Following up on a blog from a few weeks back, one member responded to my concerns by intimating that companies perhaps should not bother to ask for PCAOB inspection reports unless the inspection was not “routine.” I think the problem with that selective approach is that auditors – and their clients – do not know when a PCAOB inspection is routine since it uses non-public criteria to guide its inspectors in pulling client files for review. And some of the PCAOB’s non-public criteria are risk-based (but not all of the criteria, so having your file pulled doesn’t necessarily mean that the company has been identified as risky either).
Since hindsight can always come back to haunt you, I think it’s better for the audit committee to be safe than sorry and be aware of when regulators are sniffing around – just like it is now standard practice for the audit committee to be notified when the SEC issues any comments that impacts the company’s accounting practices. I also would think the independent auditor would rather not be on the hook for determining when an inspection is routine, particularly since they are so skittish these days.
Karl Barnickol of Blackwell Sanders (always the voice of reason) weighs in on another aspect of the PCAOB’s process — disciplining the auditors after an inspection – as follows: “Seems to me that an audit committee should want to know if their auditor is in hot water with the PCAOB as part of their decision-making process on retaining an auditor.
Whether it is in fact a legal duty only time will tell, but not asking strikes me as risky if something goes wrong down the road. For example, if your auditor was KPMG, wouldn’t you want an update on the possible DOJ/SEC action against KPMG before you decided to engage them for another year. What if they turn out to be the next Arthur Andersen? As a practical matter, since larger companies probably can’t use any firm outside the Final Four – and since all 4 seem to be in trouble with the regulators to a greater or lesser degree all the time – enforcement information may not be all that helpful to the decision, but having considered the question makes a better record for the audit committee.
I have to say that while my firm is having some success getting commitments in our client’s engagement letters to notify the company if its file is pulled in an inspection, to provide cc’s of the correspondence, and to give the company a chance to talk to the PCAOB, getting engagement letter commitments about enforcement actions is another matter. That doesn’t bother me quite so much since the Audit Committee will always have an opportunity to ask the engagement partner directly about enforcement actions before they make the engagement decision for the next year.”
Sample Disclosures: Remediation of Material Weaknesses
In our “Internal Controls” Practice Area, we have posted samples of disclosures from companies that have remediated material weaknesses.
The Google IPO: A Year Later
The Wired GC blog captures a blurb from Monday’s San Francisco Chronicle about Google’s IPO filings with the SEC. Apparently, the Chronicle reporter conducted an extensive FOIA request to obtain Google’s comment letters and responses (most of that correspondence transpired before the start date of the SEC’s comment letter database) – and the reporter wasn’t amused by the Tandy language requested by the SEC. It’s not hard to imagine how the Tandy letter concept could be confusing to someone not “in the know,” eh?