In a statement released August, Paul Munter, Chief Accountant of the SEC stated the Commission's opinion that the corporate community's risk assessment is inadequate and too narrowly focused.
"We are troubled by instances in which management and auditors appear too narrowly focused on information and risks that directly impact financial reporting, while disregarding broader, entity-level issues that may also impact financial reporting and internal controls," Munter writes.
“Issues that may also impact financial reporting and internal controls often present themselves as isolated incidents across an issuer — for example, a data breach in a system not part of ICFR, a repeat non-financial reporting-related regulatory finding classified as lower risk, a misstatement to the financial statements determined to be a revision restatement, or a counterparty risk limit breach,”
“Some management and certain auditors may be inadvertently biased toward evaluating each such incident individually or rationalizing away potentially disconfirming evidence, and conclude that these matters do not individually, or in the aggregate, rise to the level of management disclosure or auditor communication requirements.”
"What’s striking here is Munter’s focus on non-financial issues as the superstructure to guide your risk assessment. That is, he wants management and auditors alike to study the big, sweeping trends in a client’s industry, or in the client’s own corporate behavior. Only when you have that deep understanding of the big picture should one proceed to the question of whether a certain issue is material to the financial statements," writes Matt Kelly on the blog Radical Compliance.
Comments
No comments on this item Please log in to comment by clicking here