U.S. Securities & Exchange Commission
SEC Seal
Home | Previous Page
U.S. Securities and Exchange Commission

Speech by SEC Staff:
Corporate Responsibility and
the Audit Committee

Remarks by

John Morrissey

Deputy Chief Accountant
U.S. Securities & Exchange Commission

At the General Audit Management Conference
New Orleans, Louisiana

March 21, 2000

The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed herein are those of Mr. Morrissey and do not necessarily reflect the views of the Commission, the Commissioners, or other members of the Commission's staff.

Thank you for inviting me to speak to you today. I joined the Securities and Exchange Commission ("SEC") as Deputy Chief Accountant in the Office of the Chief Accountant just a few short months ago. As you know, the Chief Accountant's office addresses financial reporting issues and interacts regularly with public accountants. So you might expect that my background would be with a public accounting firm. And you'd be right – I am a CPA and was an audit partner with a then Big 6, now Big 5, accounting firm. But I came to the Chief Accountant's office after serving as Vice President and General Auditor for a major insurance and financial services firm. So I understand the challenges that you face every day, because I've been there too. And because I've been there, I appreciate how valuable internal auditing and a good system of internal controls can be to tackle a problem that affects my world today – the preparation of high quality financial statements for investors. So today, I want to share with you my views about an area where, despite my limited experience at the SEC, I feel quite at home. And it's probably a topic about which you are already familiar. I want to speak about the critical role that internal auditors have to play in improving corporate governance and, in turn, improving the quality of external financial reporting. I hope that by revisiting this topic today, you will reinforce your oversight in assuring that your company's financial statements are of high quality and meet the needs of your shareholders and others in the investment community.

Before I go further, I must tell you that the Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed are my own and do not necessarily reflect the views of the Commission or of other members of the Commission's staff.

Concerns about Earnings Management

Before I discuss governance issues and a role that I see for internal auditors, let me begin with a background of the concerns that gave rise to the governance initiative. In September 1998, SEC Chairman Arthur Levitt raised a concern about "earnings management." Earnings management is perhaps too polite a term – others refer to it as accounting irregularities, accounting hocus-pocus, or financial reporting fraud. It is the intentional misstatement of financial results to achieve a contrived or desired result. Earnings management may, from management's point of view, seem like an appropriate activity. As one manager remarked, "that's what managers are supposed to do – manage earnings." But managers are not supposed to present a biased view of the company's financial position or performance by applying, or rather mis-applying, accounting principles and procedures to present a picture that distorts earnings or the company's financial position. What we seek is transparency – the ability of an investor to "see through" a company's financial statements into the company's operations. Transparency requires that companies follow generally accepted accounting principles ("GAAP") in a fashion that assures consistency and comparability.

Following Chairman Levitt's speech, the SEC staff has issued three staff accounting bulletins ("SABs") to improve transparency in financial reporting. These SABs address several techniques that managers sometimes use to manipulate earnings. Let me briefly describe each of these SABs:


Staff Accounting Bulletin 99, which was issued last August, addresses materiality. That SAB reiterates, and brings into a retrievable format, the guidance currently found in existing legal case law, and in accounting and auditing literature. We hope it will level the playing field for those who work hard to prepare high quality financial reports.

As noted in the SAB and in existing guidance, both qualitative and quantitative factors must be considered when assessing materiality. The SAB also notes that intentional errors made to manage earnings are not considered appropriate and are unlikely to comply with the Foreign Corrupt Practices Act ("FCPA") requirements to maintain books, records, and accounts which, in reasonable detail, accurately and fairly reflect transactions.

One question that is often asked is whether any adjustment that is not booked is an illegal act. In my view, the answer to that question is no. There are adjustments that arise as a result of the normal closing process which, depending on the facts and circumstances, may not always be recorded. As noted in footnotes 18 and 50 of the SAB, insignificant errors and omissions that may occur in systems and recurring processes in the normal course of business would need to be assessed against the various factors and criteria set forth, such as those on aggregating and netting, in determining whether such adjustments would need to be recorded.

Because of your understanding of your company's reporting system, you are in a unique position to identify whether differences identified by external auditors are "random" or whether they are the result of deliberate actions by managers who are attempting to manipulate earnings. Your frank advice to the audit committee about concerns of earnings manipulation can help avoid problems for the company later when investors, or perhaps the SEC, learn that reported earnings are the product of manipulation rather than performance.


Staff Accounting Bulletin 100, issued in November 1999, addresses four issues: contingent liabilities acquired in a purchase business combination, restructuring charges, inventory valuation allowances, and impairments. Let me mention two of these issues briefly. When an acquirer assumes contingent liabilities in a purchase business combination, APB 16 requires that the liabilities be assumed at fair value. The acquirer's undiscounted cash flow estimates should not differ materially from the acquiree's estimates. If there are material differences, these differences should be investigated. If errors in estimates are identified on the acquiree's books, its financial statements must be restated.

On the issue of restructuring charges, the SAB provides interpretative guidance to assist registrants who intend to exit from a business. The SAB indicates that a restructuring charge may be recorded when management approves and commits to a detailed exit plan, when actions will commence on plan adoption, and when significant changes are not likely. Further, the restructuring charge should include only costs that can be estimated reliability, and where the costs are not associated with on-going activities.

You can assist the audit committee by examining any exit plans to assure that the plans contain appropriate detail and are comparable to other business plans. You can also assure that managers who have the appropriate level of authority have approved them. In doing so, you will assist the audit committee and assure the integrity of the accounting process.

Revenue Recognition

The third SAB, SAB 101 that was issued in December 1999, addresses revenue recognition. Under GAAP, revenue is recognized when it is earned and realized or realizable. To satisfy these conditions, the SAB describes four underlying conditions that must exist. First, there must be persuasive evidence that an arrangement exists. Second, delivery of goods must have occurred or services rendered. Third, the price is required to be fixed or determinable. And finally, collectibility is reasonably assured. The use of probability to assess whether one of the four criteria is met is not permitted under the SAB.

Let me describe an example. A customer orders a product. The seller ships the product to the customer. The seller normally uses a written sales agreement. The seller signs the agreement and sends it to the customer. The customer signs the agreement a few days after the end of the fiscal period. The product manager, who is close to achieving a bonus based on revenue, wants to record the sale as revenue for the period. In this situation, however, evidence of an arrangement does not exist at the end of the fiscal period. Therefore revenue should not be recognized.

As internal auditors, you can examine sales transactions to determine that revenue is recorded only when all criteria are met. Further, you can examine whether side agreements, which would invalidate recognition of revenue, exist. Because of your presence every day of the year and your knowledge of your company's business practices, you are in an excellent position to assure that your company's accounting system is properly recording revenue.

Blue Ribbon Committee

The SABs and other accounting guidance can assist preparers in following GAAP as they prepare financial statements. But as we all know, accounting guidance alone is insufficient to assure that financial statements will be prepared properly. It takes good oversight by the board of directors and especially the board's audit committee. Perhaps Chairman Levitt said it best, when he said, "I believe qualified, committed, independent and tough-minded audit committees represent the most reliable guardians of the public interest." Following Chairman Levitt's Numbers Game speech, the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees was organized. This committee consisted of a group of investors, business executives, CEOs in the accounting profession, and leading legal experts. In its report, which was issued last year, the Blue Ribbon Committee produced ten recommendations. Since the report was issued, the New York Stock Exchange ("NYSE"), American Stock Exchange ("ASE") and the National Association of Securities Dealers ("NASD") voted to modify their listing requirements to implement certain of these recommendations. In addition, the Auditing Standards Board implemented Statement of Auditing Standards ("SAS") No. 90, titled Audit Committee Communications. At the SEC, the Commission adopted rules to implement, with some minor modifications, the Committee's recommendations.

The Blue Ribbon Committee recognized that the audit committee of the board of directors has a crucial role to play in assuring high quality financial reporting. By actively overseeing the financial reporting process, on a regular and in-depth manner, audit committees can reduce the incidence of "earnings management."

Let me describe several of these recommendations and how they have been implemented:

The first three recommendations address structure and composition of the audit committee. An important element of the new rules is that audit committees be composed of independent directors. The new rules require that companies disclose in their proxy statements whether the audit committee members are "independent." Generally, to be independent, a member of an audit committee should have no relationship to the corporation that may interfere with the exercise of his or her independence from management and the corporation. Under NYSE and NASD rules, companies are required to have audit committees with at least three members. Generally, all of the members should be financially literate, at least one should have accounting or related financial management expertise, and all members ordinarily should be independent. For directors who are not independent, certain information regarding their relationship with the company must be disclosed. Registrants that are not quoted on Nasdaq or listed on the ASE or NYSE would follow similar requirements to disclose information about audit committee members who do not meet the definition of independent if they have audit committees.

Two recommendations were aimed at improving the effectiveness of audit committees. Rule changes by the NYSE, ASE, and NASD require that companies adopt a formal, written audit committee charter. The audit committee must review and reassess the adequacy of the written charter on an annual basis. SEC rules require that companies disclose in their proxy statements whether their board of directors has adopted a written charter for the audit committee, and if so, include a copy of the charter as an appendix to the company's proxy statements at least once every three years.

A third group of recommendations addresses mechanisms for accountability among the audit committee, the outside auditors, and management. Under the new rules, companies must include reports of their audit committees in their proxy statements. In the report, the audit committee must state whether the audit committee has reviewed and discussed the audited financial statements with management, has discussed with the independent auditors the matters required to be discussed by Statement on Auditing Standards No. 61 as amended by SAS No. 90, and received from the auditors disclosures regarding the auditors' independence required by Independence Standards Board Standard No. 1, and has discussed with the auditors the auditors' independence.

The rules also require that the report of the audit committee include a statement by the audit committee whether, based on the review and discussions noted above, the audit committee recommended to the board of directors that the audited financial statements be included in the company's annual report. Finally, the new rules provide "safe harbors" for the new proxy statement disclosures to protect companies and their directors from certain liabilities under the federal securities laws.

These rules with respect to timely interim reviews by external auditors become effective in the first quarter of 2000. Rules related to audit committee reports become effective for the next proxy season in 2001, so that audit committees have sufficient time to put the proper processes and procedures in place.

Generally, these rules are intended to facilitate discussions among managers, outside auditors, and an independent, financially literate, audit committee. Rather than a brief meeting once a year immediately prior to the annual board meeting, the Blue Ribbon Committee's recommendations envision an on-going, substantive dialog with four or more meetings per year. By taking on the role of watchdog over the financial reporting process, audit committees can assure the high quality of the financial statements for investors.

Audit Committees

In order for audit committees to fulfill their role as watchdogs over the financial reporting process, members will need to receive important information about the company's business activities and the proper accounting for those activities. One source for this information is management. Certainly, managers constitute an important source of information because it is they who receive reports daily, and they who make the day-to-day decisions. But the audit committee should not rely solely on management to meet its information needs. Indeed, audit committee members must look to other sources.

External auditors can be a valuable source of information for audit committee members. Because of their independence and their familiarity with accounting techniques used by many companies, external auditors offer an important perspective. External auditors, however, don't have the day-to-day presence that you do. They may not have the same degree of understanding about your company's activities. They may not recognize something that is out-of-the-ordinary, because they have less experience in observing day-to-day, ordinary events.

But you have that experience. You are resident experts. For that reason, you have perhaps the key role to play in protecting shareholder value. By monitoring, controlling, identifying, and reporting on activities within the company, internal auditors have key insights that can assist audit committees effectively discharge their responsibilities. In fact, because of your presence and knowledge, internal auditors, coupled with effective internal controls, stand as a powerful force that can protect against many types of fraud.

Let me speak for a few minutes about one type of fraud that is of particular concern to me and my colleagues at the Securities and Exhange Commission – fraudulent financial reporting.

Fraudulent Financial Reporting

One of the most powerful foundations for U.S. capital markets is our financial reporting system. Financial statements that provide transparent, comparable and consistent information facilitate investment decisions. But investors are ill served by fraudulent financial statements – financial statements that not only deceive stockholders, but also undermine investors' confidence in the credibility of financial statements issued by all companies.

Let me share with you the results of a recent study that analyzed fraudulent financial reporting alleged by the SEC in accounting and auditing enforcement releases ("AAERs") during an 11-year period between January 1987 and December 1997. The Committee of Sponsoring Organizations of the Treadway Commission ("COSO") commissioned this study, prepared by three professors – Mark Beasley, Joseph Carcello, and Dana Hermanson. Because of its sponsorship, the report is often referred to as the COSO report or the COSO study. That's how I'll refer to it today.

The COSO study's findings are based on a sample of approximately 200 alleged financial statement fraud cases. Let me mention several of the key findings, and what those findings suggest for internal auditors as they seek to strengthen accounting controls:

  • First, pressures of financial strain or distress may provide incentives for fraudulent activities for some fraud companies. Over one-fourth of the companies in the study were in a net loss position. Other companies experienced downward trends in net income. It is easy to imagine how pressures of financial strain may have led to trouble. In some cases though, net income before the fraud period showed an upward trend. Why would fraud occur for these companies? Perhaps because managers felt pressure to maintain the trend of increasing income. So what does this mean for you? Simply this – you must be vigilant in preventing fraudulent financial reporting at all times. Earnings pressure exists even when net income is increasing – and pressure to increase earnings may lead to fraudulent financial statements.

  • Second, in 83 percent of the cases, the AAERs named either the chief executive officer ("CEO") or the chief financial officer ("CFO") or both as being associated with the financial statement fraud. In some cases, other corporate officers or board members were identified. These officers may have the ability to circumvent control systems. Internal auditors must be vigilant in maintaining the integrity of the control system and must carefully monitor out-of-the-ordinary actions by senior management. Internal auditors should apprise the audit committee of evidence or concerns that accounting entries are not properly recorded because of management intervention. You must not permit audit committees to rely solely on information provided by management – your objective perspective may be crucial in preventing fraud or for detecting it at an early date.

  • Third, active audit committees appear to deter fraudulent financial reporting. In 25 percent of the cases examined, the company had no audit committee. In cases where the company had an audit committee, the audit committee typically met infrequently – in 56 percent of cases, the audit committee met only once per year. As general auditors, you should insist on regular meetings with the audit committee. Four meetings per year should be a minimum. And the meetings should be scheduled to permit in-depth discussions so that members of your audit committee will be able to discharge their responsibilities to shareholders.

  • Fourth, audit committees composed of outside, independent board members who have expertise in accounting or finance may also deter fraudulent financial reporting. In the cases examined, only 35 percent of audit committee members had accounting or finance expertise. In only 38 percent of cases were the audit committees composed entirely of outside directors. Internal auditors can assist boards of directors in properly composing audit committees. Internal auditors can assist audit committee members who, although knowledgeable about accounting and finance, may not be up-to-date on current developments.

  • Fifth, most frauds were not isolated to a single fiscal period. The median fraud period extended over 21 months. External auditors may only examine the financial reporting system for a few weeks each year. As internal auditors, you are there every day. By effectively monitoring the accounting controls, you are in an excellent position to identify a financial reporting fraud and to inform management and the audit committee.

  • Finally, typical financial statement fraud techniques involved the overstatement of revenues and assets. Over half of the frauds involved overstating revenues by recording revenues prematurely or fictitiously. Many of the revenue frauds only affected transactions recorded right at the end of the fiscal year or fiscal quarter. In my view, every internal auditing group should be looking at revenue recognition practices and procedures very carefully, on a regular basis.

By maintaining vigilance and objectivity, internal auditors can add value to shareholders by ensuring that the company's internal controls are strong and effective. And by working with the members of the audit committee, internal auditors can facilitate a more effective oversight of the financial reporting process by the Board of Directors.

Incidentally, you may be wondering whether financial executives would welcome increased scrutiny. In a recent survey of financial executives, the Financial Executives Institute ("FEI") found that more than half of the respondents said that they would like their audit committees to be even more proactive. Phil Livingston, CEO and president of FEI commented, "Many CFOs and controllers actually prefer tougher questioning and skepticism by board members - because they are trained to respond. Plus, they know that more proactivity on the part of audit committee members is only positive for the entire governance process and maximizes open dialog." So there is every reason to believe that even if your vigilance causes "discomfort" to managers, they do recognize that, in the end, everyone benefits from effective oversight that a strong internal auditing function provides.

Auditor Independence

Finally, let me shift for a moment to recent events involving independence of outside auditors. Outside auditors have an important responsibility to maintain independence in the execution of their audits. Perhaps the United States Supreme Court best stated this responsibility when it said:

"The independent public accountant performing this special function owes allegiance to the corporation's creditors and stockholders, as well as the investing public. This public watchdog' function demands that the accountant maintain total independence from the client at all times and requires complete fidelity to the public trust." (emphasis added) [United States v. Arthur Young, 465 U.S. 805, 817-818 (1984)]

I do not believe that we can condone conflicts of interest that the public would perceive as raising questions about the credibility of financial statements. While the core principle of independence is immutable, some have said certain aspects of the independence rules need to be re-examined in light of the changes in the firms.

The SEC has listened to these concerns. In January, Chairman Levitt asked the Office of the Chief Accountant to identify independence rules governing certain investments and employment relationships by auditors and their families in firm clients that need to be modernized, given the significant demographic changes of the last two decades. Our office is currently evaluating the current rules and how those rules might be revised. Our examination, along with the work of others such as the Independence Standards Board, will only help to ensure that the audit process remains independent and robust – and that investors can rely on the integrity of the report provided by the independent auditors.

Because of concerns about auditor independence, some have asked how to assure that external auditors are independent. As internal auditors, you can play an important role in resolving the issues arising from a concern about auditor independence by informing audit committee members of appropriate procedures to follow. You should remind audit committee members that:

  • It is the responsibility of the registrant to file financial statements that have been audited by independent auditors.

  • External auditors are required by Independence Standards Board Standard No. 1 to disclose to the audit committee matters that could reasonably be expected to affect their independence. Audit committee members should review ISB Standard No. 1, titled "Independence Discussions with Audit Committees." The standard can be downloaded from the ISB's web site – the URL is www.cpaindependence.org.

  • Further, the SEC recently adopted rules requiring registrants to disclose whether the audit committee has received the ISB-required communication from the external auditors regarding their independence. You can see these requirements at the SEC website at www.sec.gov.

  • In connection with an auditor's ISB-mandated discussion, audit committee members should request details of any matters that may affect the auditor's independence as well as the role and status of any individual at the audit firm whose independence may be in question.

  • The audit committee should inquire whether the auditor is aware of how the SEC may have handled situations involving similar independence matters and what steps the audit committee should take to address any issues arising from the independence matter.

  • The audit committee should inquire as to the types of quality controls an audit firm has, both in the U.S. and in its international affiliates where audit work is performed for the company. Recent press articles have cited registrants who have had to replace their auditor due to the auditor's lack of compliance with the independence rules. Some of these situations have arisen as a result of a lack of high quality internal controls. In a letter to the AICPA's SEC Practice Section Executive Committee ("SECPS") dated December 9, 1999, the SEC staff requested that the SECPS modify its membership rules. The modifications were requested to ensure that firms have effective systems of internal controls that ensure compliance by the firm, its partners and professional staff, with the firm's, the profession's, and the SEC's independence rules. The internal controls set forth in the letter include:

    • Establishment of written independence policies and procedures,

    • Establishment of an automated conflict verification process,

    • Establishment of firm-wide on-going training programs,

    • Strengthening of internal inspection and testing programs,

    • Creation of disciplinary mechanisms for independence violations, and

    • Requirement that senior management supervise the independence process.

  • The audit committee should ensure that the auditor has not provided any prohibited services, such as bookkeeping services.

  • The audit committee should understand the fee arrangement and determine that there are no contingent fees.

  • The audit committee should ensure any hiring of former audit personnel by the company or former employees by the audit firm complies with all applicable rules.

  • The audit committee should be aware of requirements under Rule 509 of Regulation S-K that the registrant disclose the financial interests of experts named in a filing that may be reviewed by the Division of Corporation Finance.

Your understanding of auditor independence, how to ensure that the external auditors are independent, and how to investigate and resolve issues arising from impairments of auditor independence can be of tremendous benefit to the audit committee and to your company's shareholders.


In conclusion, Chairman Levitt's concerns about earnings management has spawned a number of activities and initiatives that are intended to assure that investors will be able to rely on high quality financial statements as they make investment decisions. As internal auditors, you have a crucial role to play – you are on the job, every day, to protect the integrity of the financial reporting process. You also can provide audit committee members with valuable insights about problems that may compromise your company's financial statements. Through your work, coupled with the constructive efforts of audit committees, managers and outside auditors, we can continue to enjoy the rewards of our collective endeavor – new and expanded business opportunities, more jobs, and a better future for those who invest their hard-earned dollars for a child's college education, for retirement, or for a rainy day.

Thank you. Thank you.