Despite the current volume of non-financial information required under Regulation S-K, institutional investors are calling for more disclosure.
The burden of compiling the volume of non-financial information required under Regulation S-K often falls on the shoulders of the person responsible for compiling the financial information – the CFO – and the burden could be set to increase following the responses to a concept paper issued by the SEC in April.
Already the burden is a significant one. According to a survey conducted in March this year by software vendor CCH Tagetik, the non-financial information required under Regulation S-K (the “narrative”) accounts for 50% or more of the content in nearly half of financial reports – in some cases, the survey found, there is more than double the volume of non-financial information as there is financial information.
Typically, the narrative consists of an explanation of the results, a management and discussion analysis, and notes to the accounts. Whereas this level of narrative could be considered material non-financial information, institutional investors are calling for much more disclosure – so much more that concerns are being raised the volume of non-financial information that may be required under Regulation S-K could cause smaller investors an “information overload”.
CII Wants More Non-Financial Information Required under Regulation S-K
The SEC received more than 26,000 responses to the concept paper – among the bulk of them were letters calling for details to be disclosed about companies´ foreign subsidiaries and their sustainability plans – with many demanding that companies disclose their “human capital”. Brandon Rees, deputy director of the AFL-CIO’s Office of Investment, commented “Some two-thirds of the value of U.S. corporations comes from intangibles, and much of this comes from the employees, but if it’s not measured it’s not managed.”
Rees would like to see the disclosure of employee safety and health information, race and gender workforce composition, and employee turnover and retention rates; and Ken Bertsch, executive director of the Council of Institutional Investors (CII) agrees. Bertsch told CFO.com “employees constitute one of the primary drivers of value in companies, and companies don’t have to disclose much about them.” Bertsch would also like to see reasons for a change of auditor and much tougher controls on non-GAAP reporting.
When addressed with the question that his members could suffer from “information overload”, Bertsch replied: “We just have not heard from our members that there’s huge concern about the volume of disclosures, other than that they’d like to see a better organized 10-K and that the proxy statement is too long.” However, Robyn Bew, director of strategic content development at the National Association of Corporate Directors, disagrees. She feels that enforcing a higher volume of non-financial information required under Regulation S-K could have a negative effect on smaller investors.
Bew said: “One of the things that we hear from investors is that an unintended consequence of mandatory disclosure rules is more boilerplate. Everybody wants disclosures to be more effective, but that can mean different things to different people. Larger investors can say ‘Give it all to us and we’ll figure out what we want,’ while smaller investors don’t have the resources to do that kind of data mining.” Bew concludes it would be more useful if companies and boards could do more of their own thinking without regulation.
Likely No Drastic Changes in the Near Future
The trend in financial reporting is for companies to err on the side of caution and burden SEC filings with disclosures that are not material. However, this may be an unnecessary overreaction to investor demands. In recent years the SEC has aligned its definition of what it considers necessary “material information” closer to that of the Supreme Court. Currently, financial and non-financial information is considered “material”:
“When used to qualify a requirement for the furnishing of information as to any subject, [materiality] limits the information required to those matters to which there is a substantial likelihood that a reasonable investor would attach importance in determining whether to purchase the security registered.”
Disclosure for the sake of disclosure can shift investor focus away from information that is actually material to company operations. Fortunately for CFOs who would rather see disclosures streamlined and the burden of narrative reporting eased, the SEC does not look as if it is going to act quickly on the calls for more non-financial information required under Regulation S-K.
The SEC is still attempting to fine-tune its Disclosure Effectiveness Initiative and, if the calls to disclose more non-financial information required under Regulation S-K are acted on by the SEC, this could undo the good work already accomplished by the Initiative and negatively impact investors by obscuring relevant information in company filings.
An interesting debate is currently taking place at cfo.com with regard to whether or not the SEC´s rules for non-GAAP reporting are too stringent.
In 2003, the Securities and Exchange Commission (SEC) enacted Regulation G requiring public companies to include in any disclosed non-GAAP financial measure a presentation and reconciliation of the most directly comparable GAAP financial measure. Prompted by a series of major corporate accounting scandals (Enron, AOL, Xerox, etc.), the objective of the Regulation was to prevent companies from presenting a rosier picture of their finances than was justified and to provide investors with a balanced financial disclosure.
In 2010 and 2016, the SEC issued compliance and disclosure interpretations that first (in 2010) relaxed prohibitions on excluding recurring expenses and then (in 2016) tightened interpretations of the Regulation in order to prevent non-GAAP measures being given greater prominence than comparable GAAP measures. The consequence of the 2016 update varies according to whose opinion you read. Some experts feel that the SEC´s rules for non-GAAP reporting are too stringent, while others feel they don´t go far enough.
The SEC´s Rules for Non-GAAP Reporting are Too Stringent
One expert clearly of the opinion that the SEC´s rules for non-GAAP reporting are too stringent is Charles Lundilius – Managing Director of the Berkeley Research Group. Mr. Lundilius disapproves of the rules for non-GAAP reporting that prohibit a company from recognizing revenue at the point when a customer is billed. Although claiming to understand the SEC’s concern about misleading revenue data, he finds it difficult to understand why this information cannot be provided as a non-GAAP metric.
“It merely reflects the fact that a bill was sent to a customer on a certain date”, Mr Lundilius argues on cfo.com, “and it has a social benefit in that it provides a useful and comparable tool to analysts and other users of financial statements”. He continues his argument by claiming certain SEC´s rules for non-GAAP reporting prevent forensic accountants from monitoring and analyzing fraud, and concludes it with the statement – “The sales-as-billed prohibition is just one example of SEC overreach”.
The Rules are Needed to Keep Companies Honest
Two experts sharing opposing views are Jennifer Biundo and Kris Hutton. Ms. Biundo – a Senior Audit Manager at Mazars USA – argues that non-GAAP reporting can be relevant to help a company present critical operating measures of its business, but if not presented properly and consistently – and within the SEC´s rules for non-GAAP reporting – they can create ambiguities that can disrupt the true picture of a company´s financial health.
Both she and Kris Hutton – the Director of Product Management at ACL – believe the SEC´s rules are a response to faulty reporting standards. Mr. Hutton acknowledges traditional accounting metrics may not always be the most accurate way to judge a company’s value – especially in a fast-moving and evolving economy – but believes the SEC´s rules for non-GAAP reporting encourage better transparency, comparability, and consistency in non-GAAP disclosures.
Maybe it is Too Early to Decide
A fourth expert – Vincent Papa, the Interim Head of Financial Reporting Policy at the CFA Institute – joins the debate by commenting that it may be too early to tell whether the 2016 tightened interpretations of the SEC´s rules for non-GAAP reporting are too stringent. Although concurring with Charles Lundilius on the point that last year’s C&DIs may have adversely affected the usefulness of non-GAAP metrics, he adds that many investors expect sufficient regulatory oversight to ensure reporting is accurate.
The key appears to be balance. If companies only report such metrics to the extent management feels they are important for investors measuring the health of the business, this will likely create friction between analysts and company management. However, as Mr. Papa concludes his argument, the SEC objective of increasing transparency and pushing for greater comparability is aligned with investor interests and should continue – at least until the SEC ´s rules for non-GAAP reporting are universally considered too stringent.
Ian Charles – CFO of Host Analytics – was recently featured in CFO Magazine discussing the importance of finding the right pre-IPO growth-profits balance.
Host Analytics provides a scalable, cloud-based alternative platform to Excel that automates planning, consolidation and reporting. Based in Redwood City, California, the company was founded in 2001, and whereas many start-ups keep their cards close to their chest about their exit strategies, CFO Ian Charles has a very clear plan – an IPO offering within two years provided the company achieves the right pre-IPO growth-profits balance.
“Today,“ Charles told CFO Magazine, “you have to grow the business smartly, with a focus on unit economics and customer success. You can’t just go out and spend hundreds of millions of dollars anymore.” Profitability – Charles believes – doesn’t necessarily generate a premium for valuation purposes if it’s not backed by growth. However, it would appear there are substantial opportunities for growth for the enterprise performance management (EPM) systems vendor.
Less than 5% of the EPM market has been penetrated by cloud-based providers or cloud versions of on-premises EPM software sold by market leaders SAP, IBM, and Oracle – although the product is not for everybody warns Charles. “A relatively basic business that’s not growing rapidly shouldn’t be a customer of the product,” he said. Nonetheless, Host Analytics has a 700-strong customer base including familiar names such as the Boston Red Sox, the Mayo Clinic, OpenTable, and True Value.
Avoiding Churn is Key to a Stable Pre-IPO Growth-Profits Balance
Charles considers a good portion of the company’s success to date is due to its policy of walking away from businesses not suited for the product´s complexity. Charles says: “We can find a lot of bad customers that will be set up to fail and will churn at some point, whether in one, two, or three years,” and he believes avoiding churn is key to finding the right – or at least a stable – pre-IPO growth-profits balance. The company´s success can also attributed to the use of its own product.
Host Analytics employs a finance team half the size of any comparable company, yet the team analyzes 114 separate key performance indicators on a weekly basis. “When you eliminate Excel and replace it with purpose-built financial applications, you create a workflow that takes less time, makes fewer errors, and requires fewer people to perform,” he says. The same system is also used by the company for its marketing, services, engineering, and sales teams.
Another driver of the company´s success is the fact that Charles himself uses the Host Analytics´ ERM system. For the first time in his career, Charles is the CFO of a company that uses its own product. “I find myself in front of customers much more often than I have in prior roles,” he says. “For many of the larger deals, they want that CFO-to-CFO connection.”
The CFO-to-CFO connection is also helpful in measuring the market´s appetite for growth versus profitability. What constitutes the “right” pre-IPO growth-profits balance is a moving target, and being aware of market changes is critical in the run up to an initial public offering.
Analysts project an increase in the rate at which cloud computing is adopted but it is important to balance the benefits and costs of migrating to the cloud.
The benefits of migrating to the cloud are well chronicled. Zero hardware costs, lower management costs and the availability of platforms that adapt rapidly to competitive threats and opportunities are three of the primary motives, while many see cloud computing as a way of eliminating over-capacity and freeing up IT budget for innovation.
Such has been the rate at which businesses in the manufacturing, banking, and professional services industries have migrated to the cloud that Oracle co-CEO Mark Hurd predicts 80% of corporate data centers will disappear by 2025. Similarly, analysts from Morgan Stanley have forecast revenues for cloud service providers will increase by more than 30% per annum.
However, although cloud services have allowed many companies to scale quickly without the capital expense of building on-premise data centers, some analysts have warned the decision to shift from buying to renting compute capacity should not be taken without consideration of the costs of migrating to the cloud – both the direct costs and the, often overlooked, indirect costs.
All-or-Nothing Shifts are Not Ideal
All-or-nothing shifts to the cloud are not ideal according to Lydia Leong, a vice president at Gartner, because “Most companies starting on this journey don’t know what they don’t know”. Her advice is echoed by Edward Wustenhoff, the chief technology officer at Burstorm, who suggests it is better to move a fraction of applications to the cloud and learn the capabilities of the cloud at a modest pace.
This approach gives companies the opportunity to re-migrate applications back to the corporate infrastructure if the initial deployment fails to fit the business model. It also give companies the opportunity to evaluate whether its cloud deployment plan should be fine-tuned. “CFOs [should] periodically take the pulse of what’s happening in the market”, Wustenhoff advises.
Performance, Security and the Social Factor
Other potential concerns are performance, security and the “social factor” according to Timothy Chou, a lecturer in cloud computing at Stanford University. Chou points to a human error outage at Amazon that took several large websites – including Netflix, Reddit, Adobe, and the Associated Press – offline for eleven hours in February.
Chou also suggests companies should define their security requirements and find out if the service provider meets them. He notes that many cloud service providers have tools addressing these requirements, but companies will have to spend time familiarizing themselves with how the available tools can be built into their existing apps.
Chou also speculates that some organizations resist migrating to the cloud due to a social factor he describes as having nobody´s throat to choke when something goes wrong. He believes that a gradual migration to the cloud will help resolve these concerns over time as the C-suite sees far better pricing than the company would experience if it tried to do everything on its own.
A recent survey of top executives in the middle market has concluded that CFOs should not assume employees are educated about cybersecurity threats.
The survey – “Cyber and Data Security in the Middle Market” – was compiled using data from 316 online survey responses and 5 in-depth interviews. Focusing on companies with annual revenues of between $25 million and $500 million, the survey first asked what percentage of respondents had their business activities disrupted by cybersecurity issues within the past two years, and then what measures were being implemented to prevent future attacks. Phishing attacks are accelerating in 2017 and the problem will only get worse.
From the responses of the senior finance leaders, it was clear that virtual intrusions are commonplace. Although only 21% of respondents said their business activities were disrupted by hackers in the past two years, 60% admitted having lost time due to dealing with cybersecurity issues, 23% reported a loss of revenue due to a security breach and 19% acknowledged a loss of credibility with customers, suppliers or the public due to an adverse cybersecurity event.
Assumptions about Employee Education Can be Dangerous
One of the key findings of the survey was that more training on recognizing and acting upon cybersecurity threats is required further down the chain of command. CFOs clearly understand the threats from virtual intrusions – 82% agreeing cybersecurity was treated with “appropriate gravity” at the top level of their businesses. However only 24% of respondents felt employees approached cybersecurity with the same level of importance.
Considering that cyberattacks can be targeted at anyone within a business, the conclusion drawn by researchers was that finance leaders should be more pro-active in educating employees, and “set the tone at the top”. That conclusion was supported by findings that only 25% of CFOs feel their employees have access to adequate training and education, and that 46% of CFOs agreed there was room for improvement in their current training regimes.
But Are CFOs Responsible for Setting the Tone?
Most CFOs agree they should have some responsibility for managing cybersecurity. After all, it is often the finance department that suffers the most when a cyberattack is successful. However, only 12% of CFOs center their business´s cybersecurity on the finance function. Most (76%) rely on the IT function to organize strategies and manage risks – although acknowledging it is important for the two departments to collaborate.
One of the most important takeaways from the survey was not to solely trust cybersecurity defenses, but to verify them as well. This is where CFOs can take responsibility and set the tone at the top by testing their business´s own cybersecurity measures, improving access to employee awareness, and reducing the finance function´s vulnerability to cyberattacks by conducting regular audits.