Sarbanes-Oxley compliance (SOX) is more routine than in the past but continues as a major distraction to the internal audit profession. The continued PCAOB scrutiny with published Inspection Report Findings continue to pressure external audit firms performing 404 Reviews, who in turn require expanded SOX compliance activities at their clients to earn a “clean” opinion. More recently, cybersecurity and data governance have garnered a lot of attention and resources. Perhaps lost in these distractions is the appropriateness, accuracy and availability of information management needs to effectively direct and oversee the strategic, financial and operational objectives of the business. Certainly, compliance professionals can “walk and chew gum at the same time”, but is scrutiny of the most important business information “taking a back seat”?
Financial accounting reports follow generally accepted accounting principles (GAAP). The users of financial accounting results are mostly external parties to the organization (investors, analysts, banks, government). Financial accounting is of some value for management, mainly to retrospectively compare their results to others in their industry using the same baseline accounting principles (GAAP). Managerial accounting provides organizational leaders with the accounting information to run the business, assess current performance, and forecast future performance. This information is critical to directing operations, setting near term funding needs, and communicating goals to internal stakeholders.
Much of the Management Discussion and Analysis (MD&A) section of financial filings and the information discussed on the earnings call is the information management uses to assess performance. This information falls more in the realm of managerial accounting. How deeply do we audit this information? Do we only make sure there is evidence that is it is prepared and reviewed w/ appropriate sign-offs or do we audit the accuracy of the information? Do we question the appropriateness of the information versus other managerial accounting measures that perhaps gives better insight into the performance of the firm?
Management accounting helps management to discern between value-added activities and those activities that do not add value. Financial accounting only concerns proper classification of the expenditures related to either activity type. While it is certainly helpful to understand the cost of activities, it is much more important to identify and eliminate wasteful activities. Moreover, to choose optimal value-added activities over those that add less value. Regardless of the core mission of the business, whether profit or not-for-profit, profits are necessary to sustain the mission over time.
How does internal audit refocus on ensuring the information management needs for decision-making in available and accurate? Are internal auditors equipped to assess management reporting? The answer is to simply expand the tools and techniques we use for all internal control activities. The COSO Framework is as appropriate for managerial accounting and reporting as for all other critical business functions. As the use of “Non-GAAP” measures expand in financial filings and the need for immediate information for management to make informed decisions grow, the reporting risks increase and the assessment of the processes and controls to ensure ongoing accurate and timely managerial accounting information should become an important part of the annual internal audit plan. Auditors frequently speak about earning a “seat at the table”. The best way to earn this “seat” is to provide assurance to key decision makers regarding the accuracy and appropriateness of the information they receive, which is typically managerial accounting information, not financial accounting information. Look at your risk-assessment and audit plan process to make sure that there is an appropriate identification and focus on managerial accounting information and controls. If necessary, refocus your process to ensure you effectively leverage your compliance activities optimize your service to all key business constituents.
About the Author
Glenn Murphy, the co-founder of BestGRC and founder of GRC Management Consulting LLC, primarily focuses on empowering entities to leverage their compliance activities through the BestGRC “cloud” software, his consulting work, publications, and the “Leverage Compliance” blog. In addition, Glenn provides licensee compliance audits in conjunction with Licensing Compliance Group and Cybersecurity/Penetration Tests/SOC for Cyber/SOC 2/3 Assessments in conjunction with Ra Security Systems. Find Glenn’s full profile at http://www.linkedin.com/in/glenntmurphy/, follow him @GlennMurphyGRC and subscribe to the Leverage Compliance blog at http://www.bestgrc.com/blog/
“Retail and related revenue generated globally by the trademark licensing business in 2017 rose 3.3% to US$271.6B, according to results from the Annual Global Licensing Industry Survey released today by LIMA. Royalty revenue from sales of licensed merchandise and services rose 2.6% to $14.5 billion.” source – LIMA.org For some perspective on these revenues, if the trademark licensing business were a corporation, it would rank second on the Fortune 500 following only Walmart. Further, trademark licensing is less labor-intensive than most other business processes leading to licensing activity contributing a far higher proportion of corporate profits than of corporate revenues. Given the size and importance of trademark licensing, we should expect widespread coverage in internal audit publications and resources, but that does not seem to be the case. Financial and audit management, as well as audit committee members, must ensure there are appropriate resources devoted to trademark licensing audits (licensor) and to trademark licensing accounting (licensors and licensees) in the internal audit plan.
How to proceed? Expand your Audit Universe by following the COSO Framework to define the Activity of “Plan and Manage Licensee Audits”. Assign the Process/Sub-Objectives of “Ensure royalties, advertising and other trademark licensing agreement (Agreement) amounts are completely identified and collected” (SO1) and “Ensure Licensee abides by Licensing Agreement Territory, Distribution, Customer, and other requirements and limits/minimums (e.g., Off-Price Sales %, Gender Minimum %)” (SO2) to this Activity. Defining Sub-objectives enables the identification and assessment of Risks to the achievement of these Sub-objectives.
A key risk for SO1 is “Under-reporting of sales, advertising or amounts due per the License Agreement” (R01). The under-reporting may be intentional and executed through sales outside the territory, drop-shipments/direct import/back-to-back deliveries to customers at factories or via freight forwarder, or simply under-reporting with the expectation of no licensor audit or a poorly executed one. The under-reporting may be unintentional and the result of old systems, errors in a system conversion, or a manually intensive need to “flag” every individual product with a licensor code. Expanding on the last cause, a licensee system or business process that assigns the next sequential number to each new product irrespective of brand/trademark increases the risk that some products sold bearing your company’s trademarks were not reported because complete reporting by brand is dependent on another, typically not required, data field in the Product Master File. Do you understand which of your licensees use structured/intelligent style/item numbers versus those using a sequential assignment?
Under-reporting of advertising amounts expended or due to the Licensor associated with R01 is more difficult to assess than royalties due. Many Agreements require a minimum amount of expenditures on advertising, typically 2% of net sales, with any shortfall in the amount spent due to the Licensor. The goal of such advertising clauses is to drive product/brand awareness and thereby increase sales, and therefore increase royalties. Many Licensees do a poor job of advertising reporting, even though such reporting is required by the Agreement. For many licensee audits I’ve performed, the advertising support is only compiled for the audit rather than reported to the Licensor quarterly, as is typically required by the Agreement. Even given complete reporting of advertising spend as compared to the required amount, the only way to assess this spend is to sample invoices and compare the expenditures to the acceptable types of advertising defined by the Agreement. Such analysis typically requires a licensee audit or, at a minimum, the licensing and/or the licensing accounting department of the Licensor to request a copy of invoices supporting this spend. Do you know if such a review of advertising spend occurs within your organization?
A second key risk for SO1 is “Ambiguity in the wording of a Licensing Agreement” (R02). Are the permitted types of advertising to satisfy the advertising requirement spelled out in enough detail and agreed to by both parties? For example, charges to the Licensee by their customers for store end-caps may or may not satisfy this requirement. The definition of deductions and allowances from gross sales to arrive at net sales subject to royalties is another critical area that may be subject to ambiguity. Is a discount for early payment (e.g., 2% net 30) allowed as a deduction? Is co-operative advertising allowed as a deduction, allowed to satisfy minimum advertising or neither? Licensee customer operations charges for late or non-compliant shipments are typically not permitted as valid deductions by the Agreement, but I have seen numerous instances of these amounts included in deductions. Some Agreements do not include a clause for interest on late payments or the reimbursement of audit fees if amounts due from the audit exceed a certain percentage (typically 3-5%) of total amounts due. Without such clauses, what is the disincentive for the Licensee to under-report, over-deduct, or pay late?
A key risk for SO2 is “Licensee sale out of Territory, Approved Distribution, Approved Customer or other violations.” (R03). The trademark/brand is perhaps the most important asset of a Company. Think of all the activities and resources devoted to developing, supporting, expanding and maintaining your brand through the years and in current budgets. Perhaps the most significant risk of licensing is allowing another entity to represent your brand with their design, products and services. This risk is heightened if the business relationship with the Licensee has soured or in the final years/months of an Agreement not slated for renewal. Related to territory, a licensor that engages with multiple licensees for the same product category in different territories bears the prime responsibility to ensure these licensees do not encroach on each other’s territory. Related to distribution, the unexpected presence of your brand in a retail outlet you would never sell your product to can damage your brand reputation or exclusivity. To a consumer, anything with your brand is you. An example of other violations is that the Agreement may permit the licensee to use multiple trademark of your Company, but they may not market using all these trademarks. Most Agreements define minimum sales by trademark or gender within trademark with a related forfeiture of rights to use the trademark if the minimums are not met. Identifying such deficiencies and enforcing this clause presents the licensor with the opportunity to license that trademark to another business partner to generate additional royalties and brand exposure.
Given a willingness to include or expand the focus on licensing in your Audit Universe, how best to proceed? A typical licensing audit performed by a highly reputable firm costs less than $15,000 with expenses, so there is every reason to co-source. Indeed, the inclusion of three or more licensing audits in the Plan is highly likely to more than pay for itself. So, you broaden your Audit Plan to assess more risks at little to no cost without using any of your own resources. The opportunity for CAEs to expand their audit plan at little to no cost are few and far between. As previously noted, many Licensing Agreements include a clause that if the audit findings exceed a certain percentage of the full amount due for any year under audit, the licensee must pay the audit costs including expenses. I’ve performed three audits in the last four months that resulted in audit fee reimbursement.
I was the CAE for a company engaged in more than thirty licensing agreements that were overseen by the finance function. I expanded our Audit Universe to include the Activities/Objectives/Risks associated with licensing, engaged the same co-sourcing partner previously used by finance, formalized some of the audit testing to mirror the activities of our internal audit function, and issued our co-source partner a Company PC to allow him access to perform his audits in our internal audit software. Previously, there were many negotiated settlements of amounts owed from licensee audits, however, by formalizing the audit process and bringing the activity within internal audit with reports going to the Audit Committee of a publicly-held company; the licensees knew that our well-supported findings must be paid in full. Negotiated settlements only occurred due to ambiguous clauses subject to multiple interpretation. These explanations were detailed in our findings and tracked to future amendments to the Agreement to remove the ambiguity for the future. A more in-depth discussion of the reason for co-sourcing these audits is the subject of a future blog.
Through my experience, nine out of every ten audits more than pay for themselves with some reaping large amounts and the licensee paying the costs of the audit. Everyone likes to identify recoveries, however, as a Chief Audit Executive, recoveries, especially large recoveries, were problematic for many reasons. From an ICFR perspective, the recoveries were revenue in the current period but were earned in prior periods. Recoveries indicate deficiencies in the Risk Assessment, Control Activities, and Monitoring Components of internal control. A comprehensive risk assessment of the trademark licensing process should identify high-risk licensees for annual audits versus lower risk licensees for a two or three-year cycle. This should reduce the overall dollar amount of recoveries and place them closer to the financial period earned. Note that such a risk-assessment should also identify the permitted periods to audit per each Agreement. If the right to audit an Agreement period is permitted to lapse without an audit, this must be a conscious decision of licensing and audit management. Comprehensive risk assessment of the trademark licensing process is the subject of a future blog.
As Autumn approaches, reassess your Audit Universe to include or expand the activities, objectives and risk associated with trademark licensing. If your firm is a licensee, a similar approach to expanding your Audit Universe is necessary. The licensee perspective is the subject of a future blog. Including objectives and related risks within the internal control framework at your organization is an excellent way to leverage compliance to improve ICFR, identify recoveries, enhance the service provided by internal audit and reduce risk for your organization.
About the Author
Glenn Murphy, the co-founder of BestGRC and founder of GRC Management Consulting LLC, primarily focuses on empowering entities to leverage their compliance activities through the BestGRC “cloud” software, his consulting work, publications, and the “Leverage Compliance” blog. In addition, Glenn provides licensee compliance audits in conjunction with Licensing Compliance Group and Cybersecurity/Penetration Tests/SOC for Cyber/SOC 2/3 Assessments in conjunction with Ra Security Systems. Find Glenn’s full profile at http://www.linkedin.com/in/glenntmurphy/, follow him @GlennMurphyGRC and subscribe to the Leverage Compliance blog at http://www.bestgrc.com/blog/