This article is the second of a three-part series intended to help companies understand the basics of auditor independence. This installment outlines the role of the audit committee in maintaining and overseeing auditor independence. Read the first article: "The Framework."
In 2002, Congress tasked the audit committee with overseeing the retention of the company’s independent auditor and pre-approving all non-audit services provided by that independent auditor to safeguard against impairment of auditor independence. Accordingly, the SEC views the independence of the auditor as a shared responsibility between the audit committee and the auditor. In June of this year, the SEC put teeth to that view and charged the trustee of an investment fund and the fund’s administrator with causing violations of the auditor independence rules.
Given the SEC’s enforcement agenda against gatekeepers and its view of the independence obligations, directors and trustees are well-advised to refamiliarize themselves with the independence rules generally and their role in monitoring independence specifically.
The auditor must be independent throughout the audit engagement as well as the period covered by the financial statements to be audited. When considering the independence of a potential or returning auditor, the audit committee should take a broad view to capture any relationships or services that could be viewed as impairing independence. At bottom, the question is whether a reasonable investor would conclude that the auditor was incapable of exercising impartial judgment. The answer to that question may be unclear to many when the payment of audit fees by the client does not raise an independence issue, but there are several considerations that help shed light on when independence might be considered impaired. As a general rule, independence would be deemed impaired and the work should not be undertaken if the audit or non-audit service under consideration would:
- create a mutual or conflicting interest between the auditor and its audit client;
- place the auditor in a position of auditing its own work;
- result in the audit firm acting either as management of the audit client or as its employees; or
- place the auditor in a position of being an advocate for the audit client.
Prohibited Relationships and Services
The Sarbanes-Oxley Act of 2002 (Sarbanes Oxley) defined certain prohibited relationships and services. Audit committee members should be familiar with the enumerated prohibited arrangements but must also be cognizant that these prohibitions are not all-inclusive. For instance, even though tax services do not generally raise independence issues, the Public Company Accounting Oversight Board (PCAOB) warned that a conflict of interest between a company and its auditor may arise if the company faces legal liability or sanctions based on a tax strategy developed by its auditor. The audit committee must therefore consider the impact on independence of all non-audit services or relationships whether or not they are expressly banned using the above-listed factors as a guide.
There are essentially four types of relationships prohibited under Sarbanes Oxley. First, to eliminate the possibility that an audit team member is acting in his or her own interest in the hopes of gaining employment with a client, Sarbanes Oxley requires a one-year cooling off period before a company can hire certain individuals formerly employed by its auditor. On the flip side, audit firms and/or their partners cannot maintain any direct or material indirect business relationships with the company, its officers, directors or significant shareholders. Third, the audit firm cannot be perceived as having any interest in the client and as a result, audit committees cannot remunerate an independent auditor on a contingent fee or a commission basis. And finally, certain financial relationships between the company and the independent auditor are prohibited, including a debtor/creditor relationship, banking, broker-dealer, futures commission merchant accounts, insurance products and interests in investment companies. Thus, if the potential audit client is a bank, the audit firm could not bank with that entity.
PCAOB Rule 3526 requires that a registered public accounting firm provide to the audit committee of a prospective audit client a description of all relationships between the accounting firm and the audit client that may reasonably be thought to bear on independence, and must discuss those relationships with the audit committee.
The audit committee must get comfortable that the disclosure identifies (1) all persons in financial reporting oversight roles whether they are company management or directors, and (2) any relationships the audit firm, its affiliates and/or its partners have with any individual in a financial oversight role at the company, including through those individuals’ involvement with other companies. The committee should, therefore, query the auditor to understand, at a minimum, the processes the audit firm has in place to ensure that all relevant relationships have been captured, and any relationships deemed immaterial by the audit firm and thus omitted from the disclosure.
The auditor must provide the disclosure annually and certify that it is independent.
In addition to the prohibited relationships, Sarbanes Oxley enumerated certain prohibited services. Thus, the auditor cannot provide the following non-audit services to an audit client or its affiliates:
- Financial information systems design and implementation;
- Appraisal or valuation services, fairness opinions, or contribution-in-kind reports;
- Actuarial services;
- Internal audit outsourcing services;
- Management functions or human resources;
- Broker-dealer, investment adviser, or investment banking services; and
- Legal services and expert services unrelated to the audit.
Because the above-listed services are not all-inclusive and because permitted services can expand in scope so as to create independence issues, Sarbanes Oxley mandated that the audit committee pre-approve permitted services. The audit committee should be comfortable that the company has in place policies and procedures that ensure that all audit and non-audit services get to the committee for pre-approval. Those policies should provide the committee with enough detail of proposed engagements and fees to understand the nature and scope, analyze any potential independence risks, and put in place mechanisms to guard against scope creep. Moreover, services subject to general pre-approval must be specifically defined because categorical approvals will not suffice in the SEC staff’s view.
Given the limited number of public company audit firms and the requirement that any new auditor have been independent during a period before their engagement, listing company standards require audit committees to pre-approve all audit, review and attest services regardless of whether the firm performing the services is the company’s principal auditor. In that regard, it is a good practice to maintain at least one potential audit firm that provides no services and has no relationships with the company, its management or directors.
Audit committees must be able to spot independence issues as early as possible in order to avoid impairment. To do that, the audit committee must have a complete understanding of the services their auditor has provided and is providing, and a general understanding of the independence rules and the concerns that those rules seek to address. That fundamental understanding should be enough to flag issues that can then be raised with the company’s audit firm or with counsel.