Corporation, Securities & Business Law Forum
June 2003 VOL. 48, NO. 4
Statements or expressions of opinion or comments appearing herein are those of the editors or contributors, and not necessarily those of the association or section.
Contents
* SEC adopts new rules on auditor independence pursuant to the Sarbanes-Oxley Act
SEC adopts new rules on auditor independence
pursuant to the Sarbanes-Oxley Act
By Robert J. Wild, Partner, Mayer, Brown, Rowe & Maw, Chicago
The Securities and Exchange Commission (SEC) has adopted new rules governing the relationship between audit firms and their audit clients under which certain non-audit services are prohibited, conflict of interest standards and audit partner rotation requirements are strengthened, and the relationship between the independent auditor and the audit committee is clarified and enhanced.
The Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley) and SEC rules adopted to implement it are only applicable to issuers who are registered under the Exchange Act or are otherwise required to file reports under the Exchange Act. However, many companies which are not required to comply with Sarbanes-Oxley may voluntarily adopt the restrictions because they believe that this rulemaking reflects corporate governance best practices. From that perspective, as with other matters addressed by Sarbanes-Oxley, management and the board of directors of privately held companies not subject to Exchange Act requirements may find the discussion in this article to provide relevant guidance as to their relationships with their accountants.
The Release was adopted pursuant to section 208 of Sarbanes-Oxley and is generally implemented through amendments to Rules 2-01 and 2-07 of Regulation S-X; Form 10-K; and Rule 10A-2 and Item 9 of Schedule 14A, each promulgated under the Securities Exchange Act of 1934, as amended (the Exchange Act). See Release 33-8183, 34-47265 (January 28, 2003). The new rules are generally effective May 6, 2003. As discussed below, a number of the provisions have specific transition dates that are calculated from the February 5, 2003 date of publication in the Federal Register.
Scope of services prohibited to be provided by auditors
New Rule 2-01(c)(4) of Regulation S-X prohibits an auditor for an issuer (and any person associated with the auditor) from providing to that issuer, contemporaneously with the audit, specified non-audit services, including:
Bookkeeping or other services related to the accounting records or financial statements of the audit client. Previously, an auditor's independence was impaired if the auditor provided bookkeeping services to an audit client, except in limited situations, such as in an emergency or where the services are provided in a foreign jurisdiction and specified conditions were met. The new rules state that all bookkeeping services (including preparing financials filed with the SEC) would cause the auditor to lack independence and are prohibited, unless it is reasonable to conclude that the results will not be subject to audit procedures by the auditors. Such conclusion would be made by the auditor, which would effectively require a very clear finding by the auditor as the rebuttable presumption is that bookkeeping services impair auditor independence. This conclusion will be effectively confirmed by the audit committee in connection with its approval of these non-audit services.
Financial information systems design and implementation. Consistent with existing prohibitions, the new rules prohibit the auditor from providing any service related to the audit client's information system that aggregates source data or otherwise generates information that is significant to the financial statements, unless it is reasonable to conclude that the results of these services will not be subject to audit procedures during an audit of the audit client's financial statements. As with bookkeeping services, there is a rebuttable presumption that these services impair independence. The new rules do not preclude an auditor from working on hardware or software systems that are unrelated to the audit client's financial statements or accounting records, or from evaluating the effectiveness of internal control systems. Audit committees should be cognizant that it may be difficult to delineate between the auditor's permitted evaluation of the effectiveness of internal controls and making recommendations to management or the company's consultants on the one hand and the prohibited design and implementation of financial information systems by the auditor on the other. The SEC has informally advised that decision making as to implementation is an important factor in differentiating between permitted evaluation or recommendation services and prohibited implementation activities.
Appraisal or valuation services, fairness opinions, or contribution-in-kind reports. The new rules prohibit the auditor from providing any appraisal service, valuation service or any service involving a fairness opinion or contribution-in-kind report for an audit client, unless it is reasonable to conclude that the results of these services will not be subject to audit procedures by the auditor during an audit of the audit client's financial statements. There is a rebuttable presumption that these services impair independence. The new rules do not prohibit, however, an auditor from providing services that do not involve non-financial reporting, such as transfer pricing studies, cost segregation studies and tax-only valuations.
Actuarial services. The new rules prohibit an auditor from providing to an audit client any actuarially-oriented advisory service involving the determination of amounts recorded in the financial statements and related accounts for the audit client unless it is reasonable to conclude that the results of these services will not be subject to audit procedures during an audit of the audit client's financial statements. There is a rebuttable presumption that these services impair independence. The exception to the prohibition permits assisting the audit client in understanding the methods, models, assumptions, and inputs used in computing an amount.
Internal audit outsourcing services. The new rules prohibit an auditor from providing to the audit client internal audit outsourcing services that relate to the audit client's internal accounting controls, financial systems, or financial statements, unless it is reasonable to conclude that the results of these services will not be subject to audit procedures during an audit of the audit client's financial statements. There is a rebuttable presumption that such services impair independence. The new rules do not preclude an auditor from performing non-recurring reviews or evaluations of discrete financial matters. The SEC has informally drawn the distinction between permitted documenting and recording of the internal controls and procedures, as opposed to the auditor substantially modifying the controls and procedures, which is prohibited.
Management functions or human resources. The new rules prohibit an auditor from acting, temporarily or permanently, as a director, officer, or employee of an audit client, or performing any decision-making, supervisory, or ongoing monitoring function for the audit client. This does not prevent the auditor from assessing the effectiveness of the audit client's internal accounting and risk management controls or performing a related agreed-upon procedures engagement subject to the prohibition of design and implementation discussed above. The new rules prohibit an auditor from performing candidate searches for managerial, executive or director positions for an audit client or acting as a negotiator on the audit client's behalf, which prohibition includes determining position, status, compensation, fringe benefits, or other conditions of employment, or undertaking reference checks of prospective candidates. The auditor is also prohibited from performing psychological testing, other formal testing or evaluation programs, or recommending or advising an audit client to hire a specific candidate for a specific job. Unlike the rebuttable presumption standard discussed above, these services are flatly prohibited.
Broker or dealer, investment adviser, or investment banking services. The new rules prohibit serving as a promoter or underwriter, making investment decisions on behalf of the audit client or otherwise having discretionary authority over an audit client's investments, executing a transaction to buy or sell an audit client's investment, or having custody of assets of the audit client, including acting as a registered or unregistered adviser, broker or dealer. These services are not subject to a rebuttable presumption standard; they are flatly prohibited.
Legal services and expert services unrelated to the audit. Under the new rules, an auditor is prohibited from providing to an audit client any service that, under circumstances in which the service is provided, could be provided only by someone licensed, admitted, or otherwise qualified to practice law in the jurisdiction in which the service is provided. The new rules also prohibit an accountant from providing expert opinions or other expert services to an audit client, or a legal representative of an audit client, for the purpose of advocating that audit client's interests in litigation, regulatory or administrative investigations or proceedings. However, these rules do not prohibit an auditor from conducting or aiding an investigation on behalf of the audit committee into potential accounting or financial issues. These services are not subject to a rebuttable presumption standard; they are flatly prohibited.
Auditor provision of tax services. The Release states that the SEC reiterates its long-standing position that auditors may provide tax services to their audit clients without impairing the firm's independence and that auditors may continue to provide tax services such as tax compliance, tax planning, and tax advice to audit clients. The SEC cautions that audit committees and auditors should understand that providing certain tax services to an audit client would or could, in certain circumstances, impair the independence of the accountant. Auditors would impair their independence by representing an audit client before a tax court, district court, or federal court of claims. Audit committees also should scrutinize carefully the retention of an auditor in a transaction initially recommended by the auditor, the sole business purpose of which may be tax avoidance and the tax treatment of which may be not supported in the Internal Revenue Code and related regulations. Audit committees should also be cognizant of recent corporate controversies relating to auditors providing tax services to company executives in connection with their personal tax returns, and consider whether, as part of scrutinizing the company's relationship with an auditor, these personal tax services interfere in any manner with the auditor's responsibilities to the company.
Any other service that the Public Company Accounting Oversight Board determines by regulation is impermissible. Under Sarbanes-Oxley, the newly established Public Company Accounting Oversight Board may determine other non-audit services that may not be provided by an auditor to an audit client.
Effectiveness and transition rules. New Rule 2-01(c)(4) of Regulation S-X will not be effective until May 6, 2004 as to prohibited non-audit services performed pursuant to contracts in existence on May 6, 2003. Implicitly, these prohibitions on non-audit services provided by an auditor will be effective from May 6, 2003 as to contracts or engagements entered into after May 6, 2003 as well as to services performed on and after May 6, 2004 under engagements entered into prior to May 6, 2003.
Audit committee pre-approval of services
Section 10A(h) of the Exchange Act specifies that non-audit services that are not prohibited as described above are permitted "only if" pre-approved by the audit client's audit committee as described below. Section 10A(i) of the Exchange Act describes the requirements for audit committee pre-approval of audit and permissible non-audit services and specifies certain exceptions to the requirement to obtain pre-approval. Section 10A(i) permits one or more audit committee members who are independent board directors to pre-approve the service. Decisions made by the designated audit committee members must be reported to the full audit committee at its next scheduled meeting.
New Rule 2-01(c)(7) of Regulation S-X requires that the audit committee pre-approve all permissible non-audit services and all audit, review or attest engagements required under the securities laws. The rules require that before the auditor is engaged by the issuer or its subsidiaries to render the service, the engagement must be: (1) approved by the audit committee; or (2) entered into pursuant to pre-approval policies and procedures established by the audit committee, provided the policies and procedures are detailed as to the particular service, the audit committee is informed of each service, and such policies and procedures do not include delegation of the audit committee's responsibilities to management. The new rules clarify that explicit approval by the audit committee or approval based on policies and procedures are equally acceptable. This will require audit committees that do not wish to approve every service to establish such pre-approval policies and procedures.
The new rules include a de minimis exception which waives the pre-approval requirements for non-audit services that are not prohibited non-audit services provided that: (1) all such services do not aggregate to more than five percent of total revenues paid by the client to its auditor in the fiscal year when services are provided, (2) were not recognized as non-audit services at the time of the engagement, and (3) are promptly brought to the attention of the audit committee and approved prior to the completion of the audit by the audit committee or one or more designated representatives.
Effectiveness and transition. Until May 6, 2004, the auditor's independence will not be impaired by the auditor's provision of services that are not prohibited non-audit services under contracts in existence on May 6, 2003 that have not been pre-approved by an audit committee. All audit, review, and attest services and non-permitted audit services entered into after May 6, 2003 are required to be pre-approved by the audit committee.
Partner rotation
New Rule 2-01(c)(6) of Regulation S-X requires mandatory rotation of the lead partner and the concurring partner every five years in relation to their audit client. While the new rules define "audit partner" and expand the number of audit partners covered by the rotation requirement, not all partners on the audit engagement team are required to be rotated. The new rules also specify the period of the "time out" once rotation is required; Sarbanes-Oxley did not specify this period. This may not be the final word on auditor rotation; Section 207 of Sarbanes-Oxley requires further study of the periodic rotation of entire audit firms in relation to an audit client.
Partners subject to five-year rotation. The new rules require the rotation after five years of those partners of the auditor on the audit engagement team that are lead and concurring partners. Upon rotation, the lead and concurring partner would be subject to a five-year time out, meaning that they could not be involved in the audit services to the audit client for five years.
Partners subject to seven-year rotation. The new rules require partners of the auditor on the audit engagement team, other than the lead and concurring partner, to rotate after no more than seven years and to be subject to a two-year time out before they could once again provide audit services to the audit client. These requirements apply to partners on the audit engagement team (audit partners) who have responsibility for decision-making on significant auditing, accounting, and reporting matters that affect the financial statements or who maintain regular contact with management and the audit committee. This includes all partners who serve the client at the issuer or parent level for more than 10 hours of audit, review or attest services in connection with annual or interim statements, other than excluded accounting firm national office or technical partners, as well as the lead partner on subsidiaries of the issuer whose assets or revenues constitute 20 percent or more of the consolidated assets or revenues.
Effectiveness and transition. The rotation requirements applicable to the lead partner are effective as of the first day of the fiscal year of the audit client beginning after May 6, 2003. Furthermore, in determining when the lead partner must rotate, time served in the capacity of lead partner prior to May 6, 2003 is included. For example, if 2003 was a lead partner's fifth, sixth or seventh year as lead partner for a calendar year audit client; he or she would be able to complete the current year's audit and he or she must rotate off for the 2004 and later engagements.
The rotation requirements applicable to the concurring partner are effective as of the first day of the fiscal year of the audit client beginning after May 6, 2004. Therefore, a concurring partner for a calendar year audit client for which 2003 was his or her fourth or greater year in that role, he or she would be able to serve in that capacity for the 2004 audit before being subject to rotation.
The rotation requirements applicable to other audit partners are effective as of the first day of the fiscal year of the audit client beginning after May 6, 2003. However, in determining the time served, that first fiscal year beginning after May 6, 2003 will constitute the first year of service for these other audit partners. For example, for a lead partner on a significant subsidiary with a calendar year reporting period, 2004 would constitute the first year in the seven-year rotation period, regardless of how many years he or she had previously served in that capacity.
Audit client employment relationships
New Rule 2-01(c)(2)(iii) of Regulation S-X provides that the accounting firm is not independent if any of the lead partner, the concurring partner, or any other member of the audit engagement team who provides more than 10 hours of audit, review or attest services for the company, accepts a position with the company in a financial reporting oversight role within the one-year period preceding the commencement of audit procedures for the year during which audit professional became employed by the audit client. For this purpose, "financial reporting oversight role" is defined as a position which has direct responsibility for preparation of, or oversight of those who prepare the company's financial statements and related information in SEC filings. The new rules provide that audit procedures are deemed to have commenced for the current audit engagement period the day after the prior year's annual report on Form 10-K is filed with the SEC and end the day the current year's Form 10-K is filed.
These rules are effective for employment relationships with the company that commence on or after May 6, 2003.
Audit partner compensation
Although not addressed explicitly by Sarbanes-Oxley, new Rule 2-01(c)(8) of Regulation S-X provides that an auditor is not independent if, at any point during the audit and professional engagement period, any "audit partner" (as described above under Partner Rotation), other than a specialty partner, earns or receives compensation based on selling engagements to that audit client to provide any service, other than audit, review, or attest services. The rules describe specialty partners as those who consult with the audit engagement team regarding technical or industry-specific issues such as tax or valuation matters. These provisions will be effective for the fiscal periods of the accounting firm that commence after May 6, 2003.
Auditor communication with the audit committee
Rule 2-07 of Regulation S-X requires the auditor to communicate orally or in writing the following matters to the audit committee:
Critical accounting policies. In the SEC's December 2001 cautionary advice regarding Management's Discussion and Analysis of Financial Condition and Results of Operations, "critical" accounting policies have been described as those that are both most important to the portrayal of the company's financial condition and results and require management's most difficult, subjective or complex judgments, often as a result of the need to make estimates about the effect of matters that are inherently uncertain.
Alternative accounting treatments. All alternative treatments permitted by generally accepted accounting principles (GAAP) for policies and practices related to material items that have been discussed with management, including the key underlying facts, the ramifications of the use of such alternative treatments and disclosures and the treatment preferred by the accounting firm must be communicated to the audit committee. The Release notes this rule is intended to cover recognition, measurement, and disclosure considerations related to the accounting for specific transactions as well as general accounting policies.
Material written communications. In addition to the management letter and schedules of unadjusted differences specifically cited by the new rule as examples of material written communications to be provided by auditors to an audit committee, the Release specifies the following are nonexclusive examples of additional written communications which should be considered material and provided by the auditor to the audit committee: the management representation letter; reports on observations and recommendations on internal controls; the schedule of unadjusted audit differences, a listing of adjustments and reclassifications not recorded, if any; the audit engagement letter; and the auditor independence letter.
Timing. These matters are required to be timely reported to the audit committee. The new rule specifies that these communications occur prior to the filing of the audit report with the SEC pursuant to applicable securities laws. As a result, the SEC contemplates that these discussions will occur, at a minimum, during the annual audit, but could occur as frequently as quarterly or more.
Effectiveness. These provisions are effective on May 6, 2003.
Disclosure of services provided and fees paid to the auditors
The new rules amend Item 9 of Schedule 14A, which relates to proxy statement disclosure and adds a new Item 16 to the periodic annual report on Form 10-K to expand the company's public disclosures to include fees paid to the auditor for each of the two most recent fiscal years segregated into the following four categories: audit fees; audit-related fees; tax fees; and all other fees. Other than for audit fees, companies are required to describe the nature of the services provided.
Audit fees. All services performed to comply with generally accepted auditing standards (GAAS) should be classified under audit fees. Other specified services, such as tax services and accounting consultations may not be included as audit fees although appropriate allocations may be included if such services are necessary to comply with GAAS. The audit fee category should include fees for services that normally would be provided by the auditor in connection with statutory and regulatory filings or engagements and services such as comfort letters, statutory audits, attest services, consents and assistance with and review of documents filed with the SEC that generally only the auditor can provide.