Fall 2010 Audit Committee Roundtable Report

FALL 2010 ROUNDTABLE REPORT

Audit committees sharpen focus on operational risks, weigh implications of reforms on

compliance and disclosures

76% expect increased profits in 2011, 40% question Dodd-Frank’s impact on strengthening corporate governance

“There’s a tsunami of change out there,”

noted one of the 1,500 directors and business executives attending KPMG’s 2010 Fall Audit Committee Roundtable Series—Risk, Reform, and the Audit Committee Agenda. “One of the biggest challenges facing audit committees right now is to stay focused on what’s most important, and not lose sight of the forest for the trees.”

There continues to be a sharp focus on risk management and oversight—

particularly in light of the business crises of the past several years. While about 70 percent of roundtable attendees said their company’s investment in risk management over the past several years is “paying off” in terms of managing significant operational risks, about half said they are not satisfied that management has implemented effective controls around those risks. Only 43 percent said they’re satisfied that the reports they receive about the company’s key compliance and safety risks provide an effective “early warning” system for possible problems.

As recapped below, KPMG’s 27-city Audit Committee Roundtable Series

highlighted a number of key areas of focus for audit committees as they help guide their companies forward in the months ahead.

Dodd-Frank

While the Dodd-Frank Act’s corporate governance provisions—including proxy access, say-on-pay, and various executive compensation and leadership disclosures—require the attention of every board, two provisions are key areas of focus for audit committees:

the Act’s whistleblower incentives and protections, and its incentive compensation clawback provisions.

• Roundtable attendees were particularly concerned about the Act’s whistleblower provisions, which provide incentives for whistleblowers to report suspected wrongdoing directly to the SEC in exchange for cash rewards of 10 percent to 30 percent of sanctions collected by the SEC. Many voiced concern that the Act’s whistleblower bounty program could encourage employees to bypass internal corporate processes for reporting suspected wrongdoing, potentially reducing the effectiveness

of the company’s compliance programs.

In light of the Act’s whistleblower bounty program, companies may need to “revitalize” existing whistleblower processes and reassess their

compliance programs more generally.

More than 20 percent of attendees said that, in light of the SEC’s bounty program, their company may consider offering incentives for employees to report suspected wrongdoing internally.

– “No matter what you think about the SEC whistleblower bounty program, take the time to make sure that everyone in the organization understands that you greatly value a culture of integrity and honesty.”

Fall 2010 Audit Committee Roundtable Report

For many audit committees and boards, navigating the post–financial crisis environment may prove to be almost as challenging as navigating through the crisis itself. Risk management and oversight continue to be major challenges for companies as they face increasing complexity and volatility—and manage extended supply chains and organizations—in the global marketplace. And increased government involvement—with the

Dodd-Frank Act, SEC rulemaking, and major accounting changes on the horizon—poses a host of compliance and business challenges that are sure to be high on audit committee agendas in the months ahead.

© 2011 KPMG LLP, a Delaware limited liability partnership and the u.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 23305nSS

2 FALL 2010 ROUNDTABLE REPORT

Pending the adoption of final listing rules by the national exchanges, audit committees will want to review their company’s existing clawback policies and executive compensation agreements—as well as any new agreements—and consider how the company would be able to clawback incentive compensation awards in the future. According to attorneys attending the roundtables, some audit committees are considering incentive compensation “hold-backs” as well as mandatory arbitration to resolve clawback disputes.

• Audit committees are focusing on other provisions of Dodd-Frank as well. For example, a number of roundtable attendees emphasized that, in light of the Act’s expanded disclosure requirements, their audit committees were discussing with management’s disclosure committee how the company’s disclosure controls and procedures are being modified to address these new requirements.

Attorneys attending the roundtables also focused on the SEC’s expanded enforcement authority under Dodd- Frank—which enables the SEC to obtain monetary penalties through its own administrative proceedings from any person (no longer only against regulated entities or a person associated with a regulated entity) who violates the securities laws. Going forward, how will the SEC use this expanded enforcement authority? Will the SEC use it against audit committee members and directors? What impact might this have on how directors carry out their oversight responsibilities?

Some roundtable attendees expressed concern that the prospect of SEC action may cause “undue caution and risk aversion in the boardroom.”

In making difficult judgments involving a range of options, “will Prospects for 2011

What change do you expect in your company’s profits in 2011

compared to 2010?

Increase significantly in 2011 Increase moderately

17%

Decrease

59%

Remain approximately the same

8%

16%

Impact of Dodd-Frank In your opinion, will the Dodd-

Frank corporate governance provisions have the intended effect of strengthening corporate governance in Corporate America?

Yes, to a great extent Yes, to a limited extent

5%

no impact

55%

Will hinder corporate governance

12%

28%

Whistleblower Bounty In light of Dodd-Frank’s whistleblower bounty program—

which encourages employees to report suspected wrongdoing

to the SEC in exchange for cash rewards—has your board or audit

committee discussed offering employee incentives for internal

reporting of wrongdoing?

Yes

not yet, but may consider

3%

19%

78%

– “Test your own whistleblower hotline to see if it’s working as it should.”

On november 3, the SEC issued proposed rules to implement the Act’s whistleblower provisions, and raised a number of policy questions, including how to strike an appropriate balance in furthering the Act’s goal to promote whistleblower complaints without undermining the effectiveness of a company’s compliance program. This important public policy issue was a key area of debate at the roundtables (and attendees were encouraged to submit comments on the 181-page SEC proposal).

• In the view of many roundtable attendees, the Act’s incentive compensation clawback provisions—

with many of the details to be worked out in SEC rulemaking—will pose a host of issues. under the clawback provisions, the SEC must direct the national stock exchanges to require each listed company to adopt a clawback policy to require the clawback of incentive compensation erroneously awarded to current and former executive officers during the three-year period preceding the date on which a company is required to prepare an accounting restatement. (In effect, the Act expands the Sarbanes- Oxley clawback provision, which is triggered only if the restatement is the result of fraud or misconduct, and only applies to the CEO and CFO.)

Many companies do not have clawback policies today, and among those that do, the policies often apply only in the case of fraud or misconduct and do not apply to former executives.

Interestingly, only 43 percent of roundtable attendees said the Dodd-Frank clawback requirements would help ensure the corporate accountability of senior executives.

© 2011 KPMG LLP, a Delaware limited liability partnership and the u.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 23305nSS

FALL 2010 ROUNDTABLE REPORT 3 We collect reports, we get a huge

volume of information, but are we getting value?”

• Ask about business controls around key risks. Only 49 percent of roundtable attendees were satisfied that management has implemented effective controls around their company’s significant operational risks. Make this a priority item on the agenda. Has the company had any significant control failures? Focus on change and complexity in the business environment—e.g., business controls around IT systems, M&A, restructuring, and outsourcing.

– “We’ve asked our controller and CFO to have a third party try to penetrate our IT systems.”

• Is internal audit properly focused…

and adequately resourced? More and more internal audit functions are taking on important responsibilities for assessing risk management, focusing in particular on the risk management system and processes generally—and on the adequacy of controls around key risks.

• Consider how the company’s culture promotes (or hinders) efforts to manage risk. Only 43 percent of attendees said the reports their board or audit committee receives about the company’s key compliance and safety risks provide an effective

“early warning” system for possible problems. What is the level of sensitivity to early-warning signals—

particularly regarding compliance, safety, product quality, and “near misses”?

• Consider risks throughout the extended organization. With supply chains, customers, and distribution channels now extending across continents and operating across different cultures, companies must understand and manage the greater risks these extended organizations

Performance-based Clawbacks In your opinion, will performance-

based (rather than fraud-based) clawback policies—such as those

required by Dodd-Frank—help ensure corporate accountability of

senior executives?

Yes

43%

57%

Operational Risks Is the investment that your

company has made in risk management over the past two or three years “paying off” in terms of

improving the company’s ability to identify, assess, and manage the significant operational risks facing

the company?

Yes, to a great extent Yes, to a limited extent

20%

no, investment has not paid off

49%

Company has not made a

7%

significant investment in risk management

24%

Controls Around Operational Risks Are you satisfied that your committee/board understands

whether management has implemented effective controls around the company’s significant

operational risks?

Yes

49%

33%

18%

audit committees feel compelled to make safer decisions that are clearly between the hash marks and nowhere near the chalk line?”

Risk

Recent business crises and product recalls point to ongoing challenges in risk management, and roundtable attendees identified a number of “lessons learned”

for audit committees/boards, including these:

• understand the company’s significant operational risks. Consider whether the risk of operational failure has been exacerbated by the focus on cost cutting and achieving growth in a low- growth environment. What’s changed in the operating environment?

– “The board’s exposure to broader, deeper management levels than just senior management is very important. Don’t limit yourself to upper-management’s views and information—go deeper.”

– “After SOX, our interaction with management’s disclosure committee really helped bring other operational risks to the surface.”

• Pay particular attention to tail risks—

low-probability/high-impact operational risks. These risks often fall to the bottom of the risk ranking because their probability is so low. “Remove

‘low probability’ from the equation, however, and it becomes a different discussion altogether.” Some may call these black swan risks, but many low- probability/high-impact events are not necessarily hard to imagine or prepare for.

– “Responsibility for risk management and internal controls has to

permeate the entire organization.

I think that’s more important than having a CRO.”

– “When we talk about the formal process of risk management, some of us get caught up in a paper chase.

© 2011 KPMG LLP, a Delaware limited liability partnership and the u.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 23305nSS

4 FALL 2010 ROUNDTABLE REPORT

standards in a number of areas—

including leases, revenue recognition, financial instruments, and fair value measurement—by June of 2011. These new standards—and others that will follow—will bring profound change to u.S. GAAP and the way companies and investors report and interpret corporate financial statements.

Roundtable attendees discussed what their audit committees are doing in preparation for implementation of these standards and for convergence, including:

• Staying close to where the projects are headed and the time line

• Taking inventory of the major FASB projects that will impact the company over the next several years, and understanding the impact on the company’s financials

• For each FASB project impacting the company, considering implementation requirements, including resources (people, cost, and technology requirements), time line (and lead time) for each project, and financial expertise/educational needs in the company—and on the audit committee

– “Think very hard about your IT systems in the context of convergence. Are you confident that your IT systems will be able to generate the reports? Think about any errors caused by IT problems that could lead to a restatement—

and then think about clawbacks.”

Early Warnings on Compliance, Safety Are the reports your board/audit

committee receives about the company’s key compliance and safety risks adequate in providing

an effective “early warning”

system for possible problems?

Yes

43%

31%

26%

present—from fraud, corruption, and inferior product quality to IT risk and issues of corporate responsibility.

Does management rigorously assess risks throughout the extended organization—including vendors, distribution channels, customers, and partners?

– “This is where we worry quite a bit. We’re not sure our vendors and others we deal with in places like Russia, China, and Brazil are on the same page with us.”

– “Too often, we’re still seeing our partners in other countries not understanding that they’re creating risks for us—it’s an ongoing problem.”

• Keep sight of emerging and slow- moving risks. The financial crisis and related events of the past several years may have moved these risks to the back burner. Avoid being blindsided by emerging or slow-moving risks, such as underinvestment in infrastructure, climate change, globalization and increasing interconnectedness/

systemic risk, resource scarcity/

availability, and chronic diseases/

pandemics.

Convergence

While the business community awaits the SEC’s decision on what role IFRS will play in u.S. financial reporting, significant change to u.S. accounting is on the way as a result of joint activity by international and u.S. rule setters. FASB is scheduled to issue final accounting

© 2011 KPMG LLP, a Delaware limited liability partnership and the u.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the u.S.A.

The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. 23305nSS About the Audit Committee Roundtable Series

Launched in 1999, the Audit Committee Roundtable Series is hosted by KPMG’s Audit Committee Institute (ACI) in approximately 30 cities every spring (May/June) and fall (november/December). Highly interactive and panel- driven, the roundtable sessions bring together audit committee members, directors, senior executives, and leaders in governance to discuss challenges, emerging trends, and leading practices affecting the oversight of financial reporting and related risks. For more information about the Roundtable Series and resources and events offered by ACI, visit auditcommitteeinstitute.com, or contact ACI at 1-877-KPMG-ACI or auditcommittee@kpmg.com.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. no one should act upon such information without appropriate professional advice after a thorough examination of the particular situation.