Publicly traded companies seem to be getting better at presenting reliable financial statements. In May, research firm Audit Analytics found that the total number of restatements dropped to 6.83% (or 671 of 9,831 companies) in 2016. That’s the lowest number of restatements in 15 years. The highest percentage and number of restatements occurred in 2006 when 11.94% (or 1,853 out of 15,515 companies) had to either revise or reissue their financials.
Don Whalen, director of research at Audit Analytics, attributes the decrease in restatements, at least partially, to regulatory oversight. “I believe that the decrease in the number of restatements … is a result, to some extent, of improved internal controls over financial reporting,” Whalen said. Companies institute internal controls primarily to deter accounting fraud.
One source of improved internal controls is the Committee of Sponsoring Organizations of the Treadway Commission (COSO). COSO first published its Internal Control — Integrated Framework in 1992 to help prevent a repeat of the types of accounting frauds that occurred in the 1980s. In 2013, COSO revised its framework to reflect changes to business and financial reporting that have taken place over the last two decades.
The updated COSO framework outlines the basic components of internal controls, including:
Control environment. A set of standards, processes and structures is needed to provide the basis for carrying out internal controls across the organization.
Risk assessment. This dynamic, iterative process identifies stumbling blocks to the achievement of the company’s objectives and forms the basis for determining how risks will be managed.
Control activities. Policies and procedures are necessary to help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out.
Information and communication. Relevant and quality information supports the internal control process. Management needs to continually obtain and share this information with people inside and outside of the company.
Monitoring. Management should routinely evaluate whether each of the five components of internal controls is present and functioning.
Another source of improved internal controls is the Public Company Accounting Oversight Board (PCAOB). The Sarbanes-Oxley Act of 2002 established the PCAOB — in response to the accounting scandals at Enron and WorldCom — to supervise audits of public companies.
Section 404 of the Sarbanes-Oxley Act requires management to assess the soundness of internal controls over financial reporting (ICFRs) and independent auditors to attest to management’s assessment of ICFRs. Technically, the PCAOB doesn’t have authority over companies. But the PCAOB “uses its purview over accounting firms to address its concerns about the quality of ICFRs,” explained Whalen.
At the end of 2007, PCAOB Auditing Standard (AS) 2201, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements, went into effect. Afterward, the PCAOB reviewed the implementation of the new standard as part of its 2008 and 2009 audit inspections. In 2010, the PCAOB shifted its focus to determining if the audit process obtained adequate evidence to substantiate the auditor’s attestation of the management’s assessment regarding the effectiveness of ICFR.
“With this effort on the part of the PCAOB, it is no surprise that an upward trend in the number of adverse auditor attestations started after 2010, which continued and peaked in 2014,” Whalen said. “The restatement report shows a noticeable and subsequent decrease in the number of restatements in 2015 and 2016.”
The PCAOB’s inspection of internal controls doesn’t include companies with less than $75 million in public float. But Whalen said smaller companies are learning and quickly implementing the improvements adopted by larger companies.
Regardless of a company’s size, strong internal controls help improve the reliability of financial reporting, leading to fewer restatements. In turn, this trend gives stakeholders greater confidence in the company’s ability to identify, analyze, and respond to risk and changes in the business and operating environments. Your financial advisors can help your company evaluate its internal controls and reinforce them against any weaknesses.