SEC: PwC to pay $8M for auditor independence violations

According to the SEC’s Sept. 23 order, PwC allegedly engaged in 19 instances of improper conduct on behalf of 15 SEC-registered issuers from 2013 through 2016. In a separate order, the SEC charged Brandon Sprankle, a PwC partner, with improper professional conduct and violations of auditor independence rules.

PwC and Sprankle consented to the SEC’s order without admitting or denying the findings and agreed to cease and desist from future violations. PwC agreed to pay disgorgement of $3.8 million, prejudgment interest of $613,842, and a civil money penalty of $3.5 million. PwC also agreed to be censured and to perform a detailed set of undertakings requiring the firm to review its current quality controls for complying with auditor independence requirements for non-audit services and for evaluating its provision of non-audit services.

In a statement to Compliance Week, PwC said it “takes independence and its important role in the capital markets seriously. PwC is pleased to have resolved this matter and remains committed to continuous improvement. Through our ongoing efforts, we have and continue to add additional processes and controls to maintain independence.” Sprankle remains a partner at the firm.

Alleged misconduct

For one audit client in particular, PwC violated the auditor independence rules of the Commission and the Public Company Accounting Oversight Board (PCAOB) “by performing prohibited non-audit services during an audit engagement.”

Specifically, according to the SEC, PwC violated the independence rules in connection with an unnamed audit client, “Issuer A,” in 2014 by exercising decision-making authority in the design and implementation of software relating to the client’s financial reporting and engaging in management functions for the company. At the time, Sprankle was a member of the audit engagement team and had responsibility for supervising the performance of these non-audit services for Issuer A.

According to the SEC’s order, Sprankle’s independence violations included:

• Supervising the provision of non-audit services that were prohibited under the auditor independence rules;
• Failing to ensure the planned work—and services provided—complied with the independence rules;
• Failing to adhere fully to PwC’s quality controls; and
• Failing to supervise the personnel who performed the services to provide reasonable assurance that PwC maintained auditor independence.

“On the enterprise software engagement, Sprankle obtained internal approval within PwC by describing the project as audit services, despite numerous red flags and indications that the project included prohibited non-audit services,” the SEC order stated. “Sprankle, thereafter, supervised PwC’s providing prohibited services.”

On both engagements, PwC personnel, under Sprankle’s supervision, also performed management functions by directing employees of Issuer A and by engaging in supervisory functions, the order stated. Additionally, in connection with the GRC-related work, Sprankle provided material, non-public information concerning Issuer A to a software company without Issuer A’s consent.

Sprankle also caused Issuer A to engage in certain reporting violations and caused PwC to violate Rule 2-02(b) of Regulation S-X, which requires an auditor state it performed the audit in accordance with Generally Accepted Auditing Standards, including the requirement to be independent.

The non-audit services on behalf of the 15 SEC-registered issuers violated PCAOB Rule 3525, which requires an auditor to describe in writing to the audit committee the scope of work, discuss with the audit committee the potential effects of the work on independence, and document the substance of the independence discussion.

“PwC’s failure to comply with Rule 3525 prevented the audit committees of numerous issuers from evaluating the potential effects of the non-audit services on auditor independence, including whether the services could cause PwC to lack independence,” the SEC order states. “This resulted in PwC being engaged to provide non-audit services that were improperly characterized to the audit committees of numerous issuers as audit services.”

PwC’s violations were, in part, the result of breakdowns in its system of quality control to provide reasonable assurance that it maintained independence. In particular, PwC did not:

• Adequately evaluate the nature and scope of proposed non-audit service engagements for permissibility;
• Properly characterize work as audit or non-audit services;
• Review and monitor non-audit work being performed for audit clients to confirm the services were permissible; and
• Properly describe to audit committees of SEC-registrant clients the nature of the audit and non-audit services to be provided.

“Auditors play a fundamental role in protecting the reliability and integrity of financial reporting and must ensure that non-audit services do not come at the cost of their independence on audits of public companies,” said Anita Bandy, associate director of the SEC’s Division of Enforcement. “PwC repeatedly provided non-audit services without having effective quality controls in place for monitoring whether the services impaired its independence on audit engagements and were properly disclosed to audit committees.”