X

SEC Chief Accountant Munter Underscores Importance of Comprehensive Risk Assessments

"[W]e are troubled by instances in which management and auditors appear too narrowly focused on information and risks that directly impact financial reporting, while disregarding broader, entity-level issues that may also impact financial reporting and internal controls."
SEC Chief Accountant Paul Munter
"[W]e are troubled by instances in which management and auditors appear too narrowly focused on information and risks that directly impact financial reporting, while disregarding broader, entity-level issues that may also impact financial reporting and internal controls."
SEC Chief Accountant Paul Munter

SEC Chief Accountant Paul Munter reminded management and auditors of their obligations to take a "holistic approach" when evaluating the effectiveness of issuers' internal controls over financial reporting ("ICFR").

In a statement, Mr. Munter reminded auditors and management to (i) "avoid the potential bias toward evaluating problems as isolated incidents, in order to timely identify risks, including entity-level risks; (ii) design processes and controls that are responsive to identified risks; and (iii) effectively identify information that issuers are required to communicate to investors."

Risk Assessment

Mr. Munter stated that auditors should (i) "remain alert" to changes in an issuer's objective strategies and business risks, (ii) assess the potential impact of an issuer's public statements on governance matters and (iii) look for consistency in an issuer's periodic filings and the judgments made by management during the financial reporting process. He asserted that the auditor's report is a "critical means of communication with investors" and that auditors should utilize the different mechanisms available for such communication, such as an integrated audit to indicate deficiencies resulting from material weaknesses and provide for an adverse opinion.

Mr. Munter said that management should identify and respond to changing business risks that could impact internal control systems to ensure issuers are able to appropriately disclose information in periodic filings. As part of its risk assessment procedures, he added that management may choose to include material factors also provided in required discussions regarding factors that make an investment in the registrant "speculative or risky."

Entity-Level Control Deficiencies

Mr. Munter said that management should evaluate the extent to which processes and controls implemented by issuers can timely prevent material misstatements in financial statements. Mr. Munter encouraged examination of the "root cause" of any identified deficiency, how it affects the issuer's ICFR, and determine whether it "indicate[s] a broader, more pervasive deficiency at the entity-level." When assessing the severity of control deficiencies resulting from a misstatement, Mr. Munter emphasized that management and auditors should consider not just the actual misstatement, but also the "magnitude of [a] potential misstatement." He reasoned that evaluating the "could factor" of a deficiency's impact involves assessing the "total population of transactions or amounts exposed to the deficiency in the impacted accounts or classes of transactions."

Primary Sources

  1. SEC Statement, Paul Munter: The Importance of a Comprehensive Risk Assessment by Auditors and Management

Tags

Regulated Activities
Accounting and Audit
Regulated Entities
Accountants / Attorneys
Body of Law
Securities Law
Jurisdiction
US - Federal
Organization
SEC