Craig Yamasaki

Considering risk in financial reporting

In Hawaii, directors and audit committee members have many responsibilities, including oversight of their company's financial reporting. However, they may oversimplify the financial statement risks at their company by limiting their analysis to matters required to be discussed by their external auditors. These matters usually include the adequacy of critical accounting estimates such as revenue recognition and allowances for doubtful accounts, proposed audit adjustments, or lack thereof, and internal control deficiencies identified in current and prior years.

In this first of two articles, we briefly explore management risk, one of several additional risks inherent in all companies that should be evaluated.

» Are operating or financial decisions dominated by one or two people?

If one person or only a select few have decision-making power, their ability to influence other employees increases the company's risk profile.

In such circumstances, how would an employee respond to a request to override an internal control? Would he or she notify anyone else to the breach or simply do as instructed without exercising the proper amount of skepticism?

» Another way to evaluate management risk is to analyze corrective actions taken in response to:

* Violations of policies and procedures;

* Internal control findings;

* Regulatory findings.

» Is the action always prompt and thorough?

Are remedial actions even-handed or does senior management get a pass? How does management follow up on these findings to make sure corrective actions are effective from both a short and long-term perspective?

Responses that simply address the finding and not the core problem indicate increased risk profiles.

Also, lack of follow-up to make sure the corrective action addressed the root of the issue indicates increased risk of recurrence.

» Another element to address is management team turnover and succession planning.

Whether you view the turnover as an upgrade or significant loss, your risk profile is always increased during a period of transition and shortly thereafter. How does management make sure the significant risks are addressed during these periods?

» Furthermore, it is key to take a look at the experience and skill set of your company's accounting department. When evaluating, look at:

* Reliance on outside consultants. (Do your people have the experience to do their job, or do they always need assistance?) Ask for summaries of fees paid to consultants.

* Post-close adjustments. (Number of adjustments and their magnitude are potential indicators of the quality of the closing process.)

* Nature and number of audit differences. (Auditors provide a schedule for small adjustments; evaluate that schedule and monitor how that changes over time. Increases in dollar value and number of audit differences may indicate management is not sufficiently experienced.)

» The degree to which compensation is contingent on achieving performance targets can also equal higher risk.

Keep in mind how much compensation is tied to performance targets and consider whether management may have taken unusual steps just to hit those targets.

» Unreasonable deadlines imposed by management are yet another way to increase this risk factor.

When management imposes unreasonable deadlines on external vendors and subordinates, the product can be inexpensive, timely or of high quality, but it is impossible to achieve all three. Which one was management willing to sacrifice?

» Finally, remember that risk increases when lack of materiality is frequently cited as the sole reason to justify marginal accounting policies or a lack of accounting policies.

In part two, we will discuss other inherent risks faced by companies in Hawaii, including economic, fraud, and governance risks.