July 15, 2019

CAMs: PCAOB Answers FAQs from Audit Committees

Every 2-3 months this year, the PCAOB has been publishing resources to explain the “critical audit matters” disclosure that’ll appear in upcoming audit reports (here’s our blog about their May guidance). The latest two pieces came out last week – one is directed to investors and the other is directed to audit committees – in addition, the CAQ also published this primer on CAMs for investor relations teams.

Here’s a couple responses to “frequently asked questions” that the PCAOB has gotten from audit committees about CAMs (also see pg. 6 for a list of questions that audit committees should ask auditors):

1. Will the new requirement of the auditor to communicate CAMs change required audit committee communications?

Other than a new requirement for the auditor to provide and discuss with the audit committee a draft of the auditor’s report, the PCAOB’s requirements for audit committeecommunications remain the same. Any matter that will be communicated as a CAM should have already been discussed with the audit committee and, therefore, the information should not be new.

2. Does the audit committee have a role in determining and ap-proving CAM communications?

No. While the auditor is required to share the draft auditor’s report including any CAMs identified with the audit committee, CAMs are the sole responsibility of the auditor. The standard is designed to elicit more information about the audit directly from the auditor. As the auditor determines how best to comply with the communication requirements, the auditor could discuss with management and the audit committee the treatment of any sensitive information.

COSO’s “ERM” Framework Now Includes “ESG”

This DFin memo summarizes current trends in ESG reporting & oversight. On pages 11-14, it points out that COSO’s enterprise risk management framework was updated last fall to include risk-related ESG controls & analysis. Here’s an excerpt:

As boards are expected to provide oversight of ERM, the COSO framework supplies important considerations for boards in defining and addressing risk oversight responsibilities. The COSO ERM – ESG framework is built on the five pillars of existing ERM reporting.

1. Governance & Culture for ESG-Related Risks

2. Strategy & Objectives for ESG-Related Risks

3. Performance for ESG-Related Risk – identifies risk, assesses & prioritizes risks, implements risk responses

4. Review & Revision for ESG-Related Risks

5. Information, Communication & Reporting for ESG-Related Risks

Tomorrow’s Webcast: “How to Handle Hostile Attacks”

Tune in tomorrow for the webcast – “How to Handle Hostile Attacks” – to hear Goldman Sachs’ Ian Foster, Cleary Gottlieb’s Jim Langston & Innisfree’s Scott Winter provide insights into the art of responding to a hostile attack.

Liz Dunshee