Implementing the Sarbanes-Oxley Act
 by Brian J. Kahle and Julie E. McGuire

(June 2003) American financial markets over the past 24 months have undergone an unprecedented volatility and crisis of integrity. After 2001's economic downturn was exacerbated by numerous Enron-type scandals, Congress passed the Sarbanes-Oxley Act of 2002, 15 U.S.C. § 7201 et seq., (the "Act"), in an effort to help restore stability and some measure of confidence in these markets. The Act was signed into law by President Bush on July 30, 2002. Recently, the U.S. Securities Exchange Commission, the agency charged with promulgating rules and regulations to implement the Act, has experienced the most extensive rulemaking period in its 70-year history.

Background - On January 22, 2003, the SEC voted to adopt final rules to implement Title II of the Act: auditor independence. Published in the Federal Register on February 5, 2003, the rules will become effective on May 6, 2003. The issue of "auditor independence" is regarded by some commentators as the focal point of the legislation and the most important step toward restoring public confidence in the markets. This issue is arguably also the most controversial. What follows is a discussion of the new rule provisions and also its various exceptions.

The Sarbanes-Oxley Act applies only to registered public accounting firms alone, and does not seek to regulate those small and medium-sized accounting firms that do not perform audits of public companies. A "registered public accounting firm," defined in Section 2 of the Act, is a public accounting firm that must be registered with the newly formed Public Company Accounting Oversight Board ("Oversight Board") before it is able to provide auditing services to a public company registered with the SEC. Generally, then, the rules discussed here apply only to those accounting firms that perform audits for publicly traded companies.

A violation by any person of the Act or the auditor independence rules discussed here will subject the person to the same penalties as would a violation of the Securities Exchange Act of 1934 and related SEC rules. This could include civil penalties, criminal penalties, or both.

The SEC rules on audit independence can be organized into five key areas: (A) Prohibited Non-Audit Services; (B) Audit Committee Pre-Approval of Services; (C) Partner Rotation; (D) Conflict of Interest; and (E) Increased Communication and Disclosure.

A. Prohibited Non-Audit Services - Congress enumerated in Section 201 of the Act nine non-audit services that are prohibited from being contemporaneously performed for a public-company client by any registered public accounting firm that is also serving as auditor of the client. The SEC rules do not prohibit a firm from providing non-audit services to clients they are not auditing. The prohibited non-audit services are: 

1. Bookkeeping. If an auditor firm provided bookkeeping services for an audit client, it would later be placed in the position of auditing its own work, and therefore would lack independence. As a result, all bookkeeping services, such as maintaining accounting records, preparing financial statements, or preparing source data, are prohibited from being performed by an auditing firm. A narrow exception allows such services where it is reasonable to conclude that the results would not be subject to audit. 

2. Financial Information System Design or Implementation. An accounting firm may not provide any service related to the audit client's information system, unless it is reasonable to conclude that the results of these services will not be subject to audit procedures during an audit of the client's financial statements. For example, an accounting firm would be permitted to work on hardware or software systems that are unrelated to the audit client's financial statements or accounting records as long as those services are pre-approved by the audit committee. 

3. Appraisal and Valuation Services. An accounting firm is prohibited from performing services of appraising or valuing assets or liabilities or performing services involving a fairness opinion or contribution-in-kind report for an audit client, unless it is reasonable to conclude that the results of the services will not be subject to audit procedures. The rule does not prohibit the firm from providing these services when they are for non-financial reporting purposes. 

4. Actuarial Services. An accounting firm is prohibited from providing to an audit client any actuarially-oriented advisory service involving the determination of amounts recorded in the financial statements and related accounts for the audit client other that assisting a client in understanding the methods, models, assumptions, and inputs used in computing an amount, unless it is reasonable to conclude that the results of these services will not be subject to audit procedures. 

5. Internal Audit Outsourcing. Some companies outsource internal audit functions to outside firms who in turn audit their internal controls. The SEC now prohibits an accounting firm from providing to their audit client any internal audit service that has been outsourced by the audit client and that relates to the audit client's internal accounting controls, financial systems, or financial statements. These services are permitted only if it is reasonable to conclude that the results of these services will not be subject to audit procedures. However, an auditor is free to make recommendations for improvements to internal controls pursuant to Generally Accepted Auditing Standards ("GAAS"), and such recommendation would not be deemed an internal audit outsourcing engagement.) 

6. Management and Human Resources Functions. An accountant is prohibited from acting as a director, officer, or employee of an audit client or performing any decision-making, supervisory, or ongoing monitoring function for the audit client. The rules also prohibit an accounting firm from searching for employee candidates, performing reference checks of candidates, engaging in testing or evaluation programs, or recommending a specific candidate for a specific job. 

7. Investment Advising Services. It is impermissible for an accounting firm to perform brokerage, investment advising, or investment banking services for an audit client. It cannot serve as an unregistered broker-dealer, promoter, underwriter, make investment decisions for an audit client, or otherwise have discretionary authority over an audit client's investments. Doing so is incompatible with the auditor's responsibility to ensure that the client's financial condition is fairly presented to the public. 

8. Legal Services. An accounting firm is prohibited from providing to an audit client any service that could only be provided by someone licensed to practice law in the jurisdiction in which the service is provided. This rule is based on the notion that an individual cannot be both a zealous advocate for the client's management and maintain the objectivity required for an audit. Importantly, because some countries have regulations requiring a license to practice law in order to do tax work, this restriction on legal practice does not prohibit foreign accounting firms that are so regulated from providing accounting services that an American accounting firm could provide under these rules. 

9. Expert Services. Expert services are those where an accounting firm's specialized knowledge and expertise is used to support the audit client's positions in an adversarial proceeding. An accountant is prohibited from providing expert opinions or other services to an audit client, or a legal representative of an audit client, for the purpose of advocating that audit client's interests in litigation or administrative and regulatory proceedings. The accountant would be free, however, to provide factual accounts in the form of lay testimony for explanatory purposes. Further, an accounting firm is free to perform internal investigations or fact-finding engagements to assist the audit committee or its legal counsel in fulfilling its responsibilities.

Tax Services Exception. An accounting firm is permitted to provide tax services such as tax compliance, tax planning, and tax advice to audit clients; doing so is not deemed a violation of auditor independence. It should be noted that such permitted services cannot be performed without pre-approval by the audit committee. Further, such tax services could be a violation of other SEC rules on auditor independence, where, for example, the firm represents the audit client before tax court or federal court of claims.

B. Audit Committee Pre-Approval of Services - An audit committee is defined in Section 2 of the Act as a committee established by and among the board of directors of a publicly-traded client for the purpose of overseeing the accounting and financial reporting processes of the client and audits of the financial statements of the client. If no such committee of the board exists, the committee is deemed to be the entire board of directors of the client.

In order for a registered firm to provide audit or permitted non-audit services to a public company, the audit committee of the company must give prior approval pursuant to Section 202 of the Act. The rules require that the audit committee pre-approve all permissible non-audit services and all audit, review or attest engagements. This approval can occur either through express approval, or upon compliance with specific pre-approval policies and procedures set in place by the committee. These requirements are expected to promote auditor independence by providing a forum away from management where less pressure or influence may exist and accountants can more freely discuss particular problems or concerns. The rules provide a de minimis exception for non-audit related services, waiving the pre-approval requirement where all non-audit services: (1) do not amount to more than five-percent of total revenues paid by the audit client to the accounting firm in the fiscal year services are provided; (2) were not recognized as non-audit services at the time of the engagement; and (3) are promptly brought to the attention of the audit committee and approved prior to completion of the audit by the audit committee.

C. Partner Rotation - An audit engagement team is defined as all partners and professional employees participating in an audit, review, or attestation engagement of an audit client. To preserve independence and maintain quality of audit services, Congress included in section 203 of the Act a requirement that audit partners "rotate off" of a particular client engagement after a specific period of time. In developing rules on partner rotation, the rule has classified partners into different levels and established rules for each level of partner. The lead and concurring partners are required to rotate after five (5) years, and then are subject to a five year "time out" period where they cannot perform services for that audit client. Other audit partners are required to rotate after no more than seven (7) years and be subject to a two (2) year time-out period. "Audit partner" is defined as a partner who, as a member of the audit engagement team, has responsibility for decision-making on significant auditing, accounting, and reporting matters that affect the financial statements or who maintains regular contact with management and the audit committee.

Small Firm Exception - In response to a significant number of comments, the SEC adopted a small-firm exception from the partner rotation rules. Audit firms that have fewer than five audit clients that are public companies, and have fewer than ten partners, are exempted from partner rotation rules. These firms still must be subject to a full review by the Board at least once every three years, however.

D. Conflicts Of Interest - Section 206 of the Act sets forth a conflict of interest rule whereby a one-year cooling off period is required before a member of the audit engagement team can begin working for the audit client in certain key positions.

The rule provides that when the lead partner, concurring partner, or any other member of the audit engagement team who provides more than ten hours of audit, review, or attest services for the client accepts a position with the audit client in a financial reporting oversight role within one year after they provided such services to the client, the accounting firm is not independent. For purposes of the rule, audit procedures are deemed to have commenced for the current audit engagement period the day after the prior year's periodic annual report is filed with the SEC. The cooling off period must be one year, and in order to comply, the firm must complete one annual audit after the individual was a member of the audit engagement team.

The final rule does provide exceptions to the cooling off requirement. If a conflict is created through merger or acquisition, the rule does not apply. Further, the rule has provided an exception for emergency or unusual circumstances. The SEC has addressed conflicts of interest arising where an audit partner receives compensation based on the act of selling non-audit services to the client. It has adopted the rule that an accountant is not independent if, at any point during the audit and professional engagement period, any audit partner earns or receives compensation based on the audit partner procuring engagements with the audit client to provide any products or services other than audit, review, or attest services.

E. Increased Communication and Disclosure 

To Audit Committees - Section 204 requires the SEC to issue rules requiring timely reporting of specific information to audit committees in order to assist the committee in overseeing both management and the accountants. The SEC has added substance to this rule by requiring disclosures for three types of information that must occur prior to the filing of the audit report with the SEC.

First, firms are required to disclose to audit committees all critical accounting policies and practices. In defining those accounting policies that are deemed critical, the SEC looked to its Cautionary Guidance of December 12, 2001, and noted that critical policies are those that are both most important to the portrayal of the company's financial condition and require management's most difficult judgments due to the need to make estimates about the effect of matters that are inherently uncertain.

Second, accounting firms are also required to communicate to the audit committee, either orally or in writing, all alternative treatments within generally accepted accounting principles ("GAAP") for policies and practices related to material items that have been discussed with management. This includes discussions of the ramifications of the use of such alternative treatments and the treatment preferred by the accounting firm.

Third, the SEC also requires disclosure to the committee of material written communications, such as management representation letters, engagement letters, independence letters, reports on internal controls, and schedules of unadjusted audit differences. Accountants are urged to use proper discretion regarding what written communications should be provided to the audit committees.

To Investing Public - Beyond the disclosures to audit committees, the new rule requires that additional information be provided to the public as well. Public companies must disclose fees paid to their independent accountant(s) for: (1) audit fees, (2) audit-related fees, (3) tax fees, and (4) all other fees. Further, the company must disclose a description of the type of services being provided. Disclosure must also be made of the audit committee's pre-approval policies and procedures, if any. These disclosures are to be provided both in the company's annual report and in their proxy statement, so that all investors have equal information. The information must be included for the two most recent fiscal years of the company.

Conclusion - This article has sought to provide a summary of the final auditor independence rules. These rules were the subject of significant debate during the rulemaking process, and will surely be subject to further criticism as they begin to be implemented. However, public companies and registered public accounting firms will likely take very seriously these rules, in view of the Act's harsh criminal penalties. These rules have been implemented in order to protect auditor independence from management pressure and influence for the purpose of restoring public confidence in the veracity of public company disclosures. Whether they will prove effective and worth the burden will be determined in the years, and hopefully bull markets, to come.

© 2003 Hull McGuire PC. All Rights Reserved.

 
 

Contact Us

Privacy Policy

Disclaimer and Website Info
2015 Hull McGuire PC.  All rights reserved.