Article
PodcastAccounting and SEC Update: Second Quarter
During Weaver’s 2023 Second Quarter Accounting and SEC Update, we took a deep dive into examining three hot issues that affect companies of all sizes.
- As we await the SEC’s climate and ESG final regulations, Weaver took the opportunity to speak with Douglas Hileman, one of the primary authors of COSO’s recently released guidance on Internal Control over Sustainability Reporting (ICSR).
- The SEC’s cybersecurity guidelines continue to evolve and become more refined with an increased emphasis on companies adopting holistic programs. Their final rule is anticipated to be issued in late 2023 or in 2024 after review of the latest public comments.
- With the Federal Trade Commission (FTC) approaching its voting date for banning non-compete clauses, companies should take time now to review the compensation packages for their most critical employees. We review this and other trends in stock-based compensation.
ESG Reporting and New COSO ICSR Guidance
We discussed the importance of identifying and mitigating sustainability risks and provided an overview of the newly-released ICSR guidance. The discussion covered the objectives of the ICSR disclosure guidance, and how the ICSR authors utilized the COSO principles-based framework to provide sustainability supplemental guidance that can be used by readers across all levels of expertise and experience.
Source: Internal Control Over Sustainability Reporting
ICSR Guidance and Recommendations
To address the plethora of ESG topics and financial and nonfinancial reporting requirements, the ICSR breaks sustainability internal controls into these five components to make them more easily understood and actionable:
- Control Environment
- Risk Assessment
- Control Activities
- Information and Communication
- Monitoring Activities
ESG Topics
Source: Internal Control Over Sustainability Reporting
It was recommended that both listed and non-listed companies review the ICSR jointly with the parties relevant to the discussions to ensure that everyone shares the same language and goals. This will help them as they use the COSO framework to direct and monitor the implementation of sustainability activities and disclosures within their workplace.
SEC Reporting on Climate Change
To prepare for the SEC’s ruling on climate change, the primary need is to just get started. For those just beginning their journey into sustainability recognition and disclosures, one common first step is to conduct an assessment surrounding the recommendations of the Task Force on Climate-related Financial Disclosures (TFCD) from the globally recognized Financial Stability Board (FSB).
Recommendations and Supporting Recommended Disclosures
| Governance | Strategy | Risk Management | Metrics and Target |
|---|---|---|---|
| Disclose the organization’s governance around climate-related risks and opportunities. | Disclose the actual and potential impacts of climate-related risks and opportunities on the organization’s businesses, strategy, and financial planning where such information is material. | Disclose how the organization identifies, assesses, and manages climate-related risks. | Disclose the metrics and targets used to assess and manage relevant climate-related risks and opportunities where such information is material. |
| Recommended Disclosures |
|
|
|
| a) Describe the board’s oversight of climate-related risks and opportunities. | a) Describe the climate-related risks and opportunities the organization has identified over the short, medium, and long term. | a) Describe the organization’s processes for identifying and assessing climate-related risks. | a) Disclose the metrics used by the organization to assess climate-related risks and opportunities in line with its strategy and risk management process. |
| b) Describe the management’s role in assessing and managing climate-related risks and opportunities. | b) Describe the impact of climate-related risks and opportunities on the organization’s businesses, strategy, and financial planning. | b) Describe the organization’s processes for managing climate-related risks. | b) Disclose Scope 1, Scope 2, and if appropriate, Scope 3 greenhouse gas (GHG) emissions, and the related risks. |
| c) Describe the resilience of the organization’s strategy, taking into consideration different climate-related scenarios, including a 2°C or lower scenario. | c) Describe how processes for identifying, assessing, and managing climate-related risks are integrated into the organization’s overall risk management. | c) Describe the targets used by the organization to manage climate-related risks and opportunities and performance against targets. |
Source: Task Force on Climate-Related Financial Disclosures
Disclosure requirements are an output needed to help stakeholders understand what companies are doing to address ESG topics. The primary goals of the disclosures and internal controls are to mitigate risks and take advantage of opportunities to address topics that consumers and investors care about that affect our future.
Cybersecurity Update
The SEC’s proposals on cybersecurity for public companies have provided more extensive definitions and advanced timelines for incident disclosure. The proposed rules pivot from stating that practices need to be in place to requiring them to be tied to organizational goals and include describing how the company would recover from a material incident.
Cybersecurity risk assessments are discrete and different programs that go beyond penetration tests and encompass numerous requirements described in the proposed rules. Some of the update highlights include:
- Follow the proposed incident reporting timeline (four days in the latest proposal)
- Engage expert assessors, consultants, auditors, or other third parties
- Require updates to previously disclosed cybersecurity incidents
- Require descriptions of policies and procedures related to risks
- Aggregate smaller incidents when determining materiality
- Include prevention, mitigation, detection, and remediation efforts
- Disclose board oversight and cybersecurity expertise
When Trip Hillman, Weaver Cybersecurity Advisor and Partner, performs maturity assessments for a broad range of companies, he often finds that many individuals in the organization believe that penetration tests are equivalent to risk assessments. While penetration tests are an important activity for detecting technology vulnerabilities, they are limited in scope and don’t include many of the SEC’s proposed requirements or those of other regulatory bodies, so further cybersecurity actions are frequently needed.
The new SEC cybersecurity rules will enhance stakeholder notifications and require the linking of compliance initiatives to business goals and objectives. They elaborate on existing rules and further speak to the intent of the SEC to have each organization’s security posture integrated into its business strategy to help protect and inform consumers, investors, and other stakeholders.
Stock-based Compensation
Companies continue to rely on stock-based compensation (SBC) in a volatile economy. SBC may help companies remain competitive in tight labor markets while working toward performance metrics encouraged by skin-in-the-game alternatives. In light of the FTC’s proposed rule to ban non-compete clauses (vote scheduled for April 2024), companies should begin to reassess their compensation packages and to look more closely at SBC as an additional arrow in their compensation quiver. The FTC estimates that if the new rule passes it could increase workers’ earnings by up to $300 billion per year.
SBC includes:
- Incentive Stock Options (ISO)
- Non-Qualified Options (NQO) – allows 83(b) election
- Restricted Stock – allows 83(b) election
- Restricted Stock Units (RSUs) – no 83(b) election
- Stock Appreciation Rights (SARs) – allows 83(b) election
- Phantom Equity
- Profits Interest– protective 83(b) election
NQOs offer extensive flexibility in setting vesting requirements such as timing, and performance. Those receiving NQO and certain other SBC subject to vesting, can utilize 83(b) elections to recognize income on the exercise date (i.e., when the stock is purchased) but still remains subject to vesting requirements. Individuals being granted certain options or SBC should carefully consider whether to make an 83(b) election (within 30 days of exercise/stock issuance), as such election is irrevocable, whether they anticipate remaining employed through the vesting period, whether they believe the stock will increase or decrease in value, or other issues.
Whenever modifications to awards are considered, both tax consequences and GAAP accounting effects for the modifications should be top-of-mind. Changes in fair value, classification, vesting period, performance metrics and others can trigger a potential tax liability for both the organization and recipient. Modifications often require a company to determine the fair value both immediately prior to and following a modification. Substantive terms of a plan should also be evaluated, particularly if exceptions have been granted in some situations. If some awards are settled with cash, they could create an expectation for others and require a liability classification that wasn’t intended.
Knowledge at your Fingertips
Please join us for next quarter’s Weaver’s Accounting and SEC Update Session on September 21, 2023. As always, please feel free to reach out to us with any questions or if your company would like guidance or assistance with your ESG, cybersecurity or share-based compensation needs.
©2023
Weaver’s Accounting and SEC Update
Sign up for our quarterly series to stay informed!
