Keep disclosure controls top of mind
By Ron Kral, CPA, CMA, CGMA
Partner, Kral Ussery LLC
Las Vegas Chapter Advisory Chair
The US Securities and Exchange Commission (SEC) published guidance on disclosure of key performance indicators and metrics in MD&A (Commission Guidance on Management’s Discussion) on January 30, 2020 (Guidance). Since this Guidance became effective on the publication date, it now applies to all periodic reports filed with the SEC.
Disclosure Controls Defined
The SEC requires a slew of disclosures, including a management's discussion and analysis of financial condition and results of operations (MD&A) in compliance with Item 303 of Regulation S-K, and other MD&A requirements in compliance with Item 5 of Form 20-F and Item 9 of Form 1-A. The MD&A instructions also require discussion and analysis of other statistical data that a company believes will enhance a reader’s understanding of MD&A. The SEC requires companies to disclose all key variables and other information that management uses in managing the business, which they believe would be material to investors. This includes qualitative and quantitative factors that are necessary for an understanding and evaluation of business activities. Collectively, these requirements include key performance indicators (KPIs) and other metrics as discussed in the Guidance.
While KPI disclosures are not generally subject to a company’s internal controls over financial reporting, such disclosures are subject to disclosure controls and procedures. The SEC also defines “disclosure controls” at SEC Reg13A.T.Rule13a-15(e) and SEC Reg15D.T.Rule15d-15(e) as:
Controls and other procedures of an issuer that are designed to ensure that information required to be disclosed by the issuer in the reports that it files or submits under the Act (15 U.S.C. 78a et seq.) is recorded, processed, summarized and reported, within the time periods specified in the Commission's rules and forms.
SEC Guidance on Key Performance Indicators and Metrics
The SEC notes that some companies disclose KPIs and other metrics in explaining their performance or business status. Examples of KPIs and metrics identified in the Guidance are:
- operating margin;
- same store sales;
- sales per square foot;
- total customers/subscribers;
- average revenue per user;
- daily/monthly active users/usage;
- active customers;
- net customer additions;
- total impressions;
- number of memberships;
- traffic growth;
- comparable customer transactions increase;
- voluntary and/or involuntary employee turnover rate;
- percentage breakdown of workforce (e.g., active workforce covered under collective bargaining agreements);
- total energy consumed; and
- data security measures (e.g., number of data breaches or number of account holders affected by data breaches).
The Guidance makes it clear that a company should first consider the extent to which an existing regulatory disclosure framework applies. This includes, applicable Generally Accepted Accounting Standards (GAAP) and for “non-GAAP measures,” Regulation G or Item 10 of Regulation S-K. Next, the company should consider what additional disclosures may be helpful for an investor to understand the metric. In general, the Guidance encourages the following disclosures to accompany a metric:
- A clear definition of the metric and how it is calculated;
- A statement indicating the reasons why the metric provides useful information to investors; and
- A statement indicating how management uses the metric in managing or monitoring the performance of the business.
Other disclosure considerations cited by the Guidance include:
- Disclose estimates or assumptions underlying the metric or its calculation to help ensure that it will not be materially misleading.
- Consider the need to disclose changes in the calculation methods, the reasons for the changes and the material effects. If the changes are deemed significant, consider recasting prior metrics to conform to the current presentation and place the disclosure in an appropriate context.
- Apply effective disclosure controls. Specifically, the Guidance states “When key performance indicators and metrics are material to an investment or voting decision, the company should consider whether it has effective controls and procedures in place to process information related to the disclosure of such items to ensure consistency as well as accuracy.”
Disclosure Control Examples
We recommend a healthy regime of disclosure controls around all external disclosures. While it's the responsibility for each company to develop their own controls to best address objectives and risks, some common ones include:
- defining preparation and review accountabilities through policies and procedures;
- applying test procedures to help ensure that the data and information supporting the disclosures are correct, current, sufficient, timely, valid and verifiable;
- conducting robust reviews of key judgments, such as materiality and applicability of regulatory requirements;
- establishing a disclosure committee and conducting meetings to review disclosures and their support;
- acquiring independent pre-filing reviews by legal, internal audit and the audit committee for non-management perspectives and compliance confirmations; and
- training all disclosure control owners to help ensure competence.
Remember that disclosing accurate, timely and complete information to the SEC is not an option, but rather an obligation to protect your shareholders by satisfying compliance requirements. A misstep can be costly in terms of a damaged reputation, compliance remediation and adverse legal actions.
Ron Kral is a partner of Kral Ussery LLC, a public accounting firm delivering advisory services, litigation support and internal audits. Ron is a highly rated speaker, trainer and advisor. He is a member of 4 of the 5 COSO sponsoring organizations; the AICPA, FEI, IIA, and IMA. Contact Ron at Rkral@KralUssery.com or www.linkedin.com/in/ronkral.
Kral Ussery LLC serves US public and private companies to protect and grow shareholder value, as well as non-profits and governments with internal controls and in combating fraud. We assist entities with governance and in all matters relating to financial reporting, including SEC compliance, internal controls testing and remediation, IT general controls, IPO readiness, M&A transactions, and US GAAP. Visit us at www.KralUssery.com.
This is an article from the Governance Issues™ Newsletter, Volume 2020, Number 1, published on February 20, 2020 by Kral Ussery LLC.