RoseRyan has two new gurus to introduce: Cedric Armstrong and Sharon Knestrick.

Cedric is an IT compliance specialist who likes nothing better than to assess systems for risk and develop policies and procedures for IT security and computer operations; he’s also got SOX IT down. He has abbreviations like CISA, CISSP, CTGA and CFE following his name, so you’d think he’d be, well, geeky. He isn’t. Cedric has lived in eight countries, and he was with EY, then Deloitte, before he became a consultant some years back.

Sharon’s background is in accounting manager and controller roles at emerging growth companies, so she’s been instrumental in helping businesses get off the ground, she thrives on change and she understands how everything works together. She also has a strong systems background, so she can tackle just about any software known to accounting. The Financial Literacy Project for teenagers sponsored by the American Society of Women Accountants in San Francisco is near to her heart.

For people, a sustainable life is all about reducing clutter, lessening your carbon footprint, recycling, conserving energy and water, and the like. For corporations, the quest for sustainability usually starts with a business transformation that not only will benefit the planet but also can reduce costs and improve competitiveness and reputation. Indeed, studies such as PwC’s 2011 Carbon Disclosure Project Global 500 report suggest a strong correlation between financial and sustainability performance.

Increasingly, macro forces such as technology innovation, globalization, resource constraints, climate change, regulation and biodiversity issues are exerting pressure on companies and their stakeholders. As a result, we are witnessing a paradigm shift in sustainability, from an environmental and social program to an integrated core business strategy and culture that looks beyond the single bottom line of profit to include key stakeholder requirements—often characterized as the “triple bottom line” of people, planet and profit. In this model, a company’s success is assessed and measured in the eyes of its beholders: suppliers, vendors, consumers and the community.

Integrated reporting: adding the triple bottom line

The future of corporate reporting is integrated reporting, which links the single bottom line of financial results to the triple bottom line of environmental, social and governance performance (ESG). The International Integrated Reporting Council (IIRC) is addressing those challenges, as is the brand-new Sustainability Accounting Standards Board (SASB). Integrated reporting is also being addressed by the Global Reporting Initiative (GRI), which provides the industry-standard Sustainability Reporting Framework that guides companies on how to identify material sustainability measurements.

Until recently, sustainability reporting has been voluntary, covering ESG performance measures such as reduction of energy, water and waste use, supply chain management, workplace safety, human and labor rights, and environmental practices. Now there is increasing demand from stock exchanges, regulators and investors to deliver transparent metrics and integrate sustainability practices into their core business strategy. For example, the NASDAQ recommends reporting on greenhouse gas emissions, water use and gender equality, and the London Stock Exchange will mandate reporting on greenhouse gas emissions effective April 1, 2013. Recently, the SEC mandated the disclosure of conflict minerals beginning in 2014. California has enacted legislation requiring disclosure of a company’s efforts to address risks related to slavery and human trafficking in its supply chains. According to Ernst & Young’s report on leading corporate sustainability issues in the 2012 proxy season, environmental and social proposals continue to dominate compared to other shareholder resolutions on U.S. proxy ballots. In April 2012, the GRI and Deloitte launched a new XBRL taxonomy that will help reveal sustainability data more quickly and easily.

CFOs add sustainability to their plate

The CFO’s responsibilities are ever increasing, from overseeing IT, facilities and procurement to corporate counsel, investor relations, HR and now sustainability. “Traditionally, sustainability issues have fallen outside the jurisdiction of the CFO. CFOs ran the numbers, letting others handle soft issues such as social responsibility and corporate citizenship,” notes a report on “How sustainability has expanded the CFO’s role” from Ernst & Young. “Sustainability issues and financial performance have begun to intertwine,” the report observes. “CFOs are getting involved in the management, measurement and reporting of the companies’ sustainability activities. This involvement has expanded the CFO’s role in ways that would have been hard to imagine even a few years ago.”

The bottom line: sustainability is here to stay. The E&Y report recommends a few actions CFO can take now to enhance their companies’ value through social and environmental programs. Companies that do not report sustainability data should consider how to measure and report on ESG performance. Companies who do should consider third-party assurance to enhance disclosures and their reputation with key stakeholders. The CFO’s organization should leverage and build its accounting system to measure and report sustainability metrics, align tax and risk management initiatives to incorporate sustainability, develop communication strategies, monitor the regulatory and risk compliance landscape and collaborate with their stakeholders: executives, employees, suppliers, customers and investors. CFOs might also consider using performance goals and other nonfinancial metrics to link company goals and social/environmental strategy.

CFOs and corporate boards, take note: it won’t be long before sustainability key performance indicators are incorporated into the Form 10-K. Take action and don’t be left in the dark.

We hope to continue exploring these issues in future posts.

The other day a client asked which current accounting requirement is the worst from a U.S. GAAP standpoint. There are a few poor standards out there, but to me the answer is easy: FAS123R, now known as ASC 718, accounting for stock compensation. It’s been around eight years, and it’s not getting any better with age!

The idea of FAS123R, which replaced stock compensation rules under APB 25, is that all stock grants have a value to the employee, and that should be accounted for as compensation. Consequently, on each stock option grant, there’s a charge to expenses over the vesting period of the grant. Under APB 25, a charge arose only when the fair value of the grant was greater than the grant price, so most grants did not give rise to a charge. Under FAS123R, the expense varies depending on a number of factors, the two most important of which are the fair value of the stock at the time of grant and the volatility of the stock.

Here’s why I think the FAS123R is a bad accounting standard:

Inconsistent and arbitrary outcomes. Take two similar companies: Company A’s stock price is $10 and Company B’s is $5. Both grant an employee 1,000 stock options vesting over 4 years. All else being equal (stock price volatility, expected life of the stock, dividend yield and risk aspects), under the current methods, Company A’s amortized stock charge is double the charge for Company B. That makes no sense. Why does a higher stock price at the time of grant give rise to a bigger charge? If anything, the grant in Company B should result in a bigger gain, as any gain will be a higher percentage of its stock price than for Company A.

The bottom line: the charge is misleading and arbitrary no matter how you look at it. If the stock price rises, that is the real compensation, but the true gain is not reflected anywhere.

In the same vein, if the stock price stays flat or decreases, the employee would have no gain and would not exercise the option. In effect, the grant recipient is not receiving any compensation, so there shouldn’t be a charge to the accounts as FAS123R requires.

Sticker shock. The inclusion of the charge can make a good operating performance look average or poor, and the charge can vary a lot from period to period based on what is happening with the company’s stock price.

Doesn’t reflect reality. You have to ignore the charge to get a good view of the underlying business. Analysts back the actual and expected charges out of their models so they can look at them on a cash basis. If they don’t need to see the charges, why do we? More and more companies are presenting adjusted EBITDA in their earnings press releases. These calculations back out the FAS123R charge for exactly the same reason analysts do—it’s a meaningless charge that mathematicians like but that users of accounts don’t need.

Most private companies ignore it. Who can blame them? There is no value added in accounting for it, and all it does is cost money in systems, review of the numbers and so on. An audit adds even more expense.

It makes budgeting hard. Have you ever put together an annual plan with FAS123R charges in it and then tried to hold people accountable to their budgets? It’s not easy, and most people won’t do it.

If you do want to do it (and it makes sense to have budgets that align to your financial accounts), to estimate the charge you need a crystal ball to estimate your future stock price at the time of the future grant, which you then need to combine with your estimated stock grants and headcount changes, as well as the residual charge from previous grants that are still vesting.

As a CFO, if someone asked you what your stock price will be in 6 months’ time you’d never answer (unless you enjoy SEC investigations), so why make this prediction internally to calculate the expected charge? And it’s impossible to hold managers accountable for their actual charges against the budgets for that expense. It’s also not wise to tie compensation to managing budgets if you have FAS123R in the compensation—at the end of the year the manager will be very happy or very unhappy, depending on which way the variance goes based on events totally out of their control.

So what’s the solution?

I believe FAS123R in its current form should be scrapped, and that only real gains, at the time of exercise, should be accounted for, and only in the notes to the accounts. By removing that expense from the accounts, you can then analyze, assess and compare companies based on their true operating performance, not some arbitrary performance.

Unfortunately, I don’t see any changes taking place soon—but the fact that more and more companies produce numbers that exclude FAS123R charges says that the FASB has gone too far in the accounting requirements, and that accounts are becoming more meaningless when presented under GAAP. Getting rid of FAS123R charges from the income statement would be a good first step to more meaningful accounts.

Enterprise risk management (ERM) tends to be thought of as something only big companies need (or can afford). But it’s not just a megacorp thing—it can protect assets; rescue your company from unforeseen catastrophes, like a supplier going out of business or an epic PR crisis; guard against weak links in your supply chain; and more. Done right, an ERM program can also make decision making smarter, more strategic and more sharply focused on key success factors.

And it doesn’t have to be a major undertaking. Our new report, ERM: Not Just for the Big Guys, shows how midsize businesses can benefit from ERM and how to implement a program cost effectively with a plan that’s right-sized for your company.

How can you get the right fit? The report covers this checklist:

  • Give the CFO the lead
  • Get support from the top
  • Take a step-by-step approach
  • Provide the right tools and frameworks
  • Integrate ERM into decision making
  • Identify key performance indicators

The thought of yet another program when you’re already running lean may make you want to run the other way. You’re not alone: in a recent CFO magazine survey, participants said a commitment of time and resources was the single biggest impediment to implementing ERM.

Think about what you could gain—and what you might lose if unseen risks arise and you don’t have a plan. ERM: Not Just for the Big Guys shows how you can get started sensibly, one step at a time.

Other RoseRyan intelligence reports are available on topics such as M&A due diligence, acing your IPO filing, debt financing and revenue recognition.

The JOBS Act (Jumpstart Our Business Startups Act) purports to foster the growth of small businesses, allowing them easier access to funding by lowering bureaucratic hurdles and thus enabling the growth of their business and their ability to hire more people.

In reality, the bill—passed overwhelmingly by the House last week and now awaiting President Obama’s signature—allows small companies to avoid scrutiny of their financial statements for the first five years because compliance is too costly. What is “small”? Companies with revenues of less than $1 billion. Yep—that’s most of Silicon Valley.

These small companies need access to funding. VC funding (with astute financial inquiries) isn’t readily available, so they go to the public market where we, the investors, have only the financial statements, press releases, website content and other information the company produces. We have to trust that it is accurate, but the JOBS Act says the internal controls and third-party independent oversight mandated by SOX legislation is “too costly.” Too costly for whom?

A well-designed SOX program is not too expensive—it’s too expensive not to have those controls. Any idea how expensive a restatement is? (Think audit fees, legal fees, the army of accountants crunching through your books, regulatory inquiries, shareholder litigation, the list goes on.) Nearly one-third of companies that have had IPOs since 2004 have had to issue financial restatements—that’s a staggeringly high number.

Why do small companies get it wrong?

For starters, finance isn’t viewed as a strategic business function—it’s viewed as overhead. That means it’s often not properly funded, so there’s not enough horsepower to make sure the books are accurate, not enough access to expertise to understand complex accounting regulations and not enough rigor in the close process. Bottom line: the financial statements are not accurate. They do not serve as a basis for understanding the financial position of the business—either for making investment decisions or making management decisions about running the business.

JOBS Act advocates say that most companies will be fine without the discipline of solid internal controls. Really? Did you see the latest from Groupon? First it stumbled with its IPO, and now it has stumbled with its first 10-K. See any patterns? In this last trip-up, the company identified a material weakness in internal controls related to the financial close process and cited three contributing factors: 1) an inadequate close process, resulting in a number of manual post-close adjustments; 2) account reconciliations not performed and/or reviewed; and 3) inadequate policies for timely, adequate review of estimates and assumptions. These are pretty basic controls that every company should perform as part of its normal close process—nothing fancy or tricky here—yet Groupon doesn’t seem embarrassed about missing these controls. (And it certainly isn’t embarrassed to be taking investor money.) While Groupon wouldn’t benefit from the JOBS Act because it has revenues of $1.6 billion, it’s a great example of what often happens with young, newly public companies and the challenges they face in providing accurate financial information to the investor community.

In the wake of the massive frauds perpetrated by Enron, WorldCom, Adelphia, and others, we got SOX. In the wake of the massive frauds perpetrated by Wall Street—which drove us into the deepest recession since the Great Depression—we got Dodd-Frank. Who are we kidding with the JOBS Act? Get ready: we’ve paved the way for a lot more fraud and financial misstatements.

RoseRyan, along with Ernst & Young and Morrison & Foerster, is presenting a free breakfast seminar, “XBRL: It’s Time to Get Real,” on May 2 in Palo Alto.

We all know that XBRL implementation can be tough—especially if you’re not crystal clear on the process, don’t know what’s possible and aren’t sure where the pitfalls are. Of course you want best practices, but who can say what they are when the rules keep changing? On top of that, maybe your limited liability is expiring—and what exactly does that mean? Perhaps most of all, what does the SEC really want?

“XBRL: It’s Time to Get Real” will give you the answers from people who’ve been toiling in the XBRL trenches and have done the sweating for you. These experts will provide concise, practical advice on key accounting, legal and audit do’s and don’ts, illustrated with plenty of real-world examples. The presenters are:

Lucy Lee, XBRL practice chief, RoseRyan: Lucy is the chief architect of RoseRyan’s XBRL practice, an elected member of the XBRL US 2012 Domain Steering Committee and a voting member of the XBRL Global Ledger Working Group of XBRL International.

David M. Lynn, partner, Morrison & Foerster: David, a leading authority on SEC matters, is co-chair of his firm’s global public companies practice and former chief counsel of the division of corporation finance at the SEC.

Natalie Zimmer, senior audit manager, Ernst & Young: Natalie, a recognized XBRL expert, advises on XBRL implementation and has presented on the subject in multiple forums.

The seminar will be held 7:30–9:30 a.m. at the Garden Court Hotel in Palo Alto. Attendees receive 1 CPE credit. Get details and register here.

In a March 2 CNBC interview, Marc Andressen was asked what one thing Washington could do to increase job creation and innovation in Silicon Valley. He replied by saying “attack regulation” and went on to specifically mention Sarbanes-Oxley. In his view, Sarbanes-Oxley was put in place to prevent the next Enron or WorldCom but, in reality, it has just about killed the tech IPO. Founders want to keep their companies private for as long as possible, or forever.

I can certainly understand and applaud that founders desire to keep their companies private—but I think that has more to do with keeping control over the operations and direction of the company, focusing on long-term strategic goals and not being distracted by short-term returns to investors. Focusing on the business rather than the return to investors seems like a healthy approach to running a company.

When asked what specifically is the problem with Sarbanes-Oxley, Andreessen stated that it introduces an entirely new category of regulations, controls and responsibilities for companies’ finance staff, legal staff, board and audit committees—which translates into an enormous amount of time, energy and attention on the part of management when they are trying to focus on building their business. He went on to say that he is not in favor of another Enron or WorldCom, but the companies he works with are not out to defraud anybody. The big frauds haven’t come out of Silicon Valley.

I suspect Marc Andreessen knows more about the companies he invests in than the average investor knows about the companies in their portfolios. And that, I think, is the point of Sarbanes-Oxley: providing accurate and timely financial information to investors and to management. The Enrons and WorldComs may not have come out of Silicon Valley, but I believe we were the poster children for the stock option backdating scandals a few years back. While I agree that the vast majority of companies are not out to defraud anyone, it’s a slippery slope. In my experience, small private companies are not staffed appropriately to deal with the accounting implication of unusual transactions, and not adequately staffed to make sure mistakes are detected and corrected before publishing financial statements. Without proper objective oversight, the pressure to achieve certain operating results—or to be viewed as someone who believes in and supports the business—can cause a well-intentioned person to go astray. While founders are busy building their business, they won’t fund finance appropriately if they do not value it as a strategic part of the business. That’s fine if it’s just the founders’ money at risk, but when you are raising money in the public market you’ve taken on additional obligations and responsibilities. Those additional categories of regulations, controls and responsibilities that Sarbanes-Oxley brings to the table become essential.

Congratulations to Lucy Lee for her recent election to XBRL US’s Domain Steering Committee. The committee’s primary goal is to oversee the development of taxonomies that meet the business reporting needs of key U.S. markets.

“This committee is at the forefront of driving and shaping XBRL standards, so this is a unique opportunity to gain insight into taxonomy development,” says Lucy. “I’m excited to share the latest developments with our clients and my colleagues. Likewise, I look forward to contributing to the committee by providing it with meaningful input from RoseRyan’s work in the field.”

Lucy, who spearheaded the development of RoseRyan’s XBRL practice, will serve two consecutive one-year terms representing the analyst community. Her committee colleagues include representatives from Big 4 firms and leading software and service providers. Responsibilities of the committee include reviewing and establishing the business requirements for the XBRL specification, participating in the development of global taxonomy architecture best practices and participating in the development of taxonomy development and approval processes.

The SEC XBRL mandate provides for a period of limited liability of either two years following a filer’s initial XBRL filing date or October 31, 2014, whichever comes first. During this time, XBRL exhibits are deemed as “furnished” instead of “filed.” Under this modified-liability safe harbor provision, the company is protected as long as its compliance efforts are in good faith and any known errors are corrected promptly after discovery. However, when the limited liability window closes, XBRL exhibits will have the same liability provisions as regular filings under the antifraud provisions of the Securities Law. In the event of a misstatement or omission of a material fact in the XBRL files, the company along with its officers and directors can be held legally liable and be subjected to civil and criminal liability.

What should you consider before your limited liability expires? At a minimum, if your XBRL exhibits fall outside of the financial reporting process, you should have disclosure control and procedures (DC&P) in place on your XBRL creation process (see “Do Auditors Care About XBRL?”). However, as XBRL technology becomes integrated into the close process, the preparation of financial statements may become interdependent with the interactive data tagging process. When this happens, the company and its auditors should evaluate the XBRL controls under SOX 404.

Are there broader risks your CFO and audit committee need to consider? Absolutely! The Committee of Sponsoring Organizations of the Treadway Commission (COSO) expands on internal control, and provides a comprehensive framework on the broader subject of enterprise risk management.  In order to design an effective framework to meet the strategic, operations, reporting and compliance needs of XBRL, consider applying the following essential components.

Control environment: When appropriate, involve your CFO and audit committee with every aspect of your XBRL strategy, including process and controls, risk and opportunities. Be proactive and ask your audit committee for an AICPA agreed-upon procedures (AUP) to review XBRL files for accuracy and data quality. (See my earlier post on the importance of an AUP.)

Objective setting: Since XBRL technology is here to stay, how can you best leverage the power of XBRL to drive effectiveness and efficiency beyond external transparency? The logical next step is to explore opportunities that go beyond SEC compliance, such as the existing XBRL Global Ledger Taxonomy and the evolving Risk and Controls Taxonomy, to enhance internal transparency, operational performance and risk management objectives.

Risk assessment and response: What filing is subjected to XBRL tagging? The answer is: it depends. While the requirements for Form 10-K, 10-Q and 8-K are clear, the XBRL rules for registration statements can be tricky, especially with respect to the S-1 resale registration statement and the shelf registration statement on Form S-3. A best practice is to develop a documentation guide based on authoritative standards, such as SEC rules, the Edgar Filer Manual, SEC FAQs, SEC CD&Is, XBRL US GAAP Taxonomy Preparers Guide and resolutions from the XBRL US Best Practices/Data Quality Working Group, to ensure compliance.

In the absence of formal SEC guidance, it is important to establish a policy to assess material XBRL errors and a process to determine whether an amendment filing is required (for details, see this post.)

Control activities: To address data quality and compliance issues, stay current with the latest AICPA exposure draft on XBRL quality attributes of completeness, accuracy, proper mapping and structure. For each of these attributes, assess what could go wrong and implement a safety net and control environment to mitigate risk of errors.

Monitoring: Always keep abreast of latest developments and best practices from the SEC and XBRL US to avoid last-minute surprises. As XBRL standards evolve, monitoring is crucial to a quality filing. Likewise, when the SEC approves a new taxonomy, consider the advantages of early adoption and put a migration plan in place. Involve your internal audit function or a professional service firm to implement a continuous quality assurance program and perform corrective actions.

Information and communication: Benchmark your tag selection and extensions to your peer or industry group, thus enhancing comparability and transparency of your XBRL data. Collaborate with your industry group to collectively drive and shape the taxonomy. Communication is vital as you continue to redesign the close process and simplify SEC disclosures to streamline XBRL efficiency. (For tips, see “Less Is More: the Art of XBRL.”) Always get buy-in from internal and external stakeholders—you want to properly set expectations to avoid unwelcome surprises.

There is no one-size-fits-all approach to designing a quality XBRL filing. Regardless of limited liability protection, each company should manage XBRL risks within its risk appetite, define a comprehensive process to identify all the “what could go wrong” events, and provide an XBRL quality assurance framework.

When I was presenting at the Silicon Valley Accountants’ Mastering Financial Reporting’s Last Mile conference, this question was raised: “What constitutes a material error in XBRL if the HTML document can be relied upon?” According to the SEC, even if the HTML financial statements are error-free but the corresponding XBRL exhibit has a material error, you must file an amendment to correct the error promptly. In addition, you may voluntarily disclose that the XBRL exhibit should not be relied on either under Item 7.01 or Item 8.01 of Form 8-K.

So the issue here is what constitutes a material XBRL error requiring an amendment? In the absence of specific guidance, we can infer materiality using a quantitative and qualitative analysis from existing accounting literature. Over the decades, the accounting profession has developed quantitative thresholds as rules of thumb for misstatements or omissions. For example, an error that falls under a 5 percent threshold is deemed immaterial. Similarly, for disclosure, other accounting authorities cite guidelines ranging from 1 percent to 10 percent as being not material. Aside from these quantitative yardsticks, the accounting literature views materiality in the light of “surrounding circumstances” if it is probable that a reasonable person will rely on the information to make judgments. This is analogous to how we think of material information in securities law, if there is a substantial likelihood that a reasonable investor would consider it important to an investment decision or if it would alter the “total mix” of available information about a company.

So what defines a material error in the world of XBRL? Let’s model this concept in a multidimensional hypercube similar to an Excel pivot table. To determine materiality in XBRL language, an error should be segmented by dimensions in a metadata model with axis, domain and members. Simply put, material errors should be evaluated based on (1) size; (2) error type (completeness, mapping, accuracy and structure); (3) users of the XBRL information (investors, analysts, and regulators); and (4) relevant facts that impact judgment.

Not all material XBRL errors are created equal: the relative magnitude of a material error may vary, depending on the users, the type of error and how the information was relied on under the relevant facts and circumstances. For example, incomplete tagging, such as missing financial data schedules, may be material in the eyes of investors, analysts and regulators. As a result, this type of error would generally warrant an amended filing. On the other hand, missing calculation links or other structural errors are technical XBRL errors, a clear violation of the SEC Edgar Filer Manual. But is it a material error that requires an amendment? To make that determination, we have to put ourselves in the shoes of the reasonable investor. Would the investor be misled by this technical structural error or was this information useful and nice to have from a data consumption standpoint? Likewise, size alone should not determine materiality. Large errors may be small problems and small errors may be big problems.

While the accounting profession has provided very helpful guidance on materiality, ultimately, when it comes to material XBRL errors, it may lie in the eyes of the beholders: the investors, analysts, regulators and jurors in a court of law—there is no “bright line test” when it comes to materiality in accounting rules or our legal system. If somehow, somewhere there is a probability that someone will be affected by relying on your XBRL exhibit in their decision, then materiality is subject to a 4-D hypercube model analysis of size, error type, data consumers and surrounding circumstances.