Transcription
GIBSON, DUNN & CRUTCHER LLPUpdated April 27, 2011Audit Committee Checklist and Compliance TimelineIn light of the events of the past several years, audit committees now play a more activerole than ever in monitoring the integrity of company financial statements, overseeing acompany's relationship with and monitoring the independence of its outside auditor, andmonitoring the company's internal controls and compliance with legal and regulatoryrequirements. Set forth below is a checklist outlining actions that companies and auditcommittees should consider to assist the audit committee in meeting its increased responsibilitiesunder the Sarbanes-Oxley Act of 2002 ("Sarbanes-Oxley") and the implementing rulespromulgated by the Securities and Exchange Commission (the "SEC"), and the listing standardsof the New York Stock Exchange (the "NYSE") and The NASDAQ Stock Market LLC("NASDAQ"). Under the SEC rules and applicable listing standards, companies also must makeadditional disclosures, which are discussed below. Finally, although the Dodd-Frank Wall StreetReform and Consumer Protection Act (the "Dodd-Frank Act"), signed into law in July 2010,does not directly impact most public company audit committees, companies should consider therole that their audit committees play in the area of risk oversight, as discussed in more detailbelow.Independence. Consider whether audit committee members meet independence requirements andexamine relationships of, and compensation paid to, audit committee members. Audit committee members may not receive any fees (other than for service asa director and fixed amounts of compensation under a retirement plan,including deferred compensation, for prior service with the company),including consulting and advisory fees from the company or its subsidiaries,regardless of the amount. (Sarbanes-Oxley §301; Rule 10A-3(b)(1)(ii) underthe Securities Exchange Act of 1934 (the "Exchange Act"); Section 303A.06of the NYSE Listed Company Manual ("NYSE Manual"); NASDAQ Rule5605(c)(2)(A)(ii)) The NYSE and NASDAQ listing standards incorporate therequirements of Exchange Act Rule 10A-3 by reference. (NYSE ManualSection 303A.06; NASDAQ Rule 5605(c)(2)(A)(ii)) The NYSE intends toapply Rule 10A-3 in a manner consistent with the guidance in the SEC'srelease adopting this rule. (Commentary to NYSE Manual Section 303A.06)o The SEC's rules under Section 301 of Sarbanes-Oxley prohibit auditcommittee members from receiving direct and indirect payments ofconsulting, advisory and other compensatory fees from the company orany of its subsidiaries. Indirect payments include payments to: (1) aspouse, minor child or stepchild of, or a child or stepchild sharing ahome with, an audit committee member; and (2) an entity in which theaudit committee member is: (i) a partner or a member; (ii) an officeroccupying a position comparable to a partner or member (such as amanaging director); (iii) an executive officer; or (iv) in a position
GIBSON, DUNN & CRUTCHER LLPUpdated April 27, 2011similar to any of the foregoing (excluding limited partners, nonmanaging members and others who have no active role in providingservices to the entity) and that provides accounting, consulting, legal,investment banking, or financial advisory services to the company orany of its subsidiaries. (Exchange Act Rule 10A-3(e)(8)) The SECindicated in the adopting release that other commercial relationshipsbetween a company and an entity with which an audit committeemember has a relationship are not covered by the SEC's rule onindirect compensatory fees. The SEC also clarified in the adoptingrelease that the rule only applies to current relationships with auditcommittee members. Audit committee members may not be an "affiliated person" of the companyor any of its subsidiaries. (Sarbanes-Oxley §301; Exchange Act Rule 10A3(b)(1)(ii)(B); NYSE Manual Section 303A.06; NASDAQ Rule5605(c)(2)(A)(ii)) The NYSE and NASDAQ listing standards incorporate therequirements of Exchange Act Rule 10A-3 by reference. (NYSE ManualSection 303A.06; NASDAQ Rule 5605(c)(2)(A)(ii))o The definition of "affiliated person" in the SEC's rules under Section301 is consistent with current SEC definitions, under which an"affiliate" of an issuer is "a person that directly, or indirectly throughone or more intermediaries, controls, or is controlled by, or is undercommon control with, [the issuer]." (Exchange Act Rule 10A3(e)(1)(i) and (e)(4)) The definition of "affiliated person" includes asafe harbor under which a person who is not an executive officer andis not a greater than 10% stockholder is not deemed to control theissuer. The rules also provide that the safe harbor does not create apresumption that a person exceeding the 10% threshold controls or isotherwise an affiliate of another person. (Exchange Act Rule 10A3(e)(1)(ii)) NASDAQ recommends that companies disclose in theirproxy statements if a director is deemed independent but falls outsidethe safe harbor. (NASDAQ Interpretive Material ("IM")-5605-4) In addition to the requirements of Exchange Act Rule 10A-3, each audit committeemember must be an independent director. (NYSE Manual Section 303A.07(a);NASDAQ Rule 5605(c)(2)(A)(i)) Under the NYSE listing standards, for a director to be deemed "independent,"the board must affirmatively determine that the director has no materialrelationship with the company (either directly or as a partner, stockholder orofficer of an organization that has a relationship with the company). (NYSEManual Section 303A.02(a)) In addition, a director is not independent if:o The director is, or has been within the last three years, an employee ofthe company, or an immediate family member of the director is, or has2
GIBSON, DUNN & CRUTCHER LLPUpdated April 27, 2011been within the last three years, an executive officer of the company.(NYSE Manual Section 303A.02(b)(i))o The director has received, or has an immediate family member whohas received, during any 12-month period within the last three years,more than 120,000 in direct compensation from the company, otherthan director and committee fees, and pension or other forms ofdeferred compensation for prior service (provided the compensation isnot contingent in any way on continued service) (NYSE ManualSection 303A.02(b)(ii)) Neither compensation received by a directorfor former service as an interim Chairman or CEO or other executiveofficer nor compensation received by an immediate family member forservice as an employee of a company (other than an executive officer)need be considered in determining independence under this test.(Commentary to NYSE Manual Section 303A.02(b)(ii))o (1) The director is a current partner or employee of the company'sinternal or outside auditor; (2) an immediate family member of thedirector is a current partner of the company's internal or outsideauditor; (3) an immediate family member of the director is a currentemployee of the company's internal or outside auditor and personallyworks on the company's audit; or (4) the director, or an immediatefamily member of the director, was within the last three years a partneror employee of the company's internal or outside auditor andpersonally worked on the company's audit within that time. (NYSEManual Section 303A.02(b)(iii))o The director, or an immediate family member of the director, is, or hasbeen within the last three years, employed as an executive officer ofanother company where any of the listed company's present executiveofficers serves or served at the same time on that company'scompensation committee. (NYSE Manual Section 303A.02(b)(iv))o The director is a current executive officer or employee, or animmediate family member of the director is a current executive officer,of another company that has made payments to, or received paymentsfrom, the listed company for property or services in an amount that, inany of the last three fiscal years, exceeds the greater of 1 million, or2% of the other company's consolidated gross revenues. (NYSEManual Section 303A.02(b)(v)) Under this standard, payments to thelisted company from a director's company and payments from thelisted company to a director's company must be separately comparedagainst the consolidated gross revenues of the director's company forthe same year. (NYSE Listed Company Manual - Section 303ACorporate Governance Standards - Frequently Asked Questions,Section 303A.02(b)(v), first published 1/29/04)3
GIBSON, DUNN & CRUTCHER LLPUpdated April 27, 2011Although contributions to charitable organizations are not considered"payments" for purposes of this standard, commentary to theindependence standards reminds boards of their obligation to considerthe materiality of relationships between directors and non-profitorganizations that receive corporate contributions. The standards alsorequire companies to disclose either on their websites or in their proxystatements any contributions made to a non-profit organization wherea director serves as an executive officer if, during the past three years,contributions in any one year exceeded 1 million or 2% of theorganization's consolidated gross revenues. If this disclosure is madeon the company's website, the company must disclose that fact in theproxy statement and provide the website address. (Commentary toNYSE Manual Section 303A.02(b)(v)) Under the NASDAQ listing standards, an "independent director" means aperson other than an executive officer or employee of the company or anyother individual having a relationship that, in the opinion of the company'sboard of directors, would interfere with the exercise of independent judgmentin carrying out the responsibilities of a director. (NASDAQ Rule 5605(a)(2))The board has a responsibility to make an affirmative determination that nosuch relationships exist through the application of Rule 5605(a)(2).(NASDAQ IM-5605) In addition, the following directors will not beconsidered independent:o A director who is, or during the past three years was, employed by thecompany. (NASDAQ Rule 5605(a)(2)(A))o A director who accepted (or whose family member accepted) anycompensation from the company in excess of 120,000, during anyperiod of 12 consecutive months within the three years preceding thedetermination of the director's independence, other than: (1)compensation for board service; (2) compensation paid to a familymember who is an employee (other than an executive officer) of thecompany; or (3) benefits under a tax qualified retirement plan or nondiscretionary compensation. Payments made by a company for thebenefit of a director, such as political contributions to the campaign ofa director or director's family member, would be considered indirectcompensation for purposes of this standard. Non-preferentialpayments made in the ordinary course of providing business services(such as payments of interest or proceeds related to banking servicesor loans by a company that is a financial institution or payment ofclaims on a policy by a company that is an insurance company),payments arising solely from investments in the company's securitiesand loans permitted under Sarbanes-Oxley do not preclude a finding ofindependence as long as the payments are non-compensatory in nature.(NASDAQ Rule 5605(a)(2)(B) and IM-5605)4
GIBSON, DUNN & CRUTCHER LLPUpdated April 27, 2011o A director who is (or whose family member is) a partner in, or acontrolling stockholder or executive officer of, an organization,including a non-profit entity, if the company made payments to, orreceived payments from, the organization for property or services inthe current fiscal year or any of the past three fiscal years, thatexceeded the greater of 200,000 or five percent of the organization'sgross revenues for that year, other than payments arising solely frominvestments in the company's securities and payments under nondiscretionary charitable contribution matching programs. Thereference to partner is not intended to include limited partners.NASDAQ encourages boards to consider other situations where adirector or a director's family member and the company each have arelationship with the same non-profit organization in assessing directorindependence. (NASDAQ Rule 5605(a)(2)(D) and IM-5605))o A director who is (or whose family member is) an executive officer ofanother entity where, at any time during the past three years, any of thecompany's executive officers served on that entity's compensationcommittee. (NASDAQ Rule 5605(a)(2)(E))o A director who has a family member that is, or has been within thepast three years, an executive officer of the company. (NASDAQRule 5605(a)(2)(C))o A director who is (or whose family member is) a current partner of theoutside auditor, or who was a partner or employee of the outsideauditor and worked on the company's audit engagement within the pastthree years. (NASDAQ Rule 5605(a)(2)(F)) The NASDAQ listing standards also provide that an audit committee membermust not have participated in the preparation of the financial statements of thecompany or any current subsidiary of the company at any time during the pastthree years. (NASDAQ Rule 5605(c)(2)(A)(iii)) Effective date: Companies were required to have audit committees that complied withthe listing standards by the earlier of their first annual meeting after January 15, 2004,or October 31, 2004. In 2008, the NYSE and NASDAQ increased their thresholds ondirect compensation to 120,000 (the same threshold applied under the SEC'sdisclosure standard for related person transactions). The change to the NYSE rulewas effective beginning September 11, 2008 and the change to the NASDAQ rulewas effective August 8, 2008. Changes to the NYSE's bright-line directorindependence standard on affiliations with a listed company's auditor also took effectbeginning September 11, 2008. These changes permit a director to be consideredindependent if the director's immediate family member currently works for thecompany's auditor, as long as the family member is not a partner or is not personallyinvolved (and has not been personally involved for the past three years) in thecompany's audit. The NYSE changes allowing companies to make disclosures about5
GIBSON, DUNN & CRUTCHER LLPUpdated April 27, 2011contributions to charitable organizations either on their websites or in their proxystatements were effective beginning January 1, 2010.Financial expertise. Disclose whether or not the audit committee has at least one "audit committeefinancial expert" (as defined by the SEC) and if not, why not. (Sarbanes-Oxley §407) Under the SEC's rules implementing Section 407, an issuer must disclose inits Form 10-K whether or not (and if not, why not) it has at least one "auditcommittee financial expert" serving on the audit committee, and if so, thename of the expert and whether the expert is independent, as independence foraudit committee members is defined in the listing standards applicable to theissuer. (Item 10 of Form 10-K; Item 407(d)(5) of Regulation S-K) Thedetermination of whether an individual qualifies as an "audit committeefinancial expert" must be made by the full board of directors.The definition of "audit committee financial expert" in the SEC's final rules isless restrictive than that initially proposed by the SEC and expands the pool ofindividuals who may qualify as an "audit committee financial expert." TheSEC's final rules define an "audit committee financial expert" as a person whohas:o an understanding of GAAP and financial statements;o the ability to assess the general application of GAAP in connectionwith the accounting for estimates, accruals, and reserves;o experience: (1) preparing, auditing, analyzing or evaluating financialstatements that present a breadth and level of complexity of accountingissues that are generally comparable to those that the issuer's financialstatements can reasonably be expected to raise; or (2) activelysupervising individuals engaged in these activities;o an understanding of internal controls and procedures for financialreporting; ando an understanding of audit committee functions. (Item 407(d)(5)(ii) ofRegulation S-K) The "audit committee financial expert" must have acquired these attributesthrough:o education and experience as a principal financial officer, principalaccounting officer, controller, public accountant or auditor, orexperience in a position that involves the performance of similarfunctions;6
GIBSON, DUNN & CRUTCHER LLPUpdated April 27, 2011o experience actively supervising a principal financial officer, principalaccounting officer, controller, public accountant, auditor, or personperforming similar functions;o experience overseeing or assessing the performance of companies orpublic accountants with respect to the preparation, auditing, orevaluation of financial statements; oro other relevant experience (a brief listing of which must be included aspart of the company's disclosure). (Item 407(d)(5)(iii) of RegulationS-K)Because the SEC's rules permit an individual to acquire the mandatoryattributes through experience "actively supervising" others, the rules make itpossible for some CEOs to qualify as "audit committee financial experts."The SEC's adopting release emphasizes, however, that "active supervision"means that the supervisor participates in, and contributes to, the process ofaddressing the same types of financial and accounting issues addressed by theindividuals being supervised. The SEC's rules include a safe harbor, clarifying that an "audit committeefinancial expert" will not be deemed an "expert" for any purpose. The safeharbor also clarifies that the designation of an individual as an "auditcommittee financial expert" does not: (1) impose any greater duties,obligations or liabilities than the individual would otherwise have as amember of the audit committee and board of directors; or (2) affect the duties,obligations or liabilities of other members of the audit committee or the board.(Item 407(d)(5)(iv) of Regulation S-K) NYSE listing standards continue to require that at least one audit committeemember have "accounting or related financial management expertise," andNASDAQ listing standards continue to require that at least one committeemember have "financial sophistication." (Commentary to NYSE ManualSection 303A.07(a); NASDAQ Rule 5605(c)(2)(A)(iv)) An "audit committeefinancial expert" may be presumed to satisfy these requirements.(Commentary to NYSE Manual Section 303A.07(a); NASDAQ IM 5605-4)) Determine that each audit committee member is financially literate (NYSE) or able toread and understand financial statements (NASDAQ). NYSE listing standards permitan audit committee member to become financially literate "within a reasonable periodof time" after appointment to the committee. (Commentary to NYSE Manual Section303A.07(a); NASDAQ Rule 5605(c)(2)(A)(iv)) Effective date: Under the SEC's rules, disclosures about the "audit committeefinancial expert" were required for fiscal years ending on or after July 15, 2003.Service on audit committees.7
GIBSON, DUNN & CRUTCHER LLPUpdated April 27, 2011 If an audit committee member simultaneously serves on the audit committees of morethan three public companies, the board of each NYSE company must determine thatthe audit committee member's simultaneous service would not impair his or herability to effectively serve on the listed company's audit committee. Thisdetermination must be disclosed either on the company's website or in the company'sproxy statement. If this disclosure is made on the company's website, the companymust disclose that fact in the proxy statement and provide the website address.(Commentary to NYSE Manual Section 303A.07(a)) The NASDAQ listing standards do not contain an analogous requirement. Effective date: NYSE companies were required to comply by the earlier of their firstannual meeting after January 15, 2004, or October 31, 2004. The NYSE changesallowing companies to make the disclosures about these board determinations eitheron their websites or in their proxy statement were effective beginning January 1,2010.Audit committee responsibilities; mandatory charter provisions for listed companies. Review audit committee charter to assess whether it incorporates specificresponsibilities mandated by Sarbanes-Oxley, the NYSE and NASDAQ. The audit committees of NYSE-listed companies must include in their charters thecommittee's purpose, which, at a minimum, must be to prepare the report included inthe proxy statement and to assist in board oversight of: the integrity of the company's financial statements; the company's compliance with legal and regulatory requirements; the outside auditor's qualifications and independence; and the performance of the company's internal audit function and of the outsideauditor. (NYSE Manual Section 303A.07(b)(i)) Audit committees of NYSE-listed companies also must perform a number ofresponsibilities that must be set forth in the audit committee's charter, including thoseduties and responsibilities required by Exchange Act Rule 10A-3(b)(2), (3), (4) and(5). (NYSE Manual Section 303A.07(b)(ii) and (iii)) Specifically, the auditcommittee must: be directly responsible, in its capacity as a committee of the board, for theappointment, retention, compensation, and oversight of the work of theoutside auditor, as required by Exchange Act Rule 10A-3(b)(2) (discussedseparately below);8
GIBSON, DUNN & CRUTCHER LLPUpdated April 27, 2011 establish procedures for the receipt, retention and treatment of complaintsregarding accounting, internal accounting controls or auditing matters, as wellas for confidential, anonymous submissions by listed company employees ofconcerns regarding questionable accounting or auditing matters, as requiredby Exchange Act Rule 10A-3(b)(3) (discussed separately below); obtain and review, at least annually, a report by the outside auditor describing:(1) the audit firm's internal quality control procedures; (2) any material issuesraised by the most recent internal quality control review, or peer review, of theaudit firm, or by any investigation by governmental or professionalauthorities, within the last five years, regarding any independent audit carriedout by the audit firm, and any steps taken to address these issues; and (3) (toassess the audit firm's independence) all relationships between the auditor andthe company;o On August 22, 2008, the SEC approved a rule of the PublicCompany Accounting Oversight Board ("PCAOB") that requiresthe outside auditor to communicate, in writing, to the auditcommittee any relationships between the auditor and relatedentities, and the company and individuals in a "financial reportingoversight role" at the company, that may reasonably be thought tobear on the auditor's independence and to discuss with the auditcommittee the potential effects of these relationships onindependence. The report must be made both before accepting anew audit engagement, and then at least annually thereafter forcontinuing engagements. The rule supersedes IndependenceStandards Board Standard No. 1 (Independence Discussions withAudit Committees). (PCAOB Rule 3526) meet to review and discuss the annual audited financial statements andquarterly financial statements with management and the outside auditor,including reviewing the listed company's specific MD&A disclosures; discuss earnings press releases, and financial information and earningsguidance provided to analysts and rating agencies (discussed separatelybelow); have the authority, without seeking board approval, to obtain advice andassistance from outside legal, accounting or other advisors, and receiveappropriate funding for the compensation of such advisors, as required byExchange Act Rule 10A-3(b)(4) and (5) (discussed separately below); discuss policies with respect to risk assessment and risk management(discussed separately below); meet separately, periodically, with management, the internal auditor and theoutside auditor (discussed separately below);9
GIBSON, DUNN & CRUTCHER LLPUpdated April 27, 2011 review with the outside auditor any difficulties the auditor encountered in thecourse of its audit work (including any restrictions on the scope of theauditor's activities or on access to information, and any significantdisagreements with management) and management's response; set clear hiring policies for employees or former employees of the outsideauditor that are consistent with Sarbanes-Oxley, which prohibits an auditingfirm from providing audit services to a company whose CEO, CFO or chiefaccounting officer (or any person serving in an equivalent position) wasemployed by the auditing firm and participated in the company's audit in anycapacity within one year of audit initiation (Sarbanes-Oxley §206);o Under the SEC's rules implementing Section 206, an accounting firmis not independent with respect to an issuer if the lead partner,concurring partner, or any other member of the audit engagement teamwho provides more than 10 hours of audit, review or attest services forthe issuer accepts a position with the issuer in a "financial reportingoversight role" within one year prior to the commencement of auditprocedures for the year that included employment by the issuer of theformer member of the audit engagement team. (Rule 2-01(c)(2)(iii)(B)of Regulation S-X) An individual has a "financial reporting oversightrole" if the individual is in a position to or does exercise influence overthe contents of the financial statements or anyone who prepares them.(Rule 2-01(f)(3)(ii) of Regulation S-X) report regularly to the board of directors; and undertake an annual evaluation of the audit committee's effectiveness. (NYSEManual Section 303A.07(b)(ii) and (iii)) Audit committee charters of companies listed on NASDAQ must include thecommittee's purpose of overseeing the accounting and financial reporting processesof the Company and the audits of the Company's financial statements. (NASDAQRule 5605(c)(1)(C)) The charter also must set forth specified responsibilities andauthority of the audit committee, including: the scope of the audit committee's responsibilities, and how it carries out thoseresponsibilities, including structure, processes and membership requirements; the audit committee's responsibility for: (1) ensuring its receipt from theoutside auditor of a formal written statement delineating all relationshipsbetween the auditor and the company; and (2) actively engaging in a dialoguewith the outside auditor about any disclosed relationships or services that mayimpact the objectivity and independence of the auditor and taking, orrecommending that the full board take, appropriate action to oversee theindependence of the outside auditor; and10
GIBSON, DUNN & CRUTCHER LLPUpdated April 27, 2011 the responsibilities and authority necessary to comply with Exchange ActRule 10A-3(b)(2), (3), (4) and (5) regarding:o the authority to appoint and oversee the outside auditor (discussedseparately below);o the establishment of procedures for complaints regarding accounting,internal accounting controls or auditing matters (discussed separatelybelow);o the authority to engage outside advisors (discussed separately below);and funding, as determined by the audit committee. (NASDAQ Rule5605(c)(1)(A), (B) & (D) and 5605(c)(3)) On March 29, 2010, the PCAOB proposed a new auditing standard oncommunications with audit committees that is intended to enhance the effectivenessof communications between the audit committee and the outside auditor. Amongother things, the proposed standard, which requires SEC approval before it takeseffect, includes requirements relating to: (1) communication of an overview of theaudit strategy, including a discussion of significant risks identified by the outsideauditor during its risk assessment procedures, the use of the internal audit function,and the roles, responsibilities and location of firms participating in the audit; (2)communication about critical accounting polices, practices and estimates; (3)communication, where relevant, about the outside auditor's evaluation of a company'sability to continue as a going concern; and (4) the outside auditor's evaluation of theadequacy of the two-way communications between the auditor and the auditcommittee. The proposed auditing standard would supersede PCAOB interimstandard AU sec. 380 (Communication With Audit Committees) and AU sec. 310(Appointment of the Independent Auditor). The PCAOB hosted a roundtablediscussion on the proposed standard on September 21, 2010. The PCAOB had alsoreopened the comment period, which closed on October 21, 2010. Effective dates: The SEC rules implementing Section 206 of Sarbanes-Oxley (hiring of formeraudit personnel) were effective for employment relationships that commencedon or after May 6, 2003. Companies were required to comply with the listing standards by the earlier oftheir first annual meeting after January 15, 2004, or October 31, 2004.Amendments to the NYSE listing standards that require audit committees to"meet to review" and discuss a company's financial statements, including"reviewing the company's specific" MD&A disclosures, took effect November3, 2004. The PCAOB's Rule 3526 on communications with audit committeesconcerning independence was effective September 30, 2008.11
GIBSON, DUNN & CRUTCHER LLPUpdated April 27, 2011 Subject to approval by the SEC, the PCAOB's proposed auditing standard oncommunications with audit committees would have been effective for auditsof fiscal years beginning after December 15, 2010.Periodic private sessions with management and internal and outside auditors. Conduct private sessions, periodically, with the internal and outside auditors and withmanagement. Include a requirement for periodic private sessions in the auditcommittee charter. (NYSE Manual Section 303A.07(b)(iii)(E)) The NASDAQ listing standards do not contain an
monitoring the company's internal controls and compliance with legal and regulatory requirements. Set forth below is a checklist outlining actions that companies and audit committees should consider to assist the audit committee in meeting its increased responsibilities under the Sarbanes-Oxley Act of 2002 ("Sarbanes-Oxley
