External auditors are supposed to be public watchdogs who are “independent” of their audit clients — both in appearance and in fact. This may seem like common sense, but independence issues remain at the forefront of investor concerns in the aftermath of the financial crisis of 2008. The Securities and Exchange Commission (SEC) continues to file auditor independence cases on a regular basis. And in April, the International Ethics Standards Board for Accountants (IESBA) revised its code of ethics to address independence issues.
Here’s an overview of the SEC’s independence guidance for auditors. Although these rules apply specifically to public companies, auditors of private companies are held to the same (or similar) standards.
Announcing “Operation Broken Gate”
In October 2013, SEC Chair Mary Jo White launched an initiative to identify auditors who neglect their duties and the required auditing standards. She called the project “Operation Broken Gate.” Enforcement activity over the last 18 months shows that Commissioner White wasn’t bluffing. The SEC has recently filed multiple auditor independence cases and released a detailed report with warnings for firms that lend staff to their audit clients.
Such enforcement actions generally fall into three broad categories:
- Auditors who provide prohibited nonaudit services to clients,
- Auditors who enter into prohibited employment (or employment-like) arrangements, and
- Auditors (or associated entities) with prohibited financial ties to audit clients (or their affiliates).
In addition, the SEC recently filed two independence-related cases based on failures to comply with the Sarbanes-Oxley Act requirement that lead audit partners rotate off engagements after five consecutive years. In one of these cases, the accountant allegedly tried to evade the five-year rotation requirement by, in the sixth year, assigning a non-CPA, unqualified employee to be lead audit partner in name only, while the accountant continued to function as lead audit partner in practice. The SEC censured and fined the accountant and his firm, and the accountant was suspended from practicing before the SEC for at least one year.
Assessing auditor independence
To avoid independence-related enforcement actions, it’s important for auditors and their clients to understand the SEC’s independence rules. Audit clients include companies whose financial statements are being audited, reviewed or otherwise attested — and any affiliates of those companies.
Under Rule 2-01 of Regulation S-X, there are four questions the SEC considers when assessing auditor independence:
- Does the engagement create a mutual or conflicting interest?
- Does it put the auditor in a position of auditing his or her own work?
- Does it result in the auditor acting as a member of management or an employee of its audit client?
- Does it put the auditor in a position of being the client’s advocate?
Affirmative answers may indicate possible independence issues. But the SEC applies these factors on a fact-sensitive, case-by-case basis. For example, an auditor wouldn’t be considered independent if he or she maintained relationships, held or acquired interests, engaged in transactions or provided services that are explicitly prohibited. Examples of prohibited nonaudit services include:
- Financial information systems design and implementation,
- Appraisal, valuation and actuarial services,
- Internal audit outsourcing,
- Management functions or human resources services,
- Investment banking and legal services, and
- Expert services unrelated to the audit.
Rule 2-01 of Regulation S-X applies to audit firms, covered people in those firms and their immediate family members. The concept of “covered people” extends beyond audit team members. It may include individuals in the firm’s chain of command who might affect the audit process, as well as other current and former partners and managers.
For example, an audit firm might not be independent if, at any time during the audit engagement, a former partner or professional employee is now in an accounting or financial reporting oversight role at an audit client, especially if the former partner has a buyout arrangement that’s contingent on the firm’s operating results.
Joining the ethics bandwagon
In April, the IESBA — part of the International Federation of Accountants — updated its Code of Ethics for Professional Accountants to block auditors from providing certain nonassurance services to clients that are public companies, regulated businesses or otherwise considered to be public interest entities (PIE) in emergencies. The revisions include corresponding changes to the ethics code’s nonassurance services provisions with respect to other assurance clients.
The IESBA code of ethics is currently used by companies in more than 100 jurisdictions around the world. The recent changes remind auditors to not assume any responsibilities that are normally considered to be the role of a client’s management. The revised provisions include new and clarified guidance regarding what constitutes a management responsibility.
The revisions clarify guidance on the concept of “routine or mechanical” services relating to the preparation of accounting records and financial statements for audit clients that are not public entities. They also remove provisions that permit an audit firm to provide some bookkeeping and tax services to audit clients that are PIE in emergencies because they were prone to being interpreted too generally.
The IESBA changes will be effective April 15, 2016, but professional accountants are permitted to adopt the changes ahead of the effective date. With ongoing SEC independence-related enforcement actions and international support of tougher independence guidelines, expect to hear more about this hot topic in the coming months.