Risk Management

How the risk of a pandemic might affect your company

A few days ago, probably through Twitter, I found an interesting site for auditors and other risk and compliance professionals called Compliance Week. Based in Boston, they publish a monthly magazine, a weekly email newsletter, and host several blogs and forums on the web.

What led me to the site was a link to a blog post on the risk posed by the swine flu virus, and the observation was made that companies are beginning to include this risk in their disclosures to regulators.

The outbreak is more likely to impact the disclosures of companies in certain industries, such as those in the retail, hospitality, travel, restaurant, or gaming sectors, as well as cruise ship, theme park, and mall operators… For some companies, the pandemic could potentially affect customer traffic, while for others it could affect their ability to staff their own locations or their supply chain.

One of the most interesting projects I’ve worked on since leaving public accounting was a risk assessment, because it encompassed not just the types of risks that I was comfortable with such as reporting and compliance risks, but also more operational and strategic risks. The risk posed by a pandemic wasn’t one that I had thought of at the time, which is likely because my business isn’t in any of those industries mentioned in the article. recently posted on the topic as well, noting that Starwood Hotels & Resorts included pandemics and specifically swine flu in their first quarter 10-Q, and in doing so have joined other companies such as American Express and Expedia.

How would a pandemic affect your company’s business?


Taking the wraps off materiality

Materiality is an important concept in auditing. The point of an audit is to certify the financial statements as being free of material misstatement. A material misstatement is one which would affect the decisions of a user of those statements.

This recent blog post at the VeraSage Institute, more known for their pioneering work in the area of value pricing for professional services firms than their work revolutionizing the audit report, brings up an interesting idea:

During a specific conversation on materiality and how it should be determined I suggested that maybe the first step to improving our audit reports would be to include the level of materiality used in performing the audit.


Would the reader of audited financial statements utilize and appreciate knowing the level of materiality used to test and determine the correctness and completeness of the associated financial statements?

I think it’s pretty clear that the answer is yes. I also think it would go a long way to closing the expectation gap when it comes to audited financial statements. It further emphasizes that an audit doesn’t mean 100% of transactions are examined, and that there is a level of acceptance for errors within the statements.

Unfortunately, it doesn’t seem to me (with my limited experience) that much is done within the profession until it is mandated by the governing bodies or various governments. Going above and beyond what is required isn’t seen very frequently in terms of the disclosure in financial statements, either in the audit report or the explanatory notes appending the statements.

I don’t think it is entirely the auditor’s fault. The statements are still the responsibility of management, but it is the auditor who is in the unique position to make the suggestion to management that additional details would be helpful. For that matter, auditors need to start making the suggestion to their governing bodies as well.

We’re essentially in the business of ensuring that complete and useful information is provided, and this might be a situation where we aren’t doing a great job.