On September 23, 2019, the Securities and Exchange Commission (“SEC”) charged accounting firm PricewaterhouseCoopers LLP (“PwC”) with improper professional conduct and violating auditor independence rules.1 The SEC also charged a PwC partner with causing the firm’s independence violations.2 Both respondents have agreed to settle the charges.
This is the second time the SEC has charged an accounting firm in recent months; in June 2019, the SEC fined KPMG for its employees’ alleged altering of past audit work after receiving stolen information about an upcoming Public Company Accounting Board ("PCAOB") inspection of the firm, as well as cheating on internal training exams.3 “Auditors play a fundamental role in protecting the reliability and integrity of financial reporting and must ensure that non-audit services do not come at the cost of their independence on audits of public companies,” said Anita B. Bandy, Associate Director of the SEC’s Division of Enforcement. “PwC repeatedly provided non-audit services without having effective quality controls in place for monitoring whether the services impaired its independence on audit engagements and were properly disclosed to audit committees.”
In this case, the SEC found that PwC and the PwC partner, Brandon Sprankle, violated the SEC’s auditor independence rules by (i) performing prohibited non-audit services during an audit engagement, including exercising decision-making authority in the design and implementation of software relating to an audit client’s financial reporting, and (ii) engaging in management functions. Independent auditors are prohibited from designing and implementing software systems that aggregate source data or generate information that is relevant to clients’ financial statements or systems,4 as this may place the accountant in a management role,5 or result in the accountant auditing his or her own work or attesting to the effectiveness of internal control systems designed or implemented by that accountant. According to the order, Sprankle “obtained internal approval within PwC by describing the project as audit services despite numerous red flags and indications that the project included prohibited non-audit services. Sprankle thereafter supervised PwC’s providing prohibited services.” His actions also amounted to management functions because he managed the software implementation process and “directed [the issuer’s] employees on what actions to take.”
In addition, PwC was charged with violating PCAOB Rule 3525, which requires that, in seeking audit committee pre-approval to perform non-audit services for an audit client related to internal control over financial reporting, an auditor must describe in writing to the audit committee the scope of work, discuss with the audit committee the potential effects of the work on independence, and document the substance of the independence discussion. According to the order, in connection with performing non-audit services for 15 SEC-registered audit clients, PwC failed to comply with PCAOB Rule 3525, thereby depriving the audit committees of their ability to fulfill their responsibilities to evaluate fully the provision of non-audit services and to assess the potential effect of those services on PwC’s independence. In some instances, PwC mischaracterized non-audit services as audit work; in others, PwC provided such minimal information that the committee could not make an informed decision about the scope of the work and its potential impact on PwC’s independence. These violations occurred due to breakdowns in PwC’s independence-related quality controls, which resulted in the firm’s failure to properly review and monitor whether non-audit services for audit clients were characterized properly, permissible and consistent with the work contracted for and approved by clients’ audit committees.
PwC and Sprankle consented to the SEC’s orders without admitting or denying the findings and agreed to cease and desist from future violations. PwC agreed to pay $4.4 million of disgorgement and interest, and a civil penalty of $3.5 million, and to be censured. Sprankle agreed to pay a civil penalty of $25,000, and to be suspended from appearing or practicing before the SEC, with a right to reapply for reinstatement after four years. PwC also agreed to a detailed set of undertakings requiring the firm to review its current quality controls for complying with auditor independence requirements for non-audit services, and for evaluating its provision of non-audit services, and to periodic certification of compliance with these undertakings for 19 months following the entry of the order.
Practical Considerations and Takeaways
For issuers, these orders are prime examples of the importance of assessing all services that may be provided by independent auditors to ensure compliance with applicable law and the continued independence of a public company’s auditors. Under the Securities Exchange Act of 1934, as amended (the “Exchange Act”), audit committees must pre-approve all audit and non-audit services provided by independent auditors, and the Exchange Act makes it unlawful for independent auditors to provide specified prohibited non-audit services set forth in Section 10A of the Exchange Act and Rule 2-01 of Regulation S-X. Public companies should therefore obtain sufficient information from their independent auditors in order to:
- Understand all services provided to the company by the independent auditor;
- Assess that each service is not a prohibited non-audit service; and
- Ensure that each service is pre-approved by the audit committee in accordance with Exchange Act requirements.
Any obfuscation on the part of the auditor, such as multiple revisions to engagement letters for projects or mischaracterizations of the requested services, should raise red flags for an issuer. The audit committee’s oversight in this area becomes even more important, in light of the fact that auditors have faced increasing market pressure to expand their service offerings to public companies, while public companies can face increased scrutiny from proxy advisory firms and investors to minimize the non-audit services provided to them by their independent auditors.