News

PCAOB to host small issuer events

Jim Kim — Fri, 22 Aug 2008 11:52:49 -0400

As you may know, the PCAOB is reaching out to small companies with two events in October. One forum is set for Oct. 1, at the Sofitel Hotel in Chicago. The second is set for The Rittenhouse Hotel in Philadelphia on Oct. 30. West coasters and southerners may feel left out. Hopefully, there will be more. These events may or may not generate real news. Hopefully, transcripts and summaries will be made available to all. The board has just released an agenda, which includes staff from the SEC's Division of Corporate Finance speaking about common small issuers concerns, including implementation of the SEC's guidance for compliance with Section 404 of Sarbanes-Oxley. Also, the board will provide updates on various accounting and auditing issues, auditing standards-setting activities, and inspections activities. In addition, a panel will discuss what audit committees ought to know about the PCAOB.

For more:
- here's an item from accountingweb.com

Be careful about orphaned accounts

Jim Kim — Wed, 20 Aug 2008 17:56:56 -0400

In the wake of the Jerome Kerviel "rogue trader" scandal at Societe Generale, a lot of banks have stepped up efforts to prevent such a scandal. But companies across the board need to think about whether their systems could accommodate internal rogues. One theme that has bubbled up: orphaned accounts--accounts that belong to former employees, or those that no longer need access. Some think Kerviel used such accounts to game the system. This is a bigger issue in the wake of downsizing efforts, especially on Wall Street. So there's renewed focus on access management and technology. It can get very complex at big firms, and vendors certainly see opportunity--for everything from real-time monitoring to biometric solutions. A lot of problems occur because of practices--over-credentialing people, for example--in the name of speed. Article (FinanceTech)

Companies move to end consultant conflicts

Jim Kim — Wed, 20 Aug 2008 17:56:14 -0400

Compensation issues aren't strictly in-scope from a Sarbanes-Oxley perspective, except perhaps when it comes to backdating of options. Of course, if the auditor were retained to give compensation advice, that would invoke the law! But conflicted compensation advice is hardly a non-issue. In the Sarbox era, boards have been more leery of even the appearance of conflicts. When it comes to compensation advice, Financial Week notes that more big companies are opting to hire independent compensation advisers instead of larger firms that consult on a broad range of issues. Safeway and Verizon are among those who have switched to independents. In cases where consultants that provide services in several areas are retained, companies seem to be disclosing more about their relationships. The article notes Time Warner, which in its proxy filing earlier this year offered a seven-paragraph description of the role of Towers Perrin.

For more:
- here's the article

D&O insurance costs rising

Jim Kim — Wed, 20 Aug 2008 17:55:31 -0400

We've noted that boards of top financial firms haven't really been held accountable for the turbulence over the past year. But the subprime crisis is hitting home in another way: rising D&O insurance costs. Financial Week notes that so far, only banks and financial services firms have been hit with rising costs--for good reason. But the number of subprime suits has exploded, and soon other industries may feel the inflationary ripples. In the wake of the Enron scandal in the early 2000s, the cost of D&O insurance rose 260 percent over two years, driven mainly by lawsuits and the fear of lawsuits. This at a time when most directors feel the need for more Side A coverage, which reimburses directors and executive officers when lawsuits are not covered by other insurance policies.

For more:
- here's the Financial Week article

Ex-CEO weighs in on Sarbox and financial statements

Jim Kim — Wed, 20 Aug 2008 17:54:43 -0400

T.J. Rodgers, the former CEO of Cypress Semiconductor, has authored a paper for the Cato Institute that argues that since Sarbanes-Oxley became law, financial statements have devolved to the point that even CEOs can no longer understand them. That colorful rhetoric binds his many criticisms, but it's really less a criticism of Sarbanes-Oxley and more a criticism of FASB. The paper runs through the GAAP treatment of intangibles, various revenue recognition rules, and rules for stock option expensing. And it is impassioned: "It deeply angers me that government lawyers and naive theoretical accountants have been allowed to impair the economic miracle that democratized the silicon chip, the personal computer, and the Internet." What is missing is an actual criticism of Sarbox. So it's a bit of a bait-and-switch, but a well-argued one.

For more:
- here's the paper

Would more contingent liabilities disclosure make Sarbox compliance hard?

Jim Kim — Mon, 18 Aug 2008 08:07:58 -0400

The FASB is responding to what it says is investor concern that current rules "do not provide adequate information to assist users of financial statements in assessing the likelihood, timing, and amount of future cash flows associated with loss contingencies" (mainly potential losses from lawsuits). Its proposal for more disclosure of information (going beyond Regulation S-K Item 103) is being met with a vehement response from the corporate community. They say that more disclosure would give plaintiff lawyers insight into trial strategies and litigation assessment, providing a road map to sue, reports CFO.com. An audit would be complicated as guidelines for how to audit and treat expanded disclosures would have to be drawn. Unsurprisingly, Sarbanes-Oxley has been pulled into the fray. Opponents say executives at companies with lots of suits pending (a lot of Wall Street firms these days) could not reasonably be asked to sign 302 and 906 certifications. Of course, you could say that about a lot of things.

For more:
- here's the CFO.com article

Jury still out on Sarbanes-Oxley and IPOs

Jim Kim — Wed, 13 Aug 2008 17:55:54 -0400

A San Jose Mercury News columnist notes that Sarbanes-Oxley has turned 6 and laments that he hasn't received a single invitation. Well, there were few parties in Silicon Valley, where Sarbox is still blamed for all manner of evil. But the columnist suggests--rightly in my opinion--that small companies that find a way to deal with the law will be better off down the road. Rackspace Hosting managed to go public. The San Antonio company attributed about $4.7 million of its $331 million in 2007 expenses to compliance with Sarbox. The hope is that the liquidity and gains in investor confidence will exceeds the costs. I have a sense that when the market and economy pick up again, we'll be seeing a lot more offerings. There's no reason why small companies can't find the same ROI that compliant big companies have.

For more:
- here's the column

Can you control for rumors in your firm?

Jim Kim — Wed, 13 Aug 2008 17:55:14 -0400

The time-honored practice of market chatter and gossip may pose as something of a regulatory issue for a lot of Wall Street firms, on the sell-side and the buy-side. The fear is that the SEC intends to hold more companies accountable for rumors designed to tank a stock. Subpoenas have been flying. And we've already seen one enforcement action against an alleged rumor-monger. The SEC is taking a look at policies that firms have in place regarding rumors. One consequence, as TheStreet.com notes, is that more firms are telling their analysts not to be so chatty with journalists. This of course is bad news for any reporter digging for information about companies. The buy-side was often a great source. We'll see if this blows over, but I think we may see more companies issue formal guidelines about information sharing with outsiders.

For more:
- here's the article from TheStreet.com

Accounting a hot field, colleges face demand hike

Jim Kim — Wed, 13 Aug 2008 17:54:31 -0400

We often hear about a lack of financial expertise in Corporate America--at all levels, from entry level accountants to internal financial officers to qualified directors. The marketplace has certainly responded. The American Institute of Certified Public Accountants says enrollment in accounting classes is up 19 percent since 2004. Last year, 64,221 students graduated with bachelor's or master's degrees in accounting, the most since the institute began its survey in 1970, notes the LA Times. Salaries are soaring, despite the economy. We've often joked that Sarbanes-Oxley really ought to be called the Accountants Full Employment Act. At some campuses, accounting is so popular that many students are turned away. Hopefully, all would-be financial professionals will have a professor like Will Snyder of San Diego State.

For more on Snyder:
- here's the LA Times profile

Beware downloads to external drives

Jim Kim — Wed, 13 Aug 2008 08:08:44 -0400

This month, a financial analyst at Countrywide was arrested and charged with stealing customer data and then selling it. OpRisk & Compliance reports that his ability to steal data in this manner stemmed from an IT oversight. Rene Rebollo, the arrested man, told the FBI that he knew computers in the Countrywide office had security features that prevented downloads to external drives, but he found an oversight. He was able to download names and info to his personal thumb drive. He stands accused of stealing 20,000 identities. Article

Critics of XBRL hoping for a delay

Jim Kim — Tue, 12 Aug 2008 09:45:32 -0400

Has the fact that small companies won a series of reprieves from compliance with 404(b) of Sarbanes-Oxley emboldened big companies facing an aggressive XBRL adoption mandate? Maybe. Big companies seem to be hoping that the SEC will heed their warnings and delay XBRL adoption for companies both big and small. Recall that the SEC laid out a schedule that would call for big companies to report results for a fiscal period ending in late 2008 in XBRL; small companies would follow a year later. CFO reports that big companies have filed comments suggesting that the timetable is too aggressive. While this is understandable, companies may be better off if they ramp up their XBRL efforts now. The last thing you want to do is risk noncompliance. Pfizer and Comcast, reports CFO, warn of tricky vendor issues. Bottom line: Counting on a delay is a poor solution.

For more:
- here's the article

Identity theft ringleaders charged

Jim Kim — Sat, 09 Aug 2008 08:40:05 -0400

The sordid world of stolen identities was unveiled by Federal prosecutors when they charged 11 men of running a massive identity theft ring responsible for major breaches at national retailers over the past few years. The list of victims includes Barnes & Noble, BJ's and TJ Maxx, which was victimized, you may recall, to the tune of 45 million credit card numbers. The cast of the indicted includes Albert "Segvec" Gonzalez of Miami, who also worked as a federal informant--a busy man. Another figure, Maksym Yastremski--a Ukrainian currently in Turkish custody--made about $11 million selling stolen identities and card swiping gear, reports Wired. This is welcome news, but it should not allow companies to feel they can let up. You can bet there are others willing to take their place. The indictments make clear that these are serious crimes.

For more:
- here's the article from Wired

Get a grip on encryption and databases

Jim Kim — Fri, 08 Aug 2008 14:46:35 -0400

As you know, storage issues have rocketed to the forefront of the IT agenda, driven mainly by Sarbanes-Oxley and other compliance initiatives. That has made them targets for various hackers. SQL injection attacks, among other activities, are rising, notes SC magazine. So while encryption is not the complete answer, it makes sense. Unfortunately, the fact remains that many companies still have not embraced encryption. The practice itself raises several issues; Do you encrypt everything, or just some data? Where do you encrypt it? There are lots of solutions out there. It's always a good time to get started on these issues. Article

Laptop with airport security program applicants missing

Jim Kim — Fri, 08 Aug 2008 14:44:55 -0400

Yet another data breach? A laptop computer with the personal information of 33,000 passengers seeking to enroll in an airport security prescreening program--the irony is almost too much--has been stolen from San Francisco International Airport, the AP reports. The laptop is owned by Verified Identity Pass, which operates the program at 17 airports nationwide. The TSA says the computer was unencrypted and was reported missing more than a week ago; the agency wasn't notified until Sunday. The computer was stolen from a locked room apparently, and required two levels of passwords. The data did not include SSNs, apparently. Still, this is a black eye for all involved. There likely will be repercussions. Will Verified Identity Pass be held accountable? Will its contract be renewed?

For more:
- here's the AP article

Related Articles:
Big data breach at JPMorgan
The dangers of Web 2.0

SEC promotes web as financial info release medium

Jim Kim — Fri, 08 Aug 2008 14:43:33 -0400

The SEC has taken a keen interest in promoting new technologies as a way to distribute corporate financial information. The looming mandate for XBRL is an example. Similarly, the SEC just released guidance that encourages companies to use the web--their own sites or recognized third-party sites--as the sole means of releasing market-sensitive information. Financial Week notes that the news went over like a rock. There won't likely be any dramatic change. While the news makes some sense from a Reg FD standpoint, few companies will likely cease releasing news via press release distributors in favor their websites. There could be a period of confusion as investors face uncertainty in whether to look for 8-k disclosures for news or press release distributors, or website items. Companies will have to somehow make clear to investors and analysts how they intend to communicate.

For more:
- here's the Financial Week article

Related Article:
Time for an executive web posting policy?