2016 Emerging Issues and Technical Accounting Update. General Session

Transcription

1 2016 Emerging Issues and Technical Accounting Update General Session

2 FASB Update Brandon Coleman, Partner, National Office Accounting Services Kevin Moore, Audit Senior Manager

3 Agenda Topic Leases (ASC 842) Revenue Recognition (ASC 606) Copyright 2016 Deloitte Development LLC. All rights reserved. 3

4 Leases Copyright 2016 Deloitte Development LLC. All rights reserved. 4

5 Accounting Overview Copyright 2016 Deloitte Development LLC. All rights reserved. 5

6 The Big Picture Key takeaways from this presentation Most leases on balance sheet for lessees Classification will drive expense profile Lessor model largely unchanged Most changes result from alignment with ASC 606 FASB tried to make things easy Classification, reassessment, transition Effective 2019 (non-public 2020) but don t wait to assess impact Process and systems changes may be required Potential impact on debt covenants Copyright 2016 Deloitte Development LLC. All rights reserved. 6

7 Identifying a lease Copyright 2016 Deloitte Development LLC. All rights reserved. 7

8 Definition of a lease For a contract to be, or contain, a lease under ASC 842 it must: Depend on the use of an identified asset, and Convey the right to control the use Right to obtain substantially all of the economic benefits from asset use and Right to direct the use of the asset over lease term Copyright 2016 Deloitte Development LLC. All rights reserved. 8

9 Identified asset Understanding the criteria Contract must depend on use of identified asset Asset must be explicitly or implicitly identified Physically distinct portion of a larger asset may be an identified asset Capacity portion of a larger asset is generally not an identified asset Right of substitution Would result in the asset not being deemed a specified asset Substitution would be considered substantive if: Lessor has the practical ability to substitute the asset Lessor would benefit from exercising its right of substitution Warranty or upgrade considerations Supplier s right or obligation to substitute an alternative asset due to operational failure does not mean the asset is not an identified asset Supplier s right or obligation to upgrade the asset similarly does not mean the asset is not an identified asset Copyright 2016 Deloitte Development LLC. All rights reserved. 9

10 Example: Applying the identified asset criteria under ASC 842 Company A enters into a contract with a warehouse operator to store up to 1,000 pallets of spare parts inventory at one of the operator s warehouse locations for a three-year period. The operator s warehouse has capacity to store up to 10,000 pallets of inventory. During the contract period, the warehouse operator can use the remaining space in its warehouse for other storage needs. The warehouse operator may also relocate the customer s pallets within the warehouse without incurring significant costs. Question: Does the contract contain an identified asset? Copyright 2016 Deloitte Development LLC. All rights reserved. 10

11 Example: Applying the identified asset criteria under ASC 842 (cont.) Answer: No Because Company A does not have exclusive use of a specified portion of the warehouse and the portion being used is not substantially all of the warehouse capacity, there is no identified asset. Although the contract specifies the amount of inventory to be held, the location of the inventory can change within the warehouse. If, instead: The 1,000 pallets represents substantially all of the operator s warehouse capacity, and the operator cannot relocate the inventory to a different facility or The 1,000 pallets are required to be stored in a specified portion of the warehouse The contract would contain an identified asset Copyright 2016 Deloitte Development LLC. All rights reserved. 11

12 Right to control the use Decision tree Does the customer have the right to obtain substantially all of the economic benefits from use? No Customer Yes Who has the right to direct how and for what purpose the asset is used? Supplier Neither Yes Does the customer have the right to operate the asset? No Did the customer design the asset? No Yes Contract contains a lease Contract does not contain a lease Copyright 2016 Deloitte Development LLC. All rights reserved. 12

13 Example: Applying the right to control the use criteria Customer A enters into a contract with Supplier B to purchase widgets from a Facility Supplier B only has one facility to produce the widgets and it is expected that Customer A will take substantially all of the widgets from the Facility Customer A has the right to change the quantity of the widgets on a quarterly basis over the term of the contract During the contract period, Supplier B operates and maintains the Facility and drives the production of the widgets Customer A is prohibited from hiring another operator for the Facility during the term of the contract or operating the Facility itself Question: Customer A have the right to control the use of the Facility throughout the contract period? Copyright 2016 Deloitte Development LLC. All rights reserved. 13

14 Example: Applying the right to control the use criteria (cont.) Answer: Yes In this scenario, A has the right to control the relevant how and for what purpose decisions of the Facility Customer A has the right to obtain substantially all of the economic benefits from the use of the Facility by purchasing 100% of the output Customer A has the right to direct activities related to the use of the Facility because it decides the quantity of widgets that will be produced over the period of the contract While Supplier B operates the Facility and produces the widgets, these decisions are not the relevant how and for what purpose decisions Copyright 2016 Deloitte Development LLC. All rights reserved. 14

15 Overview of the lessee accounting model Copyright 2016 Deloitte Development LLC. All rights reserved. 15

16 Lease classification Overview of the criteria Classification criteria Lease would be classified as a finance lease (lessee) or a sales-type lease (lessor) when... Lease transfers ownership of the underlying asset to lessee by the end of the lease term Lease grants the lessee an option to purchase the underlying asset that the lessee is reasonably certain to exercise Lease term is for a major part of the remaining economic life of the underlying asset Present value of the lease payments and any residual value guaranteed by the lessee equals or exceeds substantially all of the fair value of the underlying asset Leased asset is so specialized in nature that it is expected to have no alternative use to the lessor at the end of the lease term The standard states that the bright-line thresholds that exist under ASC 840 could be a reasonable approach to evaluate whether a lease would be classified as a finance lease Copyright 2016 Deloitte Development LLC. All rights reserved. 16

17 Lessee accounting model What does the lessee model look like? Most* leases are recorded on the balance sheet using a right-of-use asset approach: Initial Measurement Subsequent Measurement Lease obligation PV of lease payments not yet paid ROU asset lease obligation + initial direct costs lease incentives + prepaid lease payments Lease obligation amortized using the effective interest method ROU asset depends upon lease classification Expense recognition pattern: Finance lease front-loaded Operating lease generally straight-line *Short-term leases: A lessee can elect, by asset class, not to record on its balance sheet a lease with a lease term of 12 months or less and which does not include a purchase option that the lessee is reasonably certain to exercise Copyright 2016 Deloitte Development LLC. All rights reserved. 17

18 Lessee accounting model Illustrative example This table highlights the differences in accounting for the lease under the finance lease and operating lease models: Finance lease Operating lease Copyright 2016 Deloitte Development LLC. All rights reserved. 18

19 Measurement components Key ingredients Lease Term Noncancelable period plus renewal options for those period(s) in which the lessee is reasonably certain to exercise the options Lessees would reassess lease term upon occurrence of a significant event or change in circumstances under its control Lessors would not be required to reassess lease term Fixed payments included within lease agreement In-substance fixed payments Variable payments based on an index/rate Residual value guarantees based on amount expected to be paid Purchase or termination options if lessee is reasonably certain to exercise said options Lease Payments Discount Rate Rate the lessor charges the lessee when available, which would be the rate implicit in the lease Incremental borrowing rate when the rate the lessor charges the lessee is not available Reassessment required in certain instances (change in lease term, certain modifications, change in purchase option considerations) Copyright 2016 Deloitte Development LLC. All rights reserved. 19

20 Presentation requirements Lessee model Balance Sheet Income Statement Cash Flow Statement Financing Lease ROU asset Lease liability Amortization expense Interest expense Principal (Financing) Interest (Operating) Operating Lease ROU asset Lease liability Lease expense (single line on straight-line basis) Lease payments (Operating) Lessor model Presentation consistent with current lessor model: Balance sheet presentation depends on lease classification Income statement profit or loss recognized in a manner consistent with business model Cash flow statement recognized as cash inflows from operating activities Copyright 2016 Deloitte Development LLC. All rights reserved. 20

21 Disclosure requirements Disclosure objective Enable financial statement users to assess the amount, timing, and uncertainty of cash flows arising from leases Lessee disclosures Nature of its leases Information about leases that have not yet commenced Related-party lease transactions Accounting policy election regarding short-term leases Finance and operating lease costs Short-term and variable lease costs Sublease income Gain or loss from sale-and-leaseback Maturity analysis for lease obligations Weighted-average remaining lease term Weighted-average discount rate Lessor Disclosures Nature of its leases Significant assumptions and judgments used Related-party leases transactions Tabular disclosure of lease-related income Components of the net investment in a lease Information on the management of risk associated with residual asset Maturity analysis of operating lease payments and lease receivable Information required by ASC 360 Copyright 2016 Deloitte Development LLC. All rights reserved. 21

22 Other provisions, effective date, and transition Copyright 2016 Deloitte Development LLC. All rights reserved. 22

23 Effective date and transition Effective date Public business entities effective for calendar periods beginning on January 1, 2019 and interim periods therein All other entities effective for calendar periods beginning on January 1, 2020, and interim periods thereafter Early adoption will be permitted Transition Lessees and lessors are required to use a modified retrospective transition method for all existing leases Would apply the new model for the earliest year presented in the financial statements Application of approach linked to current lease classification and new lease classification An entity can use hindsight when evaluating lease term Transition relief package Lessees and lessors are not required to reassess the following upon transition: Whether any expired or existing contracts are leases or contain leases The lease classification for any expired or existing leases Initial direct costs for any existing leases Copyright 2016 Deloitte Development LLC. All rights reserved. 23

24 Other key provisions and resources But wait, there s more Separating non-lease elements Sale-leaseback Build-to-suit arrangements Subleases Related party leases Modifications Contract combinations Leveraged lease accounting Accounting for leases at a portfolio level Leases in a business combination Impairment of the ROU asset US GAAP to IFRS comparison Copyright 2016 Deloitte Development LLC. All rights reserved. 24

25 Potential operational challenges Copyright 2016 Deloitte Development LLC. All rights reserved. 25

26 Potential operational challenges Data challenges High volume of lease agreements across multiple decentralized locations, in different business and operating units Technology & IT systems There likely will be a need to store lease data and perform calculations. Consider modifying the existing system or moving to a new system. Given the long lead times of system initiatives, companies may need a bridge system Timeline to adoption It can be a challenge to anticipate the data gaps and overcome the data abstraction hurdle. A typical timeline from planning to operation is 12 to 24+ months, depending on technology selection as well as size and complexity of the lease portfolio Internal controls and business process environment Entities may face additional scrutiny from auditors and regulators regarding the design and effectiveness of associated controls under Sarbanes-Oxley arising from increased relevance of new leasing to the financial statements. There may also be a need for companies to assess operational effectiveness of internal controls surrounding capturing, calculating, and accounting for their leases. Copyright 2016 Deloitte Development LLC. All rights reserved. 26

27 Revenue Recognition Copyright 2016 Deloitte Development LLC. All rights reserved. 27

28 Scope, effective date, and transition

29 New revenue guidance Scope Applies to an entity s contracts with customers Does not apply to: Lease contracts (ASC 840) Insurance contracts (ASC 944) Certain financial instruments and other contractual rights or obligations Guarantees (other than product or service warranties) Nonmonetary exchanges whose purpose is to facilitate a sale to another party Some key aspects apply to transfer (sale) of nonfinancial assets Glossary terms Contract: An agreement between two or more parties that creates enforceable rights and obligations Customer: A party that has contracted with an entity to obtain goods or services that are an output of the entity s ordinary activities in exchange for consideration Copyright 2016 Deloitte Development LLC. All rights reserved. 29

30 New revenue standard Effective date UPDATE: Deferral of effective date In August 2015, the Financial Accounting Standards Board (FASB) issued an ASU that defers the effective date of ASC 606 by one year Annual reporting periods beginning after December 15, 2017 (public) Annual reporting periods beginning after December 15, 2018 (nonpublic) In addition, the ASU allows entities to early adopt ASC 606 as of the original effective date (annual reporting periods beginning after December 15, 2016, FY2017) In September 2015, the International Accounting Standards Board (IASB) issued an amendment to International Financial Reporting Standard 15 (IFRS 15) to defer the effective date by one year Annual reporting periods beginning on or after January 1, 2018 The IASB continues to allow entities to early adopt IFRS 15 Copyright 2016 Deloitte Development LLC. All rights reserved. 30

31 New revenue guidance Transition options UPDATE: Practical expedient for contract modifications (FASB & IASB) Full retrospective approach Restate prior periods in compliance with ASC 250 Optional practical expedients Modified retrospective approach Apply revenue standard either to all contracts at the date of initial application or only to contracts that are not completed as of effective date and record cumulative catch-up (FASB updates - ASU ) Required disclosures: Amount of each F/S line item affected in current period Explanation of significant changes cumulative catch-up January 1, 2018 Initial Application Year 2018 Current Year 2017 Prior Year Prior Year 2 New contracts New ASU Existing contracts New ASU + cumulative catch-up Legacy GAAP Legacy GAAP Completed contracts Legacy GAAP Legacy GAAP Copyright 2016 Deloitte Development LLC. All rights reserved. 31

32 The model

33 New revenue guidance The five-step model Core principle: Recognize revenue to depict the transfer of promised goods or services to customers in an amount that reflects the consideration the entity expects to be entitled in exchange for those goods or services Identify the contract with a customer Identify the performance obligations in the contract Determine the transaction price Allocate the transaction price to performance obligations Recognize revenue when (or as) the entity satisfies a performance obligation (Step 1) (Step 2) (Step 3) (Step 4) (Step 5) This revenue recognition model is based on a control approach, which differs from the risks and rewards approach applied under current U.S. GAAP Copyright 2016 Deloitte Development LLC. All rights reserved. 33

34 Step 1: Identifying the contract Step 1 Step 2 Step 3 Step 4 Step 5 A legally enforceable contract (oral or implied) must meet all of the following requirements: The parties have approved the contract and are committed to perform A contract will not be in the scope if: The entity can identify each party s rights regarding goods or services The entity can identify the payment terms for the goods or services to be transferred The contract is wholly unperformed and Each party can unilaterally terminate the contract without compensation The contract has commercial substance It is probable the entity will collect the consideration to which it will be entitled in exchange for the goods or services that will be transferred to the customer Collectibility threshold Copyright 2016 Deloitte Development LLC. All rights reserved. 34

35 Step 2: Identifying performance obligations Step 1 Step 2 Step 3 Step 4 Step 5 A series of goods or services with the same pattern of transfer may be a single obligation The ASU defines a performance obligation as a promise to transfer to the customer a good or service (or a bundle of goods or services) that is distinct Identify all (explicit or implicit) promised goods and services in the contract FASB updates Are promised goods and services distinct from other goods and services in the contract? CAPABLE OF BEING DISTINCT Can the customer benefit from the good or service on its own or together with other readily available resources? YES AND DISTINCT WITHIN CONTEXT OF THE CONTRACT Is the good or service separately identifiable from other promises in the contract? NO Account for as a performance obligation Combine two or more promised goods or services and reevaluate Copyright 2016 Deloitte Development LLC. All rights reserved. 35

36 Step 3: Determining transaction price Step 1 Step 2 Step 3 Step 4 Step 5 Principle: The transaction price is the amount of consideration to which an entity expects to be entitled in exchange for transferring promised goods or services to a customer (which excludes estimates of variable consideration that are constrained) Transaction price shall include Fixed consideration Variable consideration (estimated and potentially constrained) Noncash consideration (FASB updates ASU ) Measure at fair value at contract inception Constraint would not apply to variability due to the form of the consideration Practical expedient to present sales taxes on a net basis (scope consistent with existing GAAP) Adjustments for significant financing component Adjustments for consideration payable to customer Transaction price does NOT include Effects of customer credit risk Copyright 2016 Deloitte Development LLC. All rights reserved. 36

37 Step 4: Allocating transaction price Step 1 Step 2 Step 3 Step 4 Step 5 Allocate transaction price on a relative stand-alone selling price basis (estimate stand-alone selling price if not observable) The expected cost-plus margin method, adjusted market assessment method, or residual method (only if price is highly variable or uncertain) are acceptable Allocate transaction price to all performance obligations (and subsequent changes based on initial allocation), unless a portion of (or changes in) the transaction price relate entirely to one or more obligations and certain criteria are met Do not reallocate for changes in stand-alone selling prices If certain criteria are met, a discount or variable consideration may be allocated to one or more, but not all, of the performance obligations in a contract Copyright 2016 Deloitte Development LLC. All rights reserved. 37

38 Step 5: Recognizing revenue Step 1 Step 2 Step 3 Step 4 Step 5 Evaluate if control of a good or service transfers over time, if not then control transfers at a point in time. An entity satisfies a performance obligation over time if: The customer receives and consumes the benefit as the entity performs (e.g., cleaning service) or Performance creates or enhances a customer controlled asset (e.g., home addition) or Performance does not create an asset with an alternative use and the entity has an enforceable right to payment* for performance completed to date Measure progress toward completion using input/output methods * An entity has a right to payment only if, at all times throughout the duration of the contract, the entity is entitled to an amount that at least compensates for performance completed to date. This compensation should approximate the selling price of the goods/services (i.e., costs incurred plus a reasonable profit margin) Copyright 2016 Deloitte Development LLC. All rights reserved. 38

39 Step 5: Recognizing revenue Step 1 Step 2 Step 3 Step 4 Step 1 Step 2 Step 5 For performance obligations satisfied at a point in time, indicators that control transfers include, but are not limited to, the following: The entity has a present right to payment The customer has legal title The customer has the significant risks and rewards of ownership The entity has transferred physical possession The customer has accepted the asset Copyright 2016 Deloitte Development LLC. All rights reserved. 39

40 Disclosures

41 Disclosures Overview Annual Disclosures (ASC 606 & IFRS 15) Disclosures about contracts with customers Disaggregation of revenue Information about contract balances Disclosures about significant judgments and estimates Description of significant judgments Transaction price, allocation methods and assumptions Remaining performance obligations Practical expedients Information about performance obligations Other required disclosures Contract costs Interim-only disclosures ASC 270, Interim Reporting IAS 34, Interim Financial Reporting* * IAS 34 was only amended to require disaggregated revenue information; none of the other annual disclosures will be required in interim financial statements for IFRS preparers. Refer to the following slides for information regarding FASB requirements for interim revenue disclosures Copyright 2016 Deloitte Development LLC. All rights reserved. 41

42 Implementation activities

43 Implementation efforts Key participants SEC Staff announcements FASB & IASB boards Amend standard clarifications & practical expedients AICPA 16 Industry specific working groups Audit & Accounting Guides Preparers PCAOB Auditors TRG Inform the boards of implementation issues Quarterly meetings Users ASU / IFRS 15 Issued May 2014 Copyright 2016 Deloitte Development LLC. All rights reserved. 43

44 New revenue guidance Joint transition resource group (TRG) Purpose To seek feedback on potential implementation issues that will help the boards determine whether to take additional action Hot topics Licenses of intellectual property Distinct in the context of the contract Gross versus net presentation Customer options Contract assets and liabilities Impairment testing of contract costs Variable consideration Noncash consideration Consideration payable to the customer Significant financing component Collectibility Copyright 2016 Deloitte Development LLC. All rights reserved. 44

45 Preparing for the changes

46 Illustrative revenue recognition roadmap New standard may require broad project plans covering the following: Activity Technical accounting Data and systems development Process/close and report Readiness and training Tax Program management Assessment ( sprint ) effort Scenario documentation Business requirements Accounting policy documentation Finalize transition plan Systems design and architecture Systems solution development Systems testing Reporting controls/reconciliation Monthly close process Design and develop training program Evaluate tax reporting requirements Tax reporting implementation Form implementation team Communicate to audit committee Auditor concurrence on accounting policies and scenarios User acceptance testing Prepare draft disclosures Draft financial statements Development and stabilization Post-implementation review Controls implementation review Draft reporting process development Roll out training Tax planning/reporting process enhancements Update stakeholders/audit committee Copyright 2016 Deloitte Development LLC. All rights reserved. 46

47 New revenue guidance Deloitte resources Heads Up Newsletters FASB Makes Narrow-Scope Amendments to Revenue Standard and Provides Practical Expedients FASB Clarifies the New Revenue Standard s Principal-Versus-Agent Guidance FASB Clarifies Guidance on Licensing and Identifying Performance Obligations FASB Confirms Decision to Defer Effective Date of New Revenue Standard by One Year TRG Snapshot Industry Spotlight Series A Roadmap to Applying the New Revenue Recognition Standard and more available at US GAAP Plus.com Copyright 2016 Deloitte Development LLC. All rights reserved. 47

48 About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. Please see for a detailed description of DTTL and its member firms. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Copyright 2016 Deloitte Development LLC. All rights reserved. 36 USC

49 SEC Update Omaha CPE Event December 09, 2016 XX,6 Tony Goncalves, Managing Director National Office SEC Services

50 Agenda SEC environment, structure and rulemaking Disclosure effectiveness Non-GAAP measures AICPA conference SEC review process SEC comment trends Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 50

51 SEC structure and rulemaking Copyright 2016 Deloitte Development LLC. All rights reserved. 51

52 SEC structure, environment, and rulemaking Open Open Chair White* Commissioner Stein Commissioner Piwowar Economic and Risk Analysis Corporation Finance Keith Higgins *** Investment Management Trading & Markets Enforcement Office of Chief Accountant OCA Wes Bricker** 22 other offices Corp Fin Office of the Chief Accountant Mark Kronforst *Chair White plans to step down at the end of President Obama s term ** Wes Bricker replacing James Schnurr. *** Keith Higgins leaving in January Industry Groups Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 52

53 Enforcement Initiatives FY 2016 FY 2015 FY 2014 Number of enforcement actions Orders for penalties and disgorgements $4.0 billion $4.19 billion $4.16 billion Financial Reporting and Audit ( FRAud ) Task Force Continued to prioritize issuer reporting and disclosure matters Use of technology and tools for data mining and data analysis Whistleblower Program Awarded over $57 million to 13 whistleblowers in FY 2016 Retaliation & pre-taliation actions Focus on Gatekeepers Proceedings against auditors double over 2 years Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 53

54 SEC rulemaking Dodd-Frank Act JOBS Act FAST Act Smaller reporting company definition amendment Disclosure effectiveness Non-GAAP measures Updated Compliance & Disclosure Interpretations (C&DIs) Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 54

55 Disclosure effectiveness Copyright 2016 Deloitte Development LLC. All rights reserved. 55

56 Disclosure effectiveness update What is it? Providing better information to investors more understandable, more useful and eliminating excessive disclosure Disclosure effectiveness less disclosure What has the SEC staff done lately? Request for comment Regulation S-X (other entity financial statements) comment period closed November 30, 2015 S-K concept release comment period closed July 21, 2016 Disclosure Update and Simplification proposed rule comment period closed Nov 2, Reduce or eliminate redundant disclosures 2 Tailor disclosures to company s facts and circumstances 3 Focus on material and relevant matters Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 56

57 SEC proposal to eliminate outdated and duplicative disclosures Category of proposed change Redundant or duplicative requirements Overlapping requirements* Outdated requirements Superseded requirements Goal of proposed change Eliminate requirements that result in substantially the same information under SEC rules, US GAAP or IFRS Eliminate requirements that result in reasonably similar information or information that may no longer be useful to investors Amend requirements that are obsolete Amend requirements that are inconsistent with new requirements Example topic(s) affected (see proposal for specified changes) FX Consolidations Debt obligations Consolidations Segments Market price disclosures Extraordinary items *Also seeks comment on whether to refer certain overlapping disclosures to the FASB for potential inclusion. (Refer to July 18, 2016 Heads Up Publication for additional examples) Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 57

58 Non-GAAP measures Copyright 2016 Deloitte Development LLC. All rights reserved. 58

59 Non-GAAP measures Evolution of non-gaap measure rules and regulations SEC issues Regulation G and S-K Item 10(e) SEC increases focus on non-gaap measures as measures increase in use and prominence SEC issues cautionary advice to registrants Compliance & Disclosure Interpretations (C&DI s) issued by SEC New and updated C&DIs issued by SEC Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 59

60 Non-GAAP measures (cont.) Updated Compliance and Disclosure Interpretations Prominence Issues (C&DI ) Full non-gaap income statement, omitting comparable GAAP measures from press release headlines, bolder or larger font, non-gaap measure that precedes a comparable GAAP measure, forward looking non-gaap measures Misleading measures (C&DI ) Consistency over time and type of adjustments Measures using individually tailored accounting principles (C&DI 100.4) - e.g. pro-rata share of unconsolidated investees (discussed later) Prohibition on presenting liquidity measures on a per share basis (C&DI ) Non-GAAP tax expense (C&DI ) Non-GAAP measures are intended to supplement and not supplant the information in the financial statements. -Jim Schnurr, Chief Accountant, Office of the Chief Accountant Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 60

61 Non-GAAP measures (cont.) Comment letters on non-gaap areas Topics Frequency Equal or greater prominence 37% Historical reconciliation 34% Explain usefulness 30% Explain definition or calculation 26% Incorrect calculation or use of defined term 14% Explain tax adjustments 13% Exclusion of items requiring cash settlement from liquidity measures 12% Prohibition on adjustments to eliminate or smooth items identified as non-recurring 11% Forward-looking reconciliation to the extent available 11% Use of organic or core financial measures 5% Potentially misleading or confusing non-gaap measures 5% All other (constant currency, exclusion of charges but not gains, use of individually tailored accounting practices, inconsistencies, etc.) <5% Source: Gibson Dunn Study based on comment letters between May 17 and September 30, Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 61

62 Non-GAAP measures (cont.) SEC comment letter trends More recent trends Many companies have addressed prominence issues Interest from the Division of Enforcement Full non-gaap income statement is prohibited Greater detail in purpose and use disclosure Liquidity vs. performance measures Additional focus on: Nature of adjustments Restructuring expenses and legal settlements Measures using individually tailored accounting principles Pro-rata share of unconsolidated investee (next slide) Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 62

63 Non-GAAP measures (cont.) Pro-rata consolidation adjustment SEC Staff may object to a presentation that combines GAAP information with a pro-rata consolidation adjustment into a total amount Staff will object to GAAP and pro-rata non-gaap columns in the same table Alternative Prominently provide the relevant pieces, but don t do the math that adds GAAP and non-gaap Other alternatives are evolving Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 63

64 Non-GAAP measures (cont.) Prominence issues fixed thus far Non-GAAP presentation changes Presentation of GAAP and non-gaap metric reordered to present GAAP metric first Non-GAAP metric replaced with comparable GAAP metric in same location Augmented/modified non-gaap reconciliation disclosure 29% 29% 36% Supplemented non-gaap discussion with GAAP metrics Non-GAAP metric no longer discussed or highlighted in CEO quote Non-GAAP metric omitted from entire earnings release and/or replaced with a comparable GAAP metric Added disclosure indicated that an omitted non-gaap reconiciliation was not available without "unreasonable efforts" Consolidated disclosure of non-gaap metrics or non-gaap discussion moved to less prominent location Removed guidance on a particular non-gaap metric (while continuing to provide guidance on other metrics) Added a non-gaap reconciliation that was previously omitted 10% 10% 9% 9% 7% 15% 18% Source: Debevoise & Plimpton analysis of 100 earnings releases issued by Fortune 500 companies since May 17, 2016 Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 64

65 Non-GAAP measures Disclosure controls and procedures Disclosure Controls and Procedures (DCPs) Vs. Internal Control Over Financial Reporting Design DCPS to ensure that procedures cover: Compliance NGM presented in compliance with rules, regulations and guidance Consistency Data quality Accuracy Transparent disclosure Review Monitoring Adjustments evaluated and presented in an appropriate and consistent manner each period Calculated based on reliable inputs Calculation is arithmetically accurate Descriptions of adjustments and required disclosures are clear and not confusing Reviewed by the appropriate levels of management Internal audit, disclosure committee or audit committee reviews the controls or is involved in the oversight Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 65

66 Non-GAAP measures Roadmap to Non-GAAP Financial Measures Resource devoted exclusively to Non- GAAP measures: Combines SEC guidance with interpretations and examples Presentation and disclosure of non- GAAP measures Disclosure controls and procedures Appendixes also includes Questions to ask when disclosing non-gaap measures Highlights and remarks from recent SEC officials Example SEC comments on non- GAAP measures Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 66

67 AICPA conference Copyright 2016 Deloitte Development LLC. All rights reserved. 67

68 AICPA Conference Highlights Process reminders comment letter and prefilling letters New revenue standard shelf registration statement and take downs Incentive programs Short-duration contracts for insurance entities Acquisitions, dispositions and forex Follow ASU No need separately provide the ten-year loss reserve development table per Guide 6 Segments Loss contingencies Income taxes S-X 3-09 entities and adoption of new revenue standard Non-GAAP More than one incremental performance measure, one segment performance measure Start reconciliation with GAAP measure. Copyright 2016 Deloitte Development LLC. All rights reserved. 68

69 SEC review process Copyright 2016 Deloitte Development LLC. All rights reserved. 69

70 SEC comment letter trends and statistics Source: Information in the table is derived from data provided by Audit Analytics, includes comments related to Forms 10-K and 10-Q, as well as related amendments, for reviews that have been closed. Review year information includes comments for the 12-month periods ended July 31 for each year. Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 70

71 SEC comment letter trends and statistics Days to complete a review Source: Information in the table is derived from data provided by Audit Analytics, includes comments related to Forms 10-K and 10-Q, as well as related amendments, for reviews that have been closed. Review year information includes comments for the 12-month periods ended July 31 for each year. Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 71

72 SEC comment letter trends and statistics Comment letters per review Source: Information in the table is derived from data provided by Audit Analytics, includes comments related to Forms 10-K and 10-Q, as well as related amendments, for reviews that have been closed. Review year information includes comments for the 12-month periods ended July 31 for each year. Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 72

73 SEC comment trends Copyright 2016 Deloitte Development LLC. All rights reserved. 73

74 SEC Comment Letter Trends: Overall Summary Comment Letter trend information was derived from data provided by Audit Analytics based on the percentage of all comment-letter-yielding Form 10-K and 10-Q reviews that include a comment on topic. No more Tandy language in comment letters Copyright 2016 Deloitte Development LLC. All rights reserved. 74

75 SEC comment letter trends Areas of focus MD&A Risks, trends and uncertainties early warning disclosures Results of operations Enhanced liquidity and capital resources, critical accounting policy disclosures Consistency with other communications Focus on clarity (e.g., use of tables and charts) Metrics Clearly define metrics and explain how calculated Explain how used by management and why important to investors Describe how a metric is related to current or future results of operations Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 75

76 SEC comment letter trends (cont.) Areas of focus Revenue recognition Gross vs net Multiple element arrangements Contra-revenue items Segments Who is the CODM someone other than CEO? Identification of operating segments CODM package no longer determinative Staff will consider total mix of information Aggregation consider both quantitative and qualitative factors Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 76

77 SEC comment letter trends (cont.) Areas of focus Income taxes Valuation allowance Rate reconciliation Appropriate breakout (and descriptions of) adjustments Impact of foreign operations Repatriation of foreign cash Business Combinations Determining the accounting acquirer Purchase price allocation Determination of fair values and key assumptions Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 77

78 SEC comment letter trends Supplement to Ninth Edition October 2016 Updated filing review statistics New comment letter trends Ninth Edition October 2015 Insights into areas the SEC staff has focused on in recent comment letters including: Financial Statement Accounting and Disclosure Topics SEC Disclosure Topics Disclosure Topics in Initial Public Offerings Industry-Specific Topics Consumer & Industrial Products Energy & Resources Financial Services Health Sciences Technology & Telecommunications Copyright 2016 Deloitte Development LLC. All rights reserved. SEC hot topics: Year-end update 78

79 Question and answer Copyright 2016 Deloitte Development LLC. All rights reserved. 79

80 About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. Please see for a detailed description of DTTL and its member firms. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Copyright 2016 Deloitte Development LLC. All rights reserved. 36 USC

81 Extended Enterprise Risk Management: Technical Updates Daniel Kinsella, Partner, Deloitte & Touche LLP

82 Agenda What is Extended Enterprise Risk Management (EERM) Drivers and challenges Evolution of EERM EERM approach EERM driven saving opportunities Building blocks of ongoing monitoring Ongoing monitoring What does that look like? Success Factors Questions and answers As used in this document, Deloitte means [Deloitte and Touche, Advisory], a subsidiary of Deloitte LLP. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Copyright 2016 Deloitte Development LLC. All rights reserved. 82

83 What is Extended Enterprise Risk Management? Copyright 2016 Deloitte Development LLC. All rights reserved. 83

84 The extended enterprise - Overview An organization does not operate in isolation because its success is dependent upon a complex network of third-party relationships. Copyright 2016 Deloitte Development LLC. All rights reserved. 84

85 The extended enterprise - Risks and opportunities Reliance on third parties can drive performance but also pose significant risks. Risks Benefits Competitive edge in the industry Access to advanced technologies and expertise Access to industry leading practices Avenue to diversify assets and risks Loss of business, deterioration of brand/reputation, and/or regulatory action due to inferior performance Increased cost due to poor oversight and control Sub-optimal financial performance due to hidden or unmanaged contract terms Extended Enterprise Risk Management (EERM) is the practice of anticipating and managing exposures associated with third parties across the organization s full range of operations as well as optimizing the value delivered by the third-party ecosystem. Copyright 2016 Deloitte Development LLC. All rights reserved. 85

86 What are the drivers and challenges? Copyright 2016 Deloitte Development LLC. All rights reserved. 86

87 Drivers Wide range of drivers shape EERM programs at organizations. Most significant of the drivers include Industry Convergence and M&A Outsourcing is expected to grow at rates of 12-26% 1 per annum as companies are entering new markets and new third-party relationships Industry and regulatory requirements - Cross industry: Foreign Corrupt Practices Act; Anti-Money Laundering; - Banking: OCC comprehensive risk management, recovery/resiliency; - Life Sciences: Sunshine Act, FDA regulations Supply chain resiliency Requiring contingency planning/crisis planning to avoid major supply chain disruptions leading to shift in market competitiveness Expected economic downturn Leading to 74% 2 of Chief Procurement Officers to reduce costs related to third party relationships and increase level of collaboration Copyright 2016 Deloitte Development LLC. All rights reserved. [1] Deloitte consulting 2016, global out-sourcing and in-sourcing survey [2] Ponemon Institute Cost of a Data Breach ( 87

88 Global cross-industry challenges for EERM Significant gaps in EERM program often lead to business disruptions, data breaches, and result in reputational damage and financial loses for organizations: Incidents related to third parties are more frequent which organizations are not prepared to address 87% of surveyed executives faced marketplace disruption or lost opportunity resulting from third-party incidents Impact of incidents 160 out of 170 of surveyed executives have a low to moderate level of confidence in their ability to manage third parties Program capabilities with low confidence 26.2% Reputational damage 23.0% Reporting errors 23.0% Noncompliance with regulations 20.6% Data breach 10.3% Lost business 94.3% EERM tools and technology 93.5% Monitoring mechanisms 88.6% Quality of risk management 78.9% Disciplined escalation framework Over 60% of surveyed executives find it necessary to take action to enhance their third party monitoring. Copyright 2016 Deloitte Development LLC. All rights reserved. 88 Source: Deloitte. Third party governance and risk management Global survey 2016

89 Evolution of EERM Copyright 2016 Deloitte Development LLC. All rights reserved. 89

90 The cause for change Traditional approach to EERM is driven by regulatory requirements and represents a reactive approach to risk management, which does not adequately address the challenges associated. Traditional Approach Challenges Emerging Approach Check the box compliance exercises leveraging point in time periodic assessments Limited visibility over their third parties and forcing to be reactive in light of disruptions/crises Outdated information leading to longer reaction time Lack of comprehensive view of risks and performance Resource burden due to in-effective prioritization Inconsistent application of practices Ongoing monitoring using risk sensing and assessment capabilities Enable timely, holistic and in-depth understanding of risk and performance exposure, guided by risk scoping and scoring Copyright 2016 Deloitte Development LLC. All rights reserved. 90

91 Pro-active dynamic ongoing monitoring Ongoing monitoring is the practice of supplementing periodic third party assessments with near real-time monitoring of changes to a third party s risk profile (i.e., inherent risk, performance, industry threat, control gaps) and altering the course of risk management to timely, effectively and efficiently mitigate threats and prevent incidents. Value proposition Effective resource allocation commensurate with the level of risk Increased transparency, faster Minimal manual intervention Risk transparency Ongoing monitoring Traditional approach Trend and anomaly detection to pre-empt incidents Time Customized monitoring rules and alerts Copyright 2016 Deloitte Development LLC. All rights reserved. 91

92 Industry Quadrant Maturity within Industries Legend High Maturity level of entity s adopted approach Low Low P&U Technology C&IP Investment Management Insurance Health Care Plans & Providers # of departments across entity adopting Extended Enterprise Risk Management approach Banking & Securities Life Sciences High Industries have wider focus over third party relationships across buyside, sell-side and infrastructure. Regulatory requirements have enforced more focus on extended enterprise risk management program development and maintenance Roles and/or responsibilities have been created for the management of EERM program Industries focus their EERM program on their supply chain. Other third party relationship management and program is not as formalized Recent public and media scrutiny of crisis events have led to reactive focus on other non-supply chain relationships such as Cyber, Contractors etc. Copyright 2016 Deloitte Development LLC. All rights reserved. 92

93 EERM Approach Copyright 2016 Deloitte Development LLC. All rights reserved. 93

94 How does your approach stack up? The Extended Enterprise maturity model below is designed to help you understand where you are today, your ideal future state, the value the future state can bring to your organization. Strategy and Governance People Process Technology No formal governance Risk taking for quick fix benefits Individual effort Little management input Lack of training Few activities defined Fire fighting mode Simple and least expensive tools used ad-hoc Initial Copyright 2016 Deloitte Development LLC. All rights reserved. Minimal effort in reducing risk Risk taking for short term benefits Responsibilities built into existing roles Increased input from management Defined processes in siloes Functional, reactive problem solving Off the shelf tools used for problem solving Limited access to thirdparty data Managed Focus on preventing issues Risk aligns with medium -term enterprise-wide benefits Dedicated roles Invested executives within each silo Some training offered Coordinated processes across the business Monitoring and alerting leveraging dashboards, with some proactive issue resolution Adapted tools used for reporting and monitoring Defined Maturity of extended enterprise program Focus on preventing issues and creating value Intelligent risk taking, aligned with enterprise strategy Awareness of value of extended enterprise across the organization Enterprise wide roles Executive ownership at the enterprise level Fully standardized processes, integrated with tools and data Proactive decision making using analytics, improving bottom-line and performance Customized tools, used for tactical decision making Value additive tools Internal data centralized and easily accessible Integrated State of the art practices, linked to value drivers Extended enterprise embedded in strategic planning and decision making Trained professionals with defined roles throughout the lifecycle Executive champions on both sides, aligning service delivery to strategic objectives Processes aligned with strategy, integrated into third parties Continuous improvement and proactive responsiveness Leveraging predictive and sensing analytics, tools and dashboards Highly -customized decision support tools Integrated external data sources that enhance insights Tools and analytics are key value driver and differentiator Optimized Optimized 94

95 Core Capabilities The EERM framework identifies capabilities within each of the six operating model components : Performance management i.e., SLAs, KPIs, KRI etc. Operational issues management Performance/operational governance Service request management Third party satisfaction Third party inventory Risk segmentation strategy Risk management i.e., overall risk framework, risk indicators etc. Ongoing risk assessment Pre-contract due diligence Post- contract ongoing monitoring Remediation Compliance Analysis and reporting Contract management i.e., changes, obligations, etc. Financial management including cost and revenue recovery Document management Contract assessments Contract analytics Issues & disputes management Contract & commercial governance Invoice management Business case tracking and benchmarking Charter and vision statement Business Alignment and sponsorship Operating model- 3 lines of defense Roles and responsibilities Policies and standards Contract and Commercial Management Performance Management Extendedd Enterprise Management Program Office Risk Management Governance and oversight Multi Service Provider Integration Transition / Transformation Executive governance and relationship management (including Executive Performance Indicators) Cross-Supplier standards and procedures Track and report end-to-end SLA s Joint performance metrics Develop, negotiate, draft and execute OLAs Multi-Supplier governance forum Transition Planning Monitoring & reporting Due Diligence and Reconciliation Retained Organization Design Change Management and Communications Transition and Transformation Governance EERM tools and technology Performance level framework Recruitment strategy Continuous improvement/innovation Crisis management Copyright 2016 Deloitte Development LLC. All rights reserved. 95

96 EERM Driven Saving opportunities Copyright 2016 Deloitte Development LLC. All rights reserved. 96

97 Saving opportunities potential areas of cost recovery We believe that there are significant opportunities for savings in the following areas: Key Savings Levers Industry Average Savings % Potential COMPANY Savings % Potential Summary Savings I. Contract Compliance Cost recovery based on post contracting audits on large spends. Cost savings areas might include: duplicate incorrect rate billings, nonreimbursable items, payroll variances, etc. 1%- 5% of contract spend % TBD TBD II. Joint Venture Review Cost savings/recovery driven from claims against operator of a JV Typical claims include; incorrect allocation rates and expenses, unsupported overhead charges, etc. 10%-15% on expenses side 5%-10% on revenue side % TBD TBD III. Tax Recovery * Cost recovery drivers from various indirect taxes: Sales/use, VAT, Excise & Severance % of indirect tax paid % TBD TBD IV. Construction Cost Audit Cost recovery driven from review of project spend Typical levers are unsubstantiated change orders, incorrect labor charges, and allowances 1%- 5% of contract spend % TBD TBD V. Software Asset Management Cost savings driven from reduction in software expenses and minimized service risk which can be directed toward value-added IT projects. 15%-20% of software spend % TBD TBD VI. Accounts Payable Review Cost recovery driven from payables spend Typical levers are duplicate payments, missed volume discounts, etc. 1%- 5% % TBD TBD VII. Other-Telecom, Advertising, Most Favored Customer Reviews Cost savings/recovery driven from other high risk areas Typical claims include; telecom billing errors, media credit errors, not receiving MFC rates 1-5%- telecom/ adv. spend 5-10% of MFC spend % TBD TBD Copyright 2016 Deloitte Development LLC. All rights reserved. 97

98 Case Study Contractor Cost Recovery Significant Percentage of Spend Recovered Using data analytics, 100% of the invoice line item population is tested. There is no sampling or extrapolation. The following is a case study for contract compliance audits where data analytics testing was performed. Copyright 2016 Deloitte Development LLC. All rights reserved. 98

99 What does ongoing monitoring look like? Copyright 2016 Deloitte Development LLC. All rights reserved. 99

100 EERM Cross-Risk Sensing and Assessment Utility An EERM Cross-risk utility can augment Line 1 execution of ongoing monitoring through robust technology portal and execution of cross-risk assessments. Line 2 Governance and over-sight Alerts, customized dashboards and reports Technology portal Utility Periodic assessments results Line 1- Business Complete IRA (new and existing relationships) and initiate assessments Risk sensing external data Analyze results and trigger remediation and contingency planning Internal risk/ performance data Ongoing Monitoring Copyright 2016 Deloitte Development LLC. All rights reserved. 100

101 EERM Cross-Risk Sensing and Assessment Utility Leveraging a cross-risk, systematic approach for sensing and assessing risks, organizations can drive end-to-end, risk-based third-party management practices for their extended enterprise. Inherent Risk Assessments Determine applicable risk areas Cyber risk EERM Cross-Risk Sensing and Assessment Solution Regulatory Financial risk Compliance risk Brand risk Sample risks Type of analysis Risk Sensing Risk assessment Overall risk profile Multidimensional third party risk profile Risk sensing alerts and dashboard Risk analytics dashboard Cross-risk third-party report Critical third-party dashboard Copyright 2016 Deloitte Development LLC. All rights reserved. 101

102 Illustrative scenario Utilizing risk-driven ongoing monitoring, organizations can develop resiliency by effectively mitigating risks and developing contingency plans Financial viability assessment at the time of contract set-up Benign alert Keep track of future alerts Moderate risk Discuss alert with vendor for clarification Vendor files for bankruptcy and is unable to continue to provide services Contract renewal financial assessment Ongoing Brand Risk sensing Pervasive issue/ not satisfied with vendor response, trigger an assessment Key Activities Alert Determine course of action Perform offcycle assessments Remediation steps Change vendor Illustrative decision path Description Alert noting that vendor is in the news for defaulting on payments to it s suppliers Perform analysis of the alert and take additional actions Illustrative action: Perform an off-cycle indepth financial viability assessment Perform an indepth review of the vendor s financials and detects drastic decline in business solvency Identify remediation activities 1. Works with vendor to fix the issue 2. Executes against contingency plans, to be prepared for a complete halt of vendor services Organization switches to a new vendor with ease, after being prepared for a loss of service from the existing vendor. Copyright 2016 Deloitte Development LLC. All rights reserved. Decision step 102

103 Success Factors Copyright 2016 Deloitte Development LLC. All rights reserved. 103

104 Success factors for an EERM Program Having delivered similar type engagements across different industries, the following key principles have led to the development and ongoing success of the Extended Enterprise Risk Management program while meeting performance expectations, meeting business objectives and other compliance needs: 1 Clear governance and process ownership 4 Tracked third party metrics and KPIs 2 Similar processes across organization 5 An empowered EERM function 3 Compliance and controls in place 6 Domain expertise and ability to sustain Copyright 2016 Deloitte Development LLC. All rights reserved. 104

105 Question and answer Copyright 2016 Deloitte Development LLC. All rights reserved. 105

106 Copyright 2016 Deloitte Development LLC. All rights reserved. 36 USC

107 Combatting Fraud and Corruption with Effective Ethics and Compliance Programs Deloitte Annual Emerging Issues and Technical Accounting Update Martin T. Biegelman, Deloitte Advisory Managing Director

108 Agenda Fraud, corruption and misconduct risk Corporate criminal investigations Government s view of compliance Foreign Corrupt Practices Act (FCPA) Ethics and compliance Effective compliance programs Compliance practices in action Case studies and leading practices Q&A Copyright 2016 Deloitte Development LLC. All rights reserved. 108

109 With you today Martin T. Biegelman Deloitte Advisory Managing Director, Deloitte Financial Advisory Services LLP Martin T. Biegelman is a Deloitte Advisory managing director in the Regulatory, Forensics and Compliance Practice in Deloitte Financial Advisory Services LLP. He has spent decades helping organizations detect, investigate and prevent fraud and corruption while in leadership roles in law enforcement, consulting and the corporate sector. His work on behalf of outside counsel, corporate management and boards involves internal investigations alleging fraud, corruption, FCPA violations, kickbacks, conflicts of interest, whistleblower retaliation and other misconduct. Martin s work also includes developing and enhancing corporate compliance programs. Prior to joining Deloitte, Martin worked at two international consulting firms where he focused on global investigations and compliance. From 2002 to 2011, Martin founded and led a global software company s Financial Integrity Unit, a highly acclaimed worldwide fraud prevention and anti-corruption program that continues to serve as a model for other organizations. He is also a former federal law enforcement professional having served as a United States Postal Inspector in a variety of investigative and management assignments. He is both a Certified Fraud Examiner (CFE) and a Certified Compliance and Ethics Professional (CCEP). Martin is a frequent speaker and instructor on white-collar crime, corruption and bribery, security issues, fraud prevention, and corporate compliance and the author of six books on these subjects. He is the 2008 recipient of the Cressey Award that is bestowed annually by the Association of Certified Fraud Examiners (ACFE) for lifetime achievements in the detection and deterrence of fraud. Copyright 2016 Deloitte Development LLC. All rights reserved. 109

110 The Fraud, Corruption and Misconduct Risk Facing Companies Today Copyright 2016 Deloitte Development LLC. All rights reserved. 110

111 Defining fraud The knowing misrepresentation of the truth or concealment of a material fact to induce another to act to his or her detriment and a misrepresentation made recklessly without belief in its truth to induce another to act. Black s Law Dictionary Any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises. Mail Fraud Statute The crime of using dishonest methods to take something of value from another person. Merriam-Webster Dictionary Copyright 2016 Deloitte Development LLC. All rights reserved. 111

112 Fraud triangle Opportunity Fraud Triangle Motive Rationalization Source: Association of Certified Fraud Examiners, Copyright 2016 Deloitte Development LLC. All rights reserved. 112

113 The power of speaking-up For whatever reason a lack of courage or a fear for their own jobs or a worry about being ostracized many do not report fraud when they see it. They don t speak up when they see something fishy going on. And that s the central problem for anybody who cares about fighting fraud. Preet Bharara, U.S. Attorney, SDNY, in Fraud Magazine, May/June 2013 Copyright 2016 Deloitte Development LLC. All rights reserved. 113

114 How do corporate criminal investigations begin? Referrals from civil investigative agencies (e.g., SEC, OFAC, EPA, HHS) Whistleblowers (e.g., current employees, former employees, outsiders) Complaints/Tips from competitors or the public Cooperators in other investigations Press Coverage Mutual Legal Assistance Treaty ( MLAT ) requests Copyright 2016 Deloitte Development LLC. All rights reserved. 114

115 Individual liability the Yates Memo On September 9, 2015, Deputy Attorney General Sally Yates announced six policy changes regarding indicting individuals DOJ s response to severe criticism by Congress and the media over the lack of prosecutions of individuals following the financial crisis Copyright 2016 Deloitte Development LLC. All rights reserved. 115

116 Government focus on anti-corruption investigations and prosecutions Improved Regulatory Environment Government Enforcement Focus Greater International Focus on Anti- Corruption Enhanced Corporate Compliance Programs Impact of corporate scandals of USA PATRIOT Act Sarbanes-Oxley Act/Sections 302 & 404 compliance Dodd-Frank Act Whistleblower Provisions FCPA is a priority for DOJ, SEC, FBI, IRS-CID Yates Memo Use of traditional law enforcement tools such as stings, electronic surveillance, grand jury subpoena and search warrants Numerous companies have been the focus of DOJ and SEC prosecutions OECD Anti-Bribery Convention UK Bribery Act Brazil Clean Companies Act Amendments to Canada s Corruption of Public Officials Act Anti-corruption compliance programs Self-disclosure of FCPA violations Cooperation with government investigations DOJ/SEC Resource Guide to the FCPA Copyright 2016 Deloitte Development LLC. All rights reserved. 116

117 Foreign Corrupt Practices Act (FCPA) overview Anti-Bribery Provisions Prohibit corrupt payments to foreign officials, political parties, or party officials anywhere in the world with the intent to secure an improper advantage to obtain business Accounting Books and Records Provisions Require registered issuers of securities to file reports with SEC to meet record keeping and internal control standards Copyright 2016 Deloitte Development LLC. All rights reserved. 117

118 Accounting provisions Applicable to all issuers of US securities Not limited to corrupt payments Books and Records: Must accurately and completely describe all expenditures by the organization Internal Controls: Must be sufficient to ensure that expenditures are appropriate and authorized Copyright 2016 Deloitte Development LLC. All rights reserved. 118

119 Elements of an anti-bribery violation 1. A covered person 2. With corrupt intent 3. Directly or indirectly offers, promises, or gives anything of value 4. To a foreign official 5. To obtain or retain business Copyright 2016 Deloitte Development LLC. All rights reserved. 119

120 Global anticorruption key risk areas Third-Party Intermediaries (TPIs): Majority of cases involve allegations that potentially improper payments were routed to foreign officials through intermediaries Companies with effective due diligence programs on paper can still get into trouble Gifts Travel and Entertainment Expenses Acquisition of a Company with Foreign Operations Joint Ventures Contracts with State-Owned Enterprises Licenses and Permits Customs Copyright 2016 Deloitte Development LLC. All rights reserved. 120

121 Trends in FCPA enforcement Heightened focus on charging individuals Industry-wide investigations Increased focus and resources in US Increased scrutiny overseas Multi-jurisdiction investigations and coordination Increased penalties Copyright 2016 Deloitte Development LLC. All rights reserved. 121

122 Building and Maintaining Effective Ethics and Compliance Programs Copyright 2016 Deloitte Development LLC. All rights reserved. 122

123 Ethics and Compliance What is ethics? What is compliance? Where does culture fit in? An effective compliance program promotes an organizational culture that encourages ethical conduct and a commitment to compliance with the law. A Resource Guide to the US Foreign Corrupt Practices Act Effective compliance programs are tailored to the company s specific business and to the risks associated with that business. A Resource Guide to the US Foreign Corrupt Practices Act Source: Copyright 2016 Deloitte Development LLC. All rights reserved. 123

124 Criticality of corporate culture What is culture? A system of shared values The underlying values, belief, attitudes, and expectations shared by an organization It s the way things really get done around here. Strong cultures have two primary characteristics: High level of agreement on what is valued High level of intensity about these values Copyright 2016 Deloitte Development LLC. All rights reserved. 124

125 Compliance timeline Defense Industry Initiative Sarbanes- Oxley Act McNulty Memo Dodd-Frank UK Bribery Act OECD Good Practice Guidance COSO Amendments Foreign Corrupt Practices Act ( FCPA ) Federal Sentencing Guidelines Thompson Memo UN Convention Against Corruption Department of Justice FCPA Guidance Yates Memo DOJ Consultant Rise of compliance and ethics issues: Ponzi schemes, insider trading, fraud, conflicts of interest, bribery, money laundering, price fixing Copyright 2016 Deloitte Development LLC. All rights reserved. 125

126 Elements of an effective corporate compliance program Third-party Compliance Testing and Monitoring Continuous Improvement Case Management and Investigations Culture of Ethics and Compliance Employee Reporting Governance and Leadership Risk Assessments and Due Diligence Standards, Policies, and Procedures Training and Communications An effective compliance program is comprised of the key elements as shown in the wheel. This methodology is derived from legal requirements, guiding frameworks (e.g., US Federal Sentencing Guidelines), and other leading practices related to ethics and compliance programs that organizations have generally found to be effective. Copyright 2016 Deloitte Development LLC. All rights reserved. 126

127 Compliance is fundamental Everyone in the company is responsible for compliance. Internal audit, finance, tax, compliance personnel, risk managers, etc., are important, but they can t do it without everyone else seeing themselves as an integral part of the company s obligation to comply with the law. Avoid short-term thinking! Copyright 2016 Deloitte Development LLC. All rights reserved. 127

128 Compliance is fundamental (cont.) Interconnected global economy makes compliance more difficult, but with so many regulators, more necessary SEC and DOJ policy statements and speeches demand robust compliance programs United States Sentencing Guidelines (USSG) tangibly reward effective compliance programs FCPA Guidelines encourage compliance and provide roadmap DOJ s new Compliance Counsel dedicated to assessing a company s compliance when deciding whether to bring charges Copyright 2016 Deloitte Development LLC. All rights reserved. 128

129 SEC s view of compliance programs Ethics before compliance don t ask what you must do; ask what you should do Compliance with securities laws is minimum requirement: not a lofty goal, but the entry point Compliance must enable the company to: Self-police Self-report Remediate Cooperate Copyright 2016 Deloitte Development LLC. All rights reserved. 129

130 DOJ: Effective compliance is not a Get Out of Jail Free card The existence of a compliance program, even one that specifically prohibited the very conduct in question, does not absolve the corporation from criminal liability under the doctrine of respondeat superior, BUT.... Copyright 2016 Deloitte Development LLC. All rights reserved. 130

131 DOJ: Compliance perfection not required While the Department recognizes that no compliance program can ever prevent all criminal activity by a corporation s employees, the critical factors in evaluating any program are whether the program is adequately designed for maximum effectiveness in preventing and detecting wrongdoing by employees and whether corporate management is enforcing the program or is tacitly encouraging or pressuring employees to engage in misconduct to achieve business objectives. Source: Copyright 2016 Deloitte Development LLC. All rights reserved. 131

132 DOJ may reward strong compliance programs Facts Supporting Declination: Internal policies prohibited bribery and addressed corruption risks System of internal controls meant to prevent employees from paying bribes Employees frequently trained on internal policies, the FCPA, and other anti-corruption laws Former employee specifically trained on the FCPA seven times and reminded to comply with the FCPA at least 35 times Compliance personnel regularly monitored transactions and randomly audited employees Copyright 2016 Deloitte Development LLC. All rights reserved. 132

133 Code of conduct Code of Conduct: Organizations should develop comprehensive codes of conduct that serve as the centerpiece of the ethics and compliance program and that reflect the following attributes, among others: Values-based: Predicated on the organization s vision and values and establishes a global framework of standards and expectations. Risk-based: Covers in summary style the dos and don ts related to enterprise-wide compliance risks and organizational standards and practices everywhere the organization operates (e.g., use of frequently asked questions and scenarios to differentiate between appropriate and inappropriate behavior). Scope: Applies to all officers, directors, and employees everywhere the organization operates. Third parties: Establishes expectation that third-party business partners will adhere to the standards set forth in the code (e.g., existence of a supplier/partner/third party code of conduct that mirrors the organization s code). Copyright 2016 Deloitte Development LLC. All rights reserved. 133

134 Hotlines & Helplines: Creating a speak-up culture Comfort of employees to speak-up Ask questions and voice concerns Accountability Duty to report Hotline Confidentiality and anonymity Non-retaliation Bad faith Investigation protocols Discipline Incentives Copyright 2016 Deloitte Development LLC. All rights reserved. 134

135 SEC Whistleblower Program Office of the Whistleblower at SEC went into effect on July 21, Created by Congress to provide monetary incentives for individuals to come forward and report possible violations of federal securities laws to the SEC. Dodd-Frank authorizes bounties (i.e., financial rewards) to whistleblowers who voluntarily provide original information leading to successful enforcement of securities law violations Whistleblower may receive 10-30% of total monetary sanctions imposed in the action or related actions ($1M minimum) 33 whistleblower awards since program began in August ,000 whistleblower tips in FY FCPA whistleblower tips in FY 2015 (most in one year) Source: Copyright 2016 Deloitte Development LLC. All rights reserved. 135

136 Importance of gatekeepers Gatekeepers are [t]he sentries of the marketplace, the auditors who sign off on companies financial data; the lawyers who advise companies on disclosure standards and other securities law requirements; the research analysts who warn investors away from unsound companies; and the boards of directors responsible for oversight of company management. Stephen M. Cutler, then SEC Director of Enforcement, September 20, 2004 But there are other important gatekeepers! Gatekeepers are also the legal, compliance, internal audit, finance and accounting, risk and other professionals in an organization. Copyright 2016 Deloitte Development LLC. All rights reserved. 136

137 Compliance Practices in Action Mitigating risk through assessments Compliance risk assessment: A cross-functional effort that on a periodic basis identifies, prioritizes, and sets forth action plans related to managing existing or emerging compliance risks specifically. Fraud risk assessment: A focused, targeted initiative designed to identify and prioritize specific kinds of compliance risks, namely asset misappropriation and fraudulent financial reporting. Employee screening: A comprehensive recruiting, screening, and on-boarding process to help ensure that new hires (particularly those in positions of authority) have the proper credentials and pass their background checks (e.g., background checks for new hires as well as those employees promoted into positions of substantial authority). Copyright 2016 Deloitte Development LLC. All rights reserved. 137

138 Compliance Practices in Action (cont.) Mitigating risk through training New hires: A formal system for identifying new employees everywhere the organization operates and deploying ethics and compliance training in a timely manner. Realistic: Training should be geared to the organization s business, and scenarios and teaching points should be grounded in the organization s reality (e.g., providing new manager training for those employees promoted into management roles). Track employees progress: A comprehensive, accurate, and efficient method for tracking and reporting employee compliance training (i.e., to ensure that employees in various roles are receiving the appropriate training for those roles and the completion of that training is documented). Accountability: Hold employees accountable for completing all assigned ethics and compliance training (e.g., withholding or lowering a bonus for employees who have not completed required training). Copyright 2016 Deloitte Development LLC. All rights reserved. 138

139 Compliance Practices in Action (cont.) Mitigating risk General program assessment: Assess to confirm that the program contains essential programmatic elements as outlined in the US Federal Sentencing Guidelines, key regulations, and other evaluative criteria. Risk assessment: Assess to confirm that the organization has conducted a compliance risk assessment and to confirm that top risks have associated action plans and owners. Training: Assess to confirm that (1) employees who should have been invited to complete certain risk-based training programs were, in fact, invited; and (2) employees invited to complete training programs actually completed those programs. Whistleblowing: Assess or test the organization s internal ethics and compliance hotline or helpline by leveraging internal auditors who will contact the helpline from each company location to (1) confirm that the helpline is operational; and (2) confirm that local language operators are available within a reasonable amount of time. Copyright 2016 Deloitte Development LLC. All rights reserved. 139

140 Anti-Corruption Compliance Assessments Compliance assessment elements Policies and Procedures New Vendor Onboarding Third-Party Due Diligence Agents and Intermediaries Public Sector Sales Facilitation Payments Permits and Licensing Gifts, Travel & Entertainment Conferences and Symposiums Charitable and Political Contributions Marketing and Promotions Petty Cash Visas and Work Permits Import/Export/ Customs Fees Dealing with Government Officials Hiring Practices Mergers & Acquisitions Real Estate & Facilities Reporting & Hotlines Training Copyright 2016 Deloitte Development LLC. All rights reserved. 140

141 Supply Chain Anti-Corruption Assessments Assessment & Adherence Do third-party agreements contain: Right to audit clauses Anti-corruption clauses Right to terminate clauses Commitment to the supply chain/vendor/partner code of conduct Adherence to the Supplier Code of Conduct: Compliance with anti-corruption laws Representative due diligence Facilitation payments Accurate books and records Training Reporting/Hotline Incentives/Discipline Non-retaliation Copyright 2016 Deloitte Development LLC. All rights reserved. 141

142 Compliance Practices in Action Mitigating risk of third parties Screening and vetting: A formal process whereby key third parties (i.e., suppliers, agents, contractors, business partners, etc.) are vetted and scrubbed against watch lists, enforcement reports, sanctions lists, etc. Third-party code of conduct: A set of standards and expectations with which suppliers are expected to comply. Certifications: Certifications confirming an understanding of third-party code of conduct and acknowledgment of compliance. Contracts: Third-party contracts with standard compliance provisions related to key risk areas (e.g., anti-bribery and anticorruption, labor, data privacy, anti-trust, etc.) and right to audit provisions. Copyright 2016 Deloitte Development LLC. All rights reserved. 142

143 Compliance Practices in Action (cont.) Mitigating risk with response & remediation Response plans: A formal process for designing and implementing remedial measures in response to identified issues and other compliance issues. Program evaluation: A formal process for regularly evaluating the design, implementation effectiveness, and cross-functional cooperation related to the centralized compliance function and the enterprise-wide ethics and compliance program (e.g., benchmarking the compliance program against Federal Sentencing Guidelines standards, guidance from Deferred Prosecution Agreements Attachment C and leading practices from other organizations). Copyright 2016 Deloitte Development LLC. All rights reserved. 143

144 Words to Remember The law does not define fraud; it needs no definition; it is as old as falsehood and as versatile as human ingenuity. Judge Edwin R. Holmes Weiss v. United States, 1941 It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you ll do things differently. Warren Buffett CEO, Berkshire Hathaway When it comes to compliance, you have to live, eat, breathe and drink it. It has to be embedded in a firm s DNA. Harvey Pitt former SEC Chairman. Copyright 2016 Deloitte Development LLC. All rights reserved. 144

145 Questions? Copyright 2016 Deloitte Development LLC. All rights reserved. 145

146 Thank you! Martin T. Biegelman Deloitte Advisory Managing Director Regulatory, Forensics & Compliance Deloitte Financial Advisory Services LLP Copyright 2016 Deloitte Development LLC. All rights reserved. 146

147 This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation. Copyright 2016 Deloitte Development LLC. All rights reserved. 147

148 About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. Please see for a detailed description of DTTL and its member firms. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Copyright 2016 Deloitte Development LLC. All rights reserved. 36 USC