Update

No. 8 January 2014 In This Update:

SEC Chief Accountant Questions Audit Committee Focus on Audit Fees PCAOB Urges Audit Committees to Probe Engagement Quality Reviews SEC Staff Skeptical of Management Internal Control Assessments SEC Staff Will Monitor the Timing of Company Transitions to the New COSO ICFR Framework EU Reaches Preliminary Agreement on Ten-Year Mandatory Audit Firm Rotation Audit Committee Comments Oppose Auditor CAM Reporting

AUDIT COMMITTEE AND AUDITOR OVERSIGHT UPDATE

This Update summarizes recent developments relating to public company audit committees and their oversight of financial reporting and of the companys relationship with its auditor.

SEC Chief Accountant Questions Audit Committee Focus on Audit Fees

In a speech on December 9, 2013, Paul Beswick, SEC Chief Accountant, questioned whether audit committees were focusing too much on fee reductions, rather than on audit quality. He also suggested that the conduct of the audit committee could come under scrutiny in the event of a financial reporting breakdown following a switch to a lower cost auditor. Mr. Beswick said: [I]t is my sincere hope that audit committee members focus on audit quality when considering whether to hire or retain an auditor and do not always choose the low cost provider. Anecdotally, when I hear about auditor changes, I very often hear it in the context of fee reductions. I worry that audit committees may be focusing too much on the amount of the fee and not focusing enough on the expected audit quality. This is not to say that audit committee members should not focus on making good business decisions. But I believe focusing on audit quality is completely consistent with making good business decisions. As to the possibility that the audit committees conduct could be called into question following a decision to change auditors, Beswick said: [I]f the audit committee is solely fee hunting and if there was a subsequent audit failure, beyond the obvious problems for the auditor and the company, this may raise questions about the diligence of the members of the audit committee in fulfilling their responsibilities. Beswick conceded that assessing audit quality can be challenging and noted that the PCAOB has announced that it is undertaking a project to identify audit quality indicators. (AQIs would be objective measures or predictors of the quality of an audit or audit firm; a May, 2013 PCAOB staff paper contains a list of possible indicators.) Chief Accountant Beswick suggested that the PCAOBs AQI initiative might provide an excellent tool for audit committee members to use to evaluate audit quality, while also recognizing that no amount of data can replace the judgment of seasoned individuals. Comment: Any decision to change auditors should, of course, be based on the experience and qualifications of the incoming firm, not solely on its

Prepared by:

Daniel L. Goelzer
+1 202 835 6191

Daniel.Goelzer@bakermckenzie.com

fee proposal. In that regard, the PCAOB staff paper cited above provides ideas for a framework under which to evaluate the quality of a potential new auditor. In light of Mr. Beswicks comments, it would be prudent for audit committees to memorialize their consideration of audit quality issues in conjunction with an auditor change, especially when the change could be mis-characterized as merely an attempt to reduce audit costs.

PCAOB Urges Audit Committees to Probe Engagement Quality Reviews

On December 6, 2013, the PCAOB issued a report based on Board inspection findings that is critical of the adequacy of the concurring reviews that are required before the engagement partner signs off on a public company audit. The report also offers some advice to audit committees concerning how these reviews should factor into the committees oversight responsibilities. Auditing Standard No. 7, adopted by the Board in 2009, requires an experienced auditor who was not otherwise involved in the audit to perform an engagement quality review (EQR). The reviewer is required to consider how the engagement team dealt with the most challenging issues that arose during the audit. The recent PCAOB report on EQR examines implementation of AS No. 7 in audits inspected during 2011. Those inspections identified 111 public company engagements performed by one of the seven largest accounting firms in which the firm, in the PCAOBs view, failed to obtain sufficient appropriate audit evidence to support its audit opinion on the financial statements or on the effectiveness of internal control over financial reporting. In approximately 39 percent of those audits, the PCAOB staff concluded that the engagement quality reviewer should have identified the deficiency. In its report, the PCAOB instructs engagement quality reviewers to improve their performance so that they are more likely to detect audit deficiencies before the opinion is issued. With respect to audit committees, the report suggests that, in fulfilling their responsibilities, audit committees consider asking their auditor six questions: (1) how the firm selects, evaluates, and incentivizes its engagement quality reviewer; (2) the qualifications of the engagement quality reviewer, including, for example, his or her years of experience at the firm or years of experience in the issuer's industry; (3) whether the engagement quality reviewer has any history of failing in that role to detect deficiencies that an engagement quality review should detect and that were later otherwise detected (such as through a PCAOB inspection, a firm internal inspection, or an issuer's restatement); (4) how the engagement quality reviewer performed his or her review, including the timing and extent of the review; (5) the total hours devoted to the engagement quality review; and

Update January 2014

(6) the most significant matters identified by the engagement quality reviewer that needed additional audit procedures or follow up. Comment: Audit committees would be well-advised to obtain some basic information concerning the activities of their engagement quality reviewer although the primary benefit of doing so may lie outside of the scope of the PCAOBs procedurally-focused questions list. Since the reviewer is supposed to identify and review the most difficult aspects of the audit, understanding the issues that he or she focused on may provide the audit committee with another perspective on the companys financial reporting challenges. In addition, EQR issues are one of the sources of potential critical auditing matters that would have to be publicly disclosed in the auditors report under the PCAOBs proposed changes to the auditors reporting model. (The last item in this Update summarized audit committee member comments on this aspect of the expanded reporting model proposal.)

SEC Staff Skeptical of Management Internal Control Assessments

In a speech on December 9, 2013, Brian Croteau, SEC Deputy Chief Accountant, said that the Commission is looking at the adequacy of management assessments of internal control over financial reporting. He suggested that the deficiencies the PCAOB has highlighted in ICFR auditing (discussed in the November-December, 2013 Update) may be symptomatic of lax management assessment procedures and that managements are failing to identify and disclose material weaknesses. He added that this would be an area of SEC disclosure and enforcement focus in 2014. Mr. Croteau said: First, I remain convinced that at least some of the PCAOBs inspection findings related to the audits of internal control over financial reporting are likely indicators of similar problems with managements evaluations of ICFR, and thus potentially also indicative of risk for unidentified material weaknesses. * * * My second point is that I continue to question whether all material weaknesses are being properly identified. It is surprisingly rare to see management identify a material weakness in the absence of a material misstatement. This could be either because the deficiencies are not being identified in the first instance or otherwise because the severity of deficiencies is not being evaluated appropriately. He added that the Office of the Chief Accountant plans to continue our close work with Corp Fin, the PCAOB, and Enforcement to address these matters in 2014 and recommended that managements compare their ICFR evaluation and assessment processes to the SEC's 2007 interpretive guidance regarding management's report on ICFR to see if improvements are necessary. Comment: Both the SEC and the PCAOB have issued warning that ICFR assessments and audits are high on their 2014 priority list. Also, in light of the revisions to the COSO internal control framework (discussed in the next item in this Update), all public companies should review the design of their controls this year. While there may be a tendency to treat

Update January 2014

ICFR as a problem that was solved in the mid-2000s, the issue is resurfacing as a regulatory risk, and audit committees should make sure there are aware of how management is responding.

SEC Staff Will Monitor the Timing of Company Transitions to the New COSO ICFR Framework
As noted in the May, 2013 Update, earlier this year, the Committee of
Sponsoring Organizations of the Treadway Commission (COSO) released an updated version of its publication Internal Control -Integrated Framework. The SEC staff has signaled that it will watching the timing of company transitions to the new framework and will be asking laggards for an explanation. Most U.S. public companies use the 1992 version of the COSO framework as the basis for compliance with the requirement in Section 404 of the Sarbanes-Oxley Act that management perform an assessment of the effectiveness of the companys internal control over financial reporting. In conjunction with the release of the updated 2013 version of the framework, COSO announced that it would consider the 1992 framework superseded as of December 15, 2014. However, COSO has no authority to require companies to move to the new framework, and the SEC which does have such authority has never stated directly whether or when it will require companies to switch. Shortly after the release of the new framework, SEC Chief Accountant Paul Beswick stated that the SEC would monitor the transition for issuers using the 1992 framework to evaluate whether and if any staff or Commission actions become necessary or appropriate. According to the recently-released minutes of a September 25, 2013 meeting between the SEC staff and the Center for Audit Qualitys SEC Regulations Committee, the SECs monitoring will include asking companies that are slow to change to provide an explanation. The staff indicated that companies that continue to use the old framework can expect questions from the SEC regarding whether that framework satisfies the SEC's requirement to use a suitable, recognized framework and that the longer issuers continue to use the 1992 framework, the more likely they are to receive questions. Comment: For most companies, transitioning to the new framework should not have a major impact on their control structure. The revised framework is organized around the same five components control environment, risk assessment, control activities, information and communication, and monitoring as is the 1992 version. The 2013 framework adds 17 new principles of internal control. These principles, which support and explain the five components, are intended to facilitate control design, implementation, and effectiveness assessment. Particularly in light of the increased regulatory spotlight on both management ICFR assessments and audit ICFR audits, audit committees should be aware of managements plans and progress toward transition to new COSO. The logical first step is to analyze whether and how the companys existing controls address the 17 new principles. This process should expose any gaps in control design and provide a basis for redesigning or adding any controls necessary for consistency with the new framework.

Update January 2014

EU Reaches Preliminary Agreement on Ten-Year Mandatory Audit Firm Rotation

As noted in the April, 2013 Update, the European Council and European Parliament have been considering audit reforms, including a mandatory audit firm rotation requirement for European Union-based public interest entities (PIEs); PIEs include banks, insurance companies, and listed companies). On December 18, 2013, the Council of the European Union issued a press release announcing that the Committee of Permanent Representatives had reached agreement on audit reform legislation. The press release states that the main features of the agreement include Mandatory rotation of PIE auditors every 10 years. The 10-year rotation requirement could be extended to 20 years if the company conducts a public bid or tender of its audit engagement, or extended to 24 years if the company appoints more than one audit firm to perform joint audits of the entitys financial statements. Restrictions on non-audit services. Audit firms would be prohibited from performing certain non-audit services for PIE audit clients. Permissible non-audit services could not exceed 70 percent of the audit fee, over a three-year period. Enhanced cooperation between audit oversight bodies in the EU.

The specifics of the legislation, which would not take effect unless enacted by the European Parliament, will not be made public until approved by the EU member states. However, EU Internal Markets Commissioner Michel Barnier issued a statement which adds some further details to the summary in the Council press release. Among other things, Mr. Barnier states that auditors will be required to produce more detailed and informative audit reports, with a required focus on relevant information to investors. With respect to the role of audit committees, Barnier adds that auditors will be closely supervised by audit committees, whose competences are strengthened and that the package introduces the possibility for 5% of the shareholders of the company to initiate actions to dismiss the auditors. Comment: Assuming they are ultimately enacted and depending on their specific terms these rules may have significant consequences for EU PIEs with securities listed in the U.S., for EU PIE subsidiaries of U.S. companies, and for U.S. subsidiaries of EU PIEs. For example, if the EUs rules require a U.S. listed companys EU affiliate to change auditors, it will be necessary for the U.S. parent to cease using the new EU auditor for consulting services, and the most practical course may be for the U.S. parent to also change auditors. Other issues may arise relating to the application of the EU 70 percent rule to non-audit services provided outside the EU to affiliates of the EU PIE. In the speech mentioned earlier in this Update, SEC Deputy Chief Accountant Brian Croteau discussed the independence issues that may arise for U.S. companies as a result of foreign mandatory audit firm rotation requirements that affect their affiliates. His conclusion: Regardless of the reason, any time there is a change in auditors, proper planning is necessary to ensure that independence conflicts, if they exist, are resolved.
5 Update January 2014

Audit Committee Comments Oppose Auditor CAM Reporting

As discussed in the September 2013 Update, the PCAOB has proposed far-reaching changes to the auditors report. The most fundamental of the proposed changes is a requirement that the auditor include in the report a discussion of "critical audit matters" (CAMs). CAMs are those matters addressed during the performance of the audit that, in the auditors judgment, involved the most difficult, subjective, or complex auditor judgments or posed the most difficulty to the auditor in obtaining sufficient appropriate audit evidence or forming an opinion on the financial statements. CAMs would be unique to each audit, and audit reports would therefore have to be tailored individually. The comment period on the PCAOBs proposals ended December 11. As of December 31, 232 comment letters had been posted to the PCAOBs website. Comments from audit committee members were generally critical of the proposed auditor CAM reporting. For example Mike Cook (Chairman of the Audit Committee of Comcast Corporation) -- Communicating matters in the auditors report on annual financial statements will be too late to be of real value and relevance. * * * It is important that critical audit matters be communicated to the right people (the audit committee) at the right time (on a timely basis) so that appropriate questions can be asked, concerns expressed and discussed, and, if appropriate, action taken in response to the CAMs identified. * * * In my opinion, the proposal will impose significant costs, quantitative and qualitative, with little or no meaningful benefits. Joseph R. Bronson (Audit Committee Chairman, Maxim Integrated Products, Inc.) [W]e believe that the required disclosures have the potential to confuse investors by blurring the roles between the auditors, management, and the audit committee. Additionally, we believe that the proposed standard would significantly increase audit costs while providing little added context for investors. * * * Deciding what would be discussed and not discussed by the auditors in its audit report in the area of critical audit matters would in itself require judgment which in our opinion lessens the value of the auditors report, as investors would have to read between the lines in trying to ascertain why certain audit policies were discussed in the auditor report and others were not. Steven V. Wilkinson (Chair of the Audit Committee, Entergy Corporation) I am supportive of endeavors by the PCAOB to advance the goals of audit firms providing high quality audits and companies producing relevant and reliable financial statements. I do not agree, however, with the current proposal primarily because: (i) it results in the independent auditor becoming a primary source of a companys financial information through the audit report and (ii) the investor concerns noted above [investors would benefit from unique and relevant auditor insights] are not addressed properly through audit report disclosures. * * * The proposal regarding CAMs would be detrimental to the usefulness and relevance of the audit report and, as noted above, would change the role of the auditor to

Update January 2014

one of primary responsibility for communicating a companys financial information. Ronald P. Badie; Joseph C. Berenato; Vanessa C. L. Chang; Leonard R. Fuller; William D. Jones; James C. Miller III; Frank M. Sanchez (Audit Committee Chairpersons for funds in the American Funds family) The proposed requirement to describe these matters [CAMs] in a summary fashion in the auditors report we believe does not recognize the level of complexity or detail needed to understand the full context and resolution of an audit issue. Furthermore, we believe it ignores the valuable work done by audit committee members on behalf of the shareholders of an issuer to oversee the financial statements and auditors. * * * Moreover, we are concerned about the expectation, as stated in the Proposed Rule, that most auditors would determine that there are critical audit matters that require disclosure in the new auditors report. This expectation may create what we believe would ultimately become boilerplate language in each issuers audit opinion that would cover a number of generic audit concepts relating to the issuers industry. Steven M. West (Chair, on behalf of the Audit Committee of Cisco Systems, Inc.) -- In our view, requiring auditors to independently report critical audit matters may result in some unintended consequences such as limiting the information exchange and the level of involvement by both the audit committee and the auditors in disclosure committee meetings if management is concerned that information may be separately reported in a manner or format that does not appropriately convey the needed context or detail. * * * To the extent investors and users of financial statements have information needs that are not currently net through established financial reporting requirements, those needs should be raised for consideration in future standard setting and policy-making initiatives through the appropriate regulatory bodies. Steve Lucas (Audit Committee Chair, Transocean) The proposed auditor reporting standard undermines the role of the Audit Committee and usefulness of the Auditors Report because the Critical Audit Matters (CAM) could: Cause some investors to misinterpret the CAM disclosures as indicative of an issue undermining the quality of the audit and implying less assurance on the financial statements and disclosures, taken as a whole; Result in over- or under-emphasis of certain audit and business risks; Burden the audit report with recurring disclosure of certain critical but routine matters with standardised language since companies in similar industries are likely to have some of the same CAMs; Duplicate the disclosure of Critical Accounting Policies and Estimates made by management * * *; Override the value provided by the Audit Committees requisite knowledge, experience and perspective in overseeing the various risks and financial reporting matters.

Update January 2014

Oscar Munoz (Chairman of Audit Committee and Board Member, United Continental Holdings, Inc.) First, I strongly believe that the PCAOB Board needs to demonstrate (through filed testing) how the communication of CAMs will benefit the users of UCHs financial statements. What is important to an auditor in conducting an audit may not align with what is important to investors. The main feedback the Company gets from investors and Wall Street analysts is to increase the disclosure of the type of information that will assist with modeling future financial results. * * * Second, proposed rules on critical audit matters would result in disclosures of information that are already disclosed by management to the extent there is close alignment to CAMs and managements disclosures about similar issues. * * * Third, the proposed rule could potentially result in disclosure of information that is currently not required to be disclosed by management (for example, control deficiencies that are not material weaknesses and immaterial misstatements that are either unrecorded or recorded during the period). * * * Fourth, as a practical matter, a requirement to disclose critical audit matters has the potential to significantly alter the collaborative nature of the relationship between a public company and its independent auditor. Comment: While the audit committee member comments are generally not supportive of auditor CAM reporting, many other comments favor the PCAOB proposals, including comments filed by investors and other financial statement users. The large accounting firm comments are also generally in favor of CAM reporting, with some qualifications and suggested modifications. Although the comment period has closed, the Board typically accepts and considers late comments while the proposal in question is still under consideration. In addition, the PCAOB has indicated that it intends to hold a series of public roundtables to discuss its auditors reporting model proposals, and is likely to reopen the comment period in conjunction with the roundtables. Audit committee members that have not already commented should consider doing so in order that their views can be taken into consideration.

www.bakermckenzie.com

For further information please contact Daniel L. Goelzer +1 202 835 6191
Daniel.Goelzer@bakermckenzie.com

Prior editions of the Audit Committee and Auditor Oversight Update are available here.

815 Connecticut Avenue Washington, DC 20006-4078 United States

2014 Baker & McKenzie. All rights reserved. Baker & McKenzie International is a Swiss Verein with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a partner means a person wh o is a partner, or equivalent, in such a law firm. Similarly, reference to an office means an office of any such law firm. This may qualify as Attorney Advertising requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.

Update January 2014

This may qualify as Attorney Advertising requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.