Audit committee and auditor oversight update No. 38 - May/June 2017

Update

No. 38

May-June 2017

AUDIT COMMITTEE AND AUDITOR OVERSIGHT UPDATE

This Update summarizes recent developments relating to public company audit committees and their oversight of financial reporting and of the company’s relationship with its auditor.

PCAOB Adopts New Auditor’s Reporting Model

At a meeting on June 1, the Public Company Accounting Oversight Board adopted a new auditing standard that will require public company audit reports to contain a discussion of critical audit matters (CAMs) that arose during the audit. Auditor reports will also be required to include the year in which the auditor began serving as the company’s auditor. While the traditional pass-fail auditor’s opinion will also be retained, the addition of CAM reporting will fundamentally change the auditor’s report from a standardized document, with little variation across clients, to an individually tailored report highlighting the most challenging aspects of each specific audit. Since the CAM definition depends on a matter having been communicated to the audit committee, CAM reporting will also add a new dimension to auditor/audit committee communications.

CAM Reporting and Documentation

The objective of CAM disclosure is to provide audit report readers with insight into the most difficult aspects of auditing the company’s financial statements (which may often correspond to the most judgmental aspects of the company’s financial reporting). In the release adopting the new standard, the Board states that “reducing the information asymmetry between investors and auditors should, in turn, reduce the information asymmetry between investors and management.” The Board also notes that non-U.S. standard setters have already expanded auditor reporting. (The International Standards on Auditing require the auditor to communicate "key audit matters", defined as matters that, in the auditor's professional judgment, were of most significance in the audit of the financial statements. The European Union has adopted legislation requiring listed company auditors to include a description of the most significant risks of material misstatement and a summary of the auditor's response to those risks.)

Under the new standard, a CAM is defined as matter that was communicated, or required to be communicated, to the audit committee and that:

 relates to accounts or disclosures that are material to the financial statements, and

 involved especially challenging, subjective, or complex auditor judgment.

In This Update:

PCAOB Adopts New Auditor’s Reporting Model

AICPA Releases Cybersecurity Risk Management Reporting Framework

PCAOB Board Member Sees Gaps in Audit Committee Oversight

Another Warning Bell Rings on Revenue Recognition Readiness

Academic Study Finds That Independent Directors Don’t Add Much to Financial Fraud Prevention

Prepared by:

Daniel L. Goelzer

+1 202 835 6191 Daniel.Goelzer@bakermckenzie.com

Update │May-June 2017 2

The standard lists six factors which should be considered in determining whether a matter communicated to the audit committee involved a challenging, subjective, or complex auditor judgment:

 The auditor's assessment of the risks of material misstatement, including significant risks.

 The degree of auditor judgment related to areas in the financial statements that involved the application of significant judgment or estimation by management, including estimates with significant measurement uncertainty.

 The nature and timing of significant unusual transactions and the extent of audit effort and judgment related to these transactions.

 The degree of auditor subjectivity in applying audit procedures to address the matter or in evaluating the results of those procedures.

 The nature and extent of audit effort required to address the matter, including the extent of specialized skill or knowledge needed or the nature of consultations outside the engagement team regarding the matter.

 The nature of audit evidence obtained regarding the matter.

For each CAM that the auditor identifies, the auditor’s report must:

 Identify the CAM.

 Describe the principal considerations that led to the determination that the matter is a CAM.

 Describe how the CAM was addressed in the audit.

 Refer to the relevant financial statement accounts or disclosures.

If the auditor determines there are no CAMs, the auditor must state that determination in the auditor's report.

CAM identification will clearly involve the exercise of judgment, and auditors will be required to document their CAM analysis process in their work papers. Specifically, for each financial statement audit issue that was communicated, or required to be communicated, to the audit committee and that relates to material accounts or disclosures, the work papers must explain whether or not the matter was determined to be a CAM and the basis for that determination.

The list of matters related to material accounts that is communicated to the audit committee in connection with an audit is potentially lengthy, and the need to justify in writing the CAM treatment of each could be a significant undertaking. Work papers are of course subject to review in PCAOB inspections, and the documentation requirement may serve as something of a deterrent to concluding that a matter discussed with the audit committee is not a CAM.

Update │May-June 2017 3

Other Changes to the Auditor’s Report

In addition to CAM disclosure, the new standard makes several other changes in the format and content of the auditor’s report, including:

 Tenure. As noted above, the report must include the year in which the auditor began serving as the company’s auditor. PCAOB Chairman Doty has advocated mandatory periodic auditor rotation in order to limit auditor tenure. Adoption of a rotation requirement does not, however, appear to have Board majority support. Disclosure of the number of consecutive years that the auditor has served may nonetheless encourage rotation by highlighting instances of lengthy tenure.

Tenure disclosure has been controversial, and PCAOB Board Member Jeanette Franzel, while voting in support of the standard, observed: “I am concerned that including this information in the auditor's report may convey an implication that there is a generalizable relationship between auditor tenure and audit quality and/or auditor independence, assumptions that may not be valid. If information about auditor tenure is important and relevant for investors and other users, then I would support an analysis of alternatives for the best party to make the disclosure and the mechanism for doing so.”

 Addressees. The auditor's report will be addressed to the company's shareholders and board of directors.

 Independence. The auditor’s report will include a statement that the auditor is required to be independent of the company.

 Fraud responsibility. The report will include a statement that the audit was planned and performed to obtain reasonable assurance that the financial statements are free of material misstatements "whether due to error or fraud."

 Format. The report format will be standardized and will include section titles (“Opinion on the Financial Statements”, “Basis for Opinion”, and “Critical Audit Matters”.)

Effective Date

The PCAOB’s new standard – like all PCAOB rules – will not take effect unless approved by the Securities and Exchange Commission, which must solicit public comment before acting. Since there has been significant opposition to CAM reporting, SEC approval, while likely, is not assured.

Assuming SEC approval, the auditor tenure disclosure, and the changes in the format and content of auditors’ reports, will take effect for audits of fiscal years ending on or after December 31, 2017. CAM reporting will have a longer phase-in period. For the largest public companies – large accelerated filers – CAM reporting will begin for audits of fiscal years ending on or after June 30, 2019. For other public companies, CAM reporting will start with audits for fiscal years ending on or after December 15, 2020. CAM reporting will not be required for audits of emerging growth companies; brokers and dealers; investment

Update │May-June 2017 4

companies other than business development companies; and employee stock purchase, savings, and similar plans.

Comment: Audit committee members have been almost uniformly opposed to CAM disclosure. See Audit Committee Members Are Still Dubious About the PCAOB’s Proposal to Expand Audit Reports, September 2016 Update. Among other things, audit committee comment letters have suggested that CAM disclosure could inhibit auditor/audit committee communication, usurp management’s role in determining what should be disclosed, and confuse financial statement users. Most public company management comments voiced similar concerns.

Assuming the SEC approves the new standard, there are likely to be at least four direct audit committee impacts:

 Since discussion of a material matter with the audit committee triggers CAM analysis, auditors and audit committees will need to be thoughtful with respect to issues raised and with respect to the nature and scope of discussion.

 Audit committees will need to develop a protocol with their engagement partner under which the audit committee will learn, as far in advance of the issuance of the audit opinion as possible, (1) the issues that the auditor intends to disclose as CAMs; (2) what the auditor intends to say in the audit opinion regarding the CAMs; and (3) how the auditor’s statements will compare to management’s disclosures regarding the same issues. In light of the delayed effectiveness of the CAM reporting requirement, there should be ample time to plan how these issues will be dealt with.

 Because of the tenure disclosure (which potentially takes effect at the end of this year), audit committees with long-serving auditors should be prepared to explain to shareholders what their philosophy is with respect to auditor rotation and the nature of their evaluation and decision-making process concerning whether to seek proposals from other audit firms.

 Audit committees can expect audit fee increases in light of the additional work (and potential additional litigation exposure) that auditors may face as the result of CAM disclosure.

AICPA Releases Cybersecurity Management Reporting Framework

As discussed in prior Updates (see, e.g., NACD and ISA Issue New Cyber Risk Oversight Handbook, March 2017 Update and Audit Committees are Challenged by Risk and Think They Would Benefit From a Better Understanding of the Business, January-February 2017 Update), evaluating the company’s management of cybersecurity is one of the top challenges audit committees face. One part of that challenge stems from the lack of common terminology and assessment criteria for describing and reporting on cybersecurity risk programs. The American Institute of Certified Public Accountants (AICPA) has sought to address the problem by developing a reporting framework that could be used to

Update │May-June 2017 5

communicate information to stakeholders, including the board or public investors, regarding the company’s cybersecurity risk management.

The AICPA Framework, which was released on April 26, includes both criteria for describing a cybersecurity risk management program and criteria for evaluating the effectiveness of the controls that are part of the program. As a corollary to the Framework, on May 23, the AICPA also released a guide for an independent auditor attestation engagement regarding cybersecurity risk management.

In the AICPA press release announcing the publication of the Framework, AICPA Executive Vice President Susan S. Coffey stated:

“The framework we have developed will serve as a critical step to enabling a consistent, market-based mechanism for companies worldwide to explain how they’re managing cybersecurity risk * * * . We believe investors, boards, audit committees and business partners will see tremendous value in gaining a better understanding of organizations’ cybersecurity risk management efforts. That information, combined with the CPA’s opinion on the effectiveness of management’s efforts, will increase stakeholders’ confidence in organizations’ due care and diligence in managing cybersecurity risk.”

The reporting Framework has two parts:

 Description criteria – For use by management in explaining its cybersecurity risk management program in a consistent manner and for use by CPAs to report on management’s description.

 Control criteria – Used by CPAs providing advisory or attestation services to evaluate and report on the effectiveness of the controls within a client’s program.

The third component of the AICPA’s initiative is a Guide for auditors entitled, “Reporting on an Entity’s Cybersecurity Risk Management Program and Controls”. The Guide is intended to support auditor engagements to examine and report on an entity’s cybersecurity risk management program. These new reports would be a vehicle for companies to “demonstrate to stakeholders, customers, vendors and others that they have sound cybersecurity procedures and practices.”

In Cybersecurity Risk Management Framework Fact Sheet the AICPA provides an overview of how the Framework is intended to operate. According to the Fact Sheet:

“The framework for reporting on an entity’s cybersecurity risk management program calls for management to prepare certain information about the entity’s cybersecurity risk management program and for the CPA to examine and report on that information in accordance with the AICPA’s attestation standards.”

“The resulting cybersecurity report includes the following three key sets of information:

1. Management’s description — The first component is a management-prepared narrative description of the entity’s cybersecurity risk management program (the description). This description is designed to provide information about how the

Update │May-June 2017 6

entity identifies its most sensitive information, the ways in which the entity manages the cybersecurity risks that threaten it, and the key security policies and processes implemented and operated to protect the entity’s information assets against those risks. * * *

2. Management’s assertion — Management provides an assertion about whether the description is presented in accordance with the description criteria and whether the controls within the program were effective to achieve the entity’s cybersecurity objectives based on the control criteria. (These criteria are discussed below.)

3. The practitioner’s opinion — The final component in the reporting framework is the CPA’s opinion on the description and on the effectiveness of controls within that program.”

The Center For Audit Quality (CAQ) has also issued a paper discussing the Framework and the role of auditors in assisting companies in communicating information about their cyber risk management program to stakeholders. The CPA’s Role in Addressing Cybersecurity Risk describes the Framework as seeking to accomplish ten goals:

 Provide common criteria for disclosures about an entity’s cybersecurity risk management program.

 Provide common criteria for assessing program effectiveness.

 Reduce communication and compliance burden.

 Provide useful information to a broad range of users, while minimizing the risk of creating vulnerabilities.

 Provide comparability.

 Permit management flexibility.

 Connect the dots on best practices.

 Be voluntary.

 Be scalable and flexible.

 Evolve to meet changes.

Comment: As the AICPA notes, the lack of a consistent, common language for describing and reporting on the cybersecurity risk management programs makes it difficult for stakeholders – including audit committees -- to determine whether an organization’s cybersecurity risk management plan effectively addresses potential threats. Cybersecurity represents a significant risk for most businesses. Audit committees may want to consider whether management reporting based on the application of the AICPA’s framework would provide useful additional perspective on the company’s cyber risk posture. Auditor attestation would provide added assurance regarding such reporting. It is also possible that third parties may begin to demand information of this nature.

Update │May-June 2017 7

PCAOB Board Member Sees Gaps in Audit Committee Oversight

In a May 17 address to the Canadian Public Accountability Board’s Audit Quality Symposium, Steve Harris, the longest serving PCAOB Board Member, outlined his concerns regarding the effectiveness of audit committee oversight of the company’s independent auditor. The speech, entitled Earning Investor Confidence, cites examples derived from PCAOB inspection findings which, in Mr. Harris’s view, illustrate instances in which audit committees failed to fulfill their responsibilities. He also urged expanded disclosure regarding both the auditor’s work and the audit committee’s oversight.

The short-comings Mr. Harris sees in audit committee oversight fall into three categories: auditor independence, transparency, and accountability.

Independence

In order to promote auditor independence, the Sarbanes-Oxley Act requires audit committee pre-approval of non-audit services performed for a public company by its financial statement auditor. Mr. Harris described this responsibility as “critical” and stated that “investors expect audit committees to carefully assess the impact on the auditor's independence when approving non-audit services.” PCAOB inspections have, however, revealed that the pre-approval process is sometimes bypassed:

“Unfortunately, PCAOB inspectors have found instances where auditors perform non-audit work prior to obtaining approval from the audit committee. Our inspectors also have discovered that some auditors have failed to provide the required communications – or that they have provided inadequate information – to the audit committee about relationships that might affect their independence.”

“These findings raise significant concerns because they demonstrate how audit committees may be prevented from effectively carrying out their oversight responsibilities. The findings also show that some audit firms continue to view management as their real clients, not the investor or the audit committee which is responsible for engaging them.”

The Sarbanes-Oxley Act also assigned responsibility to the audit committee for hiring, firing, and overseeing the work of the auditor. Mr. Harris said that investors are concerned that audit committees may “relegate some of their oversight responsibilities with respect to the audit to management.” He noted that a 2014 academic study had found that auditors meet more frequently with CFOs than with audit committees, that audit committees do not always meet with auditors outside the presence of management, and that “some CFOs act as gatekeepers for auditors' access to audit committees.” He stated that the same study found that “CFOs continue to influence auditor selection and retention decisions despite statutory requirements that allocated such responsibilities to audit committees.”

Update │May-June 2017 8

Transparency

With respect to disclosure, Mr. Harris said that “[t]o put it bluntly, the work of audit committees, auditors, and audit regulators is not as transparent as investors want.” More transparency would “provide investors greater understanding of the reliability and quality of financial statements, the audit, and how their interests are being protected.” He urged the adoption of the PCAOB’s expanded auditor reporting proposal (see earlier item in this Update).

Mr. Harris also called for more disclosure concerning how audit committees do their work, the key financial reporting issues they resolve, and the audit quality metrics they employ:

“Investors also want greater transparency from the audit committee about how it is carrying out its responsibilities in appointing, compensating, and overseeing the auditor. Some audit committees are starting to provide expanded disclosure in this area but there is no discussion of the most important issues they raised with the auditors, or the disputes, if any, between management and the auditors that they resolved. Finally, there is no disclosure of the specific non-audit services they allow the auditor to provide to the company or of the metrics they use to assess the auditor's work.”

Accountability

As to accountability, Mr. Harris urged audit committees “to hold auditors accountable for their work and not to view the audit as merely a regulatory requirement.” Accountability, in turn, depends on communication: “Candid and frank discussions between the auditor and the audit committee enable the committee to gauge the quality of the audit, the engagement partner's knowledge of the company and technical expertise, and how identified risks are being addressed.” In addition, the audit committee should “protect the auditor from management influence” and serve as “active defenders of the auditor when it comes to conflicts between management and the auditor.” Mr. Harris stated that “these challenges are not being fully met.”

Comment: While the PCAOB has no direct authority over audit committees, Mr. Harris’s comments provide a window into how at least one senior regulator views the current state of audit committee oversight. His statements regarding PCAOB inspection observations also underscore the Sarbanes-Oxley Act expectations in the areas of non-audit services and auditor hiring and firing. Further, his points regarding audit committee transparency echo other recommendations that audit committees voluntarily disclose more information concerning their work. See, e.g., January-February 2017 Update.

Another Warning Bell Rings on Revenue Recognition Readiness

As discussed in several prior Updates, one of the greatest near-term financial reporting challenges facing public (and private) companies is implementation of the new accounting standard governing revenue recognition. Studies over the past several years have indicated that many companies are behind schedule in understanding how the new revenue recognition regime will affect their reporting and in making the systems

Update │May-June 2017 9

and other changes necessary to comply. See KPMG Sounds the Alarm on Revenue Recognition and Lease Accounting Implementation, August 2016 Update. Public companies are required to apply the new standard to annual and interim reporting periods beginning after December 15, 2017. For other companies, the effective date is one year later. See FASB Defers New Revenue Recognition Standard for One Year, August-September 2015 Update.

With the deadline fast-approaching, Deloitte has released the results of an informal survey (see April 4 edition of Heads Up) on implementation of the new revenue standard. The survey – which is an update of a similar 2015 survey – polled participants at Deloitte seminars during November and December 2016. Responses were received from over 200 individuals in various industries, with the majority from technology, life sciences, media, and telecommunications.

Key findings of the 2016 survey include:

 Financial statement impact. Twenty-three percent of respondents believe that the new standard will have a material impact on their financial statements, while 28 percent believe there will be no material impact. But, nearly half don’t yet seem to know whether or not there will be a material impact: Twenty-four percent responded “maybe” and 25 percent “unknown.”

 Implementation progress. Only 13 percent of respondents said that their company had started to implement the new standards and that their “plan was being executed”; 32 percent said that a preliminary assessment was underway, and another 21 percent responded that an implementation plan was being developed. Nearly a third – 30 percent – indicated that they had not started implementation, while 4 percent thought that implementation was not necessary.

 Implementation budgeting. Budgeting for the potentially expensive implementation effort is likely a good indicator of the sophistication of a company’s plan. Sixteen percent of respondents said that their company had established a budget and expected the costs to be material. Eighteen percent had a budget and expected immaterial costs, while 12 percent had no budget and did not think one was necessary. Over half of respondents – 54 percent – had not yet established a budget.

 Additional resources. Many companies have concluded that they will require additional resources – internal or external – to implement the new standard. Eighteen percent of respondents indicated that their company planned to hire additional external resources (presumably accounting firms or other types of consultants) and 3 percent anticipated hiring internal resources (presumably new company staff). Nearly one-third – 32 percent – expect to hire both additional internal and external resources. Fifteen percent thought that additional resources were not needed, and the remaining 32 percent did “not yet” expect to need more assistance.

 Transition methodology. The new standard affords companies a choice of transition methodologies -- either “full retrospective” or

Update │May-June 2017 10

“modified retrospective”. Either approach involves the need to review contracts entered into prior to the effective date. Twenty-one percent of companies plan on or are leaning toward the full retrospective approach; 46 percent plan on or lean toward the modified retrospective method. One third are still undecided.

Comment: As noted in the August 2016 Update, audit committees should be actively monitoring the company’s plans and progress with respect to implementation of the new standard. Given the importance of revenue recognition to virtually all companies, and the fast-approaching effective date, a concrete work plan and adequate resources for implementation are priorities. Also, in light of the fact that so many companies plan to solve their implementation problems by hiring additional resources, audit committees may want to consider whether it is realistic to expect competent talent to be available at a reasonable cost. Deloitte observes:

“As the effective date of the new revenue standard approaches, companies that have not yet started implementing the standard’s guidance or are in the early phases of doing so will need to perform a critical assessment of how they will complete a timely adoption. Such an assessment should take into account the potential for large-scale changes to the companies’ processes, information systems, and internal controls. It should also include consideration of the competition for resources to help effect those changes.” (emphasis added)

Audit committees should also bear in mind that there is a disclosure requirement associated with implementation plans. SEC Staff Accounting Bulletin No. 74 states that companies should disclosure to investors the impact that new accounting standards will have on the company’s financial statements when implemented in a future period. The status of implementation should also be disclosed. As SEC Chief Accountant Wes Bricker stated in a speech earlier this year:

“If a company does not know, or cannot reasonably estimate the expected financial statement impact, that fact should be disclosed. But, in these situations, the SEC staff expects a qualitative description of the effect of the new accounting policies, and a comparison to the company's current accounting to aid investors' understanding of the anticipated impact. It should also disclose the status of its implementation process and significant implementation matters yet to be addressed.”

Mr. Bricker also emphasized that companies that do not expect material effects on revenue may have SAB 74 disclosure obligations:

“The changes in the new standard will impact all companies. Even if the extent of change for a particular company is slight, the related disclosures to describe revenue streams may not be. * * * Accordingly, the basis of any statement that the impact of the new standard is immaterial should reflect consideration of the full scope of the new standard, which covers recognition, measurement, presentation, and disclosure for revenue transactions.”

Update │May-June 2017 11

Academic Study Finds That Independent Directors Don’t Add Much to Financial Fraud Prevention

As emphasized in PCAOB Board Member Harris’s recent speech (see earlier item in this Update), the Sarbanes-Oxley Act assigned responsibility for oversight of financial reporting and of the external auditor to the audit committee and required that audit committees be comprised of independent directors. A recent academic study questions whether this model has been successful. The authors urge that greater reliance on shareholder activism, rather than independent directors, would be a more effective way of preventing financial fraud.

In a paper entitled Do Independent Directors Curb Financial Fraud? The Evidence and Proposals for Further Reform, S. Burcu Avci, Cindy A. Schipani, and H. Nejat Seyhun, all of the Stephen M. Ross School of Business at the University of Michigan, argue that:

“* * * [T]he U.S. corporate governance rules put too much faith in the independent board members and insufficient emphasis on the shareholders themselves to control and monitor the top management. Given the agency problem between the board of directors and the shareholders, outside directors can be captured by management, thereby leading to inadequate checks on management. The evidence presented in this paper shows that outside board members do not exercise sufficient controls on the management even when the management has gone awry.”

The authors base this conclusion on their analysis of class action settlements for financial fraud claims. Avci, Schipani, and Seyhun reviewed such settlements that exceeded $10 million and compared claims during the pre-SOX period of 1996 to 2000 to the post-SOX period of 2002 to 2008. They find no significant decrease in the number or dollar amount of settlements between these two periods. In their view, this “seems to indicate that it may have been unreasonable to expect independent directors – who almost by definition are not privy to the day-to-day affairs of the firm – to have enough incentives or information to ferret out complex, and likely hidden, fraud.”

The study also finds that independent directors themselves are beneficiaries of misconduct in the context of stock option grants. The authors examined the timing of option grants and the timing of disclosures between 1996 and 2015. They looked for evidence of back-dating (dating and pricing options at a time prior to their actual grant), spring-loading (delaying the announcement of positive news until after options grants), and bullet-dodging (accelerating the release of negative news to a date prior to option grants). They conclude:

“Similar to options given to the top managements, outside directors use dating and timing techniques to manipulate stock options granted. Our evidence shows that they employ back-dating, spring-loading and bullet dodging games to increase the value of their options. Back-dating among other techniques provides remarkable profits to outside directors. Application of these techniques for late reported grants increase outside directors’ compensation by substantial amounts. Specifically, management received extra compensation amounts of 9.2%, 14.9% and 4.1% for the 1996-2002

©2017 Baker & McKenzie. All rights reserved. Baker & McKenzie International is a Swiss Verein with member law firms around the

world. In accordance with the common terminology used in professional service organizations, reference to a "partner" means a

person who is a partner, or equivalent, in such a law firm. Similarly, reference to an "office" means an office of any such law firm.

This may qualify as "Attorney Advertising" requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.

Update │May-June 2017 12

period, 2003-2006 period; and the 2007-2014 period, respectively. For outside directors, the comparable numbers are 7.0%, 10.3%, and 7.5%, respectively. For large late reported option grants, abnormal returns increase even further.”

The study asserts that the authors’ evidence “flies in the face of the intended purpose of SOX, which designated the outside directors as the gatekeepers to serve as a check on the top management” and that “outside directors clearly do not appear to fulfill this purpose.” To solve the problem of ineffective outside director oversight, the authors propose increasing the power of shareholders. Specifically, they recommend making shareholder resolutions binding on the board and management; prohibiting multi-class voting structures and instituting a one-share, one-vote rule; and replacing plurality voting with a majority vote requirement in director elections. The authors also support permitting shareholders to nominate directors.

Comment: The conclusion that more active independent director oversight (particularly in response to the Sarbanes-Oxley provisions strengthening the role of audit committees) has done nothing to reduce the incidence of public company financial reporting fraud is difficult to accept. Certainly, the experience of most independent audit committee members, and those who work with audit committees, is that the role has expanded significantly since 2002 and that the culture in public companies with respect to financial reporting is far different than in the pre-SOX era. It will be interesting to see whether the Avci, Schipani, and Seyhun paper spawns research challenging its conclusions. In any event, the paper is a reminder that the state of corporate governance frequently looks different when viewed from academia than when viewed from inside the boardroom.

Prior editions of the Audit Committee and Auditor Oversight Update are available here.

www.bakermckenzie.com

For further information please contact:

Daniel L. Goelzer +1 202 835 6191 Daniel.Goelzer@bakermckenzie.com

815 Connecticut Avenue Washington, DC 20006-4078 United States