Tax & Accounting Update

FASB News

Input sought on complex liabilities, equity accounting guidance.

FASB wants to hear ideas from members of two advisory panels on how to sharpen the
distinction between liabilities and equity, an area that has been a major source of financial
statement restatements. The board met with its Private Company Council (PCC) on
December 11 and its Financial Accounting Standards Advisory Council (FASAC) on
December 13 to gather input. While distinguishing between liabilities and equity may seem
straightforward, problems arise when analyzing the terms of securities and financial contracts
like redeemable equity instruments, equity-linked or indexed instruments, and convertible
instruments. The problems companies have distinguishing between liabilities and equity are
also often the subject of comment letters from the SEC staff when reviewing regulatory filings
and are a frequent cause for restatements, FASB has said.

Investors call for more detailed note disclosure on cash taxes.

As FASB prepares to draw up a new slate of income tax disclosures, the board’s main panel
of investors wants the standards setter to require businesses to report more details about the
cash taxes they pay, as well as a greater breakdown between domestic and foreign taxes.
Members of the Investor Advisory Committee (IAC) on November 29 impressed upon FASB
the importance of detailed tax information for their analysis of companies’ financial health.
They said that they especially want more information about what companies pay to U.S.
versus foreign tax authorities, not just the effective tax rates. “From the preparer side, the
actual cost to provide this additional information is not necessarily material, but the value that
it provides to investors when reviewing financials can be hugely material,” IAC member Matt
Schecter said. “This data can help to determine, effectively, the cash taxes and effective tax
cash rate that we can use to model cash flows going forward.”
IASB News

Global standards setters press for changes to insurance standard.

On December 6, standards setters from Europe, Asia, and other parts of the world urged the
International Accounting Standards Board (IASB) to change parts of the international board’s
much-watched insurance accounting standard to make it easier for global insurers to follow.
The IASB has faced a bevy of questions and criticism about the new insurance accounting
rules outlined in IFRS 17, Insurance Contracts, which the board published in May 2017 after
two decades of work. The standard, which calls for a sea change to accounting practice, is
scheduled to go into effect in 2021, but the IASB plans to offer a one-year extension. “What
we hear from a number of stakeholders is that one year is a little short,” said Patrick de
Cambourg, president of the Autorité des Normes Comptables, the French accounting
standards board. “We would like to suggest that the IASB explicitly ask for comments in the
[exposure draft] about whether constituents require further deferral of the effective date,” said
Yukio Ono, chairman of the Accounting Standards Board of Japan. In addition to considering
an extension of the effective date, the IASB also is considering changes to the standard itself.
The board has agreed so far that any changes will be relatively minor and will keep the crux
of the standard intact. The IASB also does not want to make changes that could throw
insurers’ implementation plans off course.

AICPA News

ASB votes to issue final standard for ERISA plan audits.

The AICPA’s Auditing Standards Board (ASB) voted in December to issue a final standard
for audits of benefit plan financial statements covered by the Employee Retirement Income
Security Act of 1974 (ERISA). The planned standard is intended to help auditors better
understand their responsibilities and provide plan sponsors and participants, Department of
Labor (DOL) officials, and others with more information about what auditors do in examining
the financial statements of benefit plans governed by ERISA. Once the standard is issued, it
is expected to be effective no earlier than for audits of financial statements for periods ending
on or after December 15, 2020.

PCAOB News

Businesses to have more influence under new leadership.

The U.S. Chamber of Commerce seems to finally have a sympathetic ear at the PCAOB. For
years, the business group has said that the PCAOB receives insufficient input from
businesses and pressed the board—to no avail—to set up a separate Business Advisory
Group (BAG) that would be comparable to its Investor Advisory Group (IAG), which is
dedicated to presenting investors’ views. While the PCAOB will not form a separate advisory
panel for companies, it has signaled that it wants to improve its outreach to them. The audit
regulator’s effort comes after a wholesale change in the board’s leadership in early 2018.
William Duhnke, who became chairman in January, has said he wants to take a fresh look at
every function of the board. “I have had that conversation with them [the chamber], and part
of what I hope to satisfy that need is through that out-reach effort,” Duhnke said in response
to a question by Accounting & Compliance Alert on November 29 at the sidelines of the
board’s Standing Advisory Group (SAG) meeting. “We will have investors out-reach; we will
also have business outreach.”
Auditing Implications of Blockchain
and Cybersecurity

The panel featured Douglas Bloom, JD, director of the cybersecurity and privacy and financial
crimes unit at PricewaterhouseCoopers; Chris Halterman, CPA, executive director of advisory
services and Ernst & Young LLP; and Amy Park, CPA, partner at Deloitte and Touche LLP.
Patrick McNamee, CPA, former deputy chief auditor at the PCAOB’s Office of the Chief
Auditor, moderated the panel. The following is an edited and condensed summary of the
panel discussion. The views expressed are the panelists’ own personal views and not
necessarily those of their employers or those employers’ boards, management, or staff.
McNamee began by citing a New York Times story about the potential for quantum computing
to completely disrupt current encryption technology. Bloom then discussed the state of
cybersecurity in general. The three main security threats are currently compromised email,
ransomware, and foreign sabotage. Of the latter, he said that “nation-states are aiming at
doing damage either for economic reasons or for political reasons. That has become far more
prevalent and has become a problem for private industry battling very sophisticated actors.”
Halterman, who chaired the AICPA working group on cyber-security, said that the group used
the Statement of Financial Accounting Concepts (SFAC) as a guideline for how management
should report on its cybersecurity risk management efforts. “What are the qualitative
characteristics of that information, in terms of relevance, faithful representation, materiality,
and comparability? … Management should describe its program, but that description should
be free from material misstatement. And there may be a need for an auditor to examine and
report on management’s assertion about the effectiveness of its controls. The cybersecurity
framework, which he likened to the COSO internal control framework, is available on the
AICPA website.
Halterman also touched on how System and Organization Control (SOC) reporting for
cybersecurity differs from SOC 2 reporting. “SOC 2 is formulated to answer the questions of
a customer about what controls you have in place, and are those operating individually. That
generally relates to only a single system or a limited number of systems. SOC for
cybersecurity relates to the enterprise taken as a whole, and to a different set of decisions.
Also, SOC 2 is a restricted use report, and the goal behind SOC for cybersecurity was to
provide a report for general use.”

Cryptocurrencies and Blockchain

Next, McNamee asked Park to discuss cryptocurrencies. “The blockchain technology, by
having a peer-to-peer network, removes that third-party intermediary, which allows for quicker
transaction speed. It reduces transaction costs. I no longer have to pay that third party, and
we can transact in a real-time manner,” Park explained. As for cryptocurrencies, she said, “A
lot of people think about it [e.g., Bitcoin] like cash, but the big difference, and a common
misunderstanding, is that there’s no legal tender for cryptocurrencies. It’s not backed by a
sovereign government.”
When accounting for cryptocurrencies, Park said that current practice is to treat them as
indefinite-life intangible assets. “When you look at the definition, an intangible asset is
anything that lacks physical substance. And as an intangible asset, you have to record things
at the lower of cost or market, subject to an impairment test. If you think about Bitcoin and its
fluctuation, that may not be a very accurate reflection of the economics, but because of
GAAP, that’s where we are.” Park also said that companies that hold cryptocurrencies for
sale as part of their ordinary course of business could account for those cryptocurrencies as
inventory, albeit under limited circumstances. Finally, she noted that hedge funds and other
investment companies that hold cryptocurrency positions are accounting for them at fair
value.
“A lot of people think that maybe fair market value or mark-to-market accounting is more
appropriate,” Park commented. The subject has not yet been brought before the board; one
hurdle, in her view, is that “FASB’s not going to just make new accounting standards for
issues that aren’t pervasive. It seems like companies that are holding cryptocurrencies are
not holding material amounts. And a lot of companies that say that they accept Bitcoin just
use a third-party payment processor who will automatically convert it to U.S. dollars.”

Auditing the Blockchain

Next, McNamee asked Halterman about the implications of blockchain technology for the
profession. Halterman said that the AICPA is looking at blockchain in terms of its audit
implications and SOC reporting. More broadly, he said, “we need to think about the
implications of the technology. What are the risks, and how do you audit the controls around
those risks?”
Compliance and operations perspectives also present questions, Halterman continued.
“What happens if personal information is loaded into a blockchain database that has multiple
custodians, and in one of those records someone asserts the right to be forgotten under the
GDPR [General Data Protection Regulation]. Who is responsible for removing that record?
How can you remove that record? Does it destroy the integrity of the blockchain?”
McNamee asked whether there was a difference in the kind of evidence to look for when
auditing a blockchain. “I think there is,” Halterman said, “because there’s an opportunity to
interact with the blockchain because it is in a public space. Different parties have agreed to
the correctness of the contents of that blockchain; confirmation by multiple external parties is
really fantastic audit evidence as long as it exists. … Does it eliminate risk? Risks are never
eliminated; they’re transformed into other risks. Does it transform the risk into something that
the company can mitigate better, or has it simply transformed the risk into something it doesn’t
understand and may be completely out of balance with its risk appetite?”
McNamee then turned to Bloom to talk about cryptocurrency and blockchain from a
cybersecurity perspective. Bloom emphasized that the blockchain is “very secure,” but noted
that modifying input to and output from the blockchain is still possible. “You can create a vault
around the blockchain, but you can’t stop people from manipulating the inputs and the
outputs. That’s where the real security risk takes place.”
Asked what skills auditors need to have to properly evaluate cybersecurity and technology
risks, Halterman said that some engagements may require multiple specialists. “Getting an
understanding of what the organization is actually doing doesn’t involve talking to one person
and one department,” he said. “It involves talking to people in multiple departments who speak
different languages.” Park added that knowledge of emerging technology is already becoming
a part of accounting curricula and firms’ general requirements for new hires. ‘You can’t enter
the workforce today and not understand some of the basic emerging technologies,” she said.
“Where is that going to go 5, 10, 15, 20 years from now? Who knows? But think about 5, 10,
15, 20 years ago, how different the auditor looked back then, compared to today.”