I just spent three days in Washington, D.C. at the 2022 AICPA and CIMA Conference on SEC and PCAOB developments. Days were filled with presentations from various regulators such as the SEC, the PCAOB, the FASB, the IASB, and other stakeholders within the industry. Topics were varied but certainly there was a consistent theme: we are living in unprecedented times filled with an incredible amount of uncertainty and with ever-increasing rates of change; exponential evolution some might say. As the old adage goes: the only constant is change. Tone at the Top Having attended many of these AICPA conferences, what I thought was perhaps most notable this year was a significant shift in tone, and I saw this in two distinct manners. First, whether the SEC, the PCAOB, the FASB or any other industry group, presenters repeatedly emphasized the importance of acting on behalf of investors and stakeholders and the significance of seeking input from stakeholders. All regulators have processes designed to incorporate feedback on proposed standards and almost every group has various oversight and investor stakeholder committees to ensure the investor public is represented and heard. The other major shift in tone was the emphasis on quality: quality financial reporting, quality disclosures, and perhaps most notably, quality audits . Last year, the SEC enforcement division started that tone shift with a bold statement that auditors are the gatekeepers. This year, the PCAOB’s new board continued that messaging; the Chair of the PCAOB, Chair Williams, made it very clear that the PCAOB is holding auditors accountable and is pursuing strong enforcement actions, as evidenced by the significant increase in both the number of enforcement cases closed in 2022 and the dollar amount of monetary penalties imposed on individuals and registered firms through enforcement actions. Key takeaway : Investors and stakeholders should get involved and be heard in the standard-setting process. Quality is paramount, and the regulators are holding all responsible parties accountable. Economic Uncertainty Though perhaps sensationalized in the media, the reality is that we are indeed living in unprecedented times. Inflation in the US (and most of the world) is the highest it has been in almost 40 years. To combat inflation, interest rates have also been rising to levels not seen in decades. Compounding these factors, there are continued supply chain disruptions partially resulting from effects of the global pandemic, there is Russia’s war in Ukraine, and amongst other variables, there is the unexpected labor shortage (from the Great Resignation). All these factors beg the question: are we in a recession? If not yet, when? How bad will it be? How long will it last? While these developments make for “interesting” political rhetoric, they also pose real challenges to the accounting and audit professions. For example, rising interest rates (which means higher discount rates) and rising inflation, particularly on costs (which translates to challenging cash flow projections and potentially lower margins), likely implies lower fair values when performing asset valuations for potential impairment. Rising interest rates also indicates higher incremental borrowing rates which equates to lower values for leased assets (and to be fair, lower liabilities as well). Key takeaway : the uncertainty in the economy is posing real challenges to accounting for and auditing of estimates that are an essential part of financial reporting. Perhaps most simply stated, it’s NOT the same as last year. Auditors need to keep professional skepticism in mind and thoroughly challenge estimates and assumptions, including considering management bias and potential contradictory evidence. Disclosures and Disaggregation While many in the audit and accounting profession focus on the numbers in the financial statements themselves, the resounding message from the SEC was simply this: disclosures matter , so get them right! The SEC (Corp Fin, Enforcement, and OCA) spent most of its sessions discussing the significance of disclosures in the financial statements, including disclosures outside the financial statements, but required in the filing such as MD&A. For instance, the SEC made clear that registrants need to revisit risk disclosures and ensure that they are accurate and up to date considering the evolving economic landscape. In fact, though risk disclosures often read as hypotheticals, currently, many of the risks are now actual realities. There is no risk of inflation; inflation is real and relevant. There is no risk of rising interest rates; interest rates have gone up significantly over the past year. In addition, the SEC and FASB discussed the increasing demand for disaggregation of disclosures. The FASB is currently considering increased disaggregation and disclosure related to segment reporting and income statement line items (such as further disaggregation of expenses and income taxes) and further disclosure related to statements of cash flows. The SEC is similarly releasing additional guidance and interpretations around further disaggregation over disclosures, or perhaps stated differently, around further depth and clarity. Don’t just tell the users “what” but give them more color as to “why.” Finally, the SEC continued their focus on non-GAAP disclosures and ensuring these are a) labeled appropriately (clearly identified as non-GAAP and not using titles or labels similar to those used in GAAP metrics), b) are NOT more prominent than GAAP disclosures and c) are NOT misleading. The SEC does thorough reviews of SEC filings, but it’s important to know that the SEC also reviews anything available in the public domain including all press releases, earnings reports and issuers’ and management’s social media activity. Key takeaway: Diligently review disclosures and ensure they are accurate, sufficiently precise (consider further disaggregation) and not misleading or contradictory in any capacity. Recurring Hot Topics Just as revenue recognition, leases and credit losses were the subject of recurring discussions for an almost three- or four-year period, the new hot topics included ESG, crypto, and cybersecurity. Environmental, Social and Governance (or ESG) Unsurprisingly, ESG was front and center in almost every discussion during the conference. It would be an understatement to say that huge changes are coming. While the fate of the 550-page SEC proposal is undetermined, the future of the US ESG movement is still inextricably linked to the forward progress in Europe. Global multinational firms as well as companies that are in any way a part of the European supply chain will have to start some form of ESG reporting and compliance in the coming years. The discussions at the conference further delved into the potential changes and challenges facing ESG . It seems all major corporations are struggling to find where to house this emerging department, though many agree that financial reporting will house and/or have significant involvement in this area given the current processes and controls in place. Consensus indicates that the biggest struggle will be in two facets: Divergence in standards and practice: Currently, there are various standards and metrics, and companies are struggling to synthesize the requirements from a global perspective. Much like accounting and financial markets, uniformity across regulators will be difficult to achieve. As well, each industry has different risks and contributions to the ESG space, so uniformity of disclosures and metrics across industries will be difficult. This divergence challenges the comparability of information presented. Reliability of data: Despite uncertainty in exactly “what” will be required, companies are moving forward with ESG disclosures, thanks largely to investor demands. The other big challenge is figuring out where/how to obtain the data needed for disclosures and then how to ensure this data is reliable. Although data used in financial reporting is subject to rigorous controls over completeness and accuracy (“C&A”), much of the data used for ESG disclosures will come from either internal operations (which may not be subject to strong controls over C&A) or from third parties (which makes it difficult for companies to evaluate C&A). The requirement for some form of assurance (currently expected to be “limited assurance” as opposed to “reasonable assurance” which is the basis for auditing financial statements) will inherently require understanding sources of data and how that data was validated for C&A. This poses a huge challenge to audit firms. Many audit firms are starting “trial runs” with clients to help companies understand the potential level of detail needed to perform a quality audit (or whatever form of attestation the standards eventually require) over ESG reporting. Additionally, ESG will continue to evolve over time and the industry will need to learn to distinguish between errors in previous disclosures and data versus improvements in the quality and granularity of disclosures and data. Key takeaway : it’s never too early to start preparing for this emerging reporting requirement and do NOT underestimate the amount of time and resources it will take to obtain the data from all potential parties involved, (such as small upstream suppliers), to prepare the disclosures, and to perform a quality assurance service over the ESG reporting. Crypto The recurring joke amongst presenters was that you couldn’t sit up on stage and not mention crypto…and sure enough, almost every presenter discussed crypto currency and digital assets . There appears to be a lot of demand for additional guidance (at least the questions submitted to the panels seemed to indicate that); I believe that stems from perhaps a lack of understanding of the emerging technology. Although the SEC and FASB have released interpretations and limited guidance on how to account and report digital assets, both entities seemed to indicate that the current accounting and financial reporting frameworks provide sufficient guidance. The PCAOB also includes crypto as a risk factor when selected risk-based audits for inspection; although there continue to be deficiencies in the audit space, the PCAOB also believes its standards are currently sufficient. So, while there was always mention of crypto, there was actually very little in-depth discussion of crypto. Key takeaway: understand the technology/industry before engaging in an audit over crypto (meaning, this should be part of your client acceptance considerations, evaluating whether the firm has the right knowledge and competencies to perform a quality audit) and review the various SEC, FASB and PCAOB releases related to crypto and digital assets. I wouldn’t expect drastic changes and/or significant new standards specific to crypto. Cybersecurity Surprisingly (in this author’s humble opinion), there was far less discussion of cybersecurity than one might expect. That said, one of the panelists, Pete Cordero, former FBI and current cybersecurity advisor/consultant, also emphatically stated that cybersecurity is “ THE risk of the decade.” And I don’t disagree. Specific to audit and accounting, cybersecurity poses a risk to the integrity of financial reporting systems which in turn poses a pervasive threat to the entire financial reporting process. Cybersecurity also poses a greater risk to society at large whether threatening utilities, financial institutions, or as many learned from Colonial Pipeline, general supply chains, including oil and gas. Although there was only one hour devoted to cybersecurity, the discussion was robust and informative. The SEC requires disclosures around cybersecurity risks (if they are real and relevant, which given email, inherently applies to every company) and cybersecurity breaches. By its very nature, given the pervasiveness of technology, it’s difficult to determine “what constitutes a material breach?” Perhaps most indicative of how future regulation may develop, Mr. Cordero discussed some of the proposed amendments to the New York Department of Financial Services’ DFS Part 500 Cybersecurity Rules including the requirement for certain companies with heightened risk to conduct an annual, independent audit of cybersecurity programs. Stop and digest that for a minute. In a realm of ever-changing and unlimited potential risk, what is the appropriate threshold to assert that controls are sufficiently designed, implemented and operating effectively to prevent and/or detect cybersecurity threats and breaches? There’s a lot to unpack here, but for another time. Key Takeaway: Let’s not overlook cybersecurity just because other hot topics dominate the headlines. Cybersecurity is an ever-present danger that poses pervasive risks to companies and the financial markets and is an important consideration for accountants and auditors alike. Resources Abound There is a significant amount of change in the industry and we’re all feeling it. There is a sense of overwhelm at times and we didn’t even touch on the labor shortages and the new quality management standards impacting audit firms. We get it and we feel the pressure many of our clients are facing. Despite the number of changes and emerging topics, I took comfort in seeing just how much the regulators seem to understand the evolving landscape. While they are there to represent their stakeholders, they also want to support the accountants and auditors to empower quality financial reporting and auditing. There is an abundance of resources on almost every topic covered at the conference including publications from the FASB, SEC, PCAOB, AICPA, CAQ, IASB, ISSB, Big 4, industry groups, etc. In addition, as evidenced in the hallways and the underwriter booths, there are literally dozens of companies out there to support you whether in data analytics, scheduling and temporary staffing, knowledge experts and training, etc. And yes, we here at JGA have our fingers on the pulse of the audit industry and are ready to help however we can. Key takeaway : Resources abound; you don’t have to go it alone!

For the second consecutive year, Johnson Global Accountancy (JGA) is honored to return as an underwriter to the AICPA & CIMA Conference on Current SEC and PCAOB Developments. The conference will take place this December, live in Washington, D.C. and virtually online. “I am excited for JGA to once again be an underwriter for one of the largest annual AICPA conferences," said Jackson Johnson, JGA President, “JGA’s mission is to be the most innovative and technically excellent advisory firm at the intersection of companies, auditors, and regulators, to improve investor decision-making confidence. The cross section of financial report, audit, standard setters and regulators at this conference is the perfect way for our team to interact with all these stakeholders and share how we are fighting the good fight – and winning – for audit quality improvement.” As one of the largest annual gatherings of standards setters, regulators, and accounting professionals, the AICPA Conference is a yearly opportunity for SEC registrants and auditors to discuss the coming year’s biggest accounting, auditing, and regulatory developments. The AICPA Conference is scheduled to take place from December 12 to December 14, 2022, at the Marriott Marquis in Washington, D.C., and live online. Join JGA on-site and meet our team of experienced client service professionals at our booth. Register today through this link and use the code SEC22 to save $100 on your ticket. About Johnson Global Accountancy JGA is dedicated to helping public accounting firms around the globe achieve the highest level of audit quality. Led by CPAs and former PCAOB inspection staff, JGA professionals are passionate and practical about working alongside firm leadership to ensure the right controls, policies, and practices are implemented throughout the organization.