SEC Appoints an All-New PCAOB
On December 12, the Securities and Exchange Commission announced the appointment of a new slate of Public Company Accounting Oversight Board members. The five-member PCAOB has been operating with one vacancy, three members whose terms have expired, and one member with several years remaining on his term. As a result of the SEC’s action, new appointees will soon fill all five board seats.
The new Chair of the PCAOB will be William D. Duhnke. Mr. Duhnke is currently the Staff Director and General Counsel to the U.S. Senate Committee on Rules and Administration. He previously served as Staff Director and General Counsel to the U.S. Senate Committee on Banking, Housing and Urban Affairs and of the Committee on Appropriations. The other Board members will be:
- J. Robert Brown, a professor of law at the University of Denver. He has served on the staff of the SEC and worked in private practice.
- Kathleen M. Hamm, Global Leader of Securities and Fintech Solutions and Senior Strategic Advisor on Cyber Solutions at Promontory Financial Group. She previously worked at the Department of the Treasury, the American Stock Exchange, and the SEC.
- James G. Kaiser, currently a partner and Global Assurance Methodology & Transformation Leader at PricewaterhouseCoopers.
- Duane M. DesParte, Senior Vice President and Corporate Controller of Exelon Corporation. He previously was an audit partner at Deloitte & Touche and, prior to that, Arthur Andersen.
In a statement on the appointment of the new Board members, SEC Chairman Jay Clayton indicated that the transition to the new Board was expected to occur in January.
Comment: The new PCAOB will, for the first time, include two former large firm audit partners (one of whom has also served as a reporting company controller). As a result, the PCAOB’s standard-setting may become more focused on core auditing issues and less on disclosure and corporate governance. In that regard, one of the PCAOB’s themes during the past several years has been the importance of the audit committee’s role in oversight of the independent auditor, and the Board has taken several steps to enhance audit committee oversight and to expand auditor/audit committee communication. While these initiatives are unlikely to be rolled back, and the Board will undoubtedly continue to be supportive of the role of the audit committee, the new Board may concentrate more on traditional, nuts-and-bolts auditing.
SEC Approves New Auditor’s Reporting Model and Shifts the Discussion to Implementation
On October 23, the Securities and Exchange Commission issued an order approving the far-reaching changes to the auditor’s report adopted by the Public Company Accounting Oversight Board last June. Many of the changes, including disclosure of the length of tenure of the company’s auditor, will take effect almost immediately. However, the most significant element of the new PCAOB requirements – discussion in the auditor’s report of critical audit matters (CAMs) – will not begin until 2019.
Earlier this year, as described in PCAOB Adopts New Auditor’s Reporting Model, May-June 2017 Update, the PCAOB adopted a new auditing standard requiring public company auditor’s reports to contain a discussion of CAMs that arose during the audit and disclosure of the year in which the auditor began serving as the company’s auditor. The Board also made several other changes to the form and content of the auditor’s report. The new PCAOB’s standards, like all of its rules, were subject to SEC approval.
Most audit committee member comments submitted to the SEC and PCAOB were opposed to CAM disclosure. See Audit Committee Members Are Still Dubious About the PCAOB’s Proposal to Expand Audit Reports, September 2016 Update. Among other things, audit committee comments suggested that CAM disclosure could inhibit auditor/audit committee communication, usurp management’s role in determining what should be disclosed, and confuse financial statement users. Most public company management comments voiced similar concerns.
In its approval order, the SEC discussed the objections commenters had raised to CAM disclosure. With respect to the impact on the auditor/audit committee relationship, the Commission concluded:
“We acknowledge that there exists a risk that communications between the auditor and the audit committee could be chilled, if the auditor were to avoid raising certain issues to the audit committee’s attention so as to not trigger the requirement to determine whether such issues are CAMs. However, we agree with the Board’s conclusion that the existing requirements to communicate matters to the audit committee — an auditing standard that would be violated if matters were not communicated — limits the risk of chilling to matters not falling within the scope of AS 1301, but falling within the scope of a CAM. * * *
“As it relates to the risk that the role of the audit committee will be undermined, we emphasize that the Commission has a long history of promoting effective and independent audit committees. * * * The intent of the Proposed Rules is to supplement the role of the audit committee by providing information about the audit through the lens of the auditor. The Proposed Rules are unlikely to impact this relationship or the dialogue between audit committees and auditors, and may even encourage audit committees to engage more extensively with auditors given that there will be disclosures by the auditor about those aspects of the audit that constitute CAMs.”
Summary of Changes and Effective Dates
The new reporting requirements will take effect in stages. The following changes will be required for audits of companies with fiscal years ending on or after December 15, 2017:
- Tenure. The report must state the year the auditor began serving as the company’s auditor.
- Addressees. The report must be addressed to the company's shareholders and board of directors.
- Independence. The report must include a statement that the auditor is required to be independent.
- Format. The auditor’s opinion on the financial statements must be in the first section of the report. In addition, reports must include certain section titles (“Opinion on the Financial Statements”, “Basis for Opinion”, and “Critical Audit Matters”) to improve readability.
- Fraud Responsibility. The report must include a statement that the audit was planned and performed to obtain reasonable assurance that the financial statements are free of material misstatements "whether due to error or fraud." (Currently, reports do not refer to the auditor’s consideration of the possibility of fraud.)
CAM reporting will begin for large accelerated filers with fiscal years ending on or after June 30, 2019. For audits of other public companies, CAM disclosure must be included in reports for fiscal years ending on or after December 15, 2020. However, CAMs may be included voluntarily in auditor’s reports before the effective date.
A CAM is defined as a matter that was communicated, or required to be communicated, to the audit committee and that (1) relates to accounts or disclosures that are material to the financial statements, and (2) involved especially challenging, subjective, or complex auditor judgment. The standard lists specific factors that should be considered in determining whether a matter communicated to the audit committee involved a challenging, subjective, or complex auditor judgment. For each CAM that the auditor identifies, the auditor’s report must:
- Identify the CAM.
- Describe the principal considerations that led to the determination that the matter is a CAM.
- Describe how the CAM was addressed in the audit.
- Refer to the relevant financial statement accounts or disclosures.
If the auditor determines there are no CAMs, the auditor’s report must state that determination.
On December 4, the PCAOB released a staff guidance paper entitled Changes to the Auditor's Report Effective tor Audits of Fiscal Years Ending on or after December 15, 2017. While this nine-page paper is aimed primarily at audit firms, it is a readable overview of the new requirements and of how they will operate. Of particular interest as to the first stage of implementation, the guidance touches on some of the interpretive questions that are likely to arise in computing auditor tenure, including the impact of firm mergers and acquisitions. Regarding CAM reporting, the PCAOB staff suggests that auditors discuss the new CAM requirements with managements and audit committees in advance of implementation.
In comments at a recent conference, SEC Chief Accountant Wes Bricker was more pointed in urging audit committees to take advantage of the implementation period by asking their auditor a series of questions about the company’s potential CAMs:
“[A]udit committees should have reasonable expectations that auditors prepare to take members through the application of the standard on their engagement. For example, what would the critical audit matters be this year? What would be the close calls? When could those matters have been raised, and which ones could have been identified at the start of the audit cycle? What does the auditor expect to say about those matters? When would we expect to see a draft report or at least a draft of the critical audit matters? These are illustrative examples of the communication planning and expectation setting that audit committee members may wish to consider as part of the transition period.”
On December 6, the Center for Audit Quality (CAQ) issued The Auditor’s Report: Considerations for Audit Committees. This publication summaries the new reporting requirements and discusses issues that audit committees should be addressing. With respect to tenure disclosure, the CAQ suggests that audit committees ask six questions:
- How is auditor tenure determined?
- Are there complexities to the relationship with the auditor that may make determining auditor tenure less straightforward (e.g., company mergers, audit firm mergers)?
- What if there is uncertainty as to the year the auditor began serving consecutively as the company’s auditor? If so, how will this be communicated in the auditor’s report?
- Has the audit firm determined a different tenure than what the company may already have or plans to disclose on a voluntary basis (e.g., in a proxy statement)? If so, what are the reasons for such differences?
- Has management or the audit committee considered the sufficiency of proxy disclosures around audit committee oversight of auditors, including considerations related to auditor appointment and retention given the new tenure disclosure?
- Has the company considered how they will respond to questions they may receive from investors about auditor tenure?
With respect to CAM implementation, the CAQ proposes that audit committees ask:
1. What is the audit firm’s plan for the second phase of implementation [i.e., CAM disclosure]?
a. What are the audit firm’s plans to develop their firm methodology and guidance for identifying and communicating CAMs?
b. Does the audit firm plan to field test their methodology in advance of the effective date? If the audit firm plans to test their methodology: (1) When do they expect to perform that testing? (2) Will example audit reports, including CAMs, be part of the testing methodology? (3) What is the audit committee’s and/or company management’s role during any planned testing?
2. How is the audit firm thinking about what matters might be considered a potential CAM?
3. What impact does the timing of the identification of a CAM have on the communication among the auditor, management, and the audit committee?
Comment: As a result of tenure disclosure, audit committees, particularly those with long-serving auditors, should be prepared to explain to shareholders their philosophy with respect to auditor rotation and their decision-making processes concerning whether to seek proposals from other audit firms. Voluntary audit committee disclosure concerning these issues is increasing (see next item in this Update). Including a discussion of the audit committee’s approach to auditor selection and retention in the committee report may help to pre-empt questions.
CAM reporting will raise more complex issues. Audit committees should take full advantage of the two-year implementation period. It would be prudent to have a full understanding, before the requirement takes effect, of what matters the auditor views as CAMs, why they are potential CAMs, and what the disclosure in the auditor’s report would be. It would also be useful to have an understanding of the similarities and differences between the company’s potential CAMs and those of competitors. In practice, CAMs are likely to fall into two categories – those that arise from financial systems and controls issues that are unique to the company and those that arise from reporting challenges that are inherent in the company’s business. Audit committees should expect that potential CAMs that fall in the former category will be identified and, if possible, remedied, before the disclosure requirement takes effect.
During the last several years, voluntary disclosure about audit committee responsibilities and how they are discharged has grown significantly. See Audit Committee Voluntary Disclosures Continue to Increase, September-October 2017 Update. In 2013, organizations with an interest in audit committee transparency issued a “Call to Action” urging audit committees to strengthen their disclosures. See Center For Audit Quality Calls for Greater Audit Committee Transparency, November-December 2013 Update. Since the Call to Action was issued, the Center for Audit Quality (CAQ) and research firm Audit Analytics (AA) have annually issued a report – the Transparency Barometer – on the state of audit committee disclosure. The 2016 Transparency Barometer was summarized in New Studies Find More Progress on Audit Committee Transparency, October-November 2016 Update.
On November 1, the CAQ and AA released their 2017 Audit Committee Transparency Barometer. The report states that the two organizations “continue to observe encouraging trends with respect to voluntary, enhanced disclosure around external auditor oversight, an important facet of the audit committee’s broader financial reporting oversight role.” The Barometer measures the “robustness” of public company audit committee disclosures by analyzing the proxy statements of the companies that comprise the S&P Composite 1500, which consists of the S&P 500, the S&P MidCap 400, and the S&P SmallCap 600. Some highlights of the 2017 Barometer report include:
- Audit firm Selection/Ratification. Thirty-seven percent of S&P 500 company proxy statements disclose the audit committee's considerations in the appointment of the audit firm, up from 31 percent in 2016 and 13 percent in 2014. Twenty-four percent of MidCap companies discussed the audit committee's considerations in recommending the appointment of the audit firm (up from 10 percent in 2014), and 17 percent of SmallCap companies made such a disclosure (up from 8 percent in 2014).
- Length of Engagement. Disclosure of the audit firm’s tenure increased from 59 percent of the S&P 500 in 2016 to 63 percent in 2017. For MidCap and SmallCap companies, the 2017 percentages were 47 percent and 46 percent, respectively. (Tenure disclosure will become a mandatory disclosure item in auditor’s reports beginning next year -- see prior item in this Update).
- Audit Firm Compensation. In 2017, disclosure that the audit committee is responsible for fee negotiations with the auditor rose to 20 percent among S&P 500 companies, an increase from 17 percent in 2016. Such disclosure is less common at smaller companies – only 4 percent of the S&P MidCap and SmallCap companies disclosed the audit committee’s role in fee negotiations.
- Change in Audit Fees. In 2017, the percentage of S&P 500 companies providing an explanation for audit fee changes fell from 34 percent in 2016 to 31 percent. Such disclosure is slightly more common at smaller companies – 32 percent of MidCaps and 35 percent of SmallCaps offered fee change explanations. The Barometer report suggests that this kind of disclosure has not grown consistently because “disclosed fee changes often correspond with an acquisition or other nonrecurring business transaction.”
- Audit Firm Evaluation/Supervision. The percentage of S&P 500 companies that disclosed criteria the audit committee considered in evaluating the audit firm increased from 34 percent in 2016 to 38 percent in 2017. Further, 21 percent of these companies disclosed that audit firm evaluation occurred annually, an increase from 19 percent in 2016. Eleven percent of the S&P MidCap and 8 percent of the S&P SmallCap disclosed that evaluation was at least an annual event.
- Audit Engagement Partner Selection. In 2017, 49 percent of S&P 500 companies disclosed that the audit committee is involved in engagement partner selection. This reflected an increase from 43 percent in 2016. Forty-six percent of the S&P 500 stated that the engagement partner rotates every five years. For S&P MidCap companies, 14 percent made these types of disclosure. For SmallCaps, 7 percent disclosed that the audit committee was involved in engagement partner selection, while 10 percent noted the 5-year rotation requirement.
Comment: The Transparency Barometer includes company-specific examples of actual disclosures in the areas surveyed. Companies and their audit committees may find it useful to review those precedents. Audit committees should be aware of the types of voluntary disclosures concerning the committee’s responsibilities and activities that their peers are making and consider expanding their own disclosures to match. Enhanced voluntary disclosure may head off shareholder demands for more audit committee information, and is, in any event, becoming a best practice. Further, as discussed in the October-November 2015 Update, many commenters on the SEC’s audit committee disclosure concept release pointed to the increase in voluntary audit committee transparency as evidence that the SEC should refrain from adding requirements in this area.
On November 10, the Public Company Accounting Oversight Board published a Staff Inspection Brief (SIB) that previews the results of the Board’s 2016 inspections of public company audits. During the 2016 inspection cycle, the PCAOB staff examined portions of over 780 issuer audits and reviewed the quality control systems of more than 190 firms. The SIB is “intended to provide insights from these inspections to auditors, audit committees, investors, issuers, and others.” As of December 14, the Board had not yet released any of the underlying 2016 inspection reports for large accounting firms.
Frequent and Recurring Audit Deficiencies
The SIB highlights three “recurring areas” where audit deficiencies were most frequently identified in 2016 inspections. These three areas were also the most frequent sources of deficiencies last year. See PCAOB Previews 2015 Inspection Findings: Many of the Same Deficiencies, But Fewer of Them, May 2016 Update.
- Assessing and responding to risks of material misstatement. The auditor should perform audit procedures that address the risks of material misstatement identified as part of audit planning. Further, auditors are required to presume that revenue recognition always involves a risk of fraud. In the PCAOB staff’s view, the 2016 inspections disclosed instances in which the auditor either failed to assess appropriately the risks of material misstatement, failed to perform audit procedures that appropriately addressed those risks, or did not take into account audit evidence that appeared to contradict assertions in the financial statements.
- Auditing internal control over financial reporting. In 2016, deficiencies in auditing internal control over financial reporting (ICFR) were the most frequent type of deficiency identified in inspections. The most frequent type of ICFR auditing deficiency involved management review controls. “Specifically, some auditors did not evaluate the nature and/or the appropriateness of the procedures performed by management during the review, including the criteria used to identify matters for investigation and the actions taken in investigating and resolving such matters.” Another common source of ICFR audit deficiencies was the auditor’s failure to test the controls over completeness and accuracy of data or reports generated by the company’s IT system and on which the operation of other controls depended.
- Auditing accounting estimates, including fair value measurements. Audit deficiencies involving estimates and fair value measurements often arise in connection with goodwill impairment analysis; auditing of loan loss allowances and inventory reserves; and reviewing financial instrument valuations. A common problem found in this area is a failure to test the assumptions on which management relies to construct the estimate.
Deficiencies in Other Areas of Focus in 2016 Inspections. At the beginning of the inspection cycle, the Board releases a SIB describing the staff’s priorities for that year’s inspections. See PCAOB Describes 2016 Inspection Objectives, August 2016 Update. The 2016 inspection results SIB discusses the staff’s findings in the areas that were previously described as priorities for 2016:
- Audit Areas Potentially Affected by Economic Factors. The PCAOB identified three economic developments that may affect companies in ways that make it more likely that their audit will be selected for review: business combinations, the search for higher-yielding investments, and fluctuations in oil and natural gas prices. In each of these areas, the audit problems noted stemmed from the failure to perform sufficient procedures to evaluate management assumptions.
- Auditing of Certain Financial Reporting Areas. The inspections staff observed deficiencies in the financial statement reporting areas of debt, allowance for loan losses, inventory, business combinations, revenue, and impairment of long-lived assets. The auditor’s consideration of the company’s ability to continue as a going concern was also a problem area.
- Related Party Transactions. The SIB states that deficiencies in auditing related party transactions were infrequent and “more often identified in audits performed by firms other than global network firms.”
- Information Technology. Auditing is changing rapidly as firms deploy new software tools to perform such audit procedures as testing manual journal entries for fraud indicators, evaluating sample size, and evaluating investment securities pricing. In 2016, the inspection staff did not identify any audit deficiencies related to firm automated audit processes. The SIB also reports that the staff did not find in any 2016 inspection that company cybersecurity breaches affected the risk of financial statement misstatements or resulted in the identification of ICFR material weaknesses.
- Multinational Audits. In audits of multinational companies, the principal auditor typically uses work performed by other, non-U.S., firms with respect to the client’s foreign subsidiaries. Audit deficiencies identified in these engagements were similar in nature to the most frequent findings in other types of inspections.
- Audit Committee Communications. In the 2016 inspections, the PCAOB staff continued to identify deficiencies in auditor/audit committee communications. These generally related to failure to make required communications regarding audit strategy, the timing of the audit, and significant risks identified by the audit firm. Audit committee communications deficiencies were more common at smaller firms undergoing their first inspection.
- Audit Firm’s System of Quality Control. In addition to reviewing specific audit engagements, PCAOB inspections include an examination of the audit firm’s system of quality control – that is, the controls and procedures the firm employs to assure that its audits are conducted in accordance with the applicable auditing standards and other professional requirements. The SIB includes observations about deficiencies observed in this aspect of inspections. These included inadequate procedures for determining the root cause of audit deficiencies, failure to detect independence violations or to make required independence communications to the audit committee, and poor performance by the partner assigned to perform an engagement quality review prior to issuance of the audit report.
Comment: The SIB provides insight that may be useful to audit committees in understanding what areas of the company’s audit are likely to attract the attention of the PCAOB’s inspection staff and whether the company’s engagement is likely to be selected for review. The PCAOB’s recent SIB outlining the objectives of its 2017 inspections program (PCAOB Staff Issues 2017 Inspections Road Map, September-October 2017 Update) and the CAQ’s Alert on 2017 audit challenges (see next item in this Update) are also helpful in this regard.
The SIB may also aid audit committees in understanding their auditor’s risk assessments and resource allocations. For example, during the last several audit cycles, managements and audit committees have complained that auditors seem unduly focused on the mechanics of management review controls. As the SIB illustrates, from the auditor’s perspective, obtaining an in-depth understanding of how review controls operate is a necessary response to a common PCAOB inspection finding.
On October 11, the Center for Audit Quality (CAQ) issued an Alert discussing the “judgmental or complex” audit areas likely to be significant during the upcoming audit season. The Alert, Select Auditing Considerations for the 2017 Audit Cycle, includes many of the same issues that the PCAOB’s staff identified as key areas of inspection focus in the recent Staff Inspection Brief discussing the scope and objectives of its 2017 inspections of public company auditors. See PCAOB Staff Issues 2017 Inspections Road Map, September-October 2017 Update.
The CAQ’s 2017 Alert identifies and discusses seven topics:
- Auditor Independence. The CAQ states that the PCAOB’s inspection programs is continuing to focus on audit firm quality controls that provide assurance that the firm is independent of its audit clients. Performance of impermissible non-audit services and failure to obtain audit committee pre-approval for permissible services are examples of deficiencies the PCAOB has noted in inspection reports.
- Multinational Audits. When audit firms in other countries perform a portion of the audit work, the CAQ suggests that the principal auditor consider whether it has properly evaluated the other auditors’ professional reputation and independence and the quality of the work performed by the other auditors.
- Transitioning to New Accounting Standards. As discussed in prior Updates, several new accounting standards will take effect during the next several years, including new standards for revenue recognition, accounting for leases, and recognition of credit losses. SEC Staff Accounting Bulletin No. 74, Disclosure of the Impact That Recently Issued Accounting Standards Will Have on the Financial Statements of the Registrant When Adopted in a Future Period, requires companies to disclosure in their financial statements the potential effects of the future adoption of new accounting standards. These disclosures include, among other things, the status of the company’s implementation and the quantitative impact of the new standard, if reasonably estimable. (If the impact cannot be reasonably estimated, the disclosure should include a statement to that effect and a narrative description of the impact). Further, PCAOB auditing standards require the auditor to communicate to the audit committee any concerns regarding management’s anticipated application of a new accounting standard. The CAQ recommends that, when reviewing interim and auditing annual financial statements, auditors consider whether the company’s SAB 74 disclosures are adequate, whether they have changed from the prior quarter, and whether the disclosures have been sufficiently audited.
- Audit Areas Potentially Affected by Economic Factors. Economic environment factors that may affect auditing include fluctuations in oil and gas prices, the search for higher-yielding investment returns in a low interest rate environment, and mergers and acquisitions. The CAQ also recommends that auditors consider the effects of Brexit on financial institution audit risks.
- Recurring Audit Deficiencies. The Alert discusses the same three recurring audit deficiencies – ICFR auditing; identifying, assessing, and responding to risk of material misstatement; and accounting estimates, including fair value measurements -- as are highlighted in the PCAOB’s SIB on the results of its 2016 inspections (see prior item in this Update).
- Financial Reporting Areas. The Alert discusses two financial reporting areas that may raise complex or judgmental issues during the upcoming audit cycle: going concern and evaluation of income tax accounting and disclosures.
- Increasing Transparency through Disclosure of Engagement Partner and Certain Other Participants in Audits. In 2015, the PCAOB adopted a requirement that auditors file, for each public company audit they perform, a report on Form AP disclosing the name of the engagement partner and information concerning other accounting firms that participated in the audit. See PCAOB Takes Final Action to Require Disclosure of Engagement Partner and Participating Accounting Firm Names, December 2015 Update. This requirement took effect during 2017, and the CAQ expects the PCAOB’s inspection program to assess firm compliance with the new rule. The CAQ also recommends that auditors make sure that audit committees are aware of the information disclosed on Form AP.
In addition to these seven topics, the CAQ identifies five “Other Considerations” that are likely areas of PCAOB scrutiny:
- Engagement Quality Review. As noted in the prior item in this Update, the PCAOB requires that a partner not otherwise involved in the audit perform an engagement quality review before the audit opinion is issued. That review should include an evaluation of the engagement team’s significant judgments and responses to fraud risks and of the adequacy of the work papers.
- Improper Alteration of Audit Documentation. The PCAOB has discovered cases in which auditors have improperly altered work papers in anticipate of an inspection or investigation. The CAQ reminds auditors that such actions can result in severe disciplinary sanctions.
- Firm Software Audit Tools. Audit firms are developing automated tools to improve the effectiveness and efficiency of auditing. The PCAOB staff is evaluating these innovations to make sure that they meet audit objectives and are used effectively and with due care.
- Cybersecurity Risks. The PCAOB inspections staff evaluates the engagement team’s procedures for determining whether cybersecurity issues pose risks of material misstatement and whether modifications to the team’s risk assessment and audit approach were necessary in response.
- New Auditor’s Reporting Model. The CAQ reminds auditors of the changes to the auditor’s report recently approved by the SEC (see second item in this Update) and that certain of these changes take effect for audits of fiscal years ending on or after December 15, 2017.
Comment: While the CAQ’s Alert is aimed at auditors, not audit committees, it provides a road map for audit committees regarding topics that auditors are likely to view as posing the greatest audit risks – and the highest likelihood of PCAOB inspection attention. As such, the Alert, like the PCAOB’s 2016 inspection results SIB, may help audit committees better understand the perspective from which their audit firms will approach 2017 engagements.
KPMG has released The Road Ahead, its 2017 survey of corporate responsibility (CR) reporting. The survey is based on the CR and sustainability reporting of 4,900 companies, consisting of the 100 largest companies in 49 countries (the N100) and of the 250 largest companies worldwide (the G250). KPMG’s report provides a “detailed look at global trends in CR reporting and insights for business leaders, company boards, and CR and sustainability professionals.” It also provides guidance on good reporting practice and “serves as a guide to investors, asset managers and ratings agencies who now factor environmental, social and governance (ESG) information into their assessments of corporate performance and risk.”
Some findings of particular interest include:
- CR reporting is widespread and rising. Ninety-three percent of the G250 and 75 percent of the N100 engage in CR reporting. The gap between the percentage of N100 CR reporting companies and G250 CR reporting companies is narrowing.
- CR reporting has become common across all industry sectors, and in no industry is the reporting rate lower than 60 percent. In 2017, the sectors with the highest reporting rates for N100 companies were Oil & Gas (81 percent), Chemicals (81 percent), and Mining (80 percent). The sectors with the lowest rates of CR reporting were Construction & Materials (69 percent), Industrials, Manufacturing & Metals (68 percent), and Retail (63 percent).
- An growing number of companies include CR reporting in their annual financial reports (as distinguished from including such information only in a CR or sustainability report). Sixty percent of the N100 included CR information in their annual financial reports in 2017, compared to 56 percent in 2015. For G250 companies, 78 percent have integrated financial and CR reporting. KPMG found that 81 percent of U.S. companies include some CR information in their annual financial reports, (although it is not clear how KPMG defined that term). KPMG believes three factors contributed to this trend:
- Investor and shareholder interest in sustainability, “which is forcing companies who have not previously reported to start practicing this kind of disclosure.”
- The SEC’s 2010 release on climate change disclosure. The report states: “More companies are complying with this, particularly as the risk from climate change becomes ever clearer.”
- “[T]he influential Sustainability Accounting Standards Board (SASB) [which] publishes industry-specific Sustainability Accounting Standards that advise what CR disclosures organizations should include in their mandatory financial SEC filings.” (Regarding SASB’s work, see SASB Publishes Exposure Draft Standards, September-October Update).
- The number of companies that obtain third-party assurance on their CR reporting is increasing. Assurance is more common among G250 companies, 67 percent of which obtain third-party review. In contrast, 45 percent of the N100 obtained assurance in 2017.
- Only about a quarter of companies state in their annual financial reports that climate change poses a financial risk. Twenty-eight percent of the N100 made such a disclosure. For the G250, 48 percent discuss the financial risk of climate change in their annual reports. Of those companies that do cite climate change as a financial risk, most provide only a narrative description of the potential impacts. Only about 2 percent quantify the potential impact in financial terms.
- Most companies acknowledge human rights as a business issue. Seventy-three percent of N100 CR reports, and 90 percent of G250 reports, address the issue.
KPMG suggests that there are three messages that companies should take away from the 2017 survey results:
- CR reporting is likely to become more regulated. “Countries that do not yet have reporting regulation are likely to introduce it. Those that have it are likely to strengthen it and to bring in new requirements for reporting on critical issues such as climate change and human rights. Voluntary frameworks are likely to continue to become compulsory. Levels of disclosure will likely continue to ratchet up.”
- Financial and non-financial reporting are becoming more integrated. “[M]ore than three quarters of the world’s largest 250 companies now include at least some ‘non-financial’ information in their annual financial reports. * * * [T]he merging of financial and ‘non-financial’ reporting will accelerate quickly in the next few years and it is the finance teams that will be expected to deliver the disclosures. The first step to effective disclosure is for finance teams to gain a sound understanding of the material environmental and social issues that have potential to affect the company’s financial performance.”
- CR reporting is shifting to the impact of company activities, rather than simply statistical information, such as the volume of water usage or of reduction in carbon emissions. “The future of corporate responsibility reporting is all about communicating impact, not statistics.”
Comment: As CR or sustainability reporting becomes more common (and possibly more regulated), audit committees will need to devote more of their time and attention to oversight of the content of, and controls over, this type of disclosure. Like prior studies, the KPMG survey demonstrates that CR disclosure has become the norm for many public companies. However, these types of disclosure are currently not standardized, and comparisons between companies and over time are therefore difficult. Further, board-level involvement in disclosure decisions is rare, as are effective controls over CR information that is made public. As a result, many companies are running legal and reputational risks on which audit committees have not yet focused.