Since the Securities and Exchange Commission’s birth in 1934, it has consistently emphasized the need for auditors to remain independent.
Way back then, ensuring auditors are independent of their audit clients was hardly a controversial concept. The modern terrain, however, is a lot muddier. The rise of the market-dominating Big 4 firms have all but rewritten what services a client should expect—if not demand—when engaging an audit partner.
As these, and other firms, seek to maintain their bottom-line growth and retain their client base, they are turning to non-audit compliance, technology, and consulting services to increase their value proposition with the goal of making themselves indispensable partners. The risk is how to balance these offerings without triggering regulatory concerns about their independence.
Over the decades, the SEC has developed and maintained its own rules to ensure that auditors are independent of their audit clients. The Sarbanes-Oxley Act of 2002 also mandated that audit committees be directly responsible for the oversight of the engagement of the company’s independent auditor.
The SEC’s general standard is easy to summarize: “An auditor’s independence is impaired if the auditor is not, or a reasonable investor would conclude, that the auditor is not, capable of exercising objective and impartial judgment on all issues encompassed within the audit engagement.”
Breaking the rules
Even with decades of fairly clear-cut expectations, audit firms still find new and unique ways to run afoul of the SEC’s independence rules.
On Feb. 13, the SEC announced that Deloitte Touche Tohmatsu (Deloitte Japan) will pay $2 million to settle charges that it issued audit reports for a client at a time when dozens of its employees held bank accounts with that client’s subsidiary.
“The best thing to have is a friendly competitor that can, for example, do the compliance work and let you do the audit work. That’s a great way to do business. You have to make a business decision on whether you want to do the audit, or whether you want to do the compliance work.”
Bill Thompson, former CPA & President, CPA Mutual
Under the SEC’s rules, accountants are not considered to be independent if they maintain bank accounts with an audit client with balances greater than Federal Deposit Insurance Corporation or similar depositary insurance limits. Eighty-nine Deloitte Japan employees had financial relationships with the audit client “that compromised their independence,” the SEC charges.
Past enforcement actions have been less technical and more scandalous.
For example, in September 2016, EY was fined more than $9 million for inappropriate relationships between the firm’s employees and executives at the company it was retained by. From January 2012 to March 2015, a senior “coordinating partner” on the engagement team broke company rules, fostered an “inappropriate close personal relationship” and, in the process, racked up $109,000 in entertainment expenses of dubious necessity and value.
The SEC says, in its enforcement order, that an EY partner and the CFO of the firm it was auditing took at least seven out-of-town trips together, “all of which were social in nature and did not have a valid business purpose.” The former EY partner, sometimes accompanied by his wife, also stayed overnight as a guest at the CFO’s primary residence in New York and his vacation home in South Carolina and travelled to out-of-state football and hockey games. The partner either obtained most of the sports tickets directly from EY or sought reimbursement.
In a separate, but connected, enforcement action, from March 2012 to June 2014, a former EY partner and the former chief accounting officer of an EY audit client “maintained a close personal and romantic relationship” while the former was on the engagement team auditing his company.
Why is it so tough to avoid these independence conundrums (at least of the non-personal variety)? One reason is that to maintain market share, audit firms are increasing the diversity of services they offer.
“Much of the difficulty comes from the competitive nature of the business,” says Bill Thompson, a CPA who left the auditing world to serve as founder and president of CPA Mutual, a firm that provides professional liability insurance exclusively to CPA firms and consults on risk management regarding professional services, employees, and data security. “You’re looking at quite a quite a lot of fees. I’m not sure how profitable auditing is compared to compliance work; I imagine the compliance work is much more profitable. They’re concerned about their top-line growth.”
SEC standards for auditor independence
To determine whether an auditor is independent under SEC standards, an audit committee must consider all of the relationships between the auditor and the company, the company’s management and directors.
The audit committee should consider whether a relationship with or service provided by an auditor, “creates a mutual or conflicting interest with their audit client; places them in the position of auditing their own work; results in their acting as management or an employee of the audit client; or places them in a position of being an advocate for the audit client.”
Auditors are prohibited from providing the following non-audit services to an audit client and its affiliates: bookkeeping; financial information systems design and implementation; appraisal or valuation services, fairness opinions, or contribution-in-kind reports; actuarial services; internal audit outsourcing services; management functions; human resources; broker-dealer, investment adviser, or investment banking services; legal service; and expert services unrelated to the audit.
Other matters on the SEC’s list:
A one-year cooling-off period is required before a company can hire certain individuals formerly employed by its auditor in a financial reporting oversight role. The audit committee should also consider whether the hiring of personnel that are or were formerly employed by the audit firm might affect the audit firm’s independence.
Audit committees should not approve engagements that remunerate an independent auditor on a contingent fee or a commission basis. Such remuneration is considered to impair the auditor’s independence.
Audit firms may not have any direct or material indirect business relationships with the company, its officers, directors, or significant shareholders.
Audit committees should be aware that certain financial relationships between the company and the independent auditor are prohibited. These include creditor/debtor relationships, banking, broker-dealer, futures commission merchant accounts, insurance products, and interests in investment companies.
Subject to certain limited exceptions, the audit committee must pre-approve all permitted services provided by the independent auditor (tax services, comfort letters, statutory audits, or other). The audit committee should consider whether company policies and procedures require that all audit and non-audit services are brought before the committee for pre-approval.
When Thompson started CPA Mutual in 1981, firms were just starting to get into compliance services, IT services, business valuation services, and “all the other add-ons that the CPAs are doing.”
“Those are pretty profitable niches to have if you’re a CPA,” he says. “It’s kind of a protection mode. They don’t want another CPA firm involved with the client because they’re afraid they could possibly lose the business.”
For audit firms that face enforcement actions for violating independence rules, the cost can be very high—and not just through SEC-levied fines. There is also personal liability. “A lot of the folks who get caught up in these disciplinary proceedings are basically banished from the industry for a couple years. Is it really worth it? I don’t think so,” Thompson says. “I’m also looking at it from a liability sand defense standpoint. It’s really difficult for an insurance company these days to take a claim all the way through trial and not have the jury think the accountants were colluding, either with the client or on their own just to make a quick buck, and they weren’t worried about the quality of their work.”
Concerns should not reside solely with SEC enforcement. “The Department of Labor, especially when they’re doing audits for pension and profit-sharing plans, is another reason why you’ve got to be extremely careful. Then the American Institute of Certified Public Accountants gets involved, and then the state societies are going to get involved,” Thompson says.
What can audit firms do to avoid independence concerns? Similarly, what can companies do to make sure their outside auditor doesn’t drag them into the enforcement crosshairs?
“The best thing to have is a friendly competitor that can, for example, do the compliance work and let you do the audit work,” Thompson advises audit firms. “That’s a great way to do business. You have to make a business decision on whether you want to do the audit, or whether you want to do the compliance work. You can do one or the other, but I wouldn’t do both.” As for companies retaining a firm: “professional skepticism is really important.”
Trent Gazzaway, Grant Thornton’s national managing partner of quality and Innovation for audit services, stresses the value of Sarbanes-Oxley standards and SEC requirements. “We’ve seen, since the implementation of them back in the early 2000s, how much better the profession in the U.S. has gotten,” he says. In particular, the SEC’s rundown of prohibited services is an important roadmap to follow. “It does a good job of carving out those things that have the greatest risk of impairing objectivity. I think that’s been an effective way to drive increased auditor objectivity, without ultimately impairing quality,” he says.
Gazzaway does add, however, that “a lot of our advisory people contribute greatly to the quality of the audits that we do, because of their expertise in valuation and information technology and in taxes and a whole host of other things. Having a multidiscipline firm drives quality as long as you have the protective measures in place to make sure you have objectivity and independence.”
“Having the audit committee to complete that circle between the auditor and the client,” is of vital importance, he says. “lf the audit committee and management are in the role of pre-approving permitted non-audit services, that works very well.”
Thompson, in a guide published on CPA Mutual’s Website, suggests that all employees of CPA firms delivering professional services need “to identify, evaluate, mitigate, disclose, and monitor potential and actual conflicts.”
Before undertaking any new client engagement, personnel should identify potential conflicts and impairment of objectivity. If a conflict is identified, the firm must evaluate the impact of the conflict and the level of risk to affected parties (financial, strategic, and reputational).
If the threat of impairment to the accountant’s objectivity and the potential impact on the interests of the clients is sufficiently high, consent from the clients to continue the engagement should be obtained in the form of a conflicts waiver. Once an engagement commences, it must be routinely monitored to ensure that existing conflicts do not intensify, or new ones emerge. It may ultimately be necessary to decline, or resign from, the engagement.
As another safeguard: document, in writing, the firm’s independence-related compliance policies.
Firms should also keep communications professional and focused on the engagement. Even something as simple as a joke or argument about a football team could be used to show evidence of a personal relationship that trumps professional objectivity.
Special report: Building a better audit
- Currently reading
Despite decades of scrutiny, auditor independence remains a challenge