|
[print version]
FEI Responds To COSO On Exposure Draft On Monitoring Internal Control
August 15, 2008 FEI Summary
In a comment letter filed on Aug. 15, 2008, FEI’s Task Force on Monitoring (TFM) urged the Committee of Sponsoring Organizations of the Treadway Commission (COSO) to revise the proposed description of the role of the board of directors in its Exposure Draft entitled, “Guidance on Monitoring Internal Control Systems,” by clearly stating the board’s role is one of oversight, and by better distinguishing the board’s role with respect to internal control from that of management.
The Role of The Board
“Companies should endeavor to establish controls that would prevent and detect potential fraud perpetrated by senior management, all the way up to the CEO,” said the FEI TFM letter, signed by TFM Chair Rick Brounstein, chief financial officer of NewCardio Inc. Additionally, “In conducting its oversight role, the board should be proactive in seeking information from management, particularly on critical matters, in considering management’s assertions and seeking information from other sources as appropriate. Importantly, the board should review all such information with requisite skepticism.”
“As a practical matter, as noted by COSO,” continued the letter, “the board relies on internal audit where that function exists, and considers matters brought to their attention by the external auditor. These matters would include, for instance, indications of possible fraud on the part of senior management.”
“However, the wording in COSO’s ED as currently written implies that if internal audit is not present, or even potentially in situations when it is, that the board must directly engage in ‘monitoring’ senior management in the same manner that senior management monitors other functions at the company,” said FEI TFM, adding, “We do not see this as practical or as being within the bounds of the oversight role of boards.
Don’t Blur Role of Board With That of Management
Therefore, the letter stated, “We strongly recommend COSO change references to the board’s role in ‘monitoring’ to instead say ‘oversight,’ and remove prescriptive requirements for the board, in favor of reiterating COSO’s broad guidance from 1992 and providing reasonable examples.” Excerpted below are some of the reasons given in the FEI TFM letter for this recommendation:
- “The language used in COSO’s 1992 framework - which we believe continues to be appropriate guidance – describes the board’s role as 'governance, guidance and oversight.'
- “The board was not assigned a 'monitoring'duty by COSO in 1992 and, we believe, to use that term now with respect to the board, particularly in light of the specificity with which monitoring is defined in this proposed guidance aimed at management - with the new guidance taking up hundreds of pages describing how management should conduct 'onitoring'- could place a management-like role on the board that is not only inappropriate, but could set an overly high and impractical threshold on directors that could impose undue liability, and threaten the independence of independent board members. Therefore the terms 'monitoring' and 'oversight' should not be used interchangeably with respect to the board within COSO’s guidance, and the word "oversight" should be used, consistent with COSO’s 1992 framework, with respect to the role of the board.
- “We believe the term 'oversight' with respect to the board is also more consistent with the principles-based requirements of listing standards of major exchanges such as the NYSE-Euronext. For example, Section 303A.09, Corporate Governance Guidelines, in the NYSE Listed Company Manual, states: 'No single set of guidelines 'would be appropriate for every listed company.;
- “Based on our informal discussion with a number of experts in the field, including Marty Lipton of Wachtell, Lipton, Rosen & Katz and Ira Millstein of Weil, Gotshal & Manges LLP, they concur that it would be preferable for COSO to retain use of the word ‘oversight’ to describe the role of the board within this guidance (consistent with COSO’s description of the role of the board in COSO’s 1992 framework as being "governance, guidance and oversight"), vs. describing the role of the board as 'monitoring,' given the specificity with which 'monitoring' is described in this guidance.
- “Additionally, based on our informal discussion with research staff at the National Association of Corporate Directors (NACD), citing usage from the NACD Blue Ribbon Commission series, they also concur that it would be preferable for COSO to retain use of the word ‘oversight’ to describe the role of the board within this guidance (consistent with COSO’s description of the role of the board in COSO’s 1992 framework as being ‘governance, guidance and oversight’), vs. describing the role of the board as ‘monitoring,’ given the specificity with which ‘monitoring’ is described in this guidance.
· “In general, our concern with the role of the board as currently described in paragraphs 23 and 24 of the ED’s Guidance (Vol. 2) and other places in the document blurs the line between management’s responsibility to establish and monitor internal controls, and the board’s oversight responsibility.
· “This blurring of role can become particularly troublesome for independent board members, as we believe COSO’s requirements for board members to ‘monitor’ senior management (particularly in a new publication on ‘monitoring’ which sets forth such detailed requirements for management to conduct monitoring) may threaten the very independence of independent board members which is central to the control environment.
· “Overall, it appears COSO is trying to impute a monitoring role for the board to oversee senior management in the same manner that management conducts monitoring.
· “Even with wording to the contrary, use of the word ‘monitoring’ as applied to the board in this particular document may subsume the responsibilities set forth in the hundreds of pages of guidance and examples that are geared toward how management should monitor, not how the board (and in particular, independent board members) should oversee management.
· “There is a practical reality that although the board is a higher authority than management, the board cannot perform managerial functions like monitoring in the same way that management does, in order to maintain its independence as a board (i.e., particularly for independent board members to maintain their independence). Instead, as noted in some sections of the ED which could be amplified, the board can rely on alternative independent sources of information about senior management and alternative processes established by the company itself, to prevent and detect potential senior management fraud or control breakdowns.
- “Deputizing board members as ‘senior, senior managers’ is not the right approach; board oversight is the right approach. This may seem like a minor wording change but the ramifications are significant, particularly as relate to board independence and to maintain consistency with listing regulations and the original COSO 1992 framework.”
Additional Points Raised
Additional points raised in FEI TFM’s letter on the COSO monitoring ED include:
- “We believe COSO’s monitoring guidance has the potential to improve the quality of monitoring at some companies, reinforce effective monitoring already in place at other companies, and enhance understanding of the role of monitoring among issuers, auditors, board members, investors and others. TFM members have noted the guidance will provide an opportunity to reinforce the important role that monitoring and internal control can play in an organization, and why it makes business sense to have effective internal control.
- “Additionally, we believe the guidance goes a long way toward COSO’s stated goal of not only improving monitoring, but helping companies to better leverage - or ‘take credit’ for – their monitoring activities, to help reduce unnecessary testing and other procedures that are performed, often in clusters at or near year-end, to assess the effectiveness of internal control. These benefits can accrue to both public and private companies in reaching an optimal mix of company and auditor work, including with respect to assertions under Sarbanes-Oxley Section 404 and applicable AICPA standards.
- “However, we note that the ultimate cost-benefit and potential value-add in applying COSO’s monitoring guidance will vary based on company facts and circumstances. Additionally, particularly in light of the fact that the guidance was not ‘field tested’ or cost-benefit tested per se, the ultimate cost-benefit will depend on COSO maintaining guidance that is principles-based and practical, and not cause inconsistencies with existing layers of regulation companies are subject to, including SEC, PCAOB, AICPA and major listing standards. Additionally, the ultimate success of the guidance will depend on the commitment of all parties (including companies and auditors) to maximize efficiency and effectiveness.”
Further details can be found in the FEI TFM letter.
Comment Letters Coming In
FEI is one of the five sponsoring organizations of COSO, along with the American Accounting Association, the American Institute of CPAs, the Institute of Internal Auditors and the Institute of Management Accountants.
COSO will be posting all comment letters received on the Exposure Draft on its Web site, www.coso.org, shortly after the August 15 comment deadline.
COSO currently anticipates issuing final guidance on monitoring by year-end 2008.
Prepared Aug. 15, 2008 by Edith Orenstein, Director, Technical Policy Analysis, Financial Executives International (FEI). This summary does not represent FEI opinion unless specifically stated above.
[print version]
*
|
|
|
|
|