Get your ducks in a row: how the Sarbanes-Oxley Act has redefined auditor independence.Independence has been redefined--again. After being prominent on the agendas of standard setters for several years, auditor independence has been redefined again by the SARBANES-OXLEY Act See SOX. of 2002. In November 2000, the SEC announced changes to its auditor independence rules. In August 2001, the AICPA AICPA See American Institute of Certified Public Accountants (AICPA). offered its own solution, followed by the Government Accounting Office in January 2002. With this latest iteration, the accounting profession finds itself at the receiving end of the most uncompromising rules thus far on auditor independence, designed by federal legislators to ensure that the "independent auditor Independent Auditor An external auditor with a certified public accounting designation that qualifies him or her to provide an auditor's report. Notes: These auditors aren't affiliated with the company being audited. " is truly independent. The new law represents an overhaul of federal securities regulations not witnessed since the Securities Exchange Act of 1934. Several new provisions will directly affect auditors of public companies, specifically those contained in Titles I and II of the Act. THE NEW OVERSIGHT BOARD Title I created a new regulatory body, the Public Company Accounting Oversight Board The Public Company Accounting Oversight Board (or PCAOB) (sometimes called "Peekaboo") is a private-sector, non-profit corporation created by the Sarbanes-Oxley Act, a 2002 United States federal law, to oversee the auditors of public companies. , a private entity conceived as the solution to perceived deficiencies in the accounting profession's self-regulation. It will oversee the audits of public companies (the "issuers" of securities, or audit client) and enforce compliance with the Act, which includes new independence rules. To sign off on an audit report, the auditing firm must apply and qualify to be a "registered public accounting firm" with the board. As part of the registration process, the applicant will report certain information, including names of clients that are publicly held, annual fees received, names of all auditors in the firm, and information relating to relating to relate prep → concernant relating to relate prep → bezüglich +gen, mit Bezug auf +acc criminal, civil or administrative actions or proceedings against it. AUDITING STANDARDS The Act also empowers the board to establish standards pertaining to auditing, quality control, ethics and independence to be used by registered auditors in discharging their duties. Such standards will include those that the accounting profession proposes, presumably pre·sum·a·ble adj. That can be presumed or taken for granted; reasonable as a supposition: presumable causes of the disaster. the prevailing professional standards, and may be amended or supplemented by the board in connection with those standards required of registered auditors. As part of the auditing standards it adopts, the board will set forth specific rules, such as the requirement to prepare audit workpapers "in sufficient detail to support the conclusions reached" in the audit report, and maintain the related audit workpapers for at least seven years. The board also will require a second partner review and approval of the audit report by a "qualified person." RENEWED IMPORTANCE FOR INTERNAL CONTROLS Title I elevates internal controls to greater reporting prominence. Now, the audit client will be required to attach an internal control report to its SEC Form 10-K Form 10-K A report required by the SEC from exchange-listed companies that provides for annual disclosure of certain financial information. Form 10-K See 10-K. . This report will affirm management's responsibility to establish and maintain effective internal controls and provide an assessment of the effectiveness of those controls. For auditors, another salient change will be found in the audit report. The audit report now will include a description of the scope of the auditor's testing of the client's internal control structure and procedures. In contrast, SAS (1) (SAS Institute Inc., Cary, NC, www.sas.com) A software company that specializes in data warehousing and decision support software based on the SAS System. Founded in 1976, SAS is one of the world's largest privately held software companies. See SAS System. 58, Reports on Audited Financial Statements, does not require a reference to the client's internal controls in the audit report itself. The auditor also will be required to attest to the aforementioned management assessment, and findings from the testing and an appropriate evaluation of such findings will be presented either on the audit report or in a separate report. The Act does not enumerate To count or list one by one. For example, an enumerated data type defines a list of all possible values for a variable, and no other value can then be placed into it. See device enumeration and ENUM. specific procedures that the auditor must undertake in connection with its internal control testing, but presumably, the requirements of SAS 55, Internal Control in a Financial Statement Audit, as amended by SAS 78, will serve as the minimum. The results of the internal control evaluation called for by the Act will include: * An assessment that the client maintains transaction records in "reasonable detail"; * Reasonable assurance that transactions are recorded such that the resulting financial statements are prepared in accordance with GAAP GAAP See: Generally Accepted Accounting Principles GAAP See generally accepted accounting principles (GAAP). ; and * A description of material weaknesses and material noncompliance noncompliance failure of the owner to follow instructions, particularly in administering medication as prescribed; a cause of a less than expected response to treatment. noncompliance uncovered during the internal control testing. Presently, in accordance with SAS 60, Communication of Internal Control Related Matters Noted in an Audit, reportable conditions identified in the course of the audit are to be reported to be spoken of; to be mentioned, whether favorably or unfavorably. See also: Report to the audit committee, preferably in writing. Furthermore, reportable conditions that the auditor deems to be material weaknesses are not required by SAS 60 to be separately identified and communicated, although the auditor may choose to do so. Violating the board's rules is equivalent to violating the 1934 Act and, as such, the penalties under the 1934 Act will apply. In addition, intentional or knowing conduct or repeated negligent conduct that results in a violation will lead to a temporary suspension or permanent revocation of registration, and civil money penalties will be no more than $750,000 for individuals, and $15 million for firms. The board, which will receive "oversight and enforcement authority" from the SEC, is to be fully staffed and operational by the end of April 2003. Mandatory registration with the board will begin 180 days later, and approval will be granted to a qualified applicant no later than 45 days after receipt of the application. SCOPE OF SERVICES Title II of the Act is an entire section devoted to auditor independence and prescribes a new set of rules to be effective 180 days after the board is functional and after the auditing firm becomes a registered public accounting firm, roughly in late-2003. The new rules list which non-audit services are unlawful when performed concurrent with the audit-with little room for exceptions. In addition to prohibited services, the new rules set forth provisions on audit partner rotation and reports to audit committees. The Act does not address independence questions that may arise due to financial relationships between auditor and client but focuses on the scope of services typically provided by auditors. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. Title II, it will be unlawful for a registered auditing firm to provide the client certain non-audit services "contemporaneously with the audit." These steadfast restrictions are tougher than the SEC's rules since the following services are not permitted under any circumstances: * Bookkeeping or other services related to the client's accounting records or financial statements; * Financial information systems design and implementation; * Appraisal or valuation services, fairness opinions, or contribution-in-kind reports; * Actuarial services; * Internal audit outsourcing services; * Management functions or human resources The fancy word for "people." The human resources department within an organization, years ago known as the "personnel department," manages the administrative aspects of the employees. ; * Broker or dealer, investment adviser or investment banking services; and * Legal services legal services n. the work performed by a lawyer for a client. and expert services unrelated to the audit. In addition, the Act sets forth a ninth catch-all category, described as "any other service that the board determines, by regulation, is impermissible im·per·mis·si·ble adj. Not permitted; not permissible: impermissible behavior. im ." While the restrictions are intended to be uncompromising, the board has the authority to grant exemptions on a case-by-case basis if doing so is necessary and serves the interests of the investing public. AND WHAT ABOUT ... ? Noticeably missing from the list above are tax services, which will be permissible only if the engagement is approved in advance by the client's audit committee. The Act also requires pre-approval by the audit committee for auditing services and non-audit services not specified above, and may be waived for such non-audit services that meet certain de minimis An abbreviated form of the Latin Maxim de minimis non curat lex, "the law cares not for small things." A legal doctrine by which a court refuses to consider trifling matters. rules. Auditing services under the Act may include providing comfort letters in connection with the client's securities underwritings and statutory audits for insurance companies. AUDIT COMMITTEES: ECHOES OF SAS 90 Echoing the essence of SAS 90, Communication with Audit Committees, Title II provides a section of rules titled Auditor Reports to Audit Committees. It requires the auditor to "timely report" certain information to the audit committee, and is undoubtedly intended to enhance the audit committee's effectiveness in fulfilling its own duties under the Act. For example, the auditor is to communicate "all critical accounting policies and practices to be used." SAS 90 has a similar provision, except it uses the term "significant" as opposed to "critical." More unequivocal perhaps than SAS 90, the Act is exacting in its requirement for the auditor to "report all alternative treatments of financial information within generally accepted accounting principles The standard accounting rules, regulations, and procedures used by companies in maintaining their financial records. Generally accepted accounting principles (GAAP) provide companies and accountants with a consistent set of guidelines that cover both broad accounting that have been discussed with management officials of the client, ramifications ramifications npl → Auswirkungen pl [emphasis added] of the use of such alternative disclosures and treatments, and the treatment preferred by the registered public accounting firm." Lastly, the Act has a provision not covered not covered Health care adjective Referring to a procedure, test or other health service to which a policy holder or insurance beneficiary is not entitled under the terms of the policy or payment system–eg, Medicare. Cf Covered. by SAS 90, which requires that the auditor report to the audit committee "other material written communications" between the auditor and the client. The Act doesn't define "material," but it lists "any management letter or schedule of unadjusted differences" as examples. Although the Act requires timely reporting of the aforementioned items, it does not characterize what would be considered untimely reporting. AUDIT PARTNER ROTATION Other provisions of Title II include a new rule on audit partner rotation, which makes it unlawful for the lead audit partner or the "audit partner responsible for reviewing the audit" to serve in that capacity for more than five successive fiscal years. Presumably, this rule also will apply to the concurring partner. CONFLICTS OF INTEREST In the area of conflicts of interest, Title II prohibits the auditing firm from performing the audit if certain key employees of the client were employed by the auditing firm and participated in the audit in the previous year. Those key positions include CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. , CFO See Chief Financial Officer. , controller, chief accounting officer or any equivalent position. MANDATORY ROTATION The Act also addresses "mandatory rotation" of auditing firms and provides that the U.S. comptroller general shall conduct a study pertaining to the potential effectiveness of administering such a concept. A mandatory rotation would impose a limit on the number of years the audit firm may serve as the auditor for the same client. The study will be completed and a report will be submitted to legislators by July 2003. PULLING IT ALL TOGETHER With the enactment of the Sarbanes-Oxley Act, the accounting profession now has at least four major sets of independence rules to work with, including those from the SEC, GAO and AICPA. A comparison of provisions pertaining to non-audit services will show that the Sarbanes-Oxley Act sets forth the stringent rules, followed in descending order by the SEC, GAO and AICPA. Intuitively, the rules to follow will depend on the audit client. If the client is a publicly traded company publicly traded company A company whose shares of common stock are held by the public and are available for purchase by investors. The shares of publicly traded firms are bought and sold on the organized exchanges or in the over-the-counter market. , the new Act will apply in conjunction with the SEC rules. If the audit client is a government, nonprofit entity or a for-profit entity receiving federal assistance or participating in federal programs, compliance with the GAO's standards (Yellow Book) will be required. An audit of a privately held company privately held company A firm whose shares are held within a relatively small circle of owners and are not traded publicly. will be subject to the AICPA's independence rules. Whatever the case, the abiding interest in effective auditor independence is always well-founded, as the investing public looks to competent and objective auditors for assurances about financial information. A. Christine Davis, CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. is a manager of litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute. When a person begins a civil lawsuit, the person enters into a process called litigation. consulting and forensic accounting Forensic accounting, sometimes called investigative accounting, involves the application of accounting concepts and techniques to legal problems. Forensic accountants investigate and document financial Fraud and white-collar crimes for Hemming Morse in San Franciso. She can be reached at davisc@hemming.com. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion