Monday, August 18, 2008

Board Role Focus Of FEI Comments To COSO On Monitoring Internal Control

In a comment letter filed on Aug. 15, 2008, FEI’s Task Force on Monitoring (TFM) urged the Committee of Sponsoring Organizations of the Treadway Commission (COSO) to revise the proposed description of the role of the board of directors in its Exposure Draft entitled, “Guidance on Monitoring Internal Control Systems,” by clearly stating the board’s role is one of oversight, and by better distinguishing the board’s role with respect to internal control from that of management. The FEI TFM letter was signed by TFM Chair Rick Brounstein, CFO of NewCardio, Inc. Brounstein and FEI Senior Advisor and Former President Michael P. Cangemi, FEI's representative on the COSO board, represent FEI on COSO's monitoring project task force.

“Companies should endeavor to establish controls that would prevent and detect potential fraud perpetrated by senior management, all the way up to the CEO,” said the FEI TFM letter on COSO's ED. Additionally, “In conducting its oversight role, the board should be proactive in seeking information from management, particularly on critical matters, in considering management’s assertions, and seeking information from other sources as appropriate. Importantly, the board should review all such information with requisite skepticism,” noted the FEI TFM letter.

“However,” noted FEI TFM, “the wording in COSO’s ED as currently written implies that if internal audit is not present, or even potentially in situations when it is, that the board must directly engage in ‘monitoring’ senior management in the same manner that senior management monitors other functions at the company. We do not see this as practical or as being within the bounds of the oversight role of boards.”

A similar observation was made in the comment letter filed by the Center for Audit Quality (CAQ) –
affiliated with the AICPA. Referencing paragraph 24 in the COSO ED, the CAQ comment letter said, “The statement is made … that the board has ultimate responsibility for determining whether management has implemented effective internal control. We suggest that it … emphasiz[e] that the Board’s role is one of oversight and not actual implementation.” (emphasis added). Read more about CAQ’s letter further below.

As highlighted in this FEI summary, FEI TFM urged COSO to remain consistent with major listing standards, such as the NYSE Listed Company Manual. Additionally, FEI TFM noted that, based on informal discussions with research staff at the National Association of Corporate Directors(NACD), citing usage from the NACD Blue Ribbon Commission series, as well as informal discussions with legal experts Marty Lipton of Wachtell, Lipton, Rosen & Katz and Ira Millstein of Weil, Gotshal & Manges LLP, they (NACD research staff, Lipton and Millstein) concurred that it would be preferable for COSO to retain use of the word ‘oversight’ to describe the role of the board within its monitoring guidance - consistent with COSO’s description of the role of the board in COSO’s 1992 framework as being ‘governance, guidance and oversight’ - vs. describing the role of the board as ‘monitoring,’ given the specificity with which ‘monitoring’ is described in this guidance.

The FEI TFM letter added, “blur[ring] the line between management’s responsibility to establish and monitor internal controls, and the board’s oversight responsibility… can become particularly troublesome for independent board members… [and] may threaten the very independence of independent board members which is central to the control environment.”

“Deputizing board members as ‘senior, senior managers’ is not the right approach; board oversight is the right approach,” said FEI TFM.

COSO’s Guidance Can Improve Quality of Monitoring, FEI TFM Says
The FEI TFM letter commended COSO for forming a broad-based project task force on the monitoring project, and noted the dedication of the Grant Thornton team leading the drafting of the guidance under the auspices of the COSO project task force.

“We believe COSO’s monitoring guidance has the potential to improve the quality of monitoring at some companies, reinforce effective monitoring already in place at other companies, and enhance understanding of the role of monitoring among issuers, auditors, board members, investors and others,” said FEI TFM. “Additionally, we believe the guidance goes a long way toward COSO’s stated goal of not only improving monitoring, but helping companies to better leverage - or ‘take credit’ for – their monitoring activities, to help reduce unnecessary testing and other procedures that are performed, often in clusters at or near year-end, to assess the effectiveness of internal control. These benefits can accrue to both public and private companies in reaching an optimal mix of company and auditor work, including with respect to assertions under Sarbanes-Oxley Section 404 and applicable AICPA standards.

“However,” continued the FEI TFM letter, “we note that the ultimate cost-benefit and potential value-add in applying COSO’s monitoring guidance will vary based on company facts and circumstances. Additionally, particularly in light of the fact that the guidance was not ‘field tested’ or cost-benefit tested per se, the ultimate cost-benefit will depend on COSO maintaining guidance that is principles-based and practical, and not cause inconsistencies with existing layers of regulation companies are subject to, including SEC, PCAOB, AICPA and major listing standards.” The letter concluded, “[T]he ultimate success of the guidance will depend on the commitment of all parties (including companies and auditors) to maximize efficiency and effectiveness.” For complete details, see the FEI TFM comment letter.

Final Guidance on Monitoring Expected by Year-End; Comment Letters Being Posted
FEI is one of the five sponsoring organizations of COSO, along with the American Accounting Association, the American Institute of CPAs, the Institute of Internal Auditors, and the Institute of Management Accountants.

The Exposure Draft (ED) on Monitoring Internal Control released by COSO in June, on which comments were due August 15, focuses on providing additional guidance on monitoring, one of the five core components in COSO’s 1992 Internal Control-Integrated Framework. The five components are: (1) control environment, (2) risk assessment, (3) control activities, (4) monitoring, and (5) information and communication. After its review of comment letters on the ED, COSO plans to issue final guidance on monitoring internal control by year-end 2008.

FEI’s and CAQ’s comment letters responded to all 33 questions posed by COSO in ED.
Notable in CAQ's comment letter is the fact that CAQ copied all five SEC commissioners and the chief accountant, and all five PCAOB board members and the chief auditor, on its comment letter.
Comment letters received by COSO will be posted on COSO’s website,
www.coso.org. [Note: COSO currently has comment letters posted on last year's Discussion Document on Monitoring, (a precursor to the ED) and is in the process of posting comments received on this year's ED on Monitoring, on which comments were due Aug. 15.] Besides the FEI and CAQ letters (links provided from FEI's and CAQ's websites, respectively) noted above, additional comment letters are generally sent by other members of COSO’s sponsoring organizations and by major audit firms, as well as some state societies of CPAs and others. (Note: although we currently do not see a comment letter to COSO posted on the New York State Society of CPAs website, NYSSCPA also does a thorough job of sending comment letters to a variety of organizations on various proposals – see NYSSCPA comment letters.)

If you received this blog post from 'a friend' and would like to receive our blog by email, enter your email address here.

Print this post

No comments: