Many audit committees are taking a closer look at their interactions with management’s disclosure committee, including their understanding of its operations—particularly how controls and procedures are updated in light of changing and expanding disclosure requirements.
The Securities and Exchange Commission (SEC) continues to scrutinize management’s discussion and analysis (MD&A) disclosures for quality and compliance with Item 303 of Regulation S-K. Key areas of focus also include risk factors, cybersecurity risk, and non-GAAP financial measures. At the same time, companies face pressure from regulators and stakeholders to enhance disclosures on topics such as strategy, board composition, auditor oversight, and compensation. The preparation of these disclosures and the MD&A generally—not to mention the pay ratio disclosures to be reported by calendar year companies in 2018—is a complex and time-consuming undertaking, with management’s disclosure committee playing a key role.
Given this critical role, many audit committees are taking a closer look at their interactions with management’s disclosure committee, including their understanding of its operations—particularly how controls and procedures are updated in light of changing and expanding disclosure requirements.
As recommended by the SEC, most public companies have management disclosure committees tasked with considering the materiality of information and determining the company’s disclosure obligations on a timely basis. These committees, comprised of company officers and senior managers, typically report to the CFO or CEO and play a key role in maintaining the company’s disclosure controls and procedures and in preparing disclosures contained in the company’s SEC filings.
The fundamental challenge for audit committees is to help ensure that the company has the necessary procedures so that, as noted by the SEC, “important information flows to the appropriate collection and disclosure points in a timely manner,” and the company’s principal executives can provide accurate and complete information to security holders. That challenge can be made more difficult by complex organizational structures and global operations. To address these issues, consider the following:
Understand the role of the disclosure committee. How and from whom does the committee obtain the information it uses? How is the information analyzed and verified for accuracy? The specific procedures and controls required will vary based on the company’s structure and complexity. Questions audit committees may ask include:
Review the disclosure committee’s practices for apprising the CEO and CFO of its activities. Given the CEO’s and CFO’s ultimate responsibility for the company’s disclosure controls and procedures, it is essential that they set the tone. The CEO and CFO should meet regularly with key members of the disclosure committee to enable them to assess the committee’s comfort with the proposed disclosures and to review the committee’s work in preparation for the quarterly certifications of the company’s disclosure controls and procedures.
Assess the audit committee’s level of interaction with the disclosure committee. Many audit committees request periodic—often quarterly—reports from the disclosure committee, and some audit committee chairs occasionally attend disclosure committee meetings. The goal of these interactions is for the audit committee to understand how the disclosure committee operates and the rigor of its processes, the issues the committee deliberates, and to probe any close calls.