mix of information. Consequently, the Board cannot specify or advise specifying a uniform quantitative threshold for materiality or predetermine what could be material in a particular situation.”

In short, the Board is stating that materiality is:

  1. A legal concept;
  2.  Not defined by the FASB;
  3.  Defined by the U.S. Supreme Court.

While the Conceptual Framework proposal will guide the FASB as future standards are developed, the other ED directly addresses materiality as related to footnote disclosures. The FASB asserts that the proposal “is intended to promote the appropriate use of discretion by organizations when deciding which disclosures should be considered material in their particular circumstances.” Specifically, the ED states that:

  1.  Materiality would be applied to quantitative and qualitative disclosures individually and in the aggregate in the context of the financial statements as a whole; therefore, some, all, or none of the requirements in a disclosure Section may be material;
  2.  Materiality would be identified as a legal concept;
  3.  Omitting a disclosure of immaterial information would not be an accounting error.

The proposals may provide accountants with some cover when deciding to eliminate questionable disclosures. Even so, the change in how materiality is defined may appear to some practitioners as a mere shift in semantics as opposed to substantive change. Judgment is still the overriding requirement in most cases.

These ED’s would apply to all entities and go into effect upon issuance. Comments are due by December 8, 2015.

The IASB is dealing with similar issues with regards to the definition and application of materiality, and is expected to propose amendments to IFRS in the near future. Whether or not those amendments will be similar to the FASB proposals remains to be seen.

Meanwhile, the United Kingdom’s Financial Reporting Council (FRC) addressed materiality in its Corporate Reporting Review Annual Report 2015, issued on October 22, 2015. While stating that “the overall quality of corporate reporting is generally good,” the report noted “a potential concern about how some Boards assess materiality, materiality assessments should not be used to conceal errors or achieve a particular presentation, and boards need to look at issues through the 'right lens' - what do investors expect to see?” The FRC also acknowledged that efforts to improve financial reporting are building in response to the Council’s Clear & Concise initiative launched last year.

For further information, see FASB Disclosure Framework Exposure Drafts on Materiality.

Key Areas for Audit Focus

Center for Audit Quality delivers annual audit alert

The Center for Audit Quality (CAQ) is an autonomous group, affiliated with the American Institute of Public Accountants (AICPA), dedicated to improving audit performance. Though the CAQ’s direct focus is on auditors serving public companies, the advice promulgated in its publications is also useful for auditors of private companies wherever they are located.

In October 2015, the CAQ issued Select Auditing Considerations for the 2015 Audit Cycle, along with a targeted version specifically for audits of brokers and dealers. Topics included, which the CAQ considers “some of the more judgmental or complex audit areas,” are:

  1.  Professional Skepticism;
  2.  Internal Control Over Financial Reporting (ICFR);
  3.  Risk Assessment and Audit Planning;
  4.  Supervision of Other Auditors and Multi-Location Audit Engagements;
  5.  Testing Issuer-Prepared Data and Reports;
  6.  Cybersecurity;
  7.  Revenue recognition;
  8.  Auditing Accounting Estimates, Including Fair Value Measurements;
  9.  Related Parties and Significant Unusual Transactions.

The first two and final three were also in last year’s CAQ alert, confirming that they present ongoing challenges for auditors. Consequently, there was no surprise when the Public Company Accounting Oversight Board (PCAOB) put out its Staff Inspection Brief in October 2015. In corresponding manner, the Board indicated that inspectors would be focusing on the following three areas where deficiencies have been significant in the past year:

  1.  Auditing internal control over financial reporting;
  2.  Assessing and responding to risks of material misstatement;
  3.  Auditing accounting estimates, including fair value measurements.

The PCAOB covered most of the CAQ’s audit topics within the context of these three overriding areas. For example, regarding professional skepticism, the CAQ cautioned against “merely obtaining the most readily available evidence to corroborate management’s assertions.” The PCAOB’s Brief echoes that sentiment reporting that many inspections found that “firms sought to obtain only evidence that would support significant judgments or representations made by management, rather than to critically assess the reasonableness of management’s judgments or representations, taking into account all relevant evidence, regardless of whether it confirmed or contradicted management’s assertions.” Time pressure and inherent client bias can inadvertently lead to a shortcoming of this nature if care is not taken.

The PCAOB’s Brief reported that revenue is the most inspected item, stemming from the extent of deficiencies. The CAQ’s section on revenue recognition spelled out in detail areas that call for special attention, drawing from the PCAOB’s Staff Audit Practice Alert No. 12, issued in September 2014. These areas covered:

1. Testing Revenue Recognition, Presentation, and Disclosure;

  •  Testing the recognition of revenue from contractual arrangements – requires an understanding of the business aspects of the company;
  •  Evaluating the presentation of revenue—gross versus net revenue – requires agent versus principal determination;
  •  Testing whether revenue was recognized in the correct period –requires cutoff procedures, proof of delivery and other documentation;
  •  Evaluating whether the financial statements include the required disclosures regarding revenue;

2. Other Aspects of Testing Revenue;

  •  Responding to risks of material misstatement due to fraud ("fraud risks") associated with revenue – requires use of independent sources, and unpredictability in timing, selection of lower amounts or unexpected items and elements of surprise;
  •  Testing and evaluating controls over revenue;
  •  Applying audit sampling procedures to test revenue;
  •  Performing substantive analytical procedures to test revenue – requires considering the nature of the assertion, the plausibility and predictability of the relationship, the availability and reliability of data, precision, and the threshold for investigation of differences.
  •  Testing revenue in companies with multiple locations.

Even though the new revenue accounting standard is not yet effective, the CAQ also noted that “the auditor should evaluate management’s required disclosure of the impact the new accounting standard is likely to have on the financial statements, including evaluating the form, arrangement, and content of the disclosure.”

In addition to professional skepticism and revenue recognition, the CAF and PCAOB reports elaborate on the other key audit areas in similar fashion. In our next article, we touch on the challenges of the cybersecurity issue within the context of a mobile world.

For further information, see Select Auditing Considerations for the 2015 Audit Cycle and PCAOB Staff Inspection Brief.

Cybersecurity in a Mobile World

Security lags behind use of mobile devices

At a recent conference on Big Data hosted by Integra member, Swenson Advisors, in San Diego, one of the topics was “Managing Risk & Compliance for The Mobile World.” The speaker, Shrini “Chris” Keskar, of Larkspur Technology, stated that “mobile will create 90% of the data (structured or unstructured) in [the] next 5 years.” As scary or exciting (depending on your point of view) as that thought may be, the more disconcerting statement was his pronouncement that “security is a second thought right now in the mobile world.”

Since practically everyone uses mobile devices nowadays, my immediate concern was for personal data. But beyond that, the implications are momentous for the financial audit process, and for companies that are subject to audits. In both cases, physical security of mobile devices needs to be addressed, as well as protection against improper access. In addition, companies and auditors need to consider and assess the internal controls over financial reporting for transactions initiated or processed through mobile devices.

These concerns have been around in some form for a while. Portable computing began in earnest in the early 1980’s, most notably with the luggable Compaq. Laptops and notebook computers were not far behind.

In more recent times, smartphones and tablets have reduced the size factor significantly. But they have also brought advanced technological features such as location-based geo coding, and expanded use of API (Application Programing interface). With API, an entryway to software, mobile apps can provide efficient access to entity software and information without going into the internet. With these added capabilities and enhancements to productivity, mobile devices also introduce new pathways for security breaches.

Keskar pointed out a “paradigm shift in risk management,” whereby “risk is now everyone’s business” and “is well beyond what you can see.” Since the trend going forward is for much more, not less mobile use, he states that addressing the security issues is a matter of the very survival of a business.

Keskar illustrated the new paradigm of managing risk with five directives:

  1.  Empower people and delegate responsibility;
  2.  Enable everyone (including non-IT staff) to watch security;
  3.  Enable secured – openness for business to succeed;
  4.  Create the culture of risk mitigation:
  5.  Turn challenges into opportunities.

As with all mission critical strategies, security in a mobile world needs to start at the top, with a data governance policy and a security officer role. The more complex technical policies should be implemented and monitored by those with the appropriate level of expertise. Security strategy should be continuous with training and periodic tests for vulnerability. But for the basics, “first and foremost” there are “common sense” steps to be taken, such as passwords that are not obvious, not exposed, and that are often changed, as well as physical safeguards and the means for remotely clearing data from lost or stolen devices.

The American Institute of Certified Public Accountants (AICPA) and the ISACA (formerly known as the Information Systems Audit and Control Association) offer tools for managing mobile security. The Information Management and Technology Assurance section of the AICPA website includes on its Cyber Security page a number of resources including ABCs of IT Security for CPAs #4: A CPAs Introduction to Mobile and Remote Computing Security Considerations. Among the ISACA offerings is the Mobile Computing Security Audit/Assurance Program.

Since the mobile world of data is here to stay, companies have no choice but to embrace it. By tackling this challenge earlier rather than later, a company can stand out as a business differentiator with a reputation of dependability, while keeping the company’s vital data safe.

For further information, see How technology is changing the way CPAs work and P10 Questions Business Leaders Should Ask About Mobile Security

Additional A&A News

The following links provide a selection of current articles devoted to highlighting other A&A topics currently making news.

  1. Deloitte Social Impact Practice Helps Clients Tackle Societal Challenges
  2. Earnings Misstatements Come in Bunches, Study Says
  3. IFAC Calls for International Agreement on Global Emissions
  4. GASB proposes pension standards relief for certain governments
  5. Shared audit: two good, two bad?
  6. A Global Standards Advocate Answers Miller & Bahnson

Audit & Accounting Alert is a publication of Integra International intended to highlight emerging issues in the profession. The goal is to give Integra members an awareness of developments impacting the practice of Audit & Accounting, enabling them to stay on the forefront of industry trends.

Editor Gerald E. Herter  •  HMWC CPAs & Business Advisors, 17501 E. 17th Street, Suite 100, Tustin, CA 92780-7924
 •  Tel: 1 714 505-9000  •  Fax: 1 714 505-9200  •  Email: [email protected]